package fm.liveswitch;

import java.io.IOException;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsAuthentication;
import org.bouncycastle.tls.TlsContext;
import org.bouncycastle.tls.TlsCredentials;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsServerCertificate;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.tls.crypto.impl.bc.BcDefaultTlsCredentialedSigner;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;

/* loaded from: classes3.dex */
class DtlsBouncyCastleClientAuthentication implements TlsAuthentication {
    private DtlsCertificate certificate;
    private TlsContext context;
    private IAction1<byte[]> onRemoteCertificate;
    public String remoteFingerprint;
    public String remoteFingerprintAlgorithm;

    public DtlsBouncyCastleClientAuthentication(TlsContext tlsContext, DtlsCertificate dtlsCertificate, String str, String str2, IAction1<byte[]> iAction1) {
        this.context = tlsContext;
        this.certificate = dtlsCertificate;
        this.remoteFingerprintAlgorithm = str;
        this.remoteFingerprint = str2;
        this.onRemoteCertificate = iAction1;
    }

    public DtlsCertificate getCertificate() {
        return this.certificate;
    }

    @Override // org.bouncycastle.tls.TlsAuthentication
    public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
        Log.debug("Generating DTLS 'client certificate' message.");
        if (certificateRequest.getCertificateTypes() == null) {
            return null;
        }
        TlsCryptoParameters tlsCryptoParameters = new TlsCryptoParameters(this.context);
        AsymmetricKeyParameter ecdsaPrivateKey = DtlsBouncyCastleUtility.getEcdsaPrivateKey(getCertificate());
        if (ecdsaPrivateKey != null) {
            if (certificateRequest.getSupportedSignatureAlgorithms() == null) {
                return new BcDefaultTlsCredentialedSigner(tlsCryptoParameters, (BcTlsCrypto) this.context.getCrypto(), ecdsaPrivateKey, DtlsBouncyCastleUtility.getCertificate(this.context, getCertificate()), null);
            }
            SignatureAndHashAlgorithm signatureAndHashAlgorithm = DtlsBouncyCastleUtility.getSignatureAndHashAlgorithm(certificateRequest.getSupportedSignatureAlgorithms(), (short) 3);
            if (signatureAndHashAlgorithm != null) {
                return new BcDefaultTlsCredentialedSigner(tlsCryptoParameters, (BcTlsCrypto) this.context.getCrypto(), ecdsaPrivateKey, DtlsBouncyCastleUtility.getCertificate(this.context, getCertificate()), signatureAndHashAlgorithm);
            }
        }
        AsymmetricKeyParameter rsaPrivateKey = DtlsBouncyCastleUtility.getRsaPrivateKey(getCertificate());
        if (rsaPrivateKey != null) {
            if (certificateRequest.getSupportedSignatureAlgorithms() == null) {
                return new BcDefaultTlsCredentialedSigner(tlsCryptoParameters, (BcTlsCrypto) this.context.getCrypto(), rsaPrivateKey, DtlsBouncyCastleUtility.getCertificate(this.context, getCertificate()), null);
            }
            SignatureAndHashAlgorithm signatureAndHashAlgorithm2 = DtlsBouncyCastleUtility.getSignatureAndHashAlgorithm(certificateRequest.getSupportedSignatureAlgorithms(), (short) 1);
            if (signatureAndHashAlgorithm2 != null) {
                return new BcDefaultTlsCredentialedSigner(tlsCryptoParameters, (BcTlsCrypto) this.context.getCrypto(), rsaPrivateKey, DtlsBouncyCastleUtility.getCertificate(this.context, getCertificate()), signatureAndHashAlgorithm2);
            }
        }
        return null;
    }

    public IAction1<byte[]> getOnRemoteCertificate() {
        return this.onRemoteCertificate;
    }

    public String getRemoteFingerprint() {
        return this.remoteFingerprint;
    }

    public String getRemoteFingerprintAlgorithm() {
        return this.remoteFingerprintAlgorithm;
    }

    @Override // org.bouncycastle.tls.TlsAuthentication
    public void notifyServerCertificate(TlsServerCertificate tlsServerCertificate) throws IOException {
        String hexString;
        IAction1<byte[]> iAction1;
        if (tlsServerCertificate == null) {
            throw new TlsFatalAlert((short) 42);
        }
        org.bouncycastle.tls.crypto.TlsCertificate[] certificateList = tlsServerCertificate.getCertificate().getCertificateList();
        if (this.remoteFingerprintAlgorithm.equalsIgnoreCase("sha2") || this.remoteFingerprintAlgorithm.equalsIgnoreCase("sha256") || this.remoteFingerprintAlgorithm.equalsIgnoreCase("sha-256")) {
            hexString = HashContextBase.compute(HashType.Sha256, DataBuffer.wrap(certificateList[0].getEncoded())).toHexString();
        } else {
            if (!this.remoteFingerprintAlgorithm.equalsIgnoreCase("sha") && !this.remoteFingerprintAlgorithm.equalsIgnoreCase("sha1") && !this.remoteFingerprintAlgorithm.equalsIgnoreCase("sha-1")) {
                throw new TlsFatalAlert((short) 49);
            }
            hexString = HashContextBase.compute(HashType.Sha1, DataBuffer.wrap(certificateList[0].getEncoded())).toHexString();
        }
        if (!hexString.equalsIgnoreCase(this.remoteFingerprint.replace(":", ""))) {
            throw new TlsFatalAlert((short) 49);
        }
        byte[] bArr = null;
        try {
            bArr = certificateList[0].getEncoded();
        } catch (Exception e) {
            Log.error("Could not process remote DTLS certificate.", e);
        }
        if (bArr == null || (iAction1 = this.onRemoteCertificate) == null) {
            return;
        }
        iAction1.invoke(bArr);
    }
}
