package fm.icelink;

import java.io.IOException;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.tls.CertificateRequest;
import org.bouncycastle.crypto.tls.DefaultTlsSignerCredentials;
import org.bouncycastle.crypto.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.crypto.tls.TlsAuthentication;
import org.bouncycastle.crypto.tls.TlsContext;
import org.bouncycastle.crypto.tls.TlsCredentials;
import org.bouncycastle.crypto.tls.TlsFatalAlert;

/* loaded from: classes4.dex */
class DtlsBouncyCastleClientAuthentication implements TlsAuthentication {
    private DtlsCertificate certificate;
    private TlsContext context;
    private IAction1<byte[]> onRemoteCertificate;
    public String remoteFingerprint;
    public String remoteFingerprintAlgorithm;

    public DtlsBouncyCastleClientAuthentication(TlsContext tlsContext, DtlsCertificate dtlsCertificate, String str, String str2, IAction1<byte[]> iAction1) {
        this.context = tlsContext;
        this.certificate = dtlsCertificate;
        this.remoteFingerprintAlgorithm = str;
        this.remoteFingerprint = str2;
        this.onRemoteCertificate = iAction1;
    }

    public DtlsCertificate getCertificate() {
        return this.certificate;
    }

    @Override // org.bouncycastle.crypto.tls.TlsAuthentication
    public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
        Log.debug("Generating DTLS 'client certificate' message.");
        if (certificateRequest.getCertificateTypes() == null) {
            return null;
        }
        AsymmetricKeyParameter ecdsaPrivateKey = DtlsBouncyCastleUtility.getEcdsaPrivateKey(getCertificate());
        if (ecdsaPrivateKey != null) {
            if (certificateRequest.getSupportedSignatureAlgorithms() == null) {
                return new DefaultTlsSignerCredentials(this.context, DtlsBouncyCastleUtility.getCertificate(getCertificate()), ecdsaPrivateKey);
            }
            SignatureAndHashAlgorithm signatureAndHashAlgorithm = DtlsBouncyCastleUtility.getSignatureAndHashAlgorithm(certificateRequest.getSupportedSignatureAlgorithms(), (short) 3);
            if (signatureAndHashAlgorithm != null) {
                return new DefaultTlsSignerCredentials(this.context, DtlsBouncyCastleUtility.getCertificate(getCertificate()), ecdsaPrivateKey, signatureAndHashAlgorithm);
            }
        }
        AsymmetricKeyParameter rsaPrivateKey = DtlsBouncyCastleUtility.getRsaPrivateKey(getCertificate());
        if (rsaPrivateKey == null) {
            return null;
        }
        if (certificateRequest.getSupportedSignatureAlgorithms() == null) {
            return new DefaultTlsSignerCredentials(this.context, DtlsBouncyCastleUtility.getCertificate(getCertificate()), rsaPrivateKey);
        }
        SignatureAndHashAlgorithm signatureAndHashAlgorithm2 = DtlsBouncyCastleUtility.getSignatureAndHashAlgorithm(certificateRequest.getSupportedSignatureAlgorithms(), (short) 1);
        if (signatureAndHashAlgorithm2 != null) {
            return new DefaultTlsSignerCredentials(this.context, DtlsBouncyCastleUtility.getCertificate(getCertificate()), rsaPrivateKey, signatureAndHashAlgorithm2);
        }
        return null;
    }

    public IAction1<byte[]> getOnRemoteCertificate() {
        return this.onRemoteCertificate;
    }

    public String getRemoteFingerprint() {
        return this.remoteFingerprint;
    }

    public String getRemoteFingerprintAlgorithm() {
        return this.remoteFingerprintAlgorithm;
    }

    @Override // org.bouncycastle.crypto.tls.TlsAuthentication
    public void notifyServerCertificate(org.bouncycastle.crypto.tls.Certificate certificate) throws IOException {
        String hexString;
        IAction1<byte[]> iAction1;
        if (certificate == null) {
            throw new TlsFatalAlert((short) 42);
        }
        org.bouncycastle.asn1.x509.Certificate[] certificateList = certificate.getCertificateList();
        if (certificateList == null || certificateList.length == 0) {
            throw new TlsFatalAlert((short) 42);
        }
        org.bouncycastle.asn1.x509.Certificate certificate2 = certificateList[0];
        if (this.remoteFingerprintAlgorithm.toLowerCase().equals("sha2") || this.remoteFingerprintAlgorithm.toLowerCase().equals("sha256") || this.remoteFingerprintAlgorithm.toLowerCase().equals("sha-256")) {
            hexString = HashContextBase.compute(HashType.Sha256, DataBuffer.wrap(certificate2.getEncoded())).toHexString();
        } else {
            if (!this.remoteFingerprintAlgorithm.toLowerCase().equals("sha") && !this.remoteFingerprintAlgorithm.toLowerCase().equals("sha1") && !this.remoteFingerprintAlgorithm.toLowerCase().equals("sha-1")) {
                throw new TlsFatalAlert((short) 49);
            }
            hexString = HashContextBase.compute(HashType.Sha1, DataBuffer.wrap(certificate2.getEncoded())).toHexString();
        }
        if (!hexString.toLowerCase().equals(this.remoteFingerprint.replace(":", "").toLowerCase())) {
            throw new TlsFatalAlert((short) 49);
        }
        byte[] bArr = null;
        try {
            bArr = certificate2.getEncoded();
        } catch (Exception e) {
            Log.error("Could not process remote DTLS certificate.", e);
        }
        if (bArr == null || (iAction1 = this.onRemoteCertificate) == null) {
            return;
        }
        iAction1.invoke(bArr);
    }
}
