package tigase.halcyon.core.connector.socket;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.lang.reflect.Field;
import java.net.Socket;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.ArraysKt;
import kotlin.jvm.functions.Function2;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import org.bouncycastle.tls.AbstractTlsKeyExchange;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.DefaultTlsClient;
import org.bouncycastle.tls.ServerOnlyTlsAuthentication;
import org.bouncycastle.tls.TlsAuthentication;
import org.bouncycastle.tls.TlsClientProtocol;
import org.bouncycastle.tls.TlsKeyExchange;
import org.bouncycastle.tls.TlsServerCertificate;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import tigase.halcyon.core.connector.socket.BouncyCastleTLSProcessor;
import tigase.halcyon.core.logger.Logger;
import tigase.halcyon.core.logger.LoggerFactory;

/* compiled from: BouncyCastleTLSProcessor.kt */
@Metadata(mv = {1, 8, 0}, k = 1, xi = 48, d1 = {"��j\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n��\n\u0002\u0010\u0012\n\u0002\b\u0003\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\u0018�� '2\u00020\u0001:\u0002'(B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\b\u0010\u0013\u001a\u00020\u0014H\u0016J\u001b\u0010\u0015\u001a\b\u0012\u0004\u0012\u00020\u000b0\n2\u0006\u0010\u0016\u001a\u00020\u0017H\u0002¢\u0006\u0002\u0010\u0018J\u0014\u0010\u0019\u001a\u0004\u0018\u00010\u001a2\b\u0010\u001b\u001a\u0004\u0018\u00010\u001cH\u0004J\n\u0010\u001d\u001a\u0004\u0018\u00010\u0010H\u0016J\n\u0010\u001e\u001a\u0004\u0018\u00010\u0010H\u0016J\n\u0010\u001f\u001a\u0004\u0018\u00010\u0010H\u0016J\b\u0010 \u001a\u00020\u000eH\u0016J&\u0010!\u001a\u00020\u00142\u001c\u0010\"\u001a\u0018\u0012\u0004\u0012\u00020$\u0012\u0004\u0012\u00020%\u0012\u0004\u0012\u00020\u00140#j\u0002`&H\u0016R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0007\u001a\u00020\bX\u0082\u0004¢\u0006\u0002\n��R\u0018\u0010\t\u001a\n\u0012\u0004\u0012\u00020\u000b\u0018\u00010\nX\u0082\u000e¢\u0006\u0004\n\u0002\u0010\fR\u000e\u0010\r\u001a\u00020\u000eX\u0082\u000e¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��R\u0010\u0010\u000f\u001a\u0004\u0018\u00010\u0010X\u0082\u000e¢\u0006\u0002\n��R\u0010\u0010\u0011\u001a\u0004\u0018\u00010\u0010X\u0082\u000e¢\u0006\u0002\n��R\u0010\u0010\u0012\u001a\u0004\u0018\u00010\u0010X\u0082\u000e¢\u0006\u0002\n��¨\u0006)"}, d2 = {"Ltigase/halcyon/core/connector/socket/BouncyCastleTLSProcessor;", "Ltigase/halcyon/core/connector/socket/TLSProcessor;", "socket", "Ljava/net/Socket;", "config", "Ltigase/halcyon/core/connector/socket/SocketConnectorConfig;", "(Ljava/net/Socket;Ltigase/halcyon/core/connector/socket/SocketConnectorConfig;)V", "log", "Ltigase/halcyon/core/logger/Logger;", "peerCertificates", "", "Ljava/security/cert/X509Certificate;", "[Ljava/security/cert/X509Certificate;", "secured", "", "tlsExporter", "", "tlsServerEndpoint", "tlsUnique", "clear", "", "convertChain", "certificates", "Lorg/bouncycastle/tls/Certificate;", "(Lorg/bouncycastle/tls/Certificate;)[Ljava/security/cert/X509Certificate;", "getAuthType", "", "tlsKeyExchange", "Lorg/bouncycastle/tls/TlsKeyExchange;", "getTlsExporter", "getTlsServerEndpoint", "getTlsUnique", "isConnectionSecure", "proceedTLS", "callback", "Lkotlin/Function2;", "Ljava/io/InputStream;", "Ljava/io/OutputStream;", "Ltigase/halcyon/core/connector/socket/TLSCallback;", "Companion", "XMPPServerAuthentication", "halcyon-bouncycastle"})
@SourceDebugExtension({"SMAP\nBouncyCastleTLSProcessor.kt\nKotlin\n*S Kotlin\n*F\n+ 1 BouncyCastleTLSProcessor.kt\ntigase/halcyon/core/connector/socket/BouncyCastleTLSProcessor\n+ 2 fake.kt\nkotlin/jvm/internal/FakeKt\n+ 3 ArraysJVM.kt\nkotlin/collections/ArraysKt__ArraysJVMKt\n*L\n1#1,161:1\n1#2:162\n37#3,2:163\n*S KotlinDebug\n*F\n+ 1 BouncyCastleTLSProcessor.kt\ntigase/halcyon/core/connector/socket/BouncyCastleTLSProcessor\n*L\n100#1:163,2\n*E\n"})
/* loaded from: input_file:tigase/halcyon/core/connector/socket/BouncyCastleTLSProcessor.class */
public final class BouncyCastleTLSProcessor implements TLSProcessor {

    @NotNull
    private final Socket socket;

    @NotNull
    private final SocketConnectorConfig config;

    @NotNull
    private final Logger log;

    @Nullable
    private X509Certificate[] peerCertificates;
    private boolean secured;

    @Nullable
    private byte[] tlsUnique;

    @Nullable
    private byte[] tlsServerEndpoint;

    @Nullable
    private byte[] tlsExporter;

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private static final String NAME = "BouncyCastleTLSProcessor";

    /* compiled from: BouncyCastleTLSProcessor.kt */
    @Metadata(mv = {1, 8, 0}, k = 1, xi = 48, d1 = {"��&\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0018\u0010\u0007\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\fH\u0016R\u0014\u0010\u0003\u001a\u00020\u0004X\u0096D¢\u0006\b\n��\u001a\u0004\b\u0005\u0010\u0006¨\u0006\r"}, d2 = {"Ltigase/halcyon/core/connector/socket/BouncyCastleTLSProcessor$Companion;", "Ltigase/halcyon/core/connector/socket/TLSProcessorFactory;", "()V", "NAME", "", "getNAME", "()Ljava/lang/String;", "create", "Ltigase/halcyon/core/connector/socket/TLSProcessor;", "socket", "Ljava/net/Socket;", "config", "Ltigase/halcyon/core/connector/socket/SocketConnectorConfig;", "halcyon-bouncycastle"})
    /* loaded from: input_file:tigase/halcyon/core/connector/socket/BouncyCastleTLSProcessor$Companion.class */
    public static final class Companion implements TLSProcessorFactory {
        private Companion() {
        }

        @NotNull
        public String getNAME() {
            return BouncyCastleTLSProcessor.NAME;
        }

        @NotNull
        public TLSProcessor create(@NotNull Socket socket, @NotNull SocketConnectorConfig socketConnectorConfig) {
            Intrinsics.checkNotNullParameter(socket, "socket");
            Intrinsics.checkNotNullParameter(socketConnectorConfig, "config");
            return new BouncyCastleTLSProcessor(socket, socketConnectorConfig);
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* compiled from: BouncyCastleTLSProcessor.kt */
    @Metadata(mv = {1, 8, 0}, k = 1, xi = 48, d1 = {"��\u0018\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\b\u0086\u0004\u0018��2\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J\u0012\u0010\u0003\u001a\u00020\u00042\b\u0010\u0005\u001a\u0004\u0018\u00010\u0006H\u0016¨\u0006\u0007"}, d2 = {"Ltigase/halcyon/core/connector/socket/BouncyCastleTLSProcessor$XMPPServerAuthentication;", "Lorg/bouncycastle/tls/ServerOnlyTlsAuthentication;", "(Ltigase/halcyon/core/connector/socket/BouncyCastleTLSProcessor;)V", "notifyServerCertificate", "", "serverCertificate", "Lorg/bouncycastle/tls/TlsServerCertificate;", "halcyon-bouncycastle"})
    @SourceDebugExtension({"SMAP\nBouncyCastleTLSProcessor.kt\nKotlin\n*S Kotlin\n*F\n+ 1 BouncyCastleTLSProcessor.kt\ntigase/halcyon/core/connector/socket/BouncyCastleTLSProcessor$XMPPServerAuthentication\n+ 2 fake.kt\nkotlin/jvm/internal/FakeKt\n*L\n1#1,161:1\n1#2:162\n*E\n"})
    /* loaded from: input_file:tigase/halcyon/core/connector/socket/BouncyCastleTLSProcessor$XMPPServerAuthentication.class */
    public final class XMPPServerAuthentication extends ServerOnlyTlsAuthentication {
        public XMPPServerAuthentication() {
        }

        public void notifyServerCertificate(@Nullable TlsServerCertificate tlsServerCertificate) {
            Certificate certificate;
            X509Certificate[] convertChain;
            BouncyCastleTLSProcessor bouncyCastleTLSProcessor = BouncyCastleTLSProcessor.this;
            if (tlsServerCertificate == null || (certificate = tlsServerCertificate.getCertificate()) == null || (convertChain = BouncyCastleTLSProcessor.this.convertChain(certificate)) == null) {
                throw new SSLHandshakeException("Unrecognized server certificates list.");
            }
            bouncyCastleTLSProcessor.peerCertificates = convertChain;
            if (BouncyCastleTLSProcessor.this.config.getTrustManager() instanceof X509TrustManager) {
                TrustManager trustManager = BouncyCastleTLSProcessor.this.config.getTrustManager();
                Intrinsics.checkNotNull(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
                X509Certificate[] x509CertificateArr = BouncyCastleTLSProcessor.this.peerCertificates;
                Intrinsics.checkNotNull(x509CertificateArr);
                ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, "");
            }
            XMPPHostnameVerifier hostnameVerifier = BouncyCastleTLSProcessor.this.config.getHostnameVerifier();
            String domain = BouncyCastleTLSProcessor.this.config.getDomain();
            X509Certificate[] x509CertificateArr2 = BouncyCastleTLSProcessor.this.peerCertificates;
            Intrinsics.checkNotNull(x509CertificateArr2);
            if (!hostnameVerifier.verify(domain, (java.security.cert.Certificate) ArraysKt.first(x509CertificateArr2))) {
                throw new SSLHandshakeException("Certificate hostname doesn't match domain name you want to connect.");
            }
        }
    }

    public BouncyCastleTLSProcessor(@NotNull Socket socket, @NotNull SocketConnectorConfig socketConnectorConfig) {
        Intrinsics.checkNotNullParameter(socket, "socket");
        Intrinsics.checkNotNullParameter(socketConnectorConfig, "config");
        this.socket = socket;
        this.config = socketConnectorConfig;
        this.log = LoggerFactory.logger$default(LoggerFactory.INSTANCE, "tigase.halcyon.core.connector.socket.BouncyCastleTLSProcessor", false, 2, (Object) null);
    }

    @Nullable
    public byte[] getTlsUnique() {
        return this.tlsUnique;
    }

    @Nullable
    public byte[] getTlsServerEndpoint() {
        byte[] bArr;
        X509Certificate x509Certificate;
        if (this.tlsServerEndpoint != null) {
            return this.tlsServerEndpoint;
        }
        BouncyCastleTLSProcessor bouncyCastleTLSProcessor = this;
        X509Certificate[] x509CertificateArr = this.peerCertificates;
        if (x509CertificateArr == null || (x509Certificate = (X509Certificate) ArraysKt.first(x509CertificateArr)) == null) {
            bArr = null;
        } else {
            bouncyCastleTLSProcessor = bouncyCastleTLSProcessor;
            bArr = DefaultTLSProcessorKt.calculateCertificateHash(x509Certificate);
        }
        bouncyCastleTLSProcessor.tlsServerEndpoint = bArr;
        return this.tlsServerEndpoint;
    }

    @Nullable
    public byte[] getTlsExporter() {
        return this.tlsExporter;
    }

    public boolean isConnectionSecure() {
        return this.secured;
    }

    public void clear() {
        this.secured = false;
    }

    public void proceedTLS(@NotNull Function2<? super InputStream, ? super OutputStream, Unit> function2) {
        Intrinsics.checkNotNullParameter(function2, "callback");
        this.log.info("Proceeding TLS with Bouncycastle");
        final BcTlsCrypto bcTlsCrypto = new BcTlsCrypto(new SecureRandom());
        TlsClientProtocol tlsClientProtocol = new TlsClientProtocol(this.socket.getInputStream(), this.socket.getOutputStream());
        tlsClientProtocol.connect((DefaultTlsClient) new DefaultTlsClient(bcTlsCrypto, this) { // from class: tigase.halcyon.core.connector.socket.BouncyCastleTLSProcessor$proceedTLS$tlsClient$1
            final /* synthetic */ BouncyCastleTLSProcessor this$0;

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super((TlsCrypto) bcTlsCrypto);
                this.this$0 = this;
            }

            @NotNull
            public TlsAuthentication getAuthentication() {
                return new BouncyCastleTLSProcessor.XMPPServerAuthentication();
            }

            public void notifyHandshakeComplete() {
                super.notifyHandshakeComplete();
                this.this$0.secured = true;
                this.this$0.tlsExporter = this.context.exportChannelBinding(3);
                this.this$0.tlsUnique = this.context.exportChannelBinding(1);
                byte[] exportChannelBinding = this.context.exportChannelBinding(0);
                if (exportChannelBinding != null) {
                    this.this$0.tlsServerEndpoint = exportChannelBinding;
                }
            }
        });
        InputStream inputStream = tlsClientProtocol.getInputStream();
        Intrinsics.checkNotNullExpressionValue(inputStream, "tlsClientProtocol.inputStream");
        OutputStream outputStream = tlsClientProtocol.getOutputStream();
        Intrinsics.checkNotNullExpressionValue(outputStream, "tlsClientProtocol.outputStream");
        function2.invoke(inputStream, outputStream);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final X509Certificate[] convertChain(Certificate certificate) throws CertificateException, IOException {
        ArrayList arrayList = new ArrayList();
        int length = certificate.getLength();
        for (int i = 0; i < length; i++) {
            java.security.cert.Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certificate.getCertificateAt(i).getEncoded()));
            Intrinsics.checkNotNull(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
            arrayList.add((X509Certificate) generateCertificate);
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:3:0x001f. Please report as an issue. */
    @Nullable
    protected final String getAuthType(@Nullable TlsKeyExchange tlsKeyExchange) {
        String str;
        String str2;
        try {
            Field declaredField = AbstractTlsKeyExchange.class.getDeclaredField("keyExchange");
            declaredField.setAccessible(true);
            int parseInt = Integer.parseInt(declaredField.get(tlsKeyExchange).toString());
            switch (parseInt) {
                case 0:
                    str2 = "NULL";
                    str = str2;
                    break;
                case 1:
                    str2 = "RSA";
                    str = str2;
                    break;
                case 2:
                    str2 = "RSA_EXPORT";
                    str = str2;
                    break;
                case 3:
                    str2 = "DHE_DSS";
                    str = str2;
                    break;
                case 4:
                    str2 = "DHE_DSS_EXPORT";
                    str = str2;
                    break;
                case 5:
                    str2 = "DHE_RSA";
                    str = str2;
                    break;
                case 6:
                    str2 = "DHE_RSA_EXPORT";
                    str = str2;
                    break;
                case 7:
                    str2 = "DH_DSS";
                    str = str2;
                    break;
                case 8:
                    str2 = "DH_DSS_EXPORT";
                    str = str2;
                    break;
                case 9:
                    str2 = "DH_RSA";
                    str = str2;
                    break;
                case 10:
                    str2 = "DH_RSA_EXPORT";
                    str = str2;
                    break;
                case 11:
                    str2 = "DH_anon";
                    str = str2;
                    break;
                case 12:
                    str2 = "DH_anon_EXPORT";
                    str = str2;
                    break;
                case 13:
                    str2 = "PSK";
                    str = str2;
                    break;
                case 14:
                    str2 = "DHE_PSK";
                    str = str2;
                    break;
                case 15:
                    str2 = "RSA_PSK";
                    str = str2;
                    break;
                case 16:
                    str2 = "ECDH_ECDSA";
                    str = str2;
                    break;
                case 17:
                    str2 = "ECDHE_ECDSA";
                    str = str2;
                    break;
                case 18:
                    str2 = "ECDH_RSA";
                    str = str2;
                    break;
                case 19:
                    str2 = "ECDHE_RSA";
                    str = str2;
                    break;
                case 20:
                    str2 = "ECDH_anon";
                    str = str2;
                    break;
                case 21:
                    str2 = "SRP";
                    str = str2;
                    break;
                case 22:
                    str2 = "SRP_DSS";
                    str = str2;
                    break;
                case 23:
                    str2 = "SRP_RSA";
                    str = str2;
                    break;
                case 24:
                    str2 = "ECDHE_PSK";
                    str = str2;
                    break;
                default:
                    str2 = "UNKNOWN " + parseInt;
                    str = str2;
                    break;
            }
        } catch (Throwable th) {
            th.printStackTrace();
            str = null;
        }
        return str;
    }
}
