package de.persosim.websocket;

import de.persosim.simulator.utils.HexString;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.security.SecureRandom;
import java.util.Vector;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.DefaultTlsServer;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsCredentialedSigner;
import org.bouncycastle.tls.TlsServerProtocol;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.tls.crypto.impl.bc.BcDefaultTlsCredentialedSigner;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
import org.globaltester.logging.BasicLogger;
import org.globaltester.logging.tags.LogLevel;

/* loaded from: classes34.dex */
public class DefaultHandshaker implements TlsHandshaker {
    private Socket clientSocket;
    private TlsServerProtocol protocol;
    private RemoteIfdConfigManager remoteIfdConfig;

    public DefaultHandshaker(RemoteIfdConfigManager remoteIfdConfigManager, Socket socket) {
        this.clientSocket = socket;
        this.remoteIfdConfig = remoteIfdConfigManager;
    }

    @Override // de.persosim.websocket.TlsHandshaker
    public void closeConnection() {
        try {
            BasicLogger.log(getClass(), "Closing TLS connection", LogLevel.DEBUG);
            this.protocol.close();
        } catch (IOException e) {
            BasicLogger.logException(getClass(), "Exception during closing of tls server, probably due to early close", e, LogLevel.INFO);
        }
    }

    @Override // de.persosim.websocket.TlsHandshaker
    public InputStream getInputStream() {
        return this.protocol.getInputStream();
    }

    @Override // de.persosim.websocket.TlsHandshaker
    public OutputStream getOutputStream() {
        return this.protocol.getOutputStream();
    }

    @Override // de.persosim.websocket.TlsHandshaker
    public boolean performHandshake() {
        BcTlsCrypto bcTlsCrypto = new BcTlsCrypto(new SecureRandom());
        try {
            this.protocol = new TlsServerProtocol(this.clientSocket.getInputStream(), this.clientSocket.getOutputStream());
            this.protocol.accept(new DefaultTlsServer(bcTlsCrypto) { // from class: de.persosim.websocket.DefaultHandshaker.1
                private void validateCertificate(Certificate certificate) {
                    if (DefaultHandshaker.this.remoteIfdConfig.getPairedCertificates().contains(CertificateConverter.fromBcTlsCertificateToJavaCertificate(certificate))) {
                        return;
                    }
                    BasicLogger.log(getClass(), "The certificate with serial 0x" + HexString.encode(certificate.getCertificateAt(0).getSerialNumber()) + " is not paired");
                    throw new IllegalArgumentException("Unknown cert " + certificate);
                }

                @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
                public CertificateRequest getCertificateRequest() {
                    Vector vector = new Vector();
                    vector.add(new SignatureAndHashAlgorithm((short) 4, (short) 1));
                    return new CertificateRequest(new short[]{1}, vector, null);
                }

                @Override // org.bouncycastle.tls.DefaultTlsServer
                protected TlsCredentialedSigner getRSASignerCredentials() throws IOException {
                    return new BcDefaultTlsCredentialedSigner(new TlsCryptoParameters(this.context), (BcTlsCrypto) getCrypto(), CertificateConverter.fromJavaKeyToBcAsymetricKeyParameter(DefaultHandshaker.this.remoteIfdConfig.getHostPrivateKey()), CertificateConverter.fromJavaCertificateToBcTlsCertificate(DefaultHandshaker.this.remoteIfdConfig.getHostCertificate()), new SignatureAndHashAlgorithm((short) 4, (short) 1));
                }

                @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
                public void notifyClientCertificate(Certificate certificate) throws IOException {
                    validateCertificate(certificate);
                }

                @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
                public void notifyHandshakeComplete() throws IOException {
                    super.notifyHandshakeComplete();
                    BasicLogger.log(getClass(), "Handshake done", LogLevel.DEBUG);
                }

                @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
                public void notifyOfferedCipherSuites(int[] iArr) throws IOException {
                    super.notifyOfferedCipherSuites(iArr);
                    String str = "Offered cipher suites:";
                    for (int i : iArr) {
                        str = String.valueOf(str) + System.lineSeparator() + Integer.toHexString(i);
                    }
                    BasicLogger.log(getClass(), str, LogLevel.DEBUG);
                }
            });
            return true;
        } catch (IOException e) {
            BasicLogger.logException(getClass(), "Other side closed the connection", e, LogLevel.WARN);
            return false;
        }
    }
}
