package fm.icelink;

import java.io.IOException;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.tls.Certificate;
import org.bouncycastle.crypto.tls.CertificateRequest;
import org.bouncycastle.crypto.tls.DefaultTlsSignerCredentials;
import org.bouncycastle.crypto.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.crypto.tls.TlsAuthentication;
import org.bouncycastle.crypto.tls.TlsContext;
import org.bouncycastle.crypto.tls.TlsCredentials;
import org.bouncycastle.crypto.tls.TlsFatalAlert;

/* compiled from: DtlsBouncyCastleClientAuthentication.java */
/* loaded from: classes2.dex */
class w3 implements TlsAuthentication {
    private TlsContext a;
    public String b;
    public String c;
    private k6<byte[]> d;
    private c4 e;

    public w3(TlsContext tlsContext, c4 c4Var, String str, String str2, k6<byte[]> k6Var) {
        this.a = tlsContext;
        this.e = c4Var;
        this.b = str;
        this.c = str2;
        this.d = k6Var;
    }

    public c4 a() {
        return this.e;
    }

    @Override // org.bouncycastle.crypto.tls.TlsAuthentication
    public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
        qa.a("Generating DTLS 'client certificate' message.");
        if (certificateRequest.getCertificateTypes() == null) {
            return null;
        }
        AsymmetricKeyParameter c = b4.c(a());
        if (c != null) {
            if (certificateRequest.getSupportedSignatureAlgorithms() == null) {
                return new DefaultTlsSignerCredentials(this.a, b4.b(a()), c);
            }
            SignatureAndHashAlgorithm e = b4.e(certificateRequest.getSupportedSignatureAlgorithms(), (short) 3);
            if (e != null) {
                return new DefaultTlsSignerCredentials(this.a, b4.b(a()), c, e);
            }
        }
        AsymmetricKeyParameter d = b4.d(a());
        if (d == null) {
            return null;
        }
        if (certificateRequest.getSupportedSignatureAlgorithms() == null) {
            return new DefaultTlsSignerCredentials(this.a, b4.b(a()), d);
        }
        SignatureAndHashAlgorithm e2 = b4.e(certificateRequest.getSupportedSignatureAlgorithms(), (short) 1);
        if (e2 != null) {
            return new DefaultTlsSignerCredentials(this.a, b4.b(a()), d, e2);
        }
        return null;
    }

    @Override // org.bouncycastle.crypto.tls.TlsAuthentication
    public void notifyServerCertificate(Certificate certificate) throws IOException {
        String b0;
        k6<byte[]> k6Var;
        if (certificate == null) {
            throw new TlsFatalAlert((short) 42);
        }
        org.bouncycastle.asn1.x509.Certificate[] certificateList = certificate.getCertificateList();
        if (certificateList == null || certificateList.length == 0) {
            throw new TlsFatalAlert((short) 42);
        }
        org.bouncycastle.asn1.x509.Certificate certificate2 = certificateList[0];
        if (this.b.toLowerCase().equals("sha2") || this.b.toLowerCase().equals("sha256") || this.b.toLowerCase().equals("sha-256")) {
            b0 = f6.b(h6.Sha256, z2.d0(certificate2.getEncoded())).b0();
        } else {
            if (!this.b.toLowerCase().equals("sha") && !this.b.toLowerCase().equals("sha1") && !this.b.toLowerCase().equals("sha-1")) {
                throw new TlsFatalAlert((short) 49);
            }
            b0 = f6.b(h6.Sha1, z2.d0(certificate2.getEncoded())).b0();
        }
        if (!b0.toLowerCase().equals(this.c.replace(":", "").toLowerCase())) {
            throw new TlsFatalAlert((short) 49);
        }
        byte[] bArr = null;
        try {
            bArr = certificate2.getEncoded();
        } catch (Exception e) {
            qa.d("Could not process remote DTLS certificate.", e);
        }
        if (bArr == null || (k6Var = this.d) == null) {
            return;
        }
        k6Var.invoke(bArr);
    }
}
