package eu.siacs.conversations.crypto.sasl;

import com.android.tools.r8.annotations.SynthesizedClassV2;
import eu.siacs.conversations.crypto.sasl.SaslMechanism;
import eu.siacs.conversations.ui.RtpSessionActivity;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.bouncycastle.jcajce.provider.digest.SHA256;
import org.conscrypt.Conscrypt;

/* loaded from: classes2.dex */
public interface ChannelBindingMechanism {
    public static final String EXPORTER_LABEL = "EXPORTER-Channel-Binding";

    @SynthesizedClassV2(kind = 7, versionHash = "5e5398f0546d1d7afd62641edb14d82894f11ddc41bce363a0c8d0dac82c9c5a")
    /* renamed from: eu.siacs.conversations.crypto.sasl.ChannelBindingMechanism$-CC, reason: invalid class name */
    /* loaded from: classes2.dex */
    public final /* synthetic */ class CC {
        public static byte[] getChannelBindingData(SSLSocket sSLSocket, ChannelBinding channelBinding) throws SaslMechanism.AuthenticationException {
            if (sSLSocket == null) {
                throw new SaslMechanism.AuthenticationException("Channel binding attempt on non secure socket");
            }
            if (channelBinding == ChannelBinding.TLS_EXPORTER) {
                try {
                    byte[] exportKeyingMaterial = Conscrypt.exportKeyingMaterial(sSLSocket, ChannelBindingMechanism.EXPORTER_LABEL, new byte[0], 32);
                    if (exportKeyingMaterial != null) {
                        return exportKeyingMaterial;
                    }
                    throw new SaslMechanism.AuthenticationException("Could not export keying material. Socket not ready");
                } catch (SSLException unused) {
                    throw new SaslMechanism.AuthenticationException("Could not export keying material");
                }
            }
            if (channelBinding != ChannelBinding.TLS_UNIQUE) {
                if (channelBinding == ChannelBinding.TLS_SERVER_END_POINT) {
                    return getServerEndPointChannelBinding(sSLSocket.getSession());
                }
                throw new SaslMechanism.AuthenticationException(String.format("%s is not a valid channel binding", channelBinding));
            }
            byte[] tlsUnique = Conscrypt.getTlsUnique(sSLSocket);
            if (tlsUnique != null) {
                return tlsUnique;
            }
            throw new SaslMechanism.AuthenticationException("Could not retrieve tls unique. Socket not ready");
        }

        public static byte[] getServerEndPointChannelBinding(SSLSession sSLSession) throws SaslMechanism.AuthenticationException {
            MessageDigest digest;
            try {
                Certificate[] peerCertificates = sSLSession.getPeerCertificates();
                if (peerCertificates == null || peerCertificates.length == 0) {
                    throw new SaslMechanism.AuthenticationException("Could not retrieve peer certificate");
                }
                Certificate certificate = peerCertificates[0];
                if (!(certificate instanceof X509Certificate)) {
                    throw new SaslMechanism.AuthenticationException("Certificate was not X509");
                }
                X509Certificate x509Certificate = (X509Certificate) certificate;
                String sigAlgName = x509Certificate.getSigAlgName();
                int indexOf = sigAlgName.indexOf(RtpSessionActivity.EXTRA_WITH);
                if (indexOf <= 0) {
                    throw new SaslMechanism.AuthenticationException("Unable to parse SigAlgName");
                }
                String substring = sigAlgName.substring(0, indexOf);
                if ("MD5".equalsIgnoreCase(substring) || "SHA1".equalsIgnoreCase(substring)) {
                    digest = new SHA256.Digest();
                } else {
                    try {
                        digest = MessageDigest.getInstance(substring);
                    } catch (NoSuchAlgorithmException unused) {
                        throw new SaslMechanism.AuthenticationException("Could not instantiate message digest for " + substring);
                    }
                }
                try {
                    digest.update(x509Certificate.getEncoded());
                    return digest.digest();
                } catch (CertificateEncodingException unused2) {
                    throw new SaslMechanism.AuthenticationException("Could not encode certificate");
                }
            } catch (SSLPeerUnverifiedException unused3) {
                throw new SaslMechanism.AuthenticationException("Could not verify peer certificates");
            }
        }
    }

    ChannelBinding getChannelBinding();
}
