package com.aimir.fep.protocol.security;

import com.aimir.constants.CommonConstants;
import com.aimir.fep.util.DataUtil;
import com.aimir.fep.util.EventUtil;
import com.aimir.fep.util.FMPProperty;
import com.aimir.fep.util.threshold.CheckThreshold;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xalan.templates.Constants;
import org.eclipse.californium.scandium.DTLSConnector;
import org.eclipse.californium.scandium.ErrorHandler;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.pskstore.StaticPskStore;

/* loaded from: classes2.dex */
public class DtlsConnector {
    private static Log log = LogFactory.getLog(DtlsConnector.class);
    private static final String TRUST_STORE_PASSWORD = FMPProperty.getProperty("protocol.ssl.truststore.password");
    private static final String KEY_STORE_PASSWORD = FMPProperty.getProperty("protocol.ssl.keystore.password");
    private static final String KEY_STORE_LOCATION = FMPProperty.getProperty("protocol.ssl.keystore");
    private static final String TRUST_STORE_LOCATION = FMPProperty.getProperty("protocol.ssl.truststore");
    private static final String PRIVATE_KEY_PASSWORD = FMPProperty.getProperty("protocol.security.password");
    private static final String PRIVATE_ALIAS = FMPProperty.getProperty("protocol.ssl.store.private.alias");
    private static final String CA_ALIAS = FMPProperty.getProperty("protocol.ssl.store.ca.alias");
    private static final String PRIVATE_ALIAS_PANA = FMPProperty.getProperty("protocol.pana.store.private.alias");
    private static final String CA_ALIAS_PANA = FMPProperty.getProperty("protocol.pana.store.ca.alias");

    public static DTLSConnector newDtlsClientConnector(InetSocketAddress inetSocketAddress, boolean z) {
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            FileInputStream fileInputStream = new FileInputStream(KEY_STORE_LOCATION);
            keyStore.load(fileInputStream, KEY_STORE_PASSWORD.toCharArray());
            fileInputStream.close();
            KeyStore keyStore2 = KeyStore.getInstance("JKS");
            FileInputStream fileInputStream2 = new FileInputStream(TRUST_STORE_LOCATION);
            keyStore2.load(fileInputStream2, TRUST_STORE_PASSWORD.toCharArray());
            fileInputStream2.close();
            Certificate[] certificateArr = new Certificate[1];
            if (z) {
                certificateArr[0] = keyStore2.getCertificate(CA_ALIAS_PANA);
            } else {
                certificateArr[0] = keyStore2.getCertificate(CA_ALIAS);
            }
            DtlsConnectorConfig.Builder builder = new DtlsConnectorConfig.Builder(inetSocketAddress);
            builder.setPskStore(new StaticPskStore("Client_identity", PRIVATE_KEY_PASSWORD.getBytes()));
            if (z) {
                builder.setIdentity((PrivateKey) keyStore.getKey(PRIVATE_ALIAS_PANA, KEY_STORE_PASSWORD.toCharArray()), keyStore.getCertificateChain(PRIVATE_ALIAS_PANA), true);
            } else {
                builder.setIdentity((PrivateKey) keyStore.getKey(PRIVATE_ALIAS, KEY_STORE_PASSWORD.toCharArray()), keyStore.getCertificateChain(PRIVATE_ALIAS), true);
            }
            builder.setTrustStore(certificateArr);
            builder.setRetransmissionTimeout(Integer.parseInt(FMPProperty.getProperty("protocol.ssl.client.session.timeout.dtls")) * 1000);
            builder.setClientOnly();
            builder.setClientAuthenticationRequired(false);
            builder.setMaxRetransmissions(3);
            DTLSConnector dTLSConnector = new DTLSConnector(builder.build());
            dTLSConnector.setErrorHandler(new ErrorHandler() { // from class: com.aimir.fep.protocol.security.DtlsConnector.1
                @Override // org.eclipse.californium.scandium.ErrorHandler
                public void onError(InetSocketAddress inetSocketAddress2, AlertMessage.AlertLevel alertLevel, AlertMessage.AlertDescription alertDescription) {
                    DtlsConnector.log.warn("Alert.Level[" + alertLevel.toString() + " DESCR[" + alertDescription.getDescription() + "] Peer[" + inetSocketAddress2.getHostName() + "]");
                    ((EventUtil) DataUtil.getBean(EventUtil.class)).sendEvent("Security Alarm", CommonConstants.TargetClass.Modem, DtlsConnector.trimPort(inetSocketAddress2.getHostName()), new String[][]{new String[]{Constants.ELEMNAME_MESSAGE_STRING, "Uncertificated Access"}});
                    ((CheckThreshold) DataUtil.getBean(CheckThreshold.class)).updateCount(inetSocketAddress2.getHostName(), CommonConstants.ThresholdName.AUTHENTICATION_ERROR);
                }
            });
            return dTLSConnector;
        } catch (IOException | GeneralSecurityException e) {
            log.error("Could not load the keystore", e);
            return null;
        }
    }

    public static DTLSConnector newDtlsClientConnector(boolean z, CommonConstants.Protocol protocol, int i, boolean z2) {
        if (!z) {
            log.debug(" protocol: " + protocol.name() + " /addr: " + FMPProperty.getProperty("fep.ipv6.addr") + " /port: " + i);
            return newDtlsClientConnector(new InetSocketAddress(FMPProperty.getProperty("fep.ipv6.addr"), i), z2);
        }
        if (protocol == CommonConstants.Protocol.IP || protocol == CommonConstants.Protocol.GPRS || protocol == CommonConstants.Protocol.LAN) {
            log.debug(" protocol: " + protocol.name() + " /addr: " + FMPProperty.getProperty("fep.ipv4.addr.ETH") + " /port: " + i);
            return newDtlsClientConnector(new InetSocketAddress(FMPProperty.getProperty("fep.ipv4.addr.ETH"), i), z2);
        }
        log.debug(" protocol: " + protocol.name() + " /addr: " + FMPProperty.getProperty("fep.ipv4.addr.MBB") + " /port: " + i);
        return newDtlsClientConnector(new InetSocketAddress(FMPProperty.getProperty("fep.ipv4.addr.MBB"), i), z2);
    }

    public static DTLSConnector newDtlsServerConnector(int i, boolean z) {
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            FileInputStream fileInputStream = new FileInputStream(KEY_STORE_LOCATION);
            keyStore.load(fileInputStream, KEY_STORE_PASSWORD.toCharArray());
            fileInputStream.close();
            KeyStore keyStore2 = KeyStore.getInstance("JKS");
            FileInputStream fileInputStream2 = new FileInputStream(TRUST_STORE_LOCATION);
            keyStore2.load(fileInputStream2, TRUST_STORE_PASSWORD.toCharArray());
            fileInputStream2.close();
            Certificate[] certificateArr = new Certificate[1];
            if (z) {
                certificateArr[0] = keyStore2.getCertificate(PRIVATE_ALIAS_PANA);
            } else {
                certificateArr[0] = keyStore2.getCertificate(PRIVATE_ALIAS);
            }
            DtlsConnectorConfig.Builder builder = new DtlsConnectorConfig.Builder(new InetSocketAddress(FMPProperty.getProperty("fep.ipv6.addr"), i));
            builder.setPskStore(new StaticPskStore("Client_identity", PRIVATE_KEY_PASSWORD.getBytes()));
            if (z) {
                builder.setIdentity((PrivateKey) keyStore.getKey(PRIVATE_ALIAS_PANA, KEY_STORE_PASSWORD.toCharArray()), keyStore.getCertificateChain(PRIVATE_ALIAS_PANA), true);
            } else {
                builder.setIdentity((PrivateKey) keyStore.getKey(PRIVATE_ALIAS, KEY_STORE_PASSWORD.toCharArray()), keyStore.getCertificateChain(PRIVATE_ALIAS), true);
            }
            builder.setTrustStore(certificateArr);
            builder.setRetransmissionTimeout(Integer.parseInt(FMPProperty.getProperty("protocol.ssl.server.session.timeout.dtls")) * 1000);
            builder.setClientAuthenticationRequired(false);
            DTLSConnector dTLSConnector = new DTLSConnector(builder.build());
            dTLSConnector.setErrorHandler(new ErrorHandler() { // from class: com.aimir.fep.protocol.security.DtlsConnector.2
                @Override // org.eclipse.californium.scandium.ErrorHandler
                public void onError(InetSocketAddress inetSocketAddress, AlertMessage.AlertLevel alertLevel, AlertMessage.AlertDescription alertDescription) {
                    DtlsConnector.log.warn("Alert.Level[" + alertLevel.toString() + " DESCR[" + alertDescription.getDescription() + "] Peer[" + inetSocketAddress.getHostName() + "]");
                    ((CheckThreshold) DataUtil.getBean(CheckThreshold.class)).updateCount(inetSocketAddress.getHostName(), CommonConstants.ThresholdName.AUTHENTICATION_ERROR);
                }
            });
            return dTLSConnector;
        } catch (IOException | GeneralSecurityException e) {
            log.error("Could not load the keystore", e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String trimPort(String str) {
        if (str == null) {
            return null;
        }
        String replace = str.replace("/", "");
        return (replace == null || "".equals(replace) || replace.lastIndexOf(":") == -1) ? replace : replace.substring(0, replace.lastIndexOf(":"));
    }
}
