package io.ktor.network.tls.cipher;

import _COROUTINE._BOUNDARY;
import androidx.compose.ui.Modifier;
import coil.util.Logs;
import io.ktor.client.HttpClient$3$1;
import io.ktor.network.tls.CipherSuite;
import io.ktor.network.tls.KeysKt;
import io.ktor.network.tls.TLSException;
import io.ktor.network.tls.TLSRecord;
import io.ktor.network.tls.TLSRecordType;
import io.ktor.util.CryptoKt__CryptoJvmKt$generateNonceBlocking$1;
import io.ktor.util.CryptoKt__CryptoKt;
import io.ktor.util.NonceKt;
import io.ktor.utils.io.core.BytePacketBuilder;
import io.ktor.utils.io.core.ByteReadPacket;
import java.security.MessageDigest;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.collections.SetsKt;
import kotlin.coroutines.EmptyCoroutineContext;
import kotlin.io.TextStreamsKt$readLines$1;
import kotlin.ranges.IntRange;
import kotlin.text.Charsets;
import kotlinx.coroutines.channels.ChannelResult$Failed;
import okio.Okio;
import okio.Utf8;

/* loaded from: classes.dex */
public final class CBCCipher implements TLSCipher {
    public long inputCounter;
    public final byte[] keyMaterial;
    public long outputCounter;
    public final Cipher receiveCipher;
    public final SecretKeySpec receiveKey;
    public final Mac receiveMac;
    public final Cipher sendCipher;
    public final SecretKeySpec sendKey;
    public final Mac sendMac;
    public final CipherSuite suite;

    public CBCCipher(CipherSuite cipherSuite, byte[] bArr) {
        this.suite = cipherSuite;
        this.keyMaterial = bArr;
        String str = cipherSuite.jdkCipherName;
        Cipher cipher = Cipher.getInstance(str);
        Okio.checkNotNull(cipher);
        this.sendCipher = cipher;
        this.sendKey = KeysKt.clientKey(cipherSuite, bArr);
        String str2 = cipherSuite.macName;
        Mac mac = Mac.getInstance(str2);
        Okio.checkNotNull(mac);
        this.sendMac = mac;
        Cipher cipher2 = Cipher.getInstance(str);
        Okio.checkNotNull(cipher2);
        this.receiveCipher = cipher2;
        this.receiveKey = KeysKt.serverKey(cipherSuite, bArr);
        Mac mac2 = Mac.getInstance(str2);
        Okio.checkNotNull(mac2);
        this.receiveMac = mac2;
    }

    @Override // io.ktor.network.tls.cipher.TLSCipher
    public final TLSRecord decrypt(TLSRecord tLSRecord) {
        Okio.checkNotNullParameter("record", tLSRecord);
        CipherSuite cipherSuite = this.suite;
        int i = cipherSuite.fixedIvLength;
        ByteReadPacket byteReadPacket = tLSRecord.packet;
        byte[] readBytes = Utf8.readBytes(byteReadPacket, i);
        SecretKeySpec secretKeySpec = this.receiveKey;
        IvParameterSpec ivParameterSpec = new IvParameterSpec(readBytes);
        Cipher cipher = this.receiveCipher;
        cipher.init(2, secretKeySpec, ivParameterSpec);
        byte[] readBytes$default = Utf8.readBytes$default(CipherUtilsKt.cipherLoop(byteReadPacket, cipher, HttpClient$3$1.INSTANCE$27));
        int length = (readBytes$default.length - (readBytes$default[readBytes$default.length - 1] & 255)) - 1;
        int i2 = cipherSuite.macStrengthInBytes;
        int i3 = length - i2;
        int i4 = readBytes$default[readBytes$default.length - 1] & 255;
        int length2 = readBytes$default.length;
        while (length < length2) {
            int i5 = readBytes$default[length] & 255;
            if (i4 != i5) {
                throw new TLSException(Modifier.CC.m("Padding invalid: expected ", i4, ", actual ", i5), null);
            }
            length++;
        }
        Mac mac = this.receiveMac;
        mac.reset();
        byte[] bArr = KeysKt.MASTER_SECRET_LABEL;
        byte[] bArr2 = this.keyMaterial;
        Okio.checkNotNullParameter("<this>", bArr2);
        mac.init(new SecretKeySpec(bArr2, i2, i2, cipherSuite.hash.macName));
        byte[] bArr3 = new byte[13];
        CipherKt.set(bArr3, 0, this.inputCounter);
        TLSRecordType tLSRecordType = tLSRecord.type;
        bArr3[8] = (byte) tLSRecordType.code;
        bArr3[9] = 3;
        bArr3[10] = 3;
        CipherKt.set(bArr3, (short) i3);
        this.inputCounter++;
        mac.update(bArr3);
        mac.update(readBytes$default, 0, i3);
        byte[] doFinal = mac.doFinal();
        Okio.checkNotNull(doFinal);
        IntRange until = _BOUNDARY.until(i3, i2 + i3);
        Okio.checkNotNullParameter("indices", until);
        if (!MessageDigest.isEqual(doFinal, until.isEmpty() ? new byte[0] : SetsKt.copyOfRange(readBytes$default, Integer.valueOf(until.first).intValue(), Integer.valueOf(until.last).intValue() + 1))) {
            throw new TLSException("Failed to verify MAC content", null);
        }
        BytePacketBuilder bytePacketBuilder = new BytePacketBuilder();
        try {
            Okio.writeFully(bytePacketBuilder, readBytes$default, 0, i3);
            return new TLSRecord(tLSRecordType, tLSRecord.version, bytePacketBuilder.build());
        } catch (Throwable th) {
            bytePacketBuilder.close();
            throw th;
        }
    }

    @Override // io.ktor.network.tls.cipher.TLSCipher
    public final TLSRecord encrypt(TLSRecord tLSRecord) {
        Object runBlocking;
        Okio.checkNotNullParameter("record", tLSRecord);
        SecretKeySpec secretKeySpec = this.sendKey;
        CipherSuite cipherSuite = this.suite;
        int i = cipherSuite.fixedIvLength;
        char[] cArr = CryptoKt__CryptoKt.digits;
        BytePacketBuilder bytePacketBuilder = new BytePacketBuilder();
        while (true) {
            try {
                if ((bytePacketBuilder.tailPosition - bytePacketBuilder.tailInitialPosition) + bytePacketBuilder.chainedSize >= i) {
                    break;
                }
                Object mo1596tryReceivePtdJZtk = NonceKt.seedChannel.mo1596tryReceivePtdJZtk();
                if (mo1596tryReceivePtdJZtk instanceof ChannelResult$Failed) {
                    mo1596tryReceivePtdJZtk = null;
                }
                String str = (String) mo1596tryReceivePtdJZtk;
                if (str == null) {
                    NonceKt.nonceGeneratorJob.start();
                    runBlocking = Logs.runBlocking(EmptyCoroutineContext.INSTANCE, new CryptoKt__CryptoJvmKt$generateNonceBlocking$1(null));
                    str = (String) runBlocking;
                }
                Utf8.writeText(bytePacketBuilder, str, 0, str.length(), Charsets.UTF_8);
            } finally {
            }
        }
        IvParameterSpec ivParameterSpec = new IvParameterSpec(Utf8.readBytes(bytePacketBuilder.build(), i));
        Cipher cipher = this.sendCipher;
        cipher.init(1, secretKeySpec, ivParameterSpec);
        byte[] readBytes$default = Utf8.readBytes$default(tLSRecord.packet);
        Mac mac = this.sendMac;
        mac.reset();
        byte[] bArr = KeysKt.MASTER_SECRET_LABEL;
        byte[] bArr2 = this.keyMaterial;
        Okio.checkNotNullParameter("<this>", bArr2);
        mac.init(new SecretKeySpec(bArr2, 0, cipherSuite.macStrengthInBytes, cipherSuite.hash.macName));
        byte[] bArr3 = new byte[13];
        CipherKt.set(bArr3, 0, this.outputCounter);
        TLSRecordType tLSRecordType = tLSRecord.type;
        bArr3[8] = (byte) tLSRecordType.code;
        bArr3[9] = 3;
        bArr3[10] = 3;
        CipherKt.set(bArr3, (short) readBytes$default.length);
        this.outputCounter++;
        mac.update(bArr3);
        byte[] doFinal = mac.doFinal(readBytes$default);
        Okio.checkNotNullExpressionValue("sendMac.doFinal(content)", doFinal);
        bytePacketBuilder = new BytePacketBuilder();
        try {
            Okio.writeFully(bytePacketBuilder, readBytes$default, 0, readBytes$default.length - 0);
            Okio.writeFully(bytePacketBuilder, doFinal, 0, doFinal.length - 0);
            byte blockSize = (byte) (cipher.getBlockSize() - ((((bytePacketBuilder.tailPosition - bytePacketBuilder.tailInitialPosition) + bytePacketBuilder.chainedSize) + 1) % cipher.getBlockSize()));
            int i2 = blockSize + 1;
            for (int i3 = 0; i3 < i2; i3++) {
                bytePacketBuilder.writeByte(blockSize);
            }
            return new TLSRecord(tLSRecordType, CipherUtilsKt.cipherLoop(bytePacketBuilder.build(), cipher, new TextStreamsKt$readLines$1(4, this)));
        } finally {
        }
    }
}
