package io.ktor.network.tls.cipher;

import androidx.activity.m;
import b6.h;
import io.ktor.network.tls.CipherSuite;
import io.ktor.network.tls.KeysKt;
import io.ktor.network.tls.TLSException;
import io.ktor.network.tls.TLSRecord;
import io.ktor.util.CryptoKt;
import io.ktor.utils.io.core.BytePacketBuilder;
import io.ktor.utils.io.core.ByteReadPacket;
import io.ktor.utils.io.core.Output;
import io.ktor.utils.io.core.OutputKt;
import io.ktor.utils.io.core.StringsKt;
import java.security.MessageDigest;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import k5.g;
import kotlin.jvm.internal.i;

/* compiled from: CBCCipher.kt */
/* loaded from: classes.dex */
public final class CBCCipher implements TLSCipher {
    private long inputCounter;
    private final byte[] keyMaterial;
    private long outputCounter;
    private final Cipher receiveCipher;
    private final SecretKeySpec receiveKey;
    private final Mac receiveMac;
    private final Cipher sendCipher;
    private final SecretKeySpec sendKey;
    private final Mac sendMac;
    private final CipherSuite suite;

    public CBCCipher(CipherSuite suite, byte[] keyMaterial) {
        i.e(suite, "suite");
        i.e(keyMaterial, "keyMaterial");
        this.suite = suite;
        this.keyMaterial = keyMaterial;
        Cipher cipher = Cipher.getInstance(suite.getJdkCipherName());
        i.b(cipher);
        this.sendCipher = cipher;
        this.sendKey = KeysKt.clientKey(keyMaterial, suite);
        Mac mac = Mac.getInstance(suite.getMacName());
        i.b(mac);
        this.sendMac = mac;
        Cipher cipher2 = Cipher.getInstance(suite.getJdkCipherName());
        i.b(cipher2);
        this.receiveCipher = cipher2;
        this.receiveKey = KeysKt.serverKey(keyMaterial, suite);
        Mac mac2 = Mac.getInstance(suite.getMacName());
        i.b(mac2);
        this.receiveMac = mac2;
    }

    private final byte[] prepareMac(TLSRecord tLSRecord, byte[] bArr) {
        this.sendMac.reset();
        this.sendMac.init(KeysKt.clientMacKey(this.keyMaterial, this.suite));
        byte[] bArr2 = new byte[13];
        CipherKt.set(bArr2, 0, this.outputCounter);
        bArr2[8] = (byte) tLSRecord.getType().getCode();
        bArr2[9] = 3;
        bArr2[10] = 3;
        CipherKt.set(bArr2, 11, (short) bArr.length);
        this.outputCounter++;
        this.sendMac.update(bArr2);
        byte[] doFinal = this.sendMac.doFinal(bArr);
        i.d(doFinal, "sendMac.doFinal(content)");
        return doFinal;
    }

    private final void validateMac(TLSRecord tLSRecord, byte[] bArr, int i5) {
        this.receiveMac.reset();
        this.receiveMac.init(KeysKt.serverMacKey(this.keyMaterial, this.suite));
        byte[] bArr2 = new byte[13];
        CipherKt.set(bArr2, 0, this.inputCounter);
        bArr2[8] = (byte) tLSRecord.getType().getCode();
        bArr2[9] = 3;
        bArr2[10] = 3;
        CipherKt.set(bArr2, 11, (short) i5);
        this.inputCounter++;
        this.receiveMac.update(bArr2);
        this.receiveMac.update(bArr, 0, i5);
        byte[] doFinal = this.receiveMac.doFinal();
        i.b(doFinal);
        h indices = m.f0(i5, this.suite.getMacStrengthInBytes() + i5);
        i.e(bArr, "<this>");
        i.e(indices, "indices");
        if (!MessageDigest.isEqual(doFinal, indices.isEmpty() ? new byte[0] : g.k0(bArr, indices.e().intValue(), Integer.valueOf(indices.f2714c).intValue() + 1))) {
            throw new TLSException("Failed to verify MAC content", null, 2, null);
        }
    }

    private final void validatePadding(byte[] bArr, int i5) {
        int i9 = bArr[bArr.length - 1] & 255;
        int length = bArr.length;
        while (i5 < length) {
            int i10 = bArr[i5] & 255;
            if (i9 != i10) {
                throw new TLSException(androidx.datastore.preferences.protobuf.i.b("Padding invalid: expected ", i9, ", actual ", i10), null, 2, null);
            }
            i5++;
        }
    }

    private final void writePadding(BytePacketBuilder bytePacketBuilder) {
        byte blockSize = (byte) (this.sendCipher.getBlockSize() - ((bytePacketBuilder.getSize() + 1) % this.sendCipher.getBlockSize()));
        int i5 = blockSize + 1;
        for (int i9 = 0; i9 < i5; i9++) {
            bytePacketBuilder.writeByte(blockSize);
        }
    }

    @Override // io.ktor.network.tls.cipher.TLSCipher
    public TLSRecord decrypt(TLSRecord record) {
        i.e(record, "record");
        ByteReadPacket packet = record.getPacket();
        this.receiveCipher.init(2, this.receiveKey, new IvParameterSpec(StringsKt.readBytes(packet, this.suite.getFixedIvLength())));
        byte[] readBytes$default = StringsKt.readBytes$default(CipherUtilsKt.cipherLoop$default(packet, this.receiveCipher, null, 2, null), 0, 1, null);
        int length = (readBytes$default.length - (readBytes$default[readBytes$default.length - 1] & 255)) - 1;
        int macStrengthInBytes = length - this.suite.getMacStrengthInBytes();
        validatePadding(readBytes$default, length);
        validateMac(record, readBytes$default, macStrengthInBytes);
        BytePacketBuilder bytePacketBuilder = new BytePacketBuilder(null, 1, null);
        try {
            OutputKt.writeFully((Output) bytePacketBuilder, readBytes$default, 0, macStrengthInBytes);
            return new TLSRecord(record.getType(), record.getVersion(), bytePacketBuilder.build());
        } catch (Throwable th) {
            bytePacketBuilder.release();
            throw th;
        }
    }

    @Override // io.ktor.network.tls.cipher.TLSCipher
    public TLSRecord encrypt(TLSRecord record) {
        i.e(record, "record");
        this.sendCipher.init(1, this.sendKey, new IvParameterSpec(CryptoKt.generateNonce(this.suite.getFixedIvLength())));
        byte[] readBytes$default = StringsKt.readBytes$default(record.getPacket(), 0, 1, null);
        byte[] prepareMac = prepareMac(record, readBytes$default);
        BytePacketBuilder bytePacketBuilder = new BytePacketBuilder(null, 1, null);
        try {
            OutputKt.writeFully$default((Output) bytePacketBuilder, readBytes$default, 0, 0, 6, (Object) null);
            OutputKt.writeFully$default((Output) bytePacketBuilder, prepareMac, 0, 0, 6, (Object) null);
            writePadding(bytePacketBuilder);
            return new TLSRecord(record.getType(), null, CipherUtilsKt.cipherLoop(bytePacketBuilder.build(), this.sendCipher, new CBCCipher$encrypt$packet$1(this)), 2, null);
        } catch (Throwable th) {
            bytePacketBuilder.release();
            throw th;
        }
    }
}
