package sun.security.ssl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Hashtable;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import sun.misc.HexDumpEncoder;
import sun.security.ssl.CipherSuite;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:jvmlibs.zip:jsse.jar:sun/security/ssl/CipherBox.class */
public final class CipherBox {
    static final CipherBox NULL = new CipherBox();
    private static final Debug debug = Debug.getInstance("ssl");
    private final ProtocolVersion protocolVersion;
    private final Cipher cipher;
    private SecureRandom random;
    private final byte[] fixedIv;
    private final Key key;
    private final int mode;
    private final int tagSize;
    private final int recordIvSize;
    private final CipherSuite.CipherType cipherType;
    private static Hashtable<Integer, IvParameterSpec> masks;

    private CipherBox() {
        this.protocolVersion = ProtocolVersion.DEFAULT;
        this.cipher = null;
        this.cipherType = CipherSuite.CipherType.STREAM_CIPHER;
        this.fixedIv = new byte[0];
        this.key = null;
        this.mode = 1;
        this.random = null;
        this.tagSize = 0;
        this.recordIvSize = 0;
    }

    private CipherBox(ProtocolVersion protocolVersion, CipherSuite.BulkCipher bulkCipher, SecretKey secretKey, IvParameterSpec ivParameterSpec, SecureRandom secureRandom, boolean z) throws NoSuchAlgorithmException {
        try {
            this.protocolVersion = protocolVersion;
            this.cipher = JsseJce.getCipher(bulkCipher.transformation);
            this.mode = z ? 1 : 2;
            secureRandom = secureRandom == null ? JsseJce.getSecureRandom() : secureRandom;
            this.random = secureRandom;
            this.cipherType = bulkCipher.cipherType;
            if (ivParameterSpec == null && bulkCipher.ivSize != 0 && this.mode == 2 && protocolVersion.v >= ProtocolVersion.TLS11.v) {
                ivParameterSpec = getFixedMask(bulkCipher.ivSize);
            }
            if (this.cipherType == CipherSuite.CipherType.AEAD_CIPHER) {
                bulkCipher.getClass();
                this.tagSize = 16;
                this.key = secretKey;
                this.fixedIv = ivParameterSpec.getIV();
                if (this.fixedIv == null || this.fixedIv.length != bulkCipher.fixedIvSize) {
                    throw new RuntimeException("Improper fixed IV for AEAD");
                }
                this.recordIvSize = bulkCipher.ivSize - bulkCipher.fixedIvSize;
            } else {
                this.tagSize = 0;
                this.fixedIv = new byte[0];
                this.recordIvSize = 0;
                this.key = null;
                this.cipher.init(this.mode, secretKey, ivParameterSpec, secureRandom);
            }
        } catch (Exception e) {
            throw new NoSuchAlgorithmException("Could not create cipher " + ((Object) bulkCipher), e);
        } catch (ExceptionInInitializerError e2) {
            throw new NoSuchAlgorithmException("Could not create cipher " + ((Object) bulkCipher), e2);
        } catch (NoSuchAlgorithmException e3) {
            throw e3;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static CipherBox newCipherBox(ProtocolVersion protocolVersion, CipherSuite.BulkCipher bulkCipher, SecretKey secretKey, IvParameterSpec ivParameterSpec, SecureRandom secureRandom, boolean z) throws NoSuchAlgorithmException {
        if (bulkCipher.allowed) {
            return bulkCipher == CipherSuite.B_NULL ? NULL : new CipherBox(protocolVersion, bulkCipher, secretKey, ivParameterSpec, secureRandom, z);
        }
        throw new NoSuchAlgorithmException("Unsupported cipher " + ((Object) bulkCipher));
    }

    private static IvParameterSpec getFixedMask(int i) {
        if (masks == null) {
            masks = new Hashtable<>(5);
        }
        IvParameterSpec ivParameterSpec = masks.get(Integer.valueOf(i));
        if (ivParameterSpec == null) {
            ivParameterSpec = new IvParameterSpec(new byte[i]);
            masks.put(Integer.valueOf(i), ivParameterSpec);
        }
        return ivParameterSpec;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int encrypt(byte[] bArr, int i, int i2) {
        if (this.cipher == null) {
            return i2;
        }
        try {
            int blockSize = this.cipher.getBlockSize();
            if (this.cipherType == CipherSuite.CipherType.BLOCK_CIPHER) {
                i2 = addPadding(bArr, i, i2, blockSize);
            }
            if (debug != null && Debug.isOn("plaintext")) {
                try {
                    HexDumpEncoder hexDumpEncoder = new HexDumpEncoder();
                    System.out.println("Padded plaintext before ENCRYPTION:  len = " + i2);
                    hexDumpEncoder.encodeBuffer(new ByteArrayInputStream(bArr, i, i2), System.out);
                } catch (IOException e) {
                }
            }
            if (this.cipherType == CipherSuite.CipherType.AEAD_CIPHER) {
                try {
                    return this.cipher.doFinal(bArr, i, i2, bArr, i);
                } catch (BadPaddingException | IllegalBlockSizeException e2) {
                    throw new RuntimeException("Cipher error in AEAD mode in JCE provider " + this.cipher.getProvider().getName(), e2);
                }
            }
            int update = this.cipher.update(bArr, i, i2, bArr, i);
            if (update != i2) {
                throw new RuntimeException("Cipher buffering error in JCE provider " + this.cipher.getProvider().getName());
            }
            return update;
        } catch (ShortBufferException e3) {
            throw new ArrayIndexOutOfBoundsException(e3.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int encrypt(ByteBuffer byteBuffer, int i) {
        int remaining = byteBuffer.remaining();
        if (this.cipher == null) {
            byteBuffer.position(byteBuffer.limit());
            return remaining;
        }
        int position = byteBuffer.position();
        int blockSize = this.cipher.getBlockSize();
        if (this.cipherType == CipherSuite.CipherType.BLOCK_CIPHER) {
            remaining = addPadding(byteBuffer, blockSize);
            byteBuffer.position(position);
        }
        if (debug != null && Debug.isOn("plaintext")) {
            try {
                HexDumpEncoder hexDumpEncoder = new HexDumpEncoder();
                System.out.println("Padded plaintext before ENCRYPTION:  len = " + remaining);
                hexDumpEncoder.encodeBuffer(byteBuffer.duplicate(), System.out);
            } catch (IOException e) {
            }
        }
        ByteBuffer duplicate = byteBuffer.duplicate();
        if (this.cipherType != CipherSuite.CipherType.AEAD_CIPHER) {
            try {
                int update = this.cipher.update(duplicate, byteBuffer);
                if (byteBuffer.position() != duplicate.position()) {
                    throw new RuntimeException("bytebuffer padding error");
                }
                if (update != remaining) {
                    throw new RuntimeException("Cipher buffering error in JCE provider " + this.cipher.getProvider().getName());
                }
                return update;
            } catch (ShortBufferException e2) {
                throw new RuntimeException("Cipher buffering error in JCE provider " + this.cipher.getProvider().getName());
            }
        }
        try {
            int outputSize = this.cipher.getOutputSize(duplicate.remaining());
            if (outputSize > byteBuffer.remaining()) {
                if (i < position + outputSize) {
                    throw new ShortBufferException("need more space in output buffer");
                }
                byteBuffer.limit(position + outputSize);
            }
            int doFinal = this.cipher.doFinal(duplicate, byteBuffer);
            if (doFinal != outputSize) {
                throw new RuntimeException("Cipher buffering error in JCE provider " + this.cipher.getProvider().getName());
            }
            return doFinal;
        } catch (BadPaddingException | IllegalBlockSizeException | ShortBufferException e3) {
            throw new RuntimeException("Cipher error in AEAD mode in JCE provider " + this.cipher.getProvider().getName(), e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int decrypt(byte[] bArr, int i, int i2, int i3) throws BadPaddingException {
        int doFinal;
        if (this.cipher == null) {
            return i2;
        }
        try {
            if (this.cipherType == CipherSuite.CipherType.AEAD_CIPHER) {
                try {
                    doFinal = this.cipher.doFinal(bArr, i, i2, bArr, i);
                } catch (IllegalBlockSizeException e) {
                    throw new RuntimeException("Cipher error in AEAD mode in JCE provider " + this.cipher.getProvider().getName(), e);
                }
            } else {
                doFinal = this.cipher.update(bArr, i, i2, bArr, i);
                if (doFinal != i2) {
                    throw new RuntimeException("Cipher buffering error in JCE provider " + this.cipher.getProvider().getName());
                }
            }
            if (debug != null && Debug.isOn("plaintext")) {
                try {
                    HexDumpEncoder hexDumpEncoder = new HexDumpEncoder();
                    System.out.println("Padded plaintext after DECRYPTION:  len = " + doFinal);
                    hexDumpEncoder.encodeBuffer(new ByteArrayInputStream(bArr, i, doFinal), System.out);
                } catch (IOException e2) {
                }
            }
            if (this.cipherType == CipherSuite.CipherType.BLOCK_CIPHER) {
                int blockSize = this.cipher.getBlockSize();
                doFinal = removePadding(bArr, i, doFinal, i3, blockSize, this.protocolVersion);
                if (this.protocolVersion.v >= ProtocolVersion.TLS11.v && doFinal < blockSize) {
                    throw new BadPaddingException("invalid explicit IV");
                }
            }
            return doFinal;
        } catch (ShortBufferException e3) {
            throw new ArrayIndexOutOfBoundsException(e3.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int decrypt(ByteBuffer byteBuffer, int i) throws BadPaddingException {
        int doFinal;
        int remaining = byteBuffer.remaining();
        if (this.cipher == null) {
            byteBuffer.position(byteBuffer.limit());
            return remaining;
        }
        try {
            int position = byteBuffer.position();
            ByteBuffer duplicate = byteBuffer.duplicate();
            if (this.cipherType == CipherSuite.CipherType.AEAD_CIPHER) {
                try {
                    doFinal = this.cipher.doFinal(duplicate, byteBuffer);
                } catch (IllegalBlockSizeException e) {
                    throw new RuntimeException("Cipher error in AEAD mode \"" + e.getMessage() + " \"in JCE provider " + this.cipher.getProvider().getName());
                }
            } else {
                doFinal = this.cipher.update(duplicate, byteBuffer);
                if (doFinal != remaining) {
                    throw new RuntimeException("Cipher buffering error in JCE provider " + this.cipher.getProvider().getName());
                }
            }
            byteBuffer.limit(position + doFinal);
            if (debug != null && Debug.isOn("plaintext")) {
                try {
                    HexDumpEncoder hexDumpEncoder = new HexDumpEncoder();
                    System.out.println("Padded plaintext after DECRYPTION:  len = " + doFinal);
                    hexDumpEncoder.encodeBuffer((ByteBuffer) byteBuffer.duplicate().position(position), System.out);
                } catch (IOException e2) {
                }
            }
            if (this.cipherType == CipherSuite.CipherType.BLOCK_CIPHER) {
                int blockSize = this.cipher.getBlockSize();
                byteBuffer.position(position);
                doFinal = removePadding(byteBuffer, i, blockSize, this.protocolVersion);
                if (this.protocolVersion.v >= ProtocolVersion.TLS11.v) {
                    if (doFinal < blockSize) {
                        throw new BadPaddingException("invalid explicit IV");
                    }
                    byteBuffer.position(byteBuffer.limit());
                }
            }
            return doFinal;
        } catch (ShortBufferException e3) {
            throw new ArrayIndexOutOfBoundsException(e3.toString());
        }
    }

    private static int addPadding(byte[] bArr, int i, int i2, int i3) {
        int i4 = i2 + 1;
        if (i4 % i3 != 0) {
            int i5 = i4 + (i3 - 1);
            i4 = i5 - (i5 % i3);
        }
        int i6 = (byte) (i4 - i2);
        if (bArr.length < i4 + i) {
            throw new IllegalArgumentException("no space to pad buffer");
        }
        int i7 = i + i2;
        for (int i8 = 0; i8 < i6; i8++) {
            int i9 = i7;
            i7++;
            bArr[i9] = (byte) (i6 - 1);
        }
        return i4;
    }

    private static int addPadding(ByteBuffer byteBuffer, int i) {
        int remaining = byteBuffer.remaining();
        int position = byteBuffer.position();
        int i2 = remaining + 1;
        if (i2 % i != 0) {
            int i3 = i2 + (i - 1);
            i2 = i3 - (i3 % i);
        }
        int i4 = (byte) (i2 - remaining);
        byteBuffer.limit(i2 + position);
        int i5 = position + remaining;
        for (int i6 = 0; i6 < i4; i6++) {
            int i7 = i5;
            i5++;
            byteBuffer.put(i7, (byte) (i4 - 1));
        }
        byteBuffer.position(i5);
        byteBuffer.limit(i5);
        return i2;
    }

    private static int[] checkPadding(byte[] bArr, int i, int i2, byte b) {
        if (i2 <= 0) {
            throw new RuntimeException("padding len must be positive");
        }
        int[] iArr = {0, 0};
        int i3 = 0;
        while (i3 <= 256) {
            int i4 = 0;
            while (i4 < i2 && i3 <= 256) {
                if (bArr[i + i4] != b) {
                    iArr[0] = iArr[0] + 1;
                } else {
                    iArr[1] = iArr[1] + 1;
                }
                i4++;
                i3++;
            }
        }
        return iArr;
    }

    private static int[] checkPadding(ByteBuffer byteBuffer, byte b) {
        if (!byteBuffer.hasRemaining()) {
            throw new RuntimeException("hasRemaining() must be positive");
        }
        int[] iArr = {0, 0};
        byteBuffer.mark();
        int i = 0;
        while (i <= 256) {
            while (byteBuffer.hasRemaining() && i <= 256) {
                if (byteBuffer.get() != b) {
                    iArr[0] = iArr[0] + 1;
                } else {
                    iArr[1] = iArr[1] + 1;
                }
                i++;
            }
            byteBuffer.reset();
        }
        return iArr;
    }

    private static int removePadding(byte[] bArr, int i, int i2, int i3, int i4, ProtocolVersion protocolVersion) throws BadPaddingException {
        int i5 = bArr[(i + i2) - 1] & 255;
        int i6 = i2 - (i5 + 1);
        if (i6 - i3 < 0) {
            checkPadding(bArr, i, i2, (byte) (i5 & 255));
            throw new BadPaddingException("Invalid Padding length: " + i5);
        }
        int[] checkPadding = checkPadding(bArr, i + i6, i5 + 1, (byte) (i5 & 255));
        if (protocolVersion.v >= ProtocolVersion.TLS10.v) {
            if (checkPadding[0] != 0) {
                throw new BadPaddingException("Invalid TLS padding data");
            }
        } else if (i5 > i4) {
            throw new BadPaddingException("Invalid SSLv3 padding");
        }
        return i6;
    }

    private static int removePadding(ByteBuffer byteBuffer, int i, int i2, ProtocolVersion protocolVersion) throws BadPaddingException {
        int remaining = byteBuffer.remaining();
        int position = byteBuffer.position();
        int i3 = byteBuffer.get((position + remaining) - 1) & 255;
        int i4 = remaining - (i3 + 1);
        if (i4 - i < 0) {
            checkPadding(byteBuffer.duplicate(), (byte) (i3 & 255));
            throw new BadPaddingException("Invalid Padding length: " + i3);
        }
        int[] checkPadding = checkPadding((ByteBuffer) byteBuffer.duplicate().position(position + i4), (byte) (i3 & 255));
        if (protocolVersion.v >= ProtocolVersion.TLS10.v) {
            if (checkPadding[0] != 0) {
                throw new BadPaddingException("Invalid TLS padding data");
            }
        } else if (i3 > i2) {
            throw new BadPaddingException("Invalid SSLv3 padding");
        }
        byteBuffer.position(position + i4);
        byteBuffer.limit(position + i4);
        return i4;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void dispose() {
        try {
            if (this.cipher != null) {
                this.cipher.doFinal();
            }
        } catch (Exception e) {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isCBCMode() {
        return this.cipherType == CipherSuite.CipherType.BLOCK_CIPHER;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isAEADMode() {
        return this.cipherType == CipherSuite.CipherType.AEAD_CIPHER;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isNullCipher() {
        return this.cipher == null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getExplicitNonceSize() {
        switch (this.cipherType) {
            case BLOCK_CIPHER:
                if (this.protocolVersion.v >= ProtocolVersion.TLS11.v) {
                    return this.cipher.getBlockSize();
                }
                return 0;
            case AEAD_CIPHER:
                return this.recordIvSize;
            default:
                return 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int applyExplicitNonce(Authenticator authenticator, byte b, ByteBuffer byteBuffer) throws BadPaddingException {
        switch (this.cipherType) {
            case BLOCK_CIPHER:
                int MAClen = authenticator instanceof MAC ? ((MAC) authenticator).MAClen() : 0;
                if (MAClen != 0 && !sanityCheck(MAClen, byteBuffer.remaining())) {
                    throw new BadPaddingException("ciphertext sanity check failed");
                }
                if (this.protocolVersion.v >= ProtocolVersion.TLS11.v) {
                    return this.cipher.getBlockSize();
                }
                return 0;
            case AEAD_CIPHER:
                if (byteBuffer.remaining() < this.recordIvSize + this.tagSize) {
                    throw new BadPaddingException("invalid AEAD cipher fragment");
                }
                byte[] copyOf = Arrays.copyOf(this.fixedIv, this.fixedIv.length + this.recordIvSize);
                byteBuffer.get(copyOf, this.fixedIv.length, this.recordIvSize);
                byteBuffer.position(byteBuffer.position() - this.recordIvSize);
                try {
                    this.cipher.init(this.mode, this.key, new GCMParameterSpec(this.tagSize * 8, copyOf), this.random);
                    this.cipher.updateAAD(authenticator.acquireAuthenticationBytes(b, (byteBuffer.remaining() - this.recordIvSize) - this.tagSize));
                    return this.recordIvSize;
                } catch (InvalidAlgorithmParameterException | InvalidKeyException e) {
                    throw new RuntimeException("invalid key or spec in GCM mode", e);
                }
            default:
                return 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int applyExplicitNonce(Authenticator authenticator, byte b, byte[] bArr, int i, int i2) throws BadPaddingException {
        return applyExplicitNonce(authenticator, b, ByteBuffer.wrap(bArr, i, i2));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] createExplicitNonce(Authenticator authenticator, byte b, int i) {
        byte[] bArr = new byte[0];
        switch (this.cipherType) {
            case BLOCK_CIPHER:
                if (this.protocolVersion.v >= ProtocolVersion.TLS11.v) {
                    bArr = new byte[this.cipher.getBlockSize()];
                    this.random.nextBytes(bArr);
                    break;
                }
                break;
            case AEAD_CIPHER:
                bArr = authenticator.sequenceNumber();
                byte[] copyOf = Arrays.copyOf(this.fixedIv, this.fixedIv.length + bArr.length);
                System.arraycopy(bArr, 0, copyOf, this.fixedIv.length, bArr.length);
                try {
                    this.cipher.init(this.mode, this.key, new GCMParameterSpec(this.tagSize * 8, copyOf), this.random);
                    this.cipher.updateAAD(authenticator.acquireAuthenticationBytes(b, i));
                    break;
                } catch (InvalidAlgorithmParameterException | InvalidKeyException e) {
                    throw new RuntimeException("invalid key or spec in GCM mode", e);
                }
        }
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Boolean isAvailable() {
        if (this.cipherType == CipherSuite.CipherType.AEAD_CIPHER) {
            try {
                byte[] sequenceNumber = new Authenticator(this.protocolVersion).sequenceNumber();
                byte[] copyOf = Arrays.copyOf(this.fixedIv, this.fixedIv.length + sequenceNumber.length);
                System.arraycopy(sequenceNumber, 0, copyOf, this.fixedIv.length, sequenceNumber.length);
                this.cipher.init(this.mode, this.key, new GCMParameterSpec(this.tagSize * 8, copyOf), this.random);
            } catch (Exception e) {
                return Boolean.FALSE;
            }
        }
        return Boolean.TRUE;
    }

    private boolean sanityCheck(int i, int i2) {
        if (!isCBCMode()) {
            return i2 >= i;
        }
        int blockSize = this.cipher.getBlockSize();
        if (i2 % blockSize != 0) {
            return false;
        }
        int i3 = i + 1;
        int i4 = i3 >= blockSize ? i3 : blockSize;
        if (this.protocolVersion.v >= ProtocolVersion.TLS11.v) {
            i4 += blockSize;
        }
        return i2 >= i4;
    }
}
