package io.ktor.network.tls.cipher;

import defpackage.xl;
import io.ktor.network.tls.CipherSuite;
import io.ktor.network.tls.KeysKt;
import io.ktor.network.tls.TLSException;
import io.ktor.network.tls.TLSRecord;
import io.ktor.util.CryptoKt;
import io.ktor.utils.io.core.BytePacketBuilder;
import io.ktor.utils.io.core.ByteReadPacket;
import io.ktor.utils.io.core.OutputKt;
import io.ktor.utils.io.core.StringsKt;
import java.security.MessageDigest;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.a;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;

@Metadata(d1 = {"\u0000\u001e\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0004\b\u0000\u0018\u00002\u00020\u0001B\u0017\u0012\u0006\u0010\b\u001a\u00020\u0007\u0012\u0006\u0010\n\u001a\u00020\t¢\u0006\u0004\b\u000b\u0010\fJ\u0017\u0010\u0004\u001a\u00020\u00022\u0006\u0010\u0003\u001a\u00020\u0002H\u0016¢\u0006\u0004\b\u0004\u0010\u0005J\u0017\u0010\u0006\u001a\u00020\u00022\u0006\u0010\u0003\u001a\u00020\u0002H\u0016¢\u0006\u0004\b\u0006\u0010\u0005¨\u0006\r"}, d2 = {"Lio/ktor/network/tls/cipher/CBCCipher;", "Lio/ktor/network/tls/cipher/TLSCipher;", "Lio/ktor/network/tls/TLSRecord;", "record", "encrypt", "(Lio/ktor/network/tls/TLSRecord;)Lio/ktor/network/tls/TLSRecord;", "decrypt", "Lio/ktor/network/tls/CipherSuite;", "suite", "", "keyMaterial", "<init>", "(Lio/ktor/network/tls/CipherSuite;[B)V", "ktor-network-tls"}, k = 1, mv = {1, 6, 0})
/* loaded from: classes4.dex */
public final class CBCCipher implements TLSCipher {
    public final CipherSuite b;
    public final byte[] c;
    public final Cipher d;
    public final SecretKeySpec e;
    public final Mac f;
    public final Cipher g;
    public final SecretKeySpec h;
    public final Mac i;
    public long j;
    public long k;

    public CBCCipher(CipherSuite suite, byte[] keyMaterial) {
        Intrinsics.checkNotNullParameter(suite, "suite");
        Intrinsics.checkNotNullParameter(keyMaterial, "keyMaterial");
        this.b = suite;
        this.c = keyMaterial;
        Cipher cipher = Cipher.getInstance(suite.getJdkCipherName());
        Intrinsics.checkNotNull(cipher);
        this.d = cipher;
        this.e = KeysKt.clientKey(keyMaterial, suite);
        Mac mac = Mac.getInstance(suite.getMacName());
        Intrinsics.checkNotNull(mac);
        this.f = mac;
        Cipher cipher2 = Cipher.getInstance(suite.getJdkCipherName());
        Intrinsics.checkNotNull(cipher2);
        this.g = cipher2;
        this.h = KeysKt.serverKey(keyMaterial, suite);
        Mac mac2 = Mac.getInstance(suite.getMacName());
        Intrinsics.checkNotNull(mac2);
        this.i = mac2;
    }

    @Override // io.ktor.network.tls.cipher.TLSCipher
    public TLSRecord decrypt(TLSRecord record) {
        Intrinsics.checkNotNullParameter(record, "record");
        ByteReadPacket packet = record.getPacket();
        CipherSuite cipherSuite = this.b;
        IvParameterSpec ivParameterSpec = new IvParameterSpec(StringsKt.readBytes(packet, cipherSuite.getFixedIvLength()));
        Cipher cipher = this.g;
        cipher.init(2, this.h, ivParameterSpec);
        byte[] readBytes$default = StringsKt.readBytes$default(CipherUtilsKt.cipherLoop$default(packet, cipher, null, 2, null), 0, 1, null);
        int length = (readBytes$default.length - (readBytes$default[readBytes$default.length - 1] & 255)) - 1;
        int macStrengthInBytes = length - cipherSuite.getMacStrengthInBytes();
        int i = readBytes$default[readBytes$default.length - 1] & 255;
        int length2 = readBytes$default.length;
        while (length < length2) {
            int i2 = readBytes$default[length] & 255;
            if (i != i2) {
                throw new TLSException(xl.i("Padding invalid: expected ", i, ", actual ", i2), null, 2, null);
            }
            length++;
        }
        Mac mac = this.i;
        mac.reset();
        mac.init(KeysKt.serverMacKey(this.c, cipherSuite));
        byte[] bArr = new byte[13];
        CipherKt.set(bArr, 0, this.j);
        bArr[8] = (byte) record.getType().getCode();
        bArr[9] = 3;
        bArr[10] = 3;
        CipherKt.set(bArr, 11, (short) macStrengthInBytes);
        this.j++;
        mac.update(bArr);
        mac.update(readBytes$default, 0, macStrengthInBytes);
        byte[] doFinal = mac.doFinal();
        Intrinsics.checkNotNull(doFinal);
        if (!MessageDigest.isEqual(doFinal, a.sliceArray(readBytes$default, kotlin.ranges.a.until(macStrengthInBytes, cipherSuite.getMacStrengthInBytes() + macStrengthInBytes)))) {
            throw new TLSException("Failed to verify MAC content", null, 2, null);
        }
        BytePacketBuilder bytePacketBuilder = new BytePacketBuilder(null, 1, null);
        try {
            OutputKt.writeFully(bytePacketBuilder, readBytes$default, 0, macStrengthInBytes);
            return new TLSRecord(record.getType(), record.getVersion(), bytePacketBuilder.build());
        } catch (Throwable th) {
            bytePacketBuilder.release();
            throw th;
        }
    }

    @Override // io.ktor.network.tls.cipher.TLSCipher
    public TLSRecord encrypt(TLSRecord record) {
        Intrinsics.checkNotNullParameter(record, "record");
        CipherSuite cipherSuite = this.b;
        IvParameterSpec ivParameterSpec = new IvParameterSpec(CryptoKt.generateNonce(cipherSuite.getFixedIvLength()));
        Cipher cipher = this.d;
        cipher.init(1, this.e, ivParameterSpec);
        byte[] readBytes$default = StringsKt.readBytes$default(record.getPacket(), 0, 1, null);
        Mac mac = this.f;
        mac.reset();
        mac.init(KeysKt.clientMacKey(this.c, cipherSuite));
        byte[] bArr = new byte[13];
        CipherKt.set(bArr, 0, this.k);
        bArr[8] = (byte) record.getType().getCode();
        bArr[9] = 3;
        bArr[10] = 3;
        CipherKt.set(bArr, 11, (short) readBytes$default.length);
        this.k++;
        mac.update(bArr);
        byte[] doFinal = mac.doFinal(readBytes$default);
        Intrinsics.checkNotNullExpressionValue(doFinal, "sendMac.doFinal(content)");
        BytePacketBuilder bytePacketBuilder = new BytePacketBuilder(null, 1, null);
        try {
            OutputKt.writeFully$default(bytePacketBuilder, readBytes$default, 0, 0, 6, null);
            OutputKt.writeFully$default(bytePacketBuilder, doFinal, 0, 0, 6, null);
            byte blockSize = (byte) (cipher.getBlockSize() - ((bytePacketBuilder.getSize() + 1) % cipher.getBlockSize()));
            int i = blockSize + 1;
            for (int i2 = 0; i2 < i; i2++) {
                bytePacketBuilder.writeByte(blockSize);
            }
            return new TLSRecord(record.getType(), null, CipherUtilsKt.cipherLoop(bytePacketBuilder.build(), cipher, new Function1<BytePacketBuilder, Unit>() { // from class: io.ktor.network.tls.cipher.CBCCipher$encrypt$packet$1
                {
                    super(1);
                }

                @Override // kotlin.jvm.functions.Function1
                public /* bridge */ /* synthetic */ Unit invoke(BytePacketBuilder bytePacketBuilder2) {
                    invoke2(bytePacketBuilder2);
                    return Unit.a;
                }

                /* renamed from: invoke, reason: avoid collision after fix types in other method */
                public final void invoke2(BytePacketBuilder cipherLoop) {
                    Cipher cipher2;
                    Intrinsics.checkNotNullParameter(cipherLoop, "$this$cipherLoop");
                    cipher2 = CBCCipher.this.d;
                    byte[] iv = cipher2.getIV();
                    Intrinsics.checkNotNullExpressionValue(iv, "sendCipher.iv");
                    OutputKt.writeFully$default(cipherLoop, iv, 0, 0, 6, null);
                }
            }), 2, null);
        } catch (Throwable th) {
            bytePacketBuilder.release();
            throw th;
        }
    }
}
