package io.ktor.network.tls.cipher;

import coil.request.CachePolicy$EnumUnboxingLocalUtility;
import coil.util.Bitmaps;
import dev.kord.core.Unsafe$$ExternalSynthetic$IA0;
import io.ktor.client.HttpClient$3$1;
import io.ktor.http.CodecsKt$encodeURLPath$1$1;
import io.ktor.network.tls.CipherSuite;
import io.ktor.network.tls.KeysKt;
import io.ktor.network.tls.TLSException;
import io.ktor.network.tls.TLSRecord;
import io.ktor.util.NIOKt;
import io.ktor.utils.io.core.BytePacketBuilder;
import io.ktor.utils.io.core.ByteReadPacket;
import java.security.MessageDigest;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.io.FilesKt__UtilsKt;
import kotlin.ranges.IntRange;
import okio.Okio;
import org.jsoup.Jsoup;

/* loaded from: classes.dex */
public final class CBCCipher implements TLSCipher {
    public long inputCounter;
    public final byte[] keyMaterial;
    public long outputCounter;
    public final Cipher receiveCipher;
    public final SecretKeySpec receiveKey;
    public final Mac receiveMac;
    public final Cipher sendCipher;
    public final SecretKeySpec sendKey;
    public final Mac sendMac;
    public final CipherSuite suite;

    public CBCCipher(CipherSuite cipherSuite, byte[] bArr) {
        this.suite = cipherSuite;
        this.keyMaterial = bArr;
        Cipher cipher = Cipher.getInstance(cipherSuite.jdkCipherName);
        Jsoup.checkNotNull(cipher);
        this.sendCipher = cipher;
        this.sendKey = KeysKt.clientKey(cipherSuite, bArr);
        Mac mac = Mac.getInstance(cipherSuite.macName);
        Jsoup.checkNotNull(mac);
        this.sendMac = mac;
        Cipher cipher2 = Cipher.getInstance(cipherSuite.jdkCipherName);
        Jsoup.checkNotNull(cipher2);
        this.receiveCipher = cipher2;
        this.receiveKey = KeysKt.serverKey(cipherSuite, bArr);
        Mac mac2 = Mac.getInstance(cipherSuite.macName);
        Jsoup.checkNotNull(mac2);
        this.receiveMac = mac2;
    }

    @Override // io.ktor.network.tls.cipher.TLSCipher
    public final TLSRecord decrypt(TLSRecord tLSRecord) {
        Jsoup.checkNotNullParameter(tLSRecord, "record");
        ByteReadPacket byteReadPacket = tLSRecord.packet;
        this.receiveCipher.init(2, this.receiveKey, new IvParameterSpec(Okio.readBytes(byteReadPacket, this.suite.fixedIvLength)));
        byte[] readBytes$default = Okio.readBytes$default(CipherUtilsKt.cipherLoop(byteReadPacket, this.receiveCipher, HttpClient$3$1.INSTANCE$23));
        int length = (readBytes$default.length - (readBytes$default[readBytes$default.length - 1] & 255)) - 1;
        int i = length - this.suite.macStrengthInBytes;
        int i2 = readBytes$default[readBytes$default.length - 1] & 255;
        int length2 = readBytes$default.length;
        while (length < length2) {
            int i3 = readBytes$default[length] & 255;
            if (i2 != i3) {
                throw new TLSException(CachePolicy$EnumUnboxingLocalUtility.m("Padding invalid: expected ", i2, ", actual ", i3), 0);
            }
            length++;
        }
        this.receiveMac.reset();
        Mac mac = this.receiveMac;
        byte[] bArr = this.keyMaterial;
        CipherSuite cipherSuite = this.suite;
        byte[] bArr2 = KeysKt.MASTER_SECRET_LABEL;
        Jsoup.checkNotNullParameter(bArr, "<this>");
        Jsoup.checkNotNullParameter(cipherSuite, "suite");
        int i4 = cipherSuite.macStrengthInBytes;
        mac.init(new SecretKeySpec(bArr, i4, i4, Unsafe$$ExternalSynthetic$IA0.getMacName(cipherSuite.hash)));
        byte[] bArr3 = new byte[13];
        CipherKt.set(0, this.inputCounter, bArr3);
        bArr3[8] = (byte) tLSRecord.type.code;
        bArr3[9] = 3;
        bArr3[10] = 3;
        CipherKt.set(bArr3, (short) i);
        this.inputCounter++;
        this.receiveMac.update(bArr3);
        this.receiveMac.update(readBytes$default, 0, i);
        byte[] doFinal = this.receiveMac.doFinal();
        Jsoup.checkNotNull(doFinal);
        IntRange until = Bitmaps.until(i, this.suite.macStrengthInBytes + i);
        Jsoup.checkNotNullParameter(until, "indices");
        if (!MessageDigest.isEqual(doFinal, until.isEmpty() ? new byte[0] : FilesKt__UtilsKt.copyOfRange(readBytes$default, Integer.valueOf(until.first).intValue(), Integer.valueOf(until.last).intValue() + 1))) {
            throw new TLSException("Failed to verify MAC content", 0);
        }
        BytePacketBuilder bytePacketBuilder = new BytePacketBuilder();
        try {
            Jsoup.writeFully(bytePacketBuilder, readBytes$default, 0, i);
            return new TLSRecord(tLSRecord.type, tLSRecord.version, bytePacketBuilder.build());
        } catch (Throwable th) {
            bytePacketBuilder.close();
            throw th;
        }
    }

    @Override // io.ktor.network.tls.cipher.TLSCipher
    public final TLSRecord encrypt(TLSRecord tLSRecord) {
        Jsoup.checkNotNullParameter(tLSRecord, "record");
        this.sendCipher.init(1, this.sendKey, new IvParameterSpec(NIOKt.generateNonce(this.suite.fixedIvLength)));
        byte[] readBytes$default = Okio.readBytes$default(tLSRecord.packet);
        this.sendMac.reset();
        Mac mac = this.sendMac;
        byte[] bArr = this.keyMaterial;
        CipherSuite cipherSuite = this.suite;
        byte[] bArr2 = KeysKt.MASTER_SECRET_LABEL;
        Jsoup.checkNotNullParameter(bArr, "<this>");
        Jsoup.checkNotNullParameter(cipherSuite, "suite");
        mac.init(new SecretKeySpec(bArr, 0, cipherSuite.macStrengthInBytes, Unsafe$$ExternalSynthetic$IA0.getMacName(cipherSuite.hash)));
        byte[] bArr3 = new byte[13];
        CipherKt.set(0, this.outputCounter, bArr3);
        bArr3[8] = (byte) tLSRecord.type.code;
        bArr3[9] = 3;
        bArr3[10] = 3;
        CipherKt.set(bArr3, (short) readBytes$default.length);
        this.outputCounter++;
        this.sendMac.update(bArr3);
        byte[] doFinal = this.sendMac.doFinal(readBytes$default);
        Jsoup.checkNotNullExpressionValue(doFinal, "sendMac.doFinal(content)");
        BytePacketBuilder bytePacketBuilder = new BytePacketBuilder();
        try {
            Jsoup.writeFully(bytePacketBuilder, readBytes$default, 0, readBytes$default.length - 0);
            Jsoup.writeFully(bytePacketBuilder, doFinal, 0, doFinal.length - 0);
            byte blockSize = (byte) (this.sendCipher.getBlockSize() - ((((bytePacketBuilder.tailPosition - bytePacketBuilder.tailInitialPosition) + bytePacketBuilder.chainedSize) + 1) % this.sendCipher.getBlockSize()));
            int i = blockSize + 1;
            for (int i2 = 0; i2 < i; i2++) {
                bytePacketBuilder.writeByte(blockSize);
            }
            return new TLSRecord(tLSRecord.type, CipherUtilsKt.cipherLoop(bytePacketBuilder.build(), this.sendCipher, new CodecsKt$encodeURLPath$1$1(8, this)));
        } catch (Throwable th) {
            bytePacketBuilder.close();
            throw th;
        }
    }
}
