package com.citrix.client.module.pd.encrypt.SecureICA;

import com.citrix.client.module.FatalModuleException;
import com.citrix.client.module.ModuleException;
import com.citrix.client.module.pd.ProtocolDriver;
import com.citrix.client.module.pd.ProtocolDriverParameters;
import com.citrix.hdx.client.icaprofile.h;
import com.citrix.hdx.client.util.n0;
import com.citrix.hdx.client.util.r0;
import java.net.ProtocolException;

/* loaded from: classes2.dex */
public final class SecureICAProtocolDriver extends ProtocolDriver {
    private static final boolean DEFAULT_ENABLED = false;

    /* renamed from: f, reason: collision with root package name */
    public static final /* synthetic */ int f11570f = 0;
    private A_B_P1 f_A_B_P1;
    private DH f_DH;
    private boolean f_DataCanBeUnencrypted;
    private DiffieHellmanValues f_DiffieHellmanValues;
    private boolean f_EncryptOn;
    private RC5 f_RC5;
    private RNG f_RNG;
    private DiffieHellmanRC5Parameters f_RequestedCrypto;
    private Object lock;
    private static final ProtocolDriverParameters MODULE_PARAMETERS = new ProtocolDriverParameters("SecureICA", 1, 1, "PDCRYPT2", 11);
    private static int numInvocations = 0;

    public SecureICAProtocolDriver() {
        super(false, MODULE_PARAMETERS);
        this.f_DataCanBeUnencrypted = true;
        this.lock = new Object();
        this.f_EncryptOn = false;
        try {
            this.f_RNG = new RNG();
        } catch (CryptoException unused) {
        }
    }

    private boolean aberrantBehaviourInCaseOfZeroBitKeys() {
        return this.f_RequestedCrypto.c() == 10;
    }

    private synchronized void changeMode(byte b10, byte[] bArr, int i10, int i11) throws Exception {
        if (aberrantBehaviourInCaseOfZeroBitKeys()) {
            this.f_DiffieHellmanValues.j(b10);
            this.f_RC5.c(this.f_DiffieHellmanValues);
        }
        processSrvModeChangeBuf(b10, this.f_RC5.a(bArr, i10, i11));
    }

    private static boolean checkCommand(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        int length = bArr3.length;
        if (bArr.length != length || bArr2.length != length) {
            return false;
        }
        for (int i10 = 0; i10 < length; i10++) {
            if ((bArr[i10] ^ bArr2[i10]) != bArr3[i10]) {
                return false;
            }
        }
        return true;
    }

    private void checkMode(byte b10) throws ProtocolException {
        if (b10 == 4 || b10 == 5) {
            return;
        }
        throw new ProtocolException("Bad SecureICA mode: " + ((int) b10));
    }

    private boolean cryptoStrengthOK(byte[] bArr, int i10, int i11) {
        return !new DiffieHellmanRC5Parameters(bArr, i10, i11).d(this.f_RequestedCrypto);
    }

    private void extractServerParameters(byte[] bArr, int i10, int i11) {
        this.f_A_B_P1 = new A_B_P1(bArr, i10, i11);
    }

    private void generateAndSendPublicValue() throws Exception {
        DH dh2 = new DH(new byte[][]{this.f_A_B_P1.a()}, this.f_A_B_P1.b(), this.f_RNG);
        this.f_DH = dh2;
        byte[] b10 = dh2.b();
        int length = b10.length;
        int i10 = length + 7;
        byte[] bArr = new byte[i10];
        bArr[0] = new byte[]{3}[0];
        System.arraycopy(b10, 0, bArr, n0.k(bArr, n0.k(bArr, n0.k(bArr, 1, 1), 6), length), length);
        this.gWriteStream.writeBytes(bArr, 0, i10);
    }

    private void handleAuthPacket(byte[] bArr, int i10, int i11) throws Exception {
        changeMode((byte) 4, bArr, i10, i11);
    }

    private void handleDataPacket(byte[] bArr, int i10, int i11) throws Exception {
        changeMode((byte) 5, bArr, i10, i11);
    }

    private void handleEncryptedPacket(byte[] bArr, int i10, int i11) throws Exception {
        byte[] a10 = this.f_RC5.a(bArr, i10, i11);
        this.gConsumer.consumeData(a10, 0, a10.length);
    }

    private void handleNotEncryptedPacket(byte[] bArr, int i10, int i11) throws Exception {
        if (!this.f_DataCanBeUnencrypted) {
            throw new ProtocolException("Data should be encrypted");
        }
        this.gConsumer.consumeData(bArr, i10, i11);
    }

    private void handlePacket(byte[] bArr, int i10, int i11) throws Exception {
        byte b10 = bArr[i10];
        int i12 = i10 + 1;
        int i13 = i11 - 1;
        if (b10 == 0) {
            handleNotEncryptedPacket(bArr, i12, i13);
            return;
        }
        if (b10 == 1) {
            handleEncryptedPacket(bArr, i12, i13);
            return;
        }
        if (b10 == 2) {
            handlePublicKeyPacket(bArr, i12, i13);
            return;
        }
        if (b10 == 4) {
            handleAuthPacket(bArr, i12, i13);
        } else {
            if (b10 == 5) {
                handleDataPacket(bArr, i12, i13);
                return;
            }
            throw new ProtocolException("Unrecognised SecureICA header: " + ((int) b10));
        }
    }

    private synchronized void handlePublicKeyPacket(byte[] bArr, int i10, int i11) throws Exception {
        if (!cryptoStrengthOK(bArr, i10, i11)) {
            throw new ProtocolException("Crypto offered by server is too weak");
        }
        extractServerParameters(bArr, i10, i11);
        generateAndSendPublicValue();
        setUpCrypto();
    }

    private void processSrvModeChangeBuf(byte b10, byte[] bArr) throws Exception {
        checkMode(b10);
        byte[] bArr2 = new byte[8];
        byte[] bArr3 = new byte[8];
        byte[] bArr4 = new byte[8];
        byte[] bArr5 = new byte[8];
        System.arraycopy(bArr, 1, bArr2, 0, 8);
        System.arraycopy(bArr, 9, bArr3, 0, 8);
        System.arraycopy(bArr, 17, bArr4, 0, 8);
        System.arraycopy(bArr, 25, bArr5, 0, 8);
        if (!checkCommand(bArr4, this.f_DiffieHellmanValues.f(), bArr5)) {
            throw new ProtocolException("Invalid mode change command");
        }
        sendAcknowledgement(b10);
        toggleKeysAndIVs(b10, bArr3, bArr2);
    }

    private void sendAcknowledgement(byte b10) throws Exception {
        this.gWriteStream.writeBytes(new byte[]{b10}, 0, 1);
    }

    private void setUpCrypto() throws CryptoException {
        DiffieHellmanValues diffieHellmanValues = new DiffieHellmanValues(this.f_DH.a(), this.f_RequestedCrypto);
        this.f_DiffieHellmanValues = diffieHellmanValues;
        this.f_RC5 = new RC5(diffieHellmanValues, this.f_RNG);
        this.f_DataCanBeUnencrypted = false;
        this.f_EncryptOn = true;
    }

    private void toggleKeysAndIVs(byte b10, byte[] bArr, byte[] bArr2) throws Exception {
        this.f_DiffieHellmanValues.j(b10);
        this.f_DiffieHellmanValues.i(bArr);
        this.f_DiffieHellmanValues.h(bArr2);
        this.f_RC5.c(this.f_DiffieHellmanValues);
    }

    @Override // com.citrix.client.module.pd.ProtocolDriver
    public void addInitResponseData(r0 r0Var) {
        this.f_RequestedCrypto.e(r0Var);
    }

    @Override // com.citrix.client.module.DataConsumer
    public void consumeData(byte[] bArr, int i10, int i11) throws Exception {
        if (getEnabled()) {
            handlePacket(bArr, i10, i11);
        } else {
            this.gConsumer.consumeData(bArr, i10, i11);
        }
    }

    @Override // com.citrix.client.module.pd.ProtocolDriver, com.citrix.client.module.LoadableICAModule
    public void initialize(h hVar) throws ModuleException {
        try {
            this.f_RequestedCrypto = new DiffieHellmanRC5Parameters(hVar);
        } catch (CryptoException e10) {
            throw new FatalModuleException(e10, this);
        }
    }

    @Override // com.citrix.client.module.pd.ProtocolDriver
    public void reset() {
        super.reset();
        this.f_DiffieHellmanValues.g();
        this.f_DataCanBeUnencrypted = true;
        try {
            this.f_RC5.c(this.f_DiffieHellmanValues);
        } catch (CryptoException unused) {
        }
    }

    @Override // com.citrix.client.module.WriteStream
    public synchronized void writeBytes(byte[] bArr, int i10, int i11) throws Exception {
        if (!getEnabled()) {
            this.gWriteStream.writeBytes(bArr, i10, i11);
        } else if (this.f_EncryptOn) {
            byte[] b10 = this.f_RC5.b(bArr, i10, i11, 1);
            b10[0] = 1;
            this.gWriteStream.writeBytes(b10, 0, b10.length);
        } else {
            if (i10 < 1) {
                byte[] bArr2 = new byte[i11 + 1];
                System.arraycopy(bArr, i10, bArr2, 1, i11);
                bArr = bArr2;
                i10 = 1;
            }
            bArr[i10 - 1] = 0;
            this.gWriteStream.writeBytes(bArr, i10 - 1, i11 + 1);
        }
    }
}
