package io.ktor.network.tls.cipher;

import io.ktor.network.tls.CipherSuite;
import io.ktor.network.tls.KeysKt;
import io.ktor.network.tls.TLSException;
import io.ktor.network.tls.TLSRecord;
import io.ktor.util.CryptoKt;
import io.ktor.utils.io.core.BytePacketBuilder;
import io.ktor.utils.io.core.ByteReadPacket;
import io.ktor.utils.io.core.OutputKt;
import io.ktor.utils.io.core.PacketJVMKt;
import io.ktor.utils.io.core.StringsKt;
import java.security.MessageDigest;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.Unit;
import kotlin.collections.ArraysKt___ArraysKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.ranges.IntRange;
import kotlin.ranges.RangesKt___RangesKt;

/* loaded from: classes7.dex */
public final class CBCCipher implements TLSCipher {
    private final CipherSuite b;
    private final byte[] c;
    private final Cipher d;
    private final SecretKeySpec e;
    private final Mac f;
    private final Cipher g;
    private final SecretKeySpec h;
    private final Mac i;
    private long j;
    private long k;

    public CBCCipher(CipherSuite suite, byte[] keyMaterial) {
        Intrinsics.i(suite, "suite");
        Intrinsics.i(keyMaterial, "keyMaterial");
        this.b = suite;
        this.c = keyMaterial;
        Cipher cipher = Cipher.getInstance(suite.h());
        Intrinsics.f(cipher);
        this.d = cipher;
        this.e = KeysKt.b(keyMaterial, suite);
        Mac mac = Mac.getInstance(suite.k());
        Intrinsics.f(mac);
        this.f = mac;
        Cipher cipher2 = Cipher.getInstance(suite.h());
        Intrinsics.f(cipher2);
        this.g = cipher2;
        this.h = KeysKt.i(keyMaterial, suite);
        Mac mac2 = Mac.getInstance(suite.k());
        Intrinsics.f(mac2);
        this.i = mac2;
    }

    private final byte[] d(TLSRecord tLSRecord, byte[] bArr) {
        this.f.reset();
        this.f.init(KeysKt.c(this.c, this.b));
        byte[] bArr2 = new byte[13];
        CipherKt.b(bArr2, 0, this.k);
        bArr2[8] = (byte) tLSRecord.b().getCode();
        bArr2[9] = 3;
        bArr2[10] = 3;
        CipherKt.c(bArr2, 11, (short) bArr.length);
        this.k++;
        this.f.update(bArr2);
        byte[] doFinal = this.f.doFinal(bArr);
        Intrinsics.h(doFinal, "sendMac.doFinal(content)");
        return doFinal;
    }

    private final void e(TLSRecord tLSRecord, byte[] bArr, int i) {
        IntRange s;
        byte[] y0;
        this.i.reset();
        this.i.init(KeysKt.j(this.c, this.b));
        byte[] bArr2 = new byte[13];
        CipherKt.b(bArr2, 0, this.j);
        bArr2[8] = (byte) tLSRecord.b().getCode();
        bArr2[9] = 3;
        bArr2[10] = 3;
        CipherKt.c(bArr2, 11, (short) i);
        this.j++;
        this.i.update(bArr2);
        this.i.update(bArr, 0, i);
        byte[] doFinal = this.i.doFinal();
        Intrinsics.f(doFinal);
        s = RangesKt___RangesKt.s(i, this.b.l() + i);
        y0 = ArraysKt___ArraysKt.y0(bArr, s);
        if (!MessageDigest.isEqual(doFinal, y0)) {
            throw new TLSException("Failed to verify MAC content", null, 2, null);
        }
    }

    private final void f(byte[] bArr, int i) {
        int i2 = bArr[bArr.length - 1] & 255;
        int length = bArr.length;
        while (i < length) {
            int i3 = i + 1;
            int i4 = bArr[i] & 255;
            if (i2 != i4) {
                throw new TLSException("Padding invalid: expected " + i2 + ", actual " + i4, null, 2, null);
            }
            i = i3;
        }
    }

    private final void g(BytePacketBuilder bytePacketBuilder) {
        byte blockSize = (byte) (this.d.getBlockSize() - ((bytePacketBuilder.T0() + 1) % this.d.getBlockSize()));
        int i = blockSize + 1;
        int i2 = 0;
        while (i2 < i) {
            i2++;
            bytePacketBuilder.X(blockSize);
        }
    }

    @Override // io.ktor.network.tls.cipher.TLSCipher
    public TLSRecord a(TLSRecord record) {
        Intrinsics.i(record, "record");
        ByteReadPacket a = record.a();
        this.g.init(2, this.h, new IvParameterSpec(StringsKt.b(a, this.b.e())));
        byte[] c = StringsKt.c(CipherUtilsKt.b(a, this.g, null, 2, null), 0, 1, null);
        int length = (c.length - (c[c.length - 1] & 255)) - 1;
        int l = length - this.b.l();
        f(c, length);
        e(record, c, l);
        BytePacketBuilder BytePacketBuilder = PacketJVMKt.BytePacketBuilder(0);
        try {
            OutputKt.a(BytePacketBuilder, c, 0, l);
            return new TLSRecord(record.b(), record.c(), BytePacketBuilder.R0());
        } catch (Throwable th) {
            BytePacketBuilder.release();
            throw th;
        }
    }

    @Override // io.ktor.network.tls.cipher.TLSCipher
    public TLSRecord b(TLSRecord record) {
        Intrinsics.i(record, "record");
        this.d.init(1, this.e, new IvParameterSpec(CryptoKt.b(this.b.e())));
        byte[] c = StringsKt.c(record.a(), 0, 1, null);
        byte[] d = d(record, c);
        BytePacketBuilder BytePacketBuilder = PacketJVMKt.BytePacketBuilder(0);
        try {
            OutputKt.b(BytePacketBuilder, c, 0, 0, 6, null);
            OutputKt.b(BytePacketBuilder, d, 0, 0, 6, null);
            g(BytePacketBuilder);
            return new TLSRecord(record.b(), null, CipherUtilsKt.a(BytePacketBuilder.R0(), this.d, new Function1<BytePacketBuilder, Unit>() { // from class: io.ktor.network.tls.cipher.CBCCipher$encrypt$packet$1
                /* JADX INFO: Access modifiers changed from: package-private */
                {
                    super(1);
                }

                public final void a(BytePacketBuilder cipherLoop) {
                    Cipher cipher;
                    Intrinsics.i(cipherLoop, "$this$cipherLoop");
                    cipher = CBCCipher.this.d;
                    byte[] iv = cipher.getIV();
                    Intrinsics.h(iv, "sendCipher.iv");
                    OutputKt.b(cipherLoop, iv, 0, 0, 6, null);
                }

                @Override // kotlin.jvm.functions.Function1
                public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                    a((BytePacketBuilder) obj);
                    return Unit.a;
                }
            }), 2, null);
        } catch (Throwable th) {
            BytePacketBuilder.release();
            throw th;
        }
    }
}
