package io.ktor.network.tls.cipher;

import androidx.compose.runtime.external.kotlinx.collections.immutable.internal.ListImplementation$$ExternalSyntheticOutline0;
import com.google.common.primitives.UnsignedBytes;
import io.ktor.network.tls.CipherSuite;
import io.ktor.network.tls.KeysKt;
import io.ktor.network.tls.TLSException;
import io.ktor.network.tls.TLSRecord;
import io.ktor.util.CryptoKt__CryptoJvmKt$generateNonceBlocking$1;
import io.ktor.util.CryptoKt__CryptoKt;
import io.ktor.util.NonceKt;
import io.ktor.utils.io.core.BytePacketBuilder;
import io.ktor.utils.io.core.ByteReadPacket;
import io.ktor.utils.io.core.OutputKt;
import io.ktor.utils.io.core.StringsKt;
import java.security.MessageDigest;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.Unit;
import kotlin.collections.ArraysKt___ArraysJvmKt;
import kotlin.coroutines.EmptyCoroutineContext;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.ranges.IntRange;
import kotlin.ranges.RangesKt___RangesKt;
import kotlin.text.Charsets;
import kotlinx.coroutines.BuildersKt;
import kotlinx.coroutines.channels.ChannelResult;

/* compiled from: CBCCipher.kt */
/* loaded from: classes4.dex */
public final class CBCCipher implements TLSCipher {
    public long inputCounter;
    public final byte[] keyMaterial;
    public long outputCounter;
    public final Cipher receiveCipher;
    public final SecretKeySpec receiveKey;
    public final Mac receiveMac;
    public final Cipher sendCipher;
    public final SecretKeySpec sendKey;
    public final Mac sendMac;
    public final CipherSuite suite;

    public CBCCipher(CipherSuite cipherSuite, byte[] bArr) {
        this.suite = cipherSuite;
        this.keyMaterial = bArr;
        Cipher cipher = Cipher.getInstance(cipherSuite.jdkCipherName);
        Intrinsics.checkNotNull(cipher);
        this.sendCipher = cipher;
        this.sendKey = KeysKt.clientKey(bArr, cipherSuite);
        Mac mac = Mac.getInstance(cipherSuite.macName);
        Intrinsics.checkNotNull(mac);
        this.sendMac = mac;
        Cipher cipher2 = Cipher.getInstance(cipherSuite.jdkCipherName);
        Intrinsics.checkNotNull(cipher2);
        this.receiveCipher = cipher2;
        this.receiveKey = KeysKt.serverKey(bArr, cipherSuite);
        Mac mac2 = Mac.getInstance(cipherSuite.macName);
        Intrinsics.checkNotNull(mac2);
        this.receiveMac = mac2;
    }

    @Override // io.ktor.network.tls.cipher.TLSCipher
    public final TLSRecord decrypt(TLSRecord record) {
        Intrinsics.checkNotNullParameter(record, "record");
        ByteReadPacket byteReadPacket = record.packet;
        this.receiveCipher.init(2, this.receiveKey, new IvParameterSpec(StringsKt.readBytes(byteReadPacket, this.suite.fixedIvLength)));
        byte[] readBytes$default = StringsKt.readBytes$default(CipherUtilsKt.cipherLoop(byteReadPacket, this.receiveCipher, CipherUtilsKt$cipherLoop$1.INSTANCE));
        int length = (readBytes$default.length - (readBytes$default[readBytes$default.length - 1] & UnsignedBytes.MAX_VALUE)) - 1;
        int i = length - this.suite.macStrengthInBytes;
        int i2 = readBytes$default[readBytes$default.length - 1] & UnsignedBytes.MAX_VALUE;
        int length2 = readBytes$default.length;
        while (length < length2) {
            int i3 = readBytes$default[length] & UnsignedBytes.MAX_VALUE;
            if (i2 != i3) {
                throw new TLSException(ListImplementation$$ExternalSyntheticOutline0.m("Padding invalid: expected ", i2, ", actual ", i3));
            }
            length++;
        }
        this.receiveMac.reset();
        Mac mac = this.receiveMac;
        byte[] bArr = this.keyMaterial;
        CipherSuite suite = this.suite;
        byte[] bArr2 = KeysKt.MASTER_SECRET_LABEL;
        Intrinsics.checkNotNullParameter(bArr, "<this>");
        Intrinsics.checkNotNullParameter(suite, "suite");
        int i4 = suite.macStrengthInBytes;
        mac.init(new SecretKeySpec(bArr, i4, i4, suite.hash.getMacName()));
        byte[] bArr3 = new byte[13];
        CipherKt.set(bArr3, 0, this.inputCounter);
        bArr3[8] = (byte) record.type.getCode();
        bArr3[9] = 3;
        bArr3[10] = 3;
        CipherKt.set(bArr3, (short) i);
        this.inputCounter++;
        this.receiveMac.update(bArr3);
        this.receiveMac.update(readBytes$default, 0, i);
        byte[] doFinal = this.receiveMac.doFinal();
        Intrinsics.checkNotNull(doFinal);
        IntRange indices = RangesKt___RangesKt.until(i, this.suite.macStrengthInBytes + i);
        Intrinsics.checkNotNullParameter(indices, "indices");
        if (!MessageDigest.isEqual(doFinal, indices.isEmpty() ? new byte[0] : ArraysKt___ArraysJvmKt.copyOfRange(readBytes$default, indices.getStart().intValue(), indices.getEndInclusive().intValue() + 1))) {
            throw new TLSException("Failed to verify MAC content");
        }
        BytePacketBuilder bytePacketBuilder = new BytePacketBuilder(null, 1, null);
        try {
            OutputKt.writeFully(bytePacketBuilder, readBytes$default, 0, i);
            return new TLSRecord(record.type, record.version, bytePacketBuilder.build());
        } catch (Throwable th) {
            bytePacketBuilder.close();
            throw th;
        }
    }

    @Override // io.ktor.network.tls.cipher.TLSCipher
    public final TLSRecord encrypt(TLSRecord record) {
        Object runBlocking;
        Intrinsics.checkNotNullParameter(record, "record");
        Cipher cipher = this.sendCipher;
        SecretKeySpec secretKeySpec = this.sendKey;
        int i = this.suite.fixedIvLength;
        char[] cArr = CryptoKt__CryptoKt.digits;
        BytePacketBuilder bytePacketBuilder = new BytePacketBuilder(null, 1, null);
        while (bytePacketBuilder.getSize() < i) {
            try {
                String str = (String) ChannelResult.m2014getOrNullimpl(NonceKt.seedChannel.mo2012tryReceivePtdJZtk());
                if (str == null) {
                    NonceKt.nonceGeneratorJob.start();
                    runBlocking = BuildersKt.runBlocking(EmptyCoroutineContext.INSTANCE, new CryptoKt__CryptoJvmKt$generateNonceBlocking$1(null));
                    str = (String) runBlocking;
                }
                StringsKt.writeText(bytePacketBuilder, str, 0, str.length(), Charsets.UTF_8);
            } finally {
            }
        }
        cipher.init(1, secretKeySpec, new IvParameterSpec(StringsKt.readBytes(bytePacketBuilder.build(), i)));
        byte[] readBytes$default = StringsKt.readBytes$default(record.packet);
        this.sendMac.reset();
        Mac mac = this.sendMac;
        byte[] bArr = this.keyMaterial;
        CipherSuite suite = this.suite;
        byte[] bArr2 = KeysKt.MASTER_SECRET_LABEL;
        Intrinsics.checkNotNullParameter(bArr, "<this>");
        Intrinsics.checkNotNullParameter(suite, "suite");
        mac.init(new SecretKeySpec(bArr, 0, suite.macStrengthInBytes, suite.hash.getMacName()));
        byte[] bArr3 = new byte[13];
        CipherKt.set(bArr3, 0, this.outputCounter);
        bArr3[8] = (byte) record.type.getCode();
        bArr3[9] = 3;
        bArr3[10] = 3;
        CipherKt.set(bArr3, (short) readBytes$default.length);
        this.outputCounter++;
        this.sendMac.update(bArr3);
        byte[] doFinal = this.sendMac.doFinal(readBytes$default);
        Intrinsics.checkNotNullExpressionValue(doFinal, "sendMac.doFinal(content)");
        bytePacketBuilder = new BytePacketBuilder(null, 1, null);
        try {
            OutputKt.writeFully(bytePacketBuilder, readBytes$default, 0, readBytes$default.length - 0);
            OutputKt.writeFully(bytePacketBuilder, doFinal, 0, doFinal.length - 0);
            byte blockSize = (byte) (this.sendCipher.getBlockSize() - ((bytePacketBuilder.getSize() + 1) % this.sendCipher.getBlockSize()));
            int i2 = blockSize + 1;
            for (int i3 = 0; i3 < i2; i3++) {
                bytePacketBuilder.writeByte(blockSize);
            }
            return new TLSRecord(record.type, CipherUtilsKt.cipherLoop(bytePacketBuilder.build(), this.sendCipher, new Function1<BytePacketBuilder, Unit>() { // from class: io.ktor.network.tls.cipher.CBCCipher$encrypt$packet$1
                {
                    super(1);
                }

                @Override // kotlin.jvm.functions.Function1
                public final Unit invoke(BytePacketBuilder bytePacketBuilder2) {
                    BytePacketBuilder cipherLoop = bytePacketBuilder2;
                    Intrinsics.checkNotNullParameter(cipherLoop, "$this$cipherLoop");
                    byte[] iv = CBCCipher.this.sendCipher.getIV();
                    Intrinsics.checkNotNullExpressionValue(iv, "sendCipher.iv");
                    OutputKt.writeFully(cipherLoop, iv, 0, iv.length - 0);
                    return Unit.INSTANCE;
                }
            }), 2);
        } finally {
        }
    }
}
