package io.ktor.network.tls.cipher;

import io.ktor.network.tls.CipherSuite;
import io.ktor.network.tls.KeysKt;
import io.ktor.network.tls.TLSException;
import io.ktor.network.tls.TLSRecord;
import io.ktor.util.CryptoKt;
import io.ktor.utils.io.core.BytePacketBuilder;
import io.ktor.utils.io.core.ByteReadPacket;
import io.ktor.utils.io.core.Output;
import io.ktor.utils.io.core.OutputKt;
import io.ktor.utils.io.core.PacketJVMKt;
import io.ktor.utils.io.core.StringsKt;
import java.security.MessageDigest;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.ArraysKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.ranges.RangesKt;
import org.jacoco.agent.rt.internal_3570298.Offline;

/* compiled from: CBCCipher.kt */
@Metadata(d1 = {"\u0000P\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0010\t\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u0002\n\u0000\n\u0002\u0010\b\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\b\u0000\u0018\u00002\u00020\u0001B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u0010\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u0014H\u0016J\u0010\u0010\u0016\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u0014H\u0016J\u0018\u0010\u0017\u001a\u00020\u00052\u0006\u0010\u0015\u001a\u00020\u00142\u0006\u0010\u0018\u001a\u00020\u0005H\u0002J \u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u0015\u001a\u00020\u00142\u0006\u0010\u0018\u001a\u00020\u00052\u0006\u0010\u001b\u001a\u00020\u001cH\u0002J\u0018\u0010\u001d\u001a\u00020\u001a2\u0006\u0010\u0018\u001a\u00020\u00052\u0006\u0010\u001e\u001a\u00020\u001cH\u0002J\f\u0010\u001f\u001a\u00020\u001a*\u00020 H\u0002R\u000e\u0010\u0007\u001a\u00020\bX\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\bX\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u000bX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\rX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u000e\u001a\u00020\u000fX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0010\u001a\u00020\u000bX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0011\u001a\u00020\rX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0012\u001a\u00020\u000fX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006!"}, d2 = {"Lio/ktor/network/tls/cipher/CBCCipher;", "Lio/ktor/network/tls/cipher/TLSCipher;", "suite", "Lio/ktor/network/tls/CipherSuite;", "keyMaterial", "", "(Lio/ktor/network/tls/CipherSuite;[B)V", "inputCounter", "", "outputCounter", "receiveCipher", "Ljavax/crypto/Cipher;", "receiveKey", "Ljavax/crypto/spec/SecretKeySpec;", "receiveMac", "Ljavax/crypto/Mac;", "sendCipher", "sendKey", "sendMac", "decrypt", "Lio/ktor/network/tls/TLSRecord;", "record", "encrypt", "prepareMac", "content", "validateMac", "", "macOffset", "", "validatePadding", "paddingStart", "writePadding", "Lio/ktor/utils/io/core/BytePacketBuilder;", "ktor-network-tls"}, k = 1, mv = {1, 6, 0}, xi = 48)
/* loaded from: classes10.dex */
public final class CBCCipher implements TLSCipher {
    private static transient /* synthetic */ boolean[] $jacocoData;
    private long inputCounter;
    private final byte[] keyMaterial;
    private long outputCounter;
    private final Cipher receiveCipher;
    private final SecretKeySpec receiveKey;
    private final Mac receiveMac;
    private final Cipher sendCipher;
    private final SecretKeySpec sendKey;
    private final Mac sendMac;
    private final CipherSuite suite;

    private static /* synthetic */ boolean[] $jacocoInit() {
        boolean[] zArr = $jacocoData;
        if (zArr != null) {
            return zArr;
        }
        boolean[] probes = Offline.getProbes(1968082116204942649L, "io/ktor/network/tls/cipher/CBCCipher", 66);
        $jacocoData = probes;
        return probes;
    }

    public CBCCipher(CipherSuite suite, byte[] keyMaterial) {
        boolean[] $jacocoInit = $jacocoInit();
        Intrinsics.checkNotNullParameter(suite, "suite");
        Intrinsics.checkNotNullParameter(keyMaterial, "keyMaterial");
        $jacocoInit[0] = true;
        this.suite = suite;
        this.keyMaterial = keyMaterial;
        $jacocoInit[1] = true;
        Cipher cipher = Cipher.getInstance(suite.getJdkCipherName());
        Intrinsics.checkNotNull(cipher);
        this.sendCipher = cipher;
        $jacocoInit[2] = true;
        this.sendKey = KeysKt.clientKey(keyMaterial, suite);
        $jacocoInit[3] = true;
        Mac mac = Mac.getInstance(suite.getMacName());
        Intrinsics.checkNotNull(mac);
        this.sendMac = mac;
        $jacocoInit[4] = true;
        Cipher cipher2 = Cipher.getInstance(suite.getJdkCipherName());
        Intrinsics.checkNotNull(cipher2);
        this.receiveCipher = cipher2;
        $jacocoInit[5] = true;
        this.receiveKey = KeysKt.serverKey(keyMaterial, suite);
        $jacocoInit[6] = true;
        Mac mac2 = Mac.getInstance(suite.getMacName());
        Intrinsics.checkNotNull(mac2);
        this.receiveMac = mac2;
        $jacocoInit[7] = true;
    }

    public static final /* synthetic */ Cipher access$getSendCipher$p(CBCCipher cBCCipher) {
        boolean[] $jacocoInit = $jacocoInit();
        Cipher cipher = cBCCipher.sendCipher;
        $jacocoInit[65] = true;
        return cipher;
    }

    private final byte[] prepareMac(TLSRecord record, byte[] content) {
        boolean[] $jacocoInit = $jacocoInit();
        this.sendMac.reset();
        $jacocoInit[37] = true;
        this.sendMac.init(KeysKt.clientMacKey(this.keyMaterial, this.suite));
        byte[] bArr = new byte[13];
        $jacocoInit[38] = true;
        CipherKt.set(bArr, 0, this.outputCounter);
        $jacocoInit[39] = true;
        bArr[8] = (byte) record.getType().getCode();
        bArr[9] = 3;
        bArr[10] = 3;
        $jacocoInit[40] = true;
        CipherKt.set(bArr, 11, (short) content.length);
        this.outputCounter++;
        $jacocoInit[41] = true;
        this.sendMac.update(bArr);
        $jacocoInit[42] = true;
        byte[] doFinal = this.sendMac.doFinal(content);
        Intrinsics.checkNotNullExpressionValue(doFinal, "sendMac.doFinal(content)");
        $jacocoInit[43] = true;
        return doFinal;
    }

    private final void validateMac(TLSRecord record, byte[] content, int macOffset) {
        boolean[] $jacocoInit = $jacocoInit();
        this.receiveMac.reset();
        $jacocoInit[54] = true;
        this.receiveMac.init(KeysKt.serverMacKey(this.keyMaterial, this.suite));
        byte[] bArr = new byte[13];
        $jacocoInit[55] = true;
        CipherKt.set(bArr, 0, this.inputCounter);
        $jacocoInit[56] = true;
        bArr[8] = (byte) record.getType().getCode();
        bArr[9] = 3;
        bArr[10] = 3;
        $jacocoInit[57] = true;
        CipherKt.set(bArr, 11, (short) macOffset);
        this.inputCounter++;
        $jacocoInit[58] = true;
        this.receiveMac.update(bArr);
        $jacocoInit[59] = true;
        this.receiveMac.update(content, 0, macOffset);
        $jacocoInit[60] = true;
        byte[] doFinal = this.receiveMac.doFinal();
        Intrinsics.checkNotNull(doFinal);
        $jacocoInit[61] = true;
        byte[] sliceArray = ArraysKt.sliceArray(content, RangesKt.until(macOffset, this.suite.getMacStrengthInBytes() + macOffset));
        $jacocoInit[62] = true;
        if (MessageDigest.isEqual(doFinal, sliceArray)) {
            $jacocoInit[64] = true;
        } else {
            TLSException tLSException = new TLSException("Failed to verify MAC content", null, 2, null);
            $jacocoInit[63] = true;
            throw tLSException;
        }
    }

    private final void validatePadding(byte[] content, int paddingStart) {
        boolean[] $jacocoInit = $jacocoInit();
        int i = content[content.length - 1] & 255;
        int length = content.length;
        $jacocoInit[49] = true;
        int i2 = paddingStart;
        while (i2 < length) {
            int i3 = i2;
            i2++;
            int i4 = content[i3] & 255;
            $jacocoInit[50] = true;
            if (i != i4) {
                TLSException tLSException = new TLSException("Padding invalid: expected " + i + ", actual " + i4, null, 2, null);
                $jacocoInit[52] = true;
                throw tLSException;
            }
            $jacocoInit[51] = true;
        }
        $jacocoInit[53] = true;
    }

    private final void writePadding(BytePacketBuilder bytePacketBuilder) {
        boolean[] $jacocoInit = $jacocoInit();
        int size = (bytePacketBuilder.getSize() + 1) % this.sendCipher.getBlockSize();
        $jacocoInit[44] = true;
        byte blockSize = (byte) (this.sendCipher.getBlockSize() - size);
        int i = blockSize + 1;
        $jacocoInit[45] = true;
        for (int i2 = 0; i2 < i; i2++) {
            $jacocoInit[46] = true;
            bytePacketBuilder.writeByte(blockSize);
            $jacocoInit[47] = true;
        }
        $jacocoInit[48] = true;
    }

    @Override // io.ktor.network.tls.cipher.TLSCipher
    public TLSRecord decrypt(TLSRecord record) {
        boolean[] $jacocoInit = $jacocoInit();
        Intrinsics.checkNotNullParameter(record, "record");
        $jacocoInit[22] = true;
        ByteReadPacket packet = record.getPacket();
        $jacocoInit[23] = true;
        byte[] readBytes = StringsKt.readBytes(packet, this.suite.getFixedIvLength());
        $jacocoInit[24] = true;
        this.receiveCipher.init(2, this.receiveKey, new IvParameterSpec(readBytes));
        $jacocoInit[25] = true;
        byte[] readBytes$default = StringsKt.readBytes$default(CipherUtilsKt.cipherLoop$default(packet, this.receiveCipher, null, 2, null), 0, 1, null);
        int length = (readBytes$default.length - (readBytes$default[readBytes$default.length - 1] & 255)) - 1;
        $jacocoInit[26] = true;
        int macStrengthInBytes = length - this.suite.getMacStrengthInBytes();
        $jacocoInit[27] = true;
        validatePadding(readBytes$default, length);
        $jacocoInit[28] = true;
        validateMac(record, readBytes$default, macStrengthInBytes);
        $jacocoInit[29] = true;
        BytePacketBuilder BytePacketBuilder = PacketJVMKt.BytePacketBuilder(0);
        try {
            $jacocoInit[30] = true;
            try {
                $jacocoInit[31] = true;
                OutputKt.writeFully((Output) BytePacketBuilder, readBytes$default, 0, macStrengthInBytes);
                $jacocoInit[32] = true;
                ByteReadPacket build = BytePacketBuilder.build();
                $jacocoInit[35] = true;
                TLSRecord tLSRecord = new TLSRecord(record.getType(), record.getVersion(), build);
                $jacocoInit[36] = true;
                return tLSRecord;
            } catch (Throwable th) {
                th = th;
                $jacocoInit[33] = true;
                BytePacketBuilder.release();
                $jacocoInit[34] = true;
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    @Override // io.ktor.network.tls.cipher.TLSCipher
    public TLSRecord encrypt(TLSRecord record) {
        BytePacketBuilder bytePacketBuilder;
        boolean[] $jacocoInit = $jacocoInit();
        Intrinsics.checkNotNullParameter(record, "record");
        $jacocoInit[8] = true;
        this.sendCipher.init(1, this.sendKey, new IvParameterSpec(CryptoKt.generateNonce(this.suite.getFixedIvLength())));
        $jacocoInit[9] = true;
        byte[] readBytes$default = StringsKt.readBytes$default(record.getPacket(), 0, 1, null);
        $jacocoInit[10] = true;
        byte[] prepareMac = prepareMac(record, readBytes$default);
        $jacocoInit[11] = true;
        BytePacketBuilder BytePacketBuilder = PacketJVMKt.BytePacketBuilder(0);
        try {
            $jacocoInit[12] = true;
            bytePacketBuilder = BytePacketBuilder;
        } catch (Throwable th) {
            th = th;
            bytePacketBuilder = BytePacketBuilder;
        }
        try {
            $jacocoInit[13] = true;
            OutputKt.writeFully$default((Output) bytePacketBuilder, readBytes$default, 0, 0, 6, (Object) null);
            $jacocoInit[14] = true;
            OutputKt.writeFully$default((Output) bytePacketBuilder, prepareMac, 0, 0, 6, (Object) null);
            $jacocoInit[15] = true;
            writePadding(bytePacketBuilder);
            $jacocoInit[16] = true;
            ByteReadPacket build = bytePacketBuilder.build();
            $jacocoInit[19] = true;
            ByteReadPacket cipherLoop = CipherUtilsKt.cipherLoop(build, this.sendCipher, new Function1<BytePacketBuilder, Unit>(this) { // from class: io.ktor.network.tls.cipher.CBCCipher$encrypt$packet$1
                private static transient /* synthetic */ boolean[] $jacocoData;
                final /* synthetic */ CBCCipher this$0;

                private static /* synthetic */ boolean[] $jacocoInit() {
                    boolean[] zArr = $jacocoData;
                    if (zArr != null) {
                        return zArr;
                    }
                    boolean[] probes = Offline.getProbes(-2286973391441570405L, "io/ktor/network/tls/cipher/CBCCipher$encrypt$packet$1", 4);
                    $jacocoData = probes;
                    return probes;
                }

                /* JADX INFO: Access modifiers changed from: package-private */
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(1);
                    boolean[] $jacocoInit2 = $jacocoInit();
                    this.this$0 = this;
                    $jacocoInit2[0] = true;
                }

                @Override // kotlin.jvm.functions.Function1
                public /* bridge */ /* synthetic */ Unit invoke(BytePacketBuilder bytePacketBuilder2) {
                    boolean[] $jacocoInit2 = $jacocoInit();
                    invoke2(bytePacketBuilder2);
                    Unit unit = Unit.INSTANCE;
                    $jacocoInit2[3] = true;
                    return unit;
                }

                /* renamed from: invoke, reason: avoid collision after fix types in other method */
                public final void invoke2(BytePacketBuilder cipherLoop2) {
                    boolean[] $jacocoInit2 = $jacocoInit();
                    Intrinsics.checkNotNullParameter(cipherLoop2, "$this$cipherLoop");
                    $jacocoInit2[1] = true;
                    byte[] iv = CBCCipher.access$getSendCipher$p(this.this$0).getIV();
                    Intrinsics.checkNotNullExpressionValue(iv, "sendCipher.iv");
                    OutputKt.writeFully$default((Output) cipherLoop2, iv, 0, 0, 6, (Object) null);
                    $jacocoInit2[2] = true;
                }
            });
            $jacocoInit[20] = true;
            TLSRecord tLSRecord = new TLSRecord(record.getType(), null, cipherLoop, 2, null);
            $jacocoInit[21] = true;
            return tLSRecord;
        } catch (Throwable th2) {
            th = th2;
            $jacocoInit[17] = true;
            bytePacketBuilder.release();
            $jacocoInit[18] = true;
            throw th;
        }
    }
}
