package io.ktor.network.tls.cipher;

import C9.k;
import J9.C0955a;
import J9.s;
import J9.v;
import J9.y;
import g9.C8490C;
import h9.C8546n;
import io.ktor.network.tls.CipherSuite;
import io.ktor.network.tls.KeysKt;
import io.ktor.network.tls.TLSException;
import io.ktor.network.tls.TLSRecord;
import io.ktor.util.CryptoKt;
import io.ktor.utils.io.core.BytePacketBuilderKt;
import java.security.MessageDigest;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.jvm.internal.C8793t;
import org.jetbrains.annotations.NotNull;
import w9.l;

/* compiled from: CBCCipher.kt */
/* loaded from: classes3.dex */
public final class CBCCipher implements TLSCipher {
    private long inputCounter;

    @NotNull
    private final byte[] keyMaterial;
    private long outputCounter;

    @NotNull
    private final Cipher receiveCipher;

    @NotNull
    private final SecretKeySpec receiveKey;

    @NotNull
    private final Mac receiveMac;

    @NotNull
    private final Cipher sendCipher;

    @NotNull
    private final SecretKeySpec sendKey;

    @NotNull
    private final Mac sendMac;

    @NotNull
    private final CipherSuite suite;

    public CBCCipher(@NotNull CipherSuite suite, @NotNull byte[] keyMaterial) {
        C8793t.e(suite, "suite");
        C8793t.e(keyMaterial, "keyMaterial");
        this.suite = suite;
        this.keyMaterial = keyMaterial;
        Cipher cipher = Cipher.getInstance(suite.getJdkCipherName());
        C8793t.b(cipher);
        this.sendCipher = cipher;
        this.sendKey = KeysKt.clientKey(keyMaterial, suite);
        Mac mac = Mac.getInstance(suite.getMacName());
        C8793t.b(mac);
        this.sendMac = mac;
        Cipher cipher2 = Cipher.getInstance(suite.getJdkCipherName());
        C8793t.b(cipher2);
        this.receiveCipher = cipher2;
        this.receiveKey = KeysKt.serverKey(keyMaterial, suite);
        Mac mac2 = Mac.getInstance(suite.getMacName());
        C8793t.b(mac2);
        this.receiveMac = mac2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final C8490C encrypt$lambda$1(CBCCipher cBCCipher, s cipherLoop) {
        C8793t.e(cipherLoop, "$this$cipherLoop");
        byte[] iv = cBCCipher.sendCipher.getIV();
        C8793t.d(iv, "getIV(...)");
        BytePacketBuilderKt.writeFully$default(cipherLoop, iv, 0, 0, 6, null);
        return C8490C.f50751a;
    }

    private final byte[] prepareMac(TLSRecord tLSRecord, byte[] bArr) {
        this.sendMac.reset();
        this.sendMac.init(KeysKt.clientMacKey(this.keyMaterial, this.suite));
        byte[] bArr2 = new byte[13];
        CipherKt.set(bArr2, 0, this.outputCounter);
        bArr2[8] = (byte) tLSRecord.getType().getCode();
        bArr2[9] = 3;
        bArr2[10] = 3;
        CipherKt.set(bArr2, 11, (short) bArr.length);
        this.outputCounter++;
        this.sendMac.update(bArr2);
        byte[] doFinal = this.sendMac.doFinal(bArr);
        C8793t.d(doFinal, "doFinal(...)");
        return doFinal;
    }

    private final void validateMac(TLSRecord tLSRecord, byte[] bArr, int i10) {
        this.receiveMac.reset();
        this.receiveMac.init(KeysKt.serverMacKey(this.keyMaterial, this.suite));
        byte[] bArr2 = new byte[13];
        CipherKt.set(bArr2, 0, this.inputCounter);
        bArr2[8] = (byte) tLSRecord.getType().getCode();
        bArr2[9] = 3;
        bArr2[10] = 3;
        CipherKt.set(bArr2, 11, (short) i10);
        this.inputCounter++;
        this.receiveMac.update(bArr2);
        this.receiveMac.update(bArr, 0, i10);
        byte[] doFinal = this.receiveMac.doFinal();
        C8793t.b(doFinal);
        if (!MessageDigest.isEqual(doFinal, C8546n.d0(bArr, k.l(i10, this.suite.getMacStrengthInBytes() + i10)))) {
            throw new TLSException("Failed to verify MAC content", null, 2, null);
        }
    }

    private final void validatePadding(byte[] bArr, int i10) {
        int i11 = bArr[bArr.length - 1] & 255;
        int length = bArr.length;
        while (i10 < length) {
            int i12 = bArr[i10] & 255;
            if (i11 != i12) {
                throw new TLSException("Padding invalid: expected " + i11 + ", actual " + i12, null, 2, null);
            }
            i10++;
        }
    }

    private final void writePadding(s sVar) {
        byte blockSize = (byte) (this.sendCipher.getBlockSize() - ((BytePacketBuilderKt.getSize(sVar) + 1) % this.sendCipher.getBlockSize()));
        int i10 = blockSize + 1;
        for (int i11 = 0; i11 < i10; i11++) {
            sVar.R0(blockSize);
        }
    }

    @Override // io.ktor.network.tls.cipher.TLSCipher
    @NotNull
    public TLSRecord decrypt(@NotNull TLSRecord record) {
        C8793t.e(record, "record");
        v packet = record.getPacket();
        this.receiveCipher.init(2, this.receiveKey, new IvParameterSpec(y.b(packet, this.suite.getFixedIvLength())));
        byte[] a10 = y.a(CipherUtilsKt.cipherLoop$default(packet, this.receiveCipher, null, 2, null));
        int length = (a10.length - (a10[a10.length - 1] & 255)) - 1;
        int macStrengthInBytes = length - this.suite.getMacStrengthInBytes();
        validatePadding(a10, length);
        validateMac(record, a10, macStrengthInBytes);
        C0955a c0955a = new C0955a();
        BytePacketBuilderKt.writeFully(c0955a, a10, 0, macStrengthInBytes);
        return new TLSRecord(record.getType(), record.getVersion(), c0955a);
    }

    @Override // io.ktor.network.tls.cipher.TLSCipher
    @NotNull
    public TLSRecord encrypt(@NotNull TLSRecord record) {
        C8793t.e(record, "record");
        this.sendCipher.init(1, this.sendKey, new IvParameterSpec(CryptoKt.generateNonce(this.suite.getFixedIvLength())));
        byte[] a10 = y.a(record.getPacket());
        byte[] prepareMac = prepareMac(record, a10);
        C0955a c0955a = new C0955a();
        BytePacketBuilderKt.writeFully$default(c0955a, a10, 0, 0, 6, null);
        BytePacketBuilderKt.writeFully$default(c0955a, prepareMac, 0, 0, 6, null);
        writePadding(c0955a);
        return new TLSRecord(record.getType(), null, CipherUtilsKt.cipherLoop(c0955a, this.sendCipher, new l() { // from class: io.ktor.network.tls.cipher.a
            @Override // w9.l
            public final Object invoke(Object obj) {
                C8490C encrypt$lambda$1;
                encrypt$lambda$1 = CBCCipher.encrypt$lambda$1(CBCCipher.this, (s) obj);
                return encrypt$lambda$1;
            }
        }), 2, null);
    }
}
