package gg.skytils.ktor.network.tls.cipher;

import gg.skytils.ktor.network.tls.CipherSuite;
import gg.skytils.ktor.network.tls.KeysKt;
import gg.skytils.ktor.network.tls.TLSException;
import gg.skytils.ktor.network.tls.TLSRecord;
import gg.skytils.ktor.util.CryptoKt;
import gg.skytils.ktor.utils.io.core.BytePacketBuilder;
import gg.skytils.ktor.utils.io.core.ByteReadPacket;
import gg.skytils.ktor.utils.io.core.Output;
import gg.skytils.ktor.utils.io.core.OutputKt;
import gg.skytils.ktor.utils.io.core.StringsKt;
import java.security.MessageDigest;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.ArraysKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.ranges.RangesKt;
import org.bouncycastle.openpgp.PGPSignature;
import org.jetbrains.annotations.NotNull;

/* compiled from: CBCCipher.kt */
@Metadata(mv = {1, 8, 0}, k = 1, xi = PGPSignature.CERTIFICATION_REVOCATION, d1 = {"��T\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0012\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0010\b\n��\n\u0002\u0010\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\t\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0007\b��\u0018��2\u00020\u0001B\u0017\u0012\u0006\u0010\u0003\u001a\u00020\u0002\u0012\u0006\u0010\u0005\u001a\u00020\u0004¢\u0006\u0004\b\u0006\u0010\u0007J\u0017\u0010\n\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\bH\u0016¢\u0006\u0004\b\n\u0010\u000bJ\u0017\u0010\f\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\bH\u0016¢\u0006\u0004\b\f\u0010\u000bJ\u001f\u0010\u000e\u001a\u00020\u00042\u0006\u0010\t\u001a\u00020\b2\u0006\u0010\r\u001a\u00020\u0004H\u0002¢\u0006\u0004\b\u000e\u0010\u000fJ'\u0010\u0013\u001a\u00020\u00122\u0006\u0010\t\u001a\u00020\b2\u0006\u0010\r\u001a\u00020\u00042\u0006\u0010\u0011\u001a\u00020\u0010H\u0002¢\u0006\u0004\b\u0013\u0010\u0014J\u001f\u0010\u0016\u001a\u00020\u00122\u0006\u0010\r\u001a\u00020\u00042\u0006\u0010\u0015\u001a\u00020\u0010H\u0002¢\u0006\u0004\b\u0016\u0010\u0017J\u0013\u0010\u0019\u001a\u00020\u0012*\u00020\u0018H\u0002¢\u0006\u0004\b\u0019\u0010\u001aR\u0016\u0010\u001c\u001a\u00020\u001b8\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b\u001c\u0010\u001dR\u0014\u0010\u0005\u001a\u00020\u00048\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0005\u0010\u001eR\u0016\u0010\u001f\u001a\u00020\u001b8\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b\u001f\u0010\u001dR\u0014\u0010!\u001a\u00020 8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b!\u0010\"R\u0014\u0010$\u001a\u00020#8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b$\u0010%R\u0014\u0010'\u001a\u00020&8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b'\u0010(R\u0014\u0010)\u001a\u00020 8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b)\u0010\"R\u0014\u0010*\u001a\u00020#8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b*\u0010%R\u0014\u0010+\u001a\u00020&8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b+\u0010(R\u0014\u0010\u0003\u001a\u00020\u00028\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0003\u0010,¨\u0006-"}, d2 = {"Lgg/skytils/ktor/network/tls/cipher/CBCCipher;", "Lgg/skytils/ktor/network/tls/cipher/TLSCipher;", "Lgg/skytils/ktor/network/tls/CipherSuite;", "suite", "", "keyMaterial", "<init>", "(Lio/ktor/network/tls/CipherSuite;[B)V", "Lgg/skytils/ktor/network/tls/TLSRecord;", "record", "decrypt", "(Lgg/skytils/ktor/network/tls/TLSRecord;)Lgg/skytils/ktor/network/tls/TLSRecord;", "encrypt", "content", "prepareMac", "(Lgg/skytils/ktor/network/tls/TLSRecord;[B)[B", "", "macOffset", "", "validateMac", "(Lgg/skytils/ktor/network/tls/TLSRecord;[BI)V", "paddingStart", "validatePadding", "([BI)V", "Lgg/skytils/ktor/utils/io/core/BytePacketBuilder;", "writePadding", "(Lgg/skytils/ktor/utils/io/core/BytePacketBuilder;)V", "", "inputCounter", "J", "[B", "outputCounter", "Ljavax/crypto/Cipher;", "receiveCipher", "Ljavax/crypto/Cipher;", "Ljavax/crypto/spec/SecretKeySpec;", "receiveKey", "Ljavax/crypto/spec/SecretKeySpec;", "Ljavax/crypto/Mac;", "receiveMac", "Ljavax/crypto/Mac;", "sendCipher", "sendKey", "sendMac", "Lgg/skytils/ktor/network/tls/CipherSuite;", "ktor-network-tls"})
@SourceDebugExtension({"SMAP\nCBCCipher.kt\nKotlin\n*S Kotlin\n*F\n+ 1 CBCCipher.kt\nio/ktor/network/tls/cipher/CBCCipher\n+ 2 Builder.kt\nio/ktor/utils/io/core/BuilderKt\n*L\n1#1,126:1\n12#2,11:127\n12#2,11:138\n*S KotlinDebug\n*F\n+ 1 CBCCipher.kt\nio/ktor/network/tls/cipher/CBCCipher\n*L\n35#1:127,11\n62#1:138,11\n*E\n"})
/* loaded from: input_file:gg/skytils/ktor/network/tls/cipher/CBCCipher.class */
public final class CBCCipher implements TLSCipher {

    @NotNull
    private final CipherSuite suite;

    @NotNull
    private final byte[] keyMaterial;

    @NotNull
    private final Cipher sendCipher;

    @NotNull
    private final SecretKeySpec sendKey;

    @NotNull
    private final Mac sendMac;

    @NotNull
    private final Cipher receiveCipher;

    @NotNull
    private final SecretKeySpec receiveKey;

    @NotNull
    private final Mac receiveMac;
    private long inputCounter;
    private long outputCounter;

    public CBCCipher(@NotNull CipherSuite cipherSuite, @NotNull byte[] bArr) {
        Intrinsics.checkNotNullParameter(cipherSuite, "suite");
        Intrinsics.checkNotNullParameter(bArr, "keyMaterial");
        this.suite = cipherSuite;
        this.keyMaterial = bArr;
        Cipher cipher = Cipher.getInstance(this.suite.getJdkCipherName());
        Intrinsics.checkNotNull(cipher);
        this.sendCipher = cipher;
        this.sendKey = KeysKt.clientKey(this.keyMaterial, this.suite);
        Mac mac = Mac.getInstance(this.suite.getMacName());
        Intrinsics.checkNotNull(mac);
        this.sendMac = mac;
        Cipher cipher2 = Cipher.getInstance(this.suite.getJdkCipherName());
        Intrinsics.checkNotNull(cipher2);
        this.receiveCipher = cipher2;
        this.receiveKey = KeysKt.serverKey(this.keyMaterial, this.suite);
        Mac mac2 = Mac.getInstance(this.suite.getMacName());
        Intrinsics.checkNotNull(mac2);
        this.receiveMac = mac2;
    }

    @Override // gg.skytils.ktor.network.tls.cipher.TLSCipher
    @NotNull
    public TLSRecord encrypt(@NotNull TLSRecord tLSRecord) {
        Intrinsics.checkNotNullParameter(tLSRecord, "record");
        this.sendCipher.init(1, this.sendKey, new IvParameterSpec(CryptoKt.generateNonce(this.suite.getFixedIvLength())));
        byte[] readBytes$default = StringsKt.readBytes$default(tLSRecord.getPacket(), 0, 1, null);
        byte[] prepareMac = prepareMac(tLSRecord, readBytes$default);
        BytePacketBuilder bytePacketBuilder = new BytePacketBuilder(null, 1, null);
        try {
            OutputKt.writeFully$default((Output) bytePacketBuilder, readBytes$default, 0, 0, 6, (Object) null);
            OutputKt.writeFully$default((Output) bytePacketBuilder, prepareMac, 0, 0, 6, (Object) null);
            writePadding(bytePacketBuilder);
            return new TLSRecord(tLSRecord.getType(), null, CipherUtilsKt.cipherLoop(bytePacketBuilder.build(), this.sendCipher, new Function1<BytePacketBuilder, Unit>() { // from class: gg.skytils.ktor.network.tls.cipher.CBCCipher$encrypt$packet$1
                /* JADX INFO: Access modifiers changed from: package-private */
                {
                    super(1);
                }

                public final void invoke(@NotNull BytePacketBuilder bytePacketBuilder2) {
                    Cipher cipher;
                    Intrinsics.checkNotNullParameter(bytePacketBuilder2, "$this$cipherLoop");
                    cipher = CBCCipher.this.sendCipher;
                    byte[] iv = cipher.getIV();
                    Intrinsics.checkNotNullExpressionValue(iv, "sendCipher.iv");
                    OutputKt.writeFully$default((Output) bytePacketBuilder2, iv, 0, 0, 6, (Object) null);
                }

                public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                    invoke((BytePacketBuilder) obj);
                    return Unit.INSTANCE;
                }
            }), 2, null);
        } catch (Throwable th) {
            bytePacketBuilder.release();
            throw th;
        }
    }

    @Override // gg.skytils.ktor.network.tls.cipher.TLSCipher
    @NotNull
    public TLSRecord decrypt(@NotNull TLSRecord tLSRecord) {
        Intrinsics.checkNotNullParameter(tLSRecord, "record");
        ByteReadPacket packet = tLSRecord.getPacket();
        this.receiveCipher.init(2, this.receiveKey, new IvParameterSpec(StringsKt.readBytes(packet, this.suite.getFixedIvLength())));
        byte[] readBytes$default = StringsKt.readBytes$default(CipherUtilsKt.cipherLoop$default(packet, this.receiveCipher, null, 2, null), 0, 1, null);
        int length = (readBytes$default.length - (readBytes$default[readBytes$default.length - 1] & 255)) - 1;
        int macStrengthInBytes = length - this.suite.getMacStrengthInBytes();
        validatePadding(readBytes$default, length);
        validateMac(tLSRecord, readBytes$default, macStrengthInBytes);
        BytePacketBuilder bytePacketBuilder = new BytePacketBuilder(null, 1, null);
        try {
            OutputKt.writeFully((Output) bytePacketBuilder, readBytes$default, 0, macStrengthInBytes);
            return new TLSRecord(tLSRecord.getType(), tLSRecord.getVersion(), bytePacketBuilder.build());
        } catch (Throwable th) {
            bytePacketBuilder.release();
            throw th;
        }
    }

    private final byte[] prepareMac(TLSRecord tLSRecord, byte[] bArr) {
        this.sendMac.reset();
        this.sendMac.init(KeysKt.clientMacKey(this.keyMaterial, this.suite));
        byte[] bArr2 = new byte[13];
        CipherKt.set(bArr2, 0, this.outputCounter);
        bArr2[8] = (byte) tLSRecord.getType().getCode();
        bArr2[9] = 3;
        bArr2[10] = 3;
        CipherKt.set(bArr2, 11, (short) bArr.length);
        this.outputCounter++;
        this.sendMac.update(bArr2);
        byte[] doFinal = this.sendMac.doFinal(bArr);
        Intrinsics.checkNotNullExpressionValue(doFinal, "sendMac.doFinal(content)");
        return doFinal;
    }

    private final void writePadding(BytePacketBuilder bytePacketBuilder) {
        byte blockSize = (byte) (this.sendCipher.getBlockSize() - ((bytePacketBuilder.getSize() + 1) % this.sendCipher.getBlockSize()));
        int i = blockSize + 1;
        for (int i2 = 0; i2 < i; i2++) {
            bytePacketBuilder.writeByte(blockSize);
        }
    }

    private final void validatePadding(byte[] bArr, int i) {
        int i2 = bArr[bArr.length - 1] & 255;
        int length = bArr.length;
        for (int i3 = i; i3 < length; i3++) {
            int i4 = bArr[i3] & 255;
            if (i2 != i4) {
                throw new TLSException("Padding invalid: expected " + i2 + ", actual " + i4, null, 2, null);
            }
        }
    }

    private final void validateMac(TLSRecord tLSRecord, byte[] bArr, int i) {
        this.receiveMac.reset();
        this.receiveMac.init(KeysKt.serverMacKey(this.keyMaterial, this.suite));
        byte[] bArr2 = new byte[13];
        CipherKt.set(bArr2, 0, this.inputCounter);
        bArr2[8] = (byte) tLSRecord.getType().getCode();
        bArr2[9] = 3;
        bArr2[10] = 3;
        CipherKt.set(bArr2, 11, (short) i);
        this.inputCounter++;
        this.receiveMac.update(bArr2);
        this.receiveMac.update(bArr, 0, i);
        byte[] doFinal = this.receiveMac.doFinal();
        Intrinsics.checkNotNull(doFinal);
        if (!MessageDigest.isEqual(doFinal, ArraysKt.sliceArray(bArr, RangesKt.until(i, i + this.suite.getMacStrengthInBytes())))) {
            throw new TLSException("Failed to verify MAC content", null, 2, null);
        }
    }
}
