package by.avest.net.tls;

import by.avest.crypto.pkcs11.provider.bign.PrivateKeyMac;
import by.avest.crypto.pkcs11.provider.bign.PublicKeyMac;
import by.avest.crypto.provider.SharedSessionParameterSpec;
import by.avest.net.tls.SSLSocket;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLProtocolException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:by/avest/net/tls/SecurityParameters.class */
public class SecurityParameters implements SecurityParametersIntf {
    private static final int MAC_INPUTDATA_MIN_LEN = 16;
    private CipherSuite cipherSuite;
    private Cipher writeCipher;
    private Cipher writeCipherDual;
    private Signature writeMAC;
    private Cipher readCipher;
    private Cipher readCipherDual;
    private Signature readMAC;
    private KeyMaterialCalculator kmc;
    private boolean isServerConnection;
    private SharedSessionParameterSpec initReadSpec;
    private SharedSessionParameterSpec initWriteSpec;
    private static final byte[] TRUEBLACKER = {116, 114, 117, 101, 98, 108, 97, 99, 107, 101, 114, 0};
    static final byte[] MAC = {-86, -86, -86, -86};
    private static final byte[] PAD_BLOCK = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};

    @Override // by.avest.net.tls.SecurityParametersIntf
    public void init(SSLSocket.ConnectionEnd connectionEnd, SSLSession sSLSession, Random random, Random random2) throws IOException {
        Util.log("Security parameters initialize.");
        this.kmc = new KeyMaterialCalculator();
        this.cipherSuite = sSLSession.getCipherSuiteInt();
        this.kmc.calculate(sSLSession, random, random2);
        this.isServerConnection = connectionEnd.isServer();
        try {
            this.writeCipher = Cipher.getInstance(this.cipherSuite.getCipherAlg());
            this.writeCipherDual = Cipher.getInstance(this.cipherSuite.getCipherDualAlg());
            this.writeMAC = Signature.getInstance(this.cipherSuite.getMacAlg());
            this.readCipher = Cipher.getInstance(this.cipherSuite.getCipherAlg());
            this.readCipherDual = Cipher.getInstance(this.cipherSuite.getCipherDualAlg());
            this.readMAC = Signature.getInstance(this.cipherSuite.getMacAlg());
            Util.log("Security parameters initialized.");
        } catch (NoSuchAlgorithmException e) {
            SSLHandshakeException sSLHandshakeException = new SSLHandshakeException(e.getMessage());
            sSLHandshakeException.initCause(e);
            throw sSLHandshakeException;
        } catch (NoSuchPaddingException e2) {
            SSLHandshakeException sSLHandshakeException2 = new SSLHandshakeException(e2.getMessage());
            sSLHandshakeException2.initCause(e2);
            throw sSLHandshakeException2;
        }
    }

    private SecretKey getWriteKey() {
        return this.isServerConnection ? this.kmc.getServerKey() : this.kmc.getClientKey();
    }

    private SecretKey getReadKey() {
        return this.isServerConnection ? this.kmc.getClientKey() : this.kmc.getServerKey();
    }

    private SecretKey getWriteMACKey() {
        return this.isServerConnection ? this.kmc.getServerMACKey() : this.kmc.getClientMACKey();
    }

    private SecretKey getReadMACKey() {
        return this.isServerConnection ? this.kmc.getClientMACKey() : this.kmc.getServerMACKey();
    }

    private IvParameterSpec getWriteIV() {
        return this.isServerConnection ? this.kmc.getServerIV() : this.kmc.getClientIV();
    }

    private IvParameterSpec getReadIV() {
        return this.isServerConnection ? this.kmc.getClientIV() : this.kmc.getServerIV();
    }

    @Override // by.avest.net.tls.SecurityParametersIntf
    public synchronized void processReadAlert(TLSText tLSText) throws IOException {
        try {
            SecretKey readKey = getReadKey();
            IvParameterSpec readIV = getReadIV();
            if (Util.isDebug()) {
                Util.log("SecurityParameters.initDecrypt readCipher, key=" + Util.getSecretKeyValue(readKey) + ", iv=" + Util.toHexString(readIV.getIV(), ' '));
            }
            this.readCipher.init(2, readKey, readIV);
            tLSText.fragment = this.readCipher.doFinal(tLSText.fragment, 0, tLSText.fragment.length);
            throw new AlertException(Alert.read(new ByteArrayInputStream(tLSText.fragment)), false);
        } catch (Exception e) {
            SSLProtocolException sSLProtocolException = new SSLProtocolException(e.getMessage());
            sSLProtocolException.initCause(e);
            throw sSLProtocolException;
        }
    }

    @Override // by.avest.net.tls.SecurityParametersIntf
    public synchronized void processRead(TLSText tLSText) throws IOException {
        int macSize = this.cipherSuite.getMacSize();
        if (tLSText.fragment.length < macSize) {
            throw new SSLProtocolException("decryption_failed");
        }
        try {
            SecretKey readKey = getReadKey();
            IvParameterSpec readIV = getReadIV();
            if (Util.isDebug()) {
                Util.log("SecurityParameters.initDecryptVerify readCipher, key=" + Util.getSecretKeyValue(readKey) + ", iv=" + Util.toHexString(readIV.getIV(), ' '));
            }
            if (this.initReadSpec == null) {
                this.initReadSpec = new SharedSessionParameterSpec(0L);
            }
            this.readCipherDual.init(2, readKey, this.initReadSpec);
            this.readCipher.init(2, readKey, new SharedSessionParameterSpec(this.initReadSpec.getSessionId(), readIV));
            SecretKey readMACKey = getReadMACKey();
            if (Util.isDebug()) {
                Util.log("SecurityParameters.initDecryptVerify readMAC, key=" + Util.getSecretKeyValue(readMACKey));
            }
            this.readMAC.initVerify(new PublicKeyMac(readMACKey, this.initReadSpec.getSessionId()));
            int length = tLSText.fragment.length - macSize;
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(length);
            byteArrayOutputStream.write(this.readCipherDual.update(tLSText.fragment, 0, length));
            byte[] doFinal = this.readCipher.doFinal();
            if (doFinal.length > 0) {
                byteArrayOutputStream.write(doFinal);
                this.readMAC.update(doFinal);
            }
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream(16);
            byteArrayOutputStream2.write(TRUEBLACKER);
            int length2 = length + TRUEBLACKER.length;
            if (length2 < 16) {
                byteArrayOutputStream2.write(PAD_BLOCK, 0, 16 - length2);
            }
            this.readMAC.update(byteArrayOutputStream2.toByteArray());
            boolean verify = this.readMAC.verify(tLSText.fragment, length, macSize);
            if (Util.isDebug()) {
                Util.log("verifyMAC: fragmentMAC=" + Util.toHexString(tLSText.fragment, length, macSize, ' ', 0) + ", result=" + verify);
            }
            if (!verify) {
                Util.log("verifyMAC: differs, throw exception");
                throw new SSLProtocolException("bad_record_mac");
            }
            Util.log("verifyMAC: OK");
            tLSText.fragment = byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            SSLProtocolException sSLProtocolException = new SSLProtocolException(e.getMessage());
            sSLProtocolException.initCause(e);
            throw sSLProtocolException;
        }
    }

    @Override // by.avest.net.tls.SecurityParametersIntf
    public synchronized void processWriteAlert(TLSText tLSText) throws IOException {
        try {
            SecretKey writeKey = getWriteKey();
            IvParameterSpec writeIV = getWriteIV();
            if (Util.isDebug()) {
                Util.log("SecurityParameters.initEncrypt writeCipher, key=" + Util.getSecretKeyValue(writeKey) + ", iv=" + Util.toHexString(writeIV.getIV(), ' '));
            }
            this.writeCipher.init(1, writeKey, writeIV);
            tLSText.fragment = this.writeCipher.doFinal(tLSText.fragment, 0, tLSText.fragment.length);
        } catch (Exception e) {
            SSLProtocolException sSLProtocolException = new SSLProtocolException(e.getMessage());
            sSLProtocolException.initCause(e);
            throw sSLProtocolException;
        }
    }

    @Override // by.avest.net.tls.SecurityParametersIntf
    public synchronized void processWrite(TLSText tLSText) throws IOException {
        try {
            SecretKey writeKey = getWriteKey();
            IvParameterSpec writeIV = getWriteIV();
            if (Util.isDebug()) {
                Util.log("SecurityParameters.initSignEncrypt writeCipher, key=" + Util.getSecretKeyValue(writeKey) + ", iv=" + Util.toHexString(writeIV.getIV(), ' '));
            }
            if (this.initWriteSpec == null) {
                this.initWriteSpec = new SharedSessionParameterSpec(0L);
            }
            this.writeCipherDual.init(1, writeKey, this.initWriteSpec);
            this.writeCipher.init(1, writeKey, new SharedSessionParameterSpec(this.initWriteSpec.getSessionId(), writeIV));
            SecretKey writeMACKey = getWriteMACKey();
            if (Util.isDebug()) {
                Util.log("SecurityParameters.initSignEncrypt writeMAC, key=" + Util.getSecretKeyValue(writeMACKey));
            }
            this.writeMAC.initSign(new PrivateKeyMac(writeMACKey, this.initWriteSpec.getSessionId()));
            int length = tLSText.fragment.length;
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(length);
            byteArrayOutputStream.write(this.writeCipherDual.update(tLSText.fragment, 0, length));
            byteArrayOutputStream.write(this.writeCipher.doFinal());
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream(16);
            byteArrayOutputStream2.write(TRUEBLACKER);
            int length2 = length + TRUEBLACKER.length;
            if (length2 < 16) {
                byteArrayOutputStream2.write(PAD_BLOCK, 0, 16 - length2);
            }
            this.writeMAC.update(byteArrayOutputStream2.toByteArray());
            byte[] sign = this.writeMAC.sign();
            byteArrayOutputStream.write(sign);
            if (Util.isDebug()) {
                Util.log("generateMAC: calculatedMAC=" + Util.toHexString(sign, ' '));
            }
            tLSText.fragment = byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            SSLProtocolException sSLProtocolException = new SSLProtocolException(e.getMessage());
            sSLProtocolException.initCause(e);
            throw sSLProtocolException;
        }
    }

    byte[] decompress(byte[] bArr) {
        return bArr;
    }

    byte[] compress(byte[] bArr) {
        return bArr;
    }

    @Override // by.avest.net.tls.SecurityParametersIntf
    public synchronized void destroy() {
        if (Util.isDebug()) {
            Util.log("Socket security parameters destroy.");
        }
        cleanUp();
        this.kmc.destroy();
        if (Util.isDebug()) {
            Util.log("Socket security parameters destroyed.");
        }
    }

    private void cleanUp() {
        this.initReadSpec = null;
        this.initWriteSpec = null;
        try {
            if (Util.isDebug()) {
                Util.log("Finalizing write cipher");
            }
            this.writeCipher.doFinal();
        } catch (Throwable th) {
            if (Util.isDebugTrash()) {
                Util.log("doFinal error");
                th.printStackTrace();
            }
        }
        try {
            if (Util.isDebug()) {
                Util.log("Finalizing write cipher dual");
            }
            this.writeCipherDual.doFinal();
        } catch (Throwable th2) {
            if (Util.isDebugTrash()) {
                Util.log("doFinal error");
                th2.printStackTrace();
            }
        }
        try {
            if (Util.isDebug()) {
                Util.log("Finalizing write mac");
            }
            this.writeMAC.sign();
        } catch (Throwable th3) {
            if (Util.isDebugTrash()) {
                Util.log("doFinal error");
                th3.printStackTrace();
            }
        }
        try {
            if (Util.isDebug()) {
                Util.log("Finalizing read cipher");
            }
            this.readCipher.doFinal();
        } catch (Throwable th4) {
            if (Util.isDebugTrash()) {
                Util.log("doFinal error");
                th4.printStackTrace();
            }
        }
        try {
            if (Util.isDebug()) {
                Util.log("Finalizing read cipher dual");
            }
            this.readCipherDual.doFinal();
        } catch (Throwable th5) {
            if (Util.isDebugTrash()) {
                Util.log("doFinal error");
                th5.printStackTrace();
            }
        }
        try {
            if (Util.isDebug()) {
                Util.log("Finalizing read mac");
            }
            this.readMAC.verify(new byte[0]);
        } catch (Throwable th6) {
            if (Util.isDebugTrash()) {
                Util.log("doFinal error");
                th6.printStackTrace();
            }
        }
    }
}
