package by.avest.net.tls;

import by.avest.crypto.provider.CipherParameterTLSMacSpec;
import by.avest.crypto.provider.SharedSessionParameterSpec;
import by.avest.net.tls.SSLSocket;
import iaik.pkcs.pkcs11.wrapper.PKCS11Exception;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLProtocolException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:by/avest/net/tls/SecurityParametersDHT.class */
public class SecurityParametersDHT implements SecurityParametersIntf {
    private CipherSuite cipherSuite;
    private Cipher writeCipher;
    private Cipher writeCipherDual;
    private Cipher readCipher;
    private Cipher readCipherDual;
    private KeyMaterialCalculator kmc;
    private boolean isServerConnection;
    private byte[] writeIv;
    private byte[] readIv;
    private SharedSessionParameterSpec initReadSpec;
    private SharedSessionParameterSpec initWriteSpec;

    @Override // by.avest.net.tls.SecurityParametersIntf
    public void init(SSLSocket.ConnectionEnd connectionEnd, SSLSession sSLSession, Random random, Random random2) throws IOException {
        Util.log("Security parameters initialize.");
        this.kmc = new KeyMaterialCalculator();
        this.cipherSuite = sSLSession.getCipherSuiteInt();
        this.kmc.calculate(sSLSession, random, random2);
        this.writeIv = new byte[this.cipherSuite.getIvSize()];
        Arrays.fill(this.writeIv, (byte) 0);
        this.readIv = new byte[this.cipherSuite.getIvSize()];
        Arrays.fill(this.readIv, (byte) 0);
        this.isServerConnection = connectionEnd.isServer();
        try {
            this.writeCipher = Cipher.getInstance("TLSBelTMac/CTR/NoPadding");
            this.writeCipherDual = Cipher.getInstance(this.cipherSuite.getCipherDualAlg());
            this.readCipher = Cipher.getInstance("TLSBelTMac/CTR/NoPadding");
            this.readCipherDual = Cipher.getInstance(this.cipherSuite.getCipherDualAlg());
            Util.log("Security parameters initialized.");
        } catch (NoSuchAlgorithmException e) {
            SSLHandshakeException sSLHandshakeException = new SSLHandshakeException(e.getMessage());
            sSLHandshakeException.initCause(e);
            throw sSLHandshakeException;
        } catch (NoSuchPaddingException e2) {
            SSLHandshakeException sSLHandshakeException2 = new SSLHandshakeException(e2.getMessage());
            sSLHandshakeException2.initCause(e2);
            throw sSLHandshakeException2;
        }
    }

    private SecretKey getWriteKey() {
        return this.isServerConnection ? this.kmc.getServerKey() : this.kmc.getClientKey();
    }

    private SecretKey getReadKey() {
        return this.isServerConnection ? this.kmc.getClientKey() : this.kmc.getServerKey();
    }

    private SecretKey getWriteMACKey() {
        return this.isServerConnection ? this.kmc.getServerMACKey() : this.kmc.getClientMACKey();
    }

    private SecretKey getReadMACKey() {
        return this.isServerConnection ? this.kmc.getClientMACKey() : this.kmc.getServerMACKey();
    }

    private IvParameterSpec getWriteIV() {
        return new IvParameterSpec(this.writeIv);
    }

    private IvParameterSpec getReadIV() {
        return new IvParameterSpec(this.readIv);
    }

    private void incrementReadCounter() {
        for (int i = 8; i > 0; i--) {
            byte[] bArr = this.readIv;
            int i2 = i - 1;
            byte b = (byte) (bArr[i2] + 1);
            bArr[i2] = b;
            if (b != 0) {
                return;
            }
        }
    }

    private void incrementWriteCounter() {
        for (int i = 8; i > 0; i--) {
            byte[] bArr = this.writeIv;
            int i2 = i - 1;
            byte b = (byte) (bArr[i2] + 1);
            bArr[i2] = b;
            if (b != 0) {
                return;
            }
        }
    }

    @Override // by.avest.net.tls.SecurityParametersIntf
    public synchronized void processReadAlert(TLSText tLSText) throws IOException {
        if (decryptVerify(tLSText)) {
            Util.log("verifyMAC: OK");
            throw new AlertException(Alert.read(new ByteArrayInputStream(tLSText.fragment)), false);
        }
        Util.log("verifyMAC: differs, throw exception");
        throw new SSLProtocolException("bad_record_mac");
    }

    @Override // by.avest.net.tls.SecurityParametersIntf
    public synchronized void processRead(TLSText tLSText) throws IOException {
        if (decryptVerify(tLSText)) {
            Util.log("verifyMAC: OK");
        } else {
            Util.log("verifyMAC: differs, throw exception");
            throw new AlertException(Alert.fatal("bad_record_mac"), true);
        }
    }

    private boolean decryptVerify(TLSText tLSText) throws IOException {
        int macSize = this.cipherSuite.getMacSize();
        try {
            if (tLSText.fragment.length < macSize) {
                throw new SSLProtocolException("decryption_failed");
            }
            try {
                SecretKey readKey = getReadKey();
                IvParameterSpec readIV = getReadIV();
                if (Util.isDebug()) {
                    Util.log("SecurityParameters.initDecrypt readCipher, key=" + Util.getSecretKeyValue(readKey) + ", iv=" + Util.toHexString(readIV.getIV(), ' '));
                }
                SecretKey readMACKey = getReadMACKey();
                if (Util.isDebug()) {
                    Util.log("SecurityParameters.initVerify readMAC, key=" + Util.getSecretKeyValue(readMACKey));
                }
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(13);
                byteArrayOutputStream.write(this.readIv, 0, 8);
                tLSText.writeHeader(byteArrayOutputStream, tLSText.fragment.length - macSize);
                CipherParameterTLSMacSpec cipherParameterTLSMacSpec = new CipherParameterTLSMacSpec(byteArrayOutputStream.toByteArray(), readIV.getIV(), readMACKey);
                if (this.initReadSpec == null) {
                    this.initReadSpec = new SharedSessionParameterSpec(0L);
                }
                this.readCipherDual.init(2, readKey, this.initReadSpec);
                this.readCipher.init(2, readKey, new SharedSessionParameterSpec(this.initReadSpec.getSessionId(), cipherParameterTLSMacSpec));
                tLSText.fragment = this.readCipher.doFinal(tLSText.fragment);
                incrementReadCounter();
                return true;
            } catch (ProviderException e) {
                Throwable cause = e.getCause();
                if (!(cause instanceof PKCS11Exception) || ((PKCS11Exception) cause).getErrorCode() != 192) {
                    throw e;
                }
                incrementReadCounter();
                return false;
            } catch (Exception e2) {
                SSLHandshakeException sSLHandshakeException = new SSLHandshakeException(e2.getMessage());
                sSLHandshakeException.initCause(e2);
                throw sSLHandshakeException;
            }
        } catch (Throwable th) {
            incrementReadCounter();
            throw th;
        }
    }

    @Override // by.avest.net.tls.SecurityParametersIntf
    public synchronized void processWriteAlert(TLSText tLSText) throws IOException {
        tLSText.fragment = signEncrypt(tLSText);
    }

    @Override // by.avest.net.tls.SecurityParametersIntf
    public synchronized void processWrite(TLSText tLSText) throws IOException {
        tLSText.fragment = signEncrypt(tLSText);
    }

    private byte[] signEncrypt(TLSText tLSText) throws SSLHandshakeException {
        try {
            try {
                SecretKey writeKey = getWriteKey();
                IvParameterSpec writeIV = getWriteIV();
                if (Util.isDebug()) {
                    Util.log("SecurityParameters.initEncrypt writeCipher, key=" + Util.getSecretKeyValue(writeKey) + ", iv=" + Util.toHexString(writeIV.getIV(), ' '));
                }
                SecretKey writeMACKey = getWriteMACKey();
                if (Util.isDebug()) {
                    Util.log("SecurityParameters.initSign writeMAC, key=" + Util.getSecretKeyValue(writeMACKey));
                }
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(13);
                byteArrayOutputStream.write(this.writeIv, 0, 8);
                tLSText.writeHeader(byteArrayOutputStream);
                CipherParameterTLSMacSpec cipherParameterTLSMacSpec = new CipherParameterTLSMacSpec(byteArrayOutputStream.toByteArray(), writeIV.getIV(), writeMACKey);
                if (this.initWriteSpec == null) {
                    this.initWriteSpec = new SharedSessionParameterSpec(0L);
                }
                this.writeCipherDual.init(1, writeKey, this.initWriteSpec);
                this.writeCipher.init(1, writeKey, new SharedSessionParameterSpec(this.initWriteSpec.getSessionId(), cipherParameterTLSMacSpec));
                byte[] doFinal = this.writeCipher.doFinal(tLSText.fragment);
                incrementWriteCounter();
                return doFinal;
            } catch (Exception e) {
                SSLHandshakeException sSLHandshakeException = new SSLHandshakeException(e.getMessage());
                sSLHandshakeException.initCause(e);
                throw sSLHandshakeException;
            }
        } catch (Throwable th) {
            incrementWriteCounter();
            throw th;
        }
    }

    byte[] decompress(byte[] bArr) {
        return bArr;
    }

    byte[] compress(byte[] bArr) {
        return bArr;
    }

    @Override // by.avest.net.tls.SecurityParametersIntf
    public synchronized void destroy() {
        if (Util.isDebug()) {
            Util.log("Socket security parameters destroy.");
        }
        cleanUp();
        this.kmc.destroy();
        if (Util.isDebug()) {
            Util.log("Socket security parameters destroyed.");
        }
    }

    private void cleanUp() {
        this.initReadSpec = null;
        this.initWriteSpec = null;
        try {
            if (Util.isDebug()) {
                Util.log("Finalizing write cipher");
            }
            this.writeCipher.doFinal();
        } catch (Throwable th) {
            if (Util.isDebugTrash()) {
                Util.log("doFinal error");
                th.printStackTrace();
            }
        }
        try {
            if (Util.isDebug()) {
                Util.log("Finalizing read cipher");
            }
            this.readCipher.doFinal();
        } catch (Throwable th2) {
            if (Util.isDebugTrash()) {
                Util.log("doFinal error");
                th2.printStackTrace();
            }
        }
        try {
            if (Util.isDebug()) {
                Util.log("Finalizing write cipher dual");
            }
            this.writeCipherDual.doFinal();
        } catch (Throwable th3) {
            if (Util.isDebugTrash()) {
                Util.log("doFinal error");
                th3.printStackTrace();
            }
        }
        try {
            if (Util.isDebug()) {
                Util.log("Finalizing read cipher dual");
            }
            this.readCipherDual.doFinal();
        } catch (Throwable th4) {
            if (Util.isDebugTrash()) {
                Util.log("doFinal error");
                th4.printStackTrace();
            }
        }
    }
}
