package net.luminis.tls;

import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.KotlinVersion;
import net.luminis.quic.run.InteropRunner;
import net.luminis.tls.TlsConstants;
import net.luminis.tls.util.ByteUtils;
import o00oOoo.o000OO0O;

/* loaded from: classes2.dex */
public class TlsState {
    private static final Charset ISO_8859_1 = Charset.forName("ISO-8859-1");
    private static String labelPrefix = "tls13 ";
    private final short authenticationTagLength;
    private byte[] binderKey;
    private byte[] clientApplicationTrafficSecret;
    private byte[] clientEarlyTrafficSecret;
    private byte[] clientHandshakeTrafficSecret;
    private byte[] clientIv;
    private byte[] clientKey;
    private PrivateKey clientPrivateKey;
    private int clientRecordCount;
    private byte[] earlySecret;
    private final byte[] emptyHash;
    private byte[] handshakeSecret;
    private final MessageDigest hashFunction;
    private final short hashLength;
    private final oOO00O.OooO00o hkdf;
    private final short iv_length;
    private final short keyLength;
    private byte[] masterSecret;
    private final byte[] psk;
    private boolean pskSelected;
    private byte[] resumptionMasterSecret;
    private byte[] serverApplicationTrafficSecret;
    private byte[] serverHandshakeTrafficSecret;
    private byte[] serverIv;
    private byte[] serverKey;
    private int serverRecordCount;
    private PublicKey serverSharedKey;
    private byte[] sharedSecret;
    private final TranscriptHash transcriptHash;

    public TlsState(TranscriptHash transcriptHash) {
        this(transcriptHash, null);
    }

    /* JADX WARN: Type inference failed for: r2v0, types: [java.lang.Object, oOO00O.OooO0O0$OooO00o] */
    public TlsState(TranscriptHash transcriptHash, byte[] bArr) {
        this.authenticationTagLength = (short) 16;
        this.keyLength = (short) 16;
        this.hashLength = (short) 32;
        this.iv_length = (short) 12;
        this.serverRecordCount = 0;
        this.clientRecordCount = 0;
        this.psk = bArr;
        this.transcriptHash = transcriptHash;
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            this.hashFunction = messageDigest;
            this.hkdf = new oOO00O.OooO00o(new Object());
            byte[] digest = messageDigest.digest(new byte[0]);
            this.emptyHash = digest;
            android.support.v4.media.OooO00o.OooO0O0("Empty hash: ", ByteUtils.bytesToHex(digest));
            computeEarlySecret(bArr == null ? new byte[32] : bArr);
        } catch (NoSuchAlgorithmException unused) {
            throw new RuntimeException("Missing SHA-256 support");
        }
    }

    private byte[] computeEarlySecret(byte[] bArr) {
        byte[] OooO0O02 = this.hkdf.OooO0O0(new byte[32], bArr);
        this.earlySecret = OooO0O02;
        android.support.v4.media.OooO00o.OooO0O0("Early secret: ", ByteUtils.bytesToHex(OooO0O02));
        byte[] hkdfExpandLabel = hkdfExpandLabel(this.earlySecret, "res binder", this.emptyHash, (short) 32);
        this.binderKey = hkdfExpandLabel;
        android.support.v4.media.OooO00o.OooO0O0("Binder key: ", ByteUtils.bytesToHex(hkdfExpandLabel));
        return this.earlySecret;
    }

    public void computeApplicationSecrets() {
        computeApplicationSecrets(this.handshakeSecret);
        this.serverRecordCount = 0;
        this.clientRecordCount = 0;
    }

    public void computeApplicationSecrets(byte[] bArr) {
        byte[] serverHash = this.transcriptHash.getServerHash(TlsConstants.HandshakeType.finished);
        byte[] hkdfExpandLabel = hkdfExpandLabel(bArr, "derived", this.emptyHash, (short) 32);
        android.support.v4.media.OooO00o.OooO0O0("Derived secret: ", ByteUtils.bytesToHex(hkdfExpandLabel));
        byte[] OooO0O02 = this.hkdf.OooO0O0(hkdfExpandLabel, new byte[32]);
        this.masterSecret = OooO0O02;
        android.support.v4.media.OooO00o.OooO0O0("Master secret: ", ByteUtils.bytesToHex(OooO0O02));
        byte[] hkdfExpandLabel2 = hkdfExpandLabel(this.masterSecret, "c ap traffic", serverHash, (short) 32);
        this.clientApplicationTrafficSecret = hkdfExpandLabel2;
        android.support.v4.media.OooO00o.OooO0O0("Client application traffic secret: ", ByteUtils.bytesToHex(hkdfExpandLabel2));
        byte[] hkdfExpandLabel3 = hkdfExpandLabel(this.masterSecret, "s ap traffic", serverHash, (short) 32);
        this.serverApplicationTrafficSecret = hkdfExpandLabel3;
        android.support.v4.media.OooO00o.OooO0O0("Server application traffic secret: ", ByteUtils.bytesToHex(hkdfExpandLabel3));
        byte[] hkdfExpandLabel4 = hkdfExpandLabel(this.clientApplicationTrafficSecret, "key", "", (short) 16);
        android.support.v4.media.OooO00o.OooO0O0("Client application key: ", ByteUtils.bytesToHex(hkdfExpandLabel4));
        this.clientKey = hkdfExpandLabel4;
        byte[] hkdfExpandLabel5 = hkdfExpandLabel(this.serverApplicationTrafficSecret, "key", "", (short) 16);
        android.support.v4.media.OooO00o.OooO0O0("Server application key: ", ByteUtils.bytesToHex(hkdfExpandLabel5));
        this.serverKey = hkdfExpandLabel5;
        byte[] hkdfExpandLabel6 = hkdfExpandLabel(this.clientApplicationTrafficSecret, "iv", "", (short) 12);
        android.support.v4.media.OooO00o.OooO0O0("Client application iv: ", ByteUtils.bytesToHex(hkdfExpandLabel6));
        this.clientIv = hkdfExpandLabel6;
        byte[] hkdfExpandLabel7 = hkdfExpandLabel(this.serverApplicationTrafficSecret, "iv", "", (short) 12);
        android.support.v4.media.OooO00o.OooO0O0("Server application iv: ", ByteUtils.bytesToHex(hkdfExpandLabel7));
        this.serverIv = hkdfExpandLabel7;
    }

    public void computeEarlyTrafficSecret() {
        this.clientEarlyTrafficSecret = hkdfExpandLabel(this.earlySecret, "c e traffic", this.transcriptHash.getHash(TlsConstants.HandshakeType.client_hello), (short) 32);
    }

    public void computeHandshakeSecrets() {
        byte[] hkdfExpandLabel = hkdfExpandLabel(this.earlySecret, "derived", this.emptyHash, (short) 32);
        android.support.v4.media.OooO00o.OooO0O0("Derived secret: ", ByteUtils.bytesToHex(hkdfExpandLabel));
        byte[] OooO0O02 = this.hkdf.OooO0O0(hkdfExpandLabel, this.sharedSecret);
        this.handshakeSecret = OooO0O02;
        android.support.v4.media.OooO00o.OooO0O0("Handshake secret: ", ByteUtils.bytesToHex(OooO0O02));
        byte[] hash = this.transcriptHash.getHash(TlsConstants.HandshakeType.server_hello);
        byte[] hkdfExpandLabel2 = hkdfExpandLabel(this.handshakeSecret, "c hs traffic", hash, (short) 32);
        this.clientHandshakeTrafficSecret = hkdfExpandLabel2;
        android.support.v4.media.OooO00o.OooO0O0("Client handshake traffic secret: ", ByteUtils.bytesToHex(hkdfExpandLabel2));
        byte[] hkdfExpandLabel3 = hkdfExpandLabel(this.handshakeSecret, "s hs traffic", hash, (short) 32);
        this.serverHandshakeTrafficSecret = hkdfExpandLabel3;
        android.support.v4.media.OooO00o.OooO0O0("Server handshake traffic secret: ", ByteUtils.bytesToHex(hkdfExpandLabel3));
        byte[] hkdfExpandLabel4 = hkdfExpandLabel(this.clientHandshakeTrafficSecret, "key", "", (short) 16);
        android.support.v4.media.OooO00o.OooO0O0("Client handshake key: ", ByteUtils.bytesToHex(hkdfExpandLabel4));
        this.clientKey = hkdfExpandLabel4;
        byte[] hkdfExpandLabel5 = hkdfExpandLabel(this.serverHandshakeTrafficSecret, "key", "", (short) 16);
        android.support.v4.media.OooO00o.OooO0O0("Server handshake key: ", ByteUtils.bytesToHex(hkdfExpandLabel5));
        this.serverKey = hkdfExpandLabel5;
        byte[] hkdfExpandLabel6 = hkdfExpandLabel(this.clientHandshakeTrafficSecret, "iv", "", (short) 12);
        android.support.v4.media.OooO00o.OooO0O0("Client handshake iv: ", ByteUtils.bytesToHex(hkdfExpandLabel6));
        this.clientIv = hkdfExpandLabel6;
        byte[] hkdfExpandLabel7 = hkdfExpandLabel(this.serverHandshakeTrafficSecret, "iv", "", (short) 12);
        android.support.v4.media.OooO00o.OooO0O0("Server handshake iv: ", ByteUtils.bytesToHex(hkdfExpandLabel7));
        this.serverIv = hkdfExpandLabel7;
    }

    public byte[] computePSK(byte[] bArr) {
        return hkdfExpandLabel(this.resumptionMasterSecret, InteropRunner.TC_RESUMPTION, bArr, (short) 32);
    }

    public byte[] computePskBinder(byte[] bArr) {
        try {
            this.hashFunction.reset();
            this.hashFunction.update(bArr);
            byte[] digest = this.hashFunction.digest();
            SecretKeySpec secretKeySpec = new SecretKeySpec(hkdfExpandLabel(this.binderKey, "finished", "", (short) 32), "HmacSHA256");
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKeySpec);
            mac.update(digest);
            return mac.doFinal();
        } catch (InvalidKeyException unused) {
            throw new RuntimeException();
        } catch (NoSuchAlgorithmException unused2) {
            throw new RuntimeException("Missing HmacSHA256 support");
        }
    }

    public void computeResumptionMasterSecret() {
        byte[] hkdfExpandLabel = hkdfExpandLabel(this.masterSecret, "res master", this.transcriptHash.getClientHash(TlsConstants.HandshakeType.finished), (short) 32);
        this.resumptionMasterSecret = hkdfExpandLabel;
        android.support.v4.media.OooO00o.OooO0O0("Resumption master secret: ", ByteUtils.bytesToHex(hkdfExpandLabel));
    }

    public void computeSharedSecret() {
        KeyAgreement keyAgreement;
        try {
            PublicKey publicKey = this.serverSharedKey;
            if (publicKey instanceof ECPublicKey) {
                keyAgreement = KeyAgreement.getInstance("ECDH");
            } else {
                if (!OooOO0.OooO00o(publicKey)) {
                    throw new RuntimeException("Unsupported key type");
                }
                keyAgreement = KeyAgreement.getInstance("XDH");
            }
            keyAgreement.init(this.clientPrivateKey);
            keyAgreement.doPhase(this.serverSharedKey, true);
            byte[] generateSecret = keyAgreement.generateSecret();
            this.sharedSecret = generateSecret;
            Logger.debug("Shared key: " + ByteUtils.bytesToHex(generateSecret));
        } catch (InvalidKeyException e) {
            e = e;
            throw new RuntimeException("Unsupported crypto: " + e);
        } catch (NoSuchAlgorithmException e2) {
            e = e2;
            throw new RuntimeException("Unsupported crypto: " + e);
        }
    }

    public byte[] decrypt(byte[] bArr, byte[] bArr2) {
        int i = ((bArr[3] & KotlinVersion.MAX_COMPONENT_VALUE) << 8) | (bArr[4] & KotlinVersion.MAX_COMPONENT_VALUE);
        Logger.debug("Payload length: " + bArr2.length + " bytes, size in record: " + i);
        int i2 = i + (-16);
        byte[] bArr3 = new byte[i2];
        byte[] bArr4 = new byte[16];
        System.arraycopy(bArr2, 0, bArr3, 0, i2);
        System.arraycopy(bArr2, i - 16, bArr4, 0, 16);
        Logger.debug("Record data: " + ByteUtils.bytesToHex(bArr));
        Logger.debug("Encrypted data: " + ByteUtils.bytesToHex(bArr3, Math.min(8, i2)) + "..." + ByteUtils.bytesToHex(bArr3, Math.max(i + (-24), 0), Math.min(8, i2)));
        android.support.v4.media.OooO00o.OooO0O0("Auth tag: ", ByteUtils.bytesToHex(bArr4));
        byte[] decryptPayload = decryptPayload(bArr2, bArr, this.serverRecordCount);
        this.serverRecordCount = this.serverRecordCount + 1;
        int length = decryptPayload.length;
        String bytesToHex = ByteUtils.bytesToHex(decryptPayload, Math.min(8, decryptPayload.length));
        String bytesToHex2 = ByteUtils.bytesToHex(decryptPayload, Math.max(decryptPayload.length - 8, 0), Math.min(8, decryptPayload.length));
        StringBuilder OooO00o2 = o000OO0O.OooO00o("Decrypted data (", length, "): ", bytesToHex, "...");
        OooO00o2.append(bytesToHex2);
        Logger.debug(OooO00o2.toString());
        return decryptPayload;
    }

    public byte[] decryptPayload(byte[] bArr, byte[] bArr2, int i) {
        ByteBuffer allocate = ByteBuffer.allocate(12);
        int i2 = 0;
        allocate.putInt(0);
        allocate.putLong(i);
        byte[] bArr3 = new byte[12];
        byte[] array = allocate.array();
        int length = array.length;
        int i3 = 0;
        while (i2 < length) {
            bArr3[i3] = (byte) (array[i2] ^ this.serverIv[i3]);
            i2++;
            i3++;
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(this.serverKey, "AES");
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, secretKeySpec, new GCMParameterSpec(128, bArr3));
            cipher.updateAAD(bArr2);
            return cipher.doFinal(bArr);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new RuntimeException("Crypto error: " + e);
        }
    }

    public byte[] encryptPayload(byte[] bArr, byte[] bArr2) {
        ByteBuffer allocate = ByteBuffer.allocate(12);
        int i = 0;
        allocate.putInt(0);
        allocate.putLong(this.clientRecordCount);
        byte[] bArr3 = new byte[12];
        byte[] array = allocate.array();
        int length = array.length;
        int i2 = 0;
        while (i < length) {
            bArr3[i2] = (byte) (array[i] ^ this.clientIv[i2]);
            i++;
            i2++;
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(this.clientKey, "AES");
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, secretKeySpec, new GCMParameterSpec(128, bArr3));
            cipher.updateAAD(bArr2);
            return cipher.doFinal(bArr);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new RuntimeException("Crypto error: " + e);
        }
    }

    public byte[] getClientApplicationTrafficSecret() {
        return this.clientApplicationTrafficSecret;
    }

    public byte[] getClientEarlyTrafficSecret() {
        return this.clientEarlyTrafficSecret;
    }

    public byte[] getClientHandshakeTrafficSecret() {
        return this.clientHandshakeTrafficSecret;
    }

    public short getHashLength() {
        return (short) 32;
    }

    public byte[] getServerApplicationTrafficSecret() {
        return this.serverApplicationTrafficSecret;
    }

    public byte[] getServerHandshakeTrafficSecret() {
        return this.serverHandshakeTrafficSecret;
    }

    public byte[] hkdfExpandLabel(byte[] bArr, String str, String str2, short s) {
        return hkdfExpandLabel(bArr, str, str2.getBytes(ISO_8859_1), s);
    }

    public byte[] hkdfExpandLabel(byte[] bArr, String str, byte[] bArr2, short s) {
        int length = labelPrefix.length() + 3;
        Charset charset = ISO_8859_1;
        ByteBuffer allocate = ByteBuffer.allocate(length + str.getBytes(charset).length + 1 + bArr2.length);
        allocate.putShort(s);
        allocate.put((byte) (labelPrefix.length() + str.getBytes().length));
        allocate.put(labelPrefix.getBytes(charset));
        allocate.put(str.getBytes(charset));
        allocate.put((byte) bArr2.length);
        allocate.put(bArr2);
        return this.hkdf.OooO00o(s, bArr, allocate.array());
    }

    public void setNoPskSelected() {
        if (this.psk == null || this.pskSelected) {
            return;
        }
        computeEarlySecret(new byte[32]);
    }

    public void setOwnKey(PrivateKey privateKey) {
        this.clientPrivateKey = privateKey;
    }

    public void setPeerKey(PublicKey publicKey) {
        this.serverSharedKey = publicKey;
    }

    public void setPskSelected(int i) {
        this.pskSelected = true;
    }
}
