package org.bouncycastle.tls.crypto.impl;

import com.tencent.tpns.dataacquisition.DeviceInfos;
import java.io.IOException;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SecurityParameters;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.TlsCipher;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.tls.crypto.TlsCryptoUtils;
import org.bouncycastle.tls.crypto.TlsDecodeResult;
import org.bouncycastle.tls.crypto.TlsEncodeResult;
import org.bouncycastle.tls.crypto.TlsSecret;

/* loaded from: classes4.dex */
public class TlsAEADCipher implements TlsCipher {
    public final TlsCryptoParameters cryptoParams;
    public final TlsAEADCipherImpl decryptCipher;
    public final byte[] decryptNonce;
    public final TlsAEADCipherImpl encryptCipher;
    public final byte[] encryptNonce;
    public final int fixed_iv_length;
    public final boolean isTLSv13;
    public final int keySize;
    public final int macSize;
    public final int nonceMode;
    public final int record_iv_length;

    /* JADX WARN: Removed duplicated region for block: B:14:0x003f  */
    /* JADX WARN: Removed duplicated region for block: B:18:0x006f  */
    /* JADX WARN: Removed duplicated region for block: B:20:0x0078  */
    /* JADX WARN: Removed duplicated region for block: B:32:0x004e  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public TlsAEADCipher(org.bouncycastle.tls.crypto.TlsCryptoParameters r9, org.bouncycastle.tls.crypto.impl.TlsAEADCipherImpl r10, org.bouncycastle.tls.crypto.impl.TlsAEADCipherImpl r11, int r12, int r13, int r14) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 215
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.crypto.impl.TlsAEADCipher.<init>(org.bouncycastle.tls.crypto.TlsCryptoParameters, org.bouncycastle.tls.crypto.impl.TlsAEADCipherImpl, org.bouncycastle.tls.crypto.impl.TlsAEADCipherImpl, int, int, int):void");
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public final TlsDecodeResult decodeCiphertext(long j, short s, ProtocolVersion protocolVersion, byte[] bArr, int i, int i2) throws IOException {
        short s2;
        byte b;
        if (getPlaintextLimit(i2) < 0) {
            throw new TlsFatalAlert((short) 50);
        }
        byte[] bArr2 = this.decryptNonce;
        int length = bArr2.length + this.record_iv_length;
        byte[] bArr3 = new byte[length];
        int i3 = this.nonceMode;
        int i4 = 0;
        if (i3 == 1) {
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            int i5 = this.record_iv_length;
            System.arraycopy(bArr, i, bArr3, length - i5, i5);
        } else {
            if (i3 != 2) {
                throw new TlsFatalAlert((short) 80);
            }
            TlsUtils.writeUint64(bArr3, length - 8, j);
            while (true) {
                byte[] bArr4 = this.decryptNonce;
                if (i4 >= bArr4.length) {
                    break;
                }
                bArr3[i4] = (byte) (bArr4[i4] ^ bArr3[i4]);
                i4++;
            }
        }
        int i6 = this.record_iv_length;
        int i7 = i + i6;
        int i8 = i2 - i6;
        int outputSize = this.decryptCipher.getOutputSize(i8);
        try {
            this.decryptCipher.init$1(bArr3, getAdditionalData(j, s, protocolVersion, i2, outputSize), this.macSize);
            if (this.decryptCipher.doFinal(bArr, i7, i8, bArr, i7) != outputSize) {
                throw new TlsFatalAlert((short) 80);
            }
            if (!this.isTLSv13) {
                s2 = s;
                return new TlsDecodeResult(i7, outputSize, s2, bArr);
            }
            do {
                outputSize--;
                if (outputSize < 0) {
                    throw new TlsFatalAlert((short) 10);
                }
                b = bArr[i7 + outputSize];
            } while (b == 0);
            s2 = (short) (b & DeviceInfos.NETWORK_TYPE_UNCONNECTED);
            return new TlsDecodeResult(i7, outputSize, s2, bArr);
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 20, (Throwable) e);
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public final TlsEncodeResult encodePlaintext(long j, short s, ProtocolVersion protocolVersion, byte[] bArr, int i, int i2) throws IOException {
        byte[] bArr2 = this.encryptNonce;
        int length = bArr2.length + this.record_iv_length;
        byte[] bArr3 = new byte[length];
        int i3 = this.nonceMode;
        int i4 = 0;
        if (i3 == 1) {
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            TlsUtils.writeUint64(bArr3, this.encryptNonce.length, j);
        } else {
            if (i3 != 2) {
                throw new TlsFatalAlert((short) 80);
            }
            TlsUtils.writeUint64(bArr3, length - 8, j);
            while (true) {
                byte[] bArr4 = this.encryptNonce;
                if (i4 >= bArr4.length) {
                    break;
                }
                bArr3[i4] = (byte) (bArr4[i4] ^ bArr3[i4]);
                i4++;
            }
        }
        boolean z = this.isTLSv13;
        TlsAEADCipherImpl tlsAEADCipherImpl = this.encryptCipher;
        int i5 = i2 + (z ? 1 : 0);
        int outputSize = tlsAEADCipherImpl.getOutputSize(i5);
        int i6 = this.record_iv_length;
        int i7 = i6 + outputSize;
        int i8 = 5;
        int i9 = 5 + i7;
        byte[] bArr5 = new byte[i9];
        if (i6 != 0) {
            System.arraycopy(bArr3, length - i6, bArr5, 5, i6);
            i8 = 5 + this.record_iv_length;
        }
        int i10 = i8;
        short s2 = this.isTLSv13 ? (short) 23 : s;
        byte[] additionalData = getAdditionalData(j, s2, protocolVersion, i7, i2);
        try {
            System.arraycopy(bArr, i, bArr5, i10, i2);
            if (this.isTLSv13) {
                bArr5[i2 + i10] = (byte) s;
            }
            this.encryptCipher.init$1(bArr3, additionalData, this.macSize);
            if (i10 + this.encryptCipher.doFinal(bArr5, i10, i5, bArr5, i10) == i9) {
                return new TlsEncodeResult(i9, s2, bArr5);
            }
            throw new TlsFatalAlert((short) 80);
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 80, (Throwable) e);
        }
    }

    public final byte[] getAdditionalData(long j, short s, ProtocolVersion protocolVersion, int i, int i2) throws IOException {
        if (this.isTLSv13) {
            byte[] bArr = new byte[5];
            bArr[0] = (byte) s;
            TlsUtils.writeVersion(protocolVersion, bArr, 1);
            TlsUtils.writeUint16(bArr, i, 3);
            return bArr;
        }
        byte[] bArr2 = new byte[13];
        TlsUtils.writeUint64(bArr2, 0, j);
        bArr2[8] = (byte) s;
        TlsUtils.writeVersion(protocolVersion, bArr2, 9);
        TlsUtils.writeUint16(bArr2, i2, 11);
        return bArr2;
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public final int getCiphertextDecodeLimit(int i) {
        return i + this.macSize + this.record_iv_length + (this.isTLSv13 ? 1 : 0);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public final int getCiphertextEncodeLimit(int i, int i2) {
        if (this.isTLSv13) {
            i = Math.min(i2, i + 0) + 1;
        }
        return i + this.macSize + this.record_iv_length;
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public final int getPlaintextLimit(int i) {
        return ((i - this.macSize) - this.record_iv_length) - (this.isTLSv13 ? 1 : 0);
    }

    public final void rekeyCipher(SecurityParameters securityParameters, TlsAEADCipherImpl tlsAEADCipherImpl, byte[] bArr, boolean z) throws IOException {
        if (!this.isTLSv13) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsSecret tlsSecret = z ? securityParameters.trafficSecretServer : securityParameters.trafficSecretClient;
        if (tlsSecret == null) {
            throw new TlsFatalAlert((short) 80);
        }
        int i = securityParameters.prfCryptoHashAlgorithm;
        byte[] bArr2 = TlsUtils.EMPTY_BYTES;
        byte[] extract = TlsCryptoUtils.hkdfExpandLabel(i, this.keySize, "key", tlsSecret, bArr2).extract();
        byte[] extract2 = TlsCryptoUtils.hkdfExpandLabel(i, this.fixed_iv_length, "iv", tlsSecret, bArr2).extract();
        tlsAEADCipherImpl.setKey(extract, 0, this.keySize);
        System.arraycopy(extract2, 0, bArr, 0, this.fixed_iv_length);
        extract2[0] = (byte) (extract2[0] ^ 128);
        tlsAEADCipherImpl.init$1(extract2, null, this.macSize);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public final void rekeyDecoder() throws IOException {
        rekeyCipher(this.cryptoParams.context.getSecurityParametersConnection(), this.decryptCipher, this.decryptNonce, !this.cryptoParams.isServer());
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public final void rekeyEncoder() throws IOException {
        rekeyCipher(this.cryptoParams.context.getSecurityParametersConnection(), this.encryptCipher, this.encryptNonce, this.cryptoParams.isServer());
    }

    @Override // org.bouncycastle.tls.crypto.TlsCipher
    public final boolean usesOpaqueRecordType() {
        return this.isTLSv13;
    }
}
