package cfca.sadk.tls.sun.security.ssl.sec;

import cfca.sadk.tls.sun.security.ssl.Authenticator;
import cfca.sadk.tls.sun.security.ssl.ConnectionKeys;
import cfca.sadk.tls.sun.security.ssl.Debugger;
import cfca.sadk.tls.sun.security.ssl.ProtocolVersion;
import cfca.sadk.tls.util.Hexifys;
import java.nio.ByteBuffer;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Hashtable;
import javax.crypto.BadPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/sec/CipherBox.class */
public final class CipherBox {
    private final ProtocolVersion protocolVersion;
    private final SymEncryption cipher;
    private SecureRandom random;
    private final int mode;
    private final CipherMode cipherType;
    public static final CipherBox NULL = new CipherBox();
    private static final Hashtable<Integer, IvParameterSpec> masks = new Hashtable<>(5);

    private CipherBox() {
        this.protocolVersion = ProtocolVersion.DEFAULT;
        this.cipher = null;
        this.cipherType = CipherMode.STREAM;
        this.mode = 1;
        this.random = null;
    }

    private CipherBox(ProtocolVersion protocolVersion, CipherBulk cipherBulk, SecretKey secretKey, IvParameterSpec ivParameterSpec, SecureRandom secureRandom, boolean z) throws NoSuchAlgorithmException {
        try {
            this.protocolVersion = protocolVersion;
            this.cipher = CryptoFactory.singleton().getEncryption(cipherBulk.transformation);
            this.mode = z ? 1 : 2;
            this.random = secureRandom == null ? SecureRandoms.newSecure() : secureRandom;
            this.cipherType = cipherBulk.cipherType;
            if (ivParameterSpec == null && cipherBulk.ivSize != 0 && this.mode == 2 && protocolVersion.isTLS11()) {
                ivParameterSpec = getFixedMask(cipherBulk.ivSize);
            }
            this.cipher.init(this.mode, secretKey, ivParameterSpec, this.random);
        } catch (SecurityException e) {
            throw e;
        } catch (Exception e2) {
            e2.printStackTrace();
            throw new NoSuchAlgorithmException("Could not create cipher " + cipherBulk, e2);
        } catch (ExceptionInInitializerError e3) {
            throw new NoSuchAlgorithmException("Could not create cipher " + cipherBulk, e3);
        }
    }

    public static CipherBox newCipher(ProtocolVersion protocolVersion, CipherBulk cipherBulk, ConnectionKeys connectionKeys, SecureRandom secureRandom, boolean z) throws NoSuchAlgorithmException {
        try {
            if (cipherBulk.allowed) {
                return CipherBulk.B_NULL == cipherBulk ? NULL : new CipherBox(protocolVersion, cipherBulk, connectionKeys.writeKey, connectionKeys.writeIV, secureRandom, z);
            }
            throw new NoSuchAlgorithmException("Unsupported cipher " + cipherBulk);
        } finally {
            connectionKeys.cleanWriteKey();
        }
    }

    private static IvParameterSpec getFixedMask(int i) {
        IvParameterSpec ivParameterSpec = masks.get(Integer.valueOf(i));
        if (ivParameterSpec == null) {
            ivParameterSpec = new IvParameterSpec(new byte[i]);
            masks.put(Integer.valueOf(i), ivParameterSpec);
        }
        return ivParameterSpec;
    }

    public int encrypt(byte[] bArr, int i, int i2) {
        if (this.cipher == null) {
            return i2;
        }
        try {
            int blockSize = this.cipher.getBlockSize();
            if (this.cipherType == CipherMode.BLOCKS) {
                i2 = addPadding(bArr, i, i2, blockSize);
            }
            if (Debugger.text.isDebugEnabled()) {
                try {
                    StringBuilder sb = new StringBuilder();
                    sb.append("\nPadded plaintext before ENCRYPTION:  len =").append(i2);
                    sb.append('\n');
                    sb.append((CharSequence) Hexifys.dump("", bArr, i, i2));
                    Debugger.text.debug(sb.toString());
                } catch (Exception e) {
                }
            }
            int update = this.cipher.update(bArr, i, i2, bArr, i);
            if (update != i2) {
                throw new RuntimeException("Cipher buffering error in JCE provider " + this.cipher.getProvider().getName());
            }
            return update;
        } catch (SecurityException e2) {
            throw new ArrayIndexOutOfBoundsException(e2.toString());
        }
    }

    public int encrypt(ByteBuffer byteBuffer, int i) {
        int remaining = byteBuffer.remaining();
        if (this.cipher == null) {
            byteBuffer.position(byteBuffer.limit());
            return remaining;
        }
        int position = byteBuffer.position();
        int blockSize = this.cipher.getBlockSize();
        if (this.cipherType == CipherMode.BLOCKS) {
            remaining = addPadding(byteBuffer, blockSize);
            byteBuffer.position(position);
        }
        if (Debugger.text.isDebugEnabled()) {
            try {
                StringBuilder sb = new StringBuilder();
                sb.append("\nPadded plaintext before ENCRYPTION:  len =").append(remaining);
                sb.append('\n');
                sb.append((CharSequence) Hexifys.dump("", byteBuffer.duplicate()));
                Debugger.text.debug(sb.toString());
            } catch (Exception e) {
            }
        }
        ByteBuffer duplicate = byteBuffer.duplicate();
        try {
            int update = this.cipher.update(duplicate, byteBuffer);
            if (byteBuffer.position() != duplicate.position()) {
                throw new RuntimeException("bytebuffer padding error");
            }
            if (update != remaining) {
                throw new RuntimeException("Cipher buffering error in JCE provider " + this.cipher.getProvider().getName());
            }
            return update;
        } catch (SecurityException e2) {
            throw new RuntimeException("Cipher buffering error in JCE provider " + this.cipher.getProvider().getName());
        }
    }

    public int decrypt(byte[] bArr, int i, int i2, int i3) throws BadPaddingException {
        if (this.cipher == null) {
            return i2;
        }
        try {
            int update = this.cipher.update(bArr, i, i2, bArr, i);
            if (update != i2) {
                throw new RuntimeException("Cipher buffering error in JCE provider " + this.cipher.getProvider().getName());
            }
            if (Debugger.text.isDebugEnabled()) {
                try {
                    StringBuilder sb = new StringBuilder();
                    sb.append("\nPadded plaintext after DECRYPTION:  len =").append(i2);
                    sb.append('\n');
                    sb.append((CharSequence) Hexifys.dump("", bArr, i, i2));
                    Debugger.text.debug(sb.toString());
                } catch (Exception e) {
                }
            }
            if (this.cipherType == CipherMode.BLOCKS) {
                int blockSize = this.cipher.getBlockSize();
                update = removePadding(bArr, i, update, i3, blockSize, this.protocolVersion);
                if (this.protocolVersion.isTLS11() && update < blockSize) {
                    throw new BadPaddingException("invalid explicit IV");
                }
            }
            return update;
        } catch (SecurityException e2) {
            throw new ArrayIndexOutOfBoundsException(e2.toString());
        }
    }

    public int decrypt(ByteBuffer byteBuffer, int i) throws BadPaddingException {
        int remaining = byteBuffer.remaining();
        if (this.cipher == null) {
            byteBuffer.position(byteBuffer.limit());
            return remaining;
        }
        try {
            int position = byteBuffer.position();
            int update = this.cipher.update(byteBuffer.duplicate(), byteBuffer);
            if (update != remaining) {
                throw new RuntimeException("Cipher buffering error in JCE provider " + this.cipher.getProvider().getName());
            }
            byteBuffer.limit(position + update);
            if (Debugger.text.isDebugEnabled()) {
                try {
                    ByteBuffer byteBuffer2 = (ByteBuffer) byteBuffer.duplicate().position(position);
                    StringBuilder sb = new StringBuilder();
                    sb.append("\nPadded plaintext after DECRYPTION:  len =").append(remaining);
                    sb.append('\n');
                    sb.append((CharSequence) Hexifys.dump("", byteBuffer2.array(), byteBuffer2.position(), byteBuffer2.remaining()));
                    Debugger.text.debug(sb.toString());
                } catch (Exception e) {
                }
            }
            if (this.cipherType == CipherMode.BLOCKS) {
                int blockSize = this.cipher.getBlockSize();
                byteBuffer.position(position);
                update = removePadding(byteBuffer, i, blockSize, this.protocolVersion);
                if (this.protocolVersion.isTLS11()) {
                    if (update < blockSize) {
                        throw new BadPaddingException("invalid explicit IV");
                    }
                    byteBuffer.position(byteBuffer.limit());
                }
            }
            return update;
        } catch (SecurityException e2) {
            throw new ArrayIndexOutOfBoundsException(e2.toString());
        }
    }

    private static int addPadding(byte[] bArr, int i, int i2, int i3) {
        int i4 = i2 + 1;
        if (i4 % i3 != 0) {
            int i5 = i4 + (i3 - 1);
            i4 = i5 - (i5 % i3);
        }
        int i6 = (byte) (i4 - i2);
        if (bArr.length < i4 + i) {
            throw new IllegalArgumentException("no space to pad buffer");
        }
        int i7 = i + i2;
        for (int i8 = 0; i8 < i6; i8++) {
            int i9 = i7;
            i7++;
            bArr[i9] = (byte) (i6 - 1);
        }
        return i4;
    }

    private static int addPadding(ByteBuffer byteBuffer, int i) {
        int remaining = byteBuffer.remaining();
        int position = byteBuffer.position();
        int i2 = remaining + 1;
        if (i2 % i != 0) {
            int i3 = i2 + (i - 1);
            i2 = i3 - (i3 % i);
        }
        int i4 = (byte) (i2 - remaining);
        byteBuffer.limit(i2 + position);
        int i5 = position + remaining;
        for (int i6 = 0; i6 < i4; i6++) {
            int i7 = i5;
            i5++;
            byteBuffer.put(i7, (byte) (i4 - 1));
        }
        byteBuffer.position(i5);
        byteBuffer.limit(i5);
        return i2;
    }

    private static int[] checkPadding(byte[] bArr, int i, int i2, byte b) {
        if (i2 <= 0) {
            throw new RuntimeException("padding len must be positive");
        }
        int[] iArr = {0, 0};
        int i3 = 0;
        while (i3 <= 256) {
            int i4 = 0;
            while (i4 < i2 && i3 <= 256) {
                if (bArr[i + i4] != b) {
                    iArr[0] = iArr[0] + 1;
                } else {
                    iArr[1] = iArr[1] + 1;
                }
                i4++;
                i3++;
            }
        }
        return iArr;
    }

    private static int[] checkPadding(ByteBuffer byteBuffer, byte b) {
        if (!byteBuffer.hasRemaining()) {
            throw new RuntimeException("hasRemaining() must be positive");
        }
        int[] iArr = {0, 0};
        byteBuffer.mark();
        int i = 0;
        while (i <= 256) {
            while (byteBuffer.hasRemaining() && i <= 256) {
                if (byteBuffer.get() != b) {
                    iArr[0] = iArr[0] + 1;
                } else {
                    iArr[1] = iArr[1] + 1;
                }
                i++;
            }
            byteBuffer.reset();
        }
        return iArr;
    }

    private static int removePadding(byte[] bArr, int i, int i2, int i3, int i4, ProtocolVersion protocolVersion) throws BadPaddingException {
        int i5 = bArr[(i + i2) - 1] & 255;
        int i6 = i2 - (i5 + 1);
        if (i6 - i3 < 0) {
            checkPadding(bArr, i, i2, (byte) (i5 & 255));
            throw new BadPaddingException("Invalid Padding length: " + i5);
        }
        if (checkPadding(bArr, i + i6, i5 + 1, (byte) (i5 & 255))[0] != 0) {
            throw new BadPaddingException("Invalid TLS padding data");
        }
        return i6;
    }

    private static int removePadding(ByteBuffer byteBuffer, int i, int i2, ProtocolVersion protocolVersion) throws BadPaddingException {
        int remaining = byteBuffer.remaining();
        int position = byteBuffer.position();
        int i3 = byteBuffer.get((position + remaining) - 1) & 255;
        int i4 = remaining - (i3 + 1);
        if (i4 - i < 0) {
            checkPadding(byteBuffer.duplicate(), (byte) (i3 & 255));
            throw new BadPaddingException("Invalid Padding length: " + i3);
        }
        if (checkPadding((ByteBuffer) byteBuffer.duplicate().position(position + i4), (byte) (i3 & 255))[0] != 0) {
            throw new BadPaddingException("Invalid TLS padding data");
        }
        byteBuffer.position(position + i4);
        byteBuffer.limit(position + i4);
        return i4;
    }

    public void dispose() {
        try {
            if (this.cipher != null) {
                this.cipher.doFinal();
            }
        } catch (Exception e) {
        }
    }

    public boolean isCBCMode() {
        return this.cipherType == CipherMode.BLOCKS;
    }

    public boolean isNullCipher() {
        return this.cipher == null;
    }

    public int getExplicitNonceSize() {
        switch (this.cipherType) {
            case BLOCKS:
                if (this.protocolVersion.isTLS11()) {
                    return this.cipher.getBlockSize();
                }
                return 0;
            default:
                return 0;
        }
    }

    public int applyExplicitNonce(Authenticator authenticator, byte b, ByteBuffer byteBuffer) throws BadPaddingException {
        switch (this.cipherType) {
            case BLOCKS:
                int MAClen = authenticator instanceof MAC ? ((MAC) authenticator).MAClen() : 0;
                if (MAClen != 0 && !sanityCheck(MAClen, byteBuffer.remaining())) {
                    throw new BadPaddingException("ciphertext sanity check failed");
                }
                if (this.protocolVersion.isTLS11()) {
                    return this.cipher.getBlockSize();
                }
                return 0;
            default:
                return 0;
        }
    }

    public int applyExplicitNonce(Authenticator authenticator, byte b, byte[] bArr, int i, int i2) throws BadPaddingException {
        return applyExplicitNonce(authenticator, b, ByteBuffer.wrap(bArr, i, i2));
    }

    public byte[] createExplicitNonce(Authenticator authenticator, byte b, int i) {
        byte[] bArr = new byte[0];
        switch (this.cipherType) {
            case BLOCKS:
                if (this.protocolVersion.isTLS11()) {
                    bArr = new byte[this.cipher.getBlockSize()];
                    this.random.nextBytes(bArr);
                    break;
                }
                break;
        }
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Boolean isAvailable() {
        return Boolean.TRUE;
    }

    private boolean sanityCheck(int i, int i2) {
        if (!isCBCMode()) {
            return i2 >= i;
        }
        int blockSize = this.cipher.getBlockSize();
        if (i2 % blockSize != 0) {
            return false;
        }
        int i3 = i + 1;
        int i4 = i3 >= blockSize ? i3 : blockSize;
        if (this.protocolVersion.isTLS11()) {
            i4 += blockSize;
        }
        return i2 >= i4;
    }
}
