package io.ktor.network.tls;

import com.fasterxml.jackson.annotation.JsonProperty;
import io.ktor.http.cio.internals.HttpByteBufferPoolKt;
import java.nio.ByteBuffer;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.Metadata;
import kotlin._Assertions;
import kotlin.jvm.internal.Intrinsics;
import kotlinx.coroutines.scheduling.WorkQueueKt;
import kotlinx.io.core.BytePacketBuilder;
import kotlinx.io.core.ByteReadPacket;
import kotlinx.io.core.Input;
import kotlinx.io.core.Output;
import kotlinx.io.core.OutputKt;
import kotlinx.io.core.PacketJVMKt;
import kotlinx.io.pool.DefaultPool;
import kotlinx.io.pool.ObjectPool;
import org.jetbrains.annotations.NotNull;

/* compiled from: Cipher.kt */
@Metadata(mv = {1, 1, 13}, bv = {1, 0, 3}, k = 2, d1 = {"��R\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0012\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\b\n��\n\u0002\u0010\t\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\u0003\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0010\n\n��\u001a8\u0010\u0004\u001a\u00020\u00052\u0006\u0010\u0006\u001a\u00020\u00072\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u000fH��\u001a8\u0010\u0011\u001a\u00020\u00052\u0006\u0010\u0006\u001a\u00020\u00072\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u000fH��\u001a$\u0010\u0012\u001a\u00020\u0013*\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u00052\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0015\u001a\u00020\u0016H\u0002\u001a\u0014\u0010\u0017\u001a\u00020\u0013*\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u0005H��\u001a\u001c\u0010\u0018\u001a\u00020\u0013*\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u00052\u0006\u0010\u000e\u001a\u00020\u000fH��\u001a\u001c\u0010\u0019\u001a\u00020\u001a*\u00020\t2\u0006\u0010\u001b\u001a\u00020\r2\u0006\u0010\u001c\u001a\u00020\u000fH\u0002\u001a\u001c\u0010\u0019\u001a\u00020\u001a*\u00020\t2\u0006\u0010\u001b\u001a\u00020\r2\u0006\u0010\u001c\u001a\u00020\u001dH\u0002\"\u0014\u0010��\u001a\b\u0012\u0004\u0012\u00020\u00020\u0001X\u0082\u0004¢\u0006\u0002\n��\"\u000e\u0010\u0003\u001a\u00020\u0002X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u001e"}, d2 = {"CryptoBufferPool", "Lkotlinx/io/pool/ObjectPool;", "Ljava/nio/ByteBuffer;", "EmptyByteBuffer", "decryptCipher", "Ljavax/crypto/Cipher;", "suite", "Lio/ktor/network/tls/CipherSuite;", "keyMaterial", JsonProperty.USE_DEFAULT_NAME, "recordType", "Lio/ktor/network/tls/TLSRecordType;", "recordLength", JsonProperty.USE_DEFAULT_NAME, "recordIv", JsonProperty.USE_DEFAULT_NAME, "recordId", "encryptCipher", "cipherLoop", "Lkotlinx/io/core/ByteReadPacket;", "cipher", "writeRecordIv", JsonProperty.USE_DEFAULT_NAME, "decrypted", "encrypted", "set", JsonProperty.USE_DEFAULT_NAME, "offset", "data", JsonProperty.USE_DEFAULT_NAME, "ktor-network-tls"})
/* loaded from: input_file:WEB-INF/lib/ktor-network-tls-1.1.1.jar:io/ktor/network/tls/CipherKt.class */
public final class CipherKt {
    private static final ObjectPool<ByteBuffer> CryptoBufferPool;
    private static final ByteBuffer EmptyByteBuffer;

    @NotNull
    public static final Cipher encryptCipher(@NotNull CipherSuite suite, @NotNull byte[] keyMaterial, @NotNull TLSRecordType recordType, int i, long j, long j2) {
        Intrinsics.checkParameterIsNotNull(suite, "suite");
        Intrinsics.checkParameterIsNotNull(keyMaterial, "keyMaterial");
        Intrinsics.checkParameterIsNotNull(recordType, "recordType");
        Cipher cipher = Cipher.getInstance(suite.getJdkCipherName());
        SecretKeySpec clientKey = KeysKt.clientKey(keyMaterial, suite);
        byte[] copyOf = Arrays.copyOf(KeysKt.clientIV(keyMaterial, suite), suite.getIvLength());
        Intrinsics.checkExpressionValueIsNotNull(copyOf, "java.util.Arrays.copyOf(this, newSize)");
        set(copyOf, suite.getFixedIvLength(), j);
        cipher.init(1, clientKey, new GCMParameterSpec(suite.getCipherTagSizeInBytes() * 8, copyOf));
        byte[] bArr = new byte[13];
        set(bArr, 0, j2);
        bArr[8] = (byte) recordType.getCode();
        bArr[9] = 3;
        bArr[10] = 3;
        set(bArr, 11, (short) i);
        cipher.updateAAD(bArr);
        Intrinsics.checkExpressionValueIsNotNull(cipher, "cipher");
        return cipher;
    }

    @NotNull
    public static final Cipher decryptCipher(@NotNull CipherSuite suite, @NotNull byte[] keyMaterial, @NotNull TLSRecordType recordType, int i, long j, long j2) {
        Intrinsics.checkParameterIsNotNull(suite, "suite");
        Intrinsics.checkParameterIsNotNull(keyMaterial, "keyMaterial");
        Intrinsics.checkParameterIsNotNull(recordType, "recordType");
        Cipher cipher = Cipher.getInstance(suite.getJdkCipherName());
        SecretKeySpec serverKey = KeysKt.serverKey(keyMaterial, suite);
        byte[] copyOf = Arrays.copyOf(KeysKt.serverIV(keyMaterial, suite), suite.getIvLength());
        Intrinsics.checkExpressionValueIsNotNull(copyOf, "java.util.Arrays.copyOf(this, newSize)");
        set(copyOf, suite.getFixedIvLength(), j);
        cipher.init(2, serverKey, new GCMParameterSpec(suite.getCipherTagSizeInBytes() * 8, copyOf));
        int ivLength = (i - (suite.getIvLength() - suite.getFixedIvLength())) - suite.getCipherTagSizeInBytes();
        if (!(ivLength < 65536)) {
            throw new IllegalStateException(("Content size should fit in 2 bytes, actual: " + ivLength).toString());
        }
        byte[] bArr = new byte[13];
        set(bArr, 0, j2);
        bArr[8] = (byte) recordType.getCode();
        bArr[9] = 3;
        bArr[10] = 3;
        set(bArr, 11, (short) ivLength);
        cipher.updateAAD(bArr);
        Intrinsics.checkExpressionValueIsNotNull(cipher, "cipher");
        return cipher;
    }

    @NotNull
    public static final ByteReadPacket encrypted(@NotNull ByteReadPacket receiver$0, @NotNull Cipher cipher, long j) {
        Intrinsics.checkParameterIsNotNull(receiver$0, "receiver$0");
        Intrinsics.checkParameterIsNotNull(cipher, "cipher");
        return cipherLoop(receiver$0, cipher, j, true);
    }

    @NotNull
    public static final ByteReadPacket decrypted(@NotNull ByteReadPacket receiver$0, @NotNull Cipher cipher) {
        Intrinsics.checkParameterIsNotNull(receiver$0, "receiver$0");
        Intrinsics.checkParameterIsNotNull(cipher, "cipher");
        return cipherLoop(receiver$0, cipher, 0L, false);
    }

    private static final ByteReadPacket cipherLoop(@NotNull ByteReadPacket byteReadPacket, Cipher cipher, long j, boolean z) {
        ByteBuffer borrow = HttpByteBufferPoolKt.getDefaultByteBufferPool().borrow();
        ByteBuffer borrow2 = CryptoBufferPool.borrow();
        boolean z2 = true;
        try {
            BytePacketBuilder BytePacketBuilder = PacketJVMKt.BytePacketBuilder(0);
            try {
                borrow.clear();
                if (z) {
                    BytePacketBuilder.writeLong(j);
                }
                while (true) {
                    int readAvailable$default = borrow.hasRemaining() ? Input.DefaultImpls.readAvailable$default(byteReadPacket, borrow, 0, 2, null) : 0;
                    borrow.flip();
                    if (!borrow.hasRemaining() && (readAvailable$default == -1 || byteReadPacket.isEmpty())) {
                        break;
                    }
                    borrow2.clear();
                    if (cipher.getOutputSize(borrow.remaining()) > borrow2.remaining()) {
                        if (z2) {
                            CryptoBufferPool.recycle(borrow2);
                        }
                        ByteBuffer allocate = ByteBuffer.allocate(cipher.getOutputSize(borrow.remaining()));
                        Intrinsics.checkExpressionValueIsNotNull(allocate, "ByteBuffer.allocate(ciph…e(srcBuffer.remaining()))");
                        borrow2 = allocate;
                        z2 = false;
                    }
                    cipher.update(borrow, borrow2);
                    borrow2.flip();
                    BytePacketBuilder.writeFully(borrow2);
                    borrow.compact();
                }
                boolean z3 = !borrow.hasRemaining();
                if (_Assertions.ENABLED && !z3) {
                    throw new AssertionError("Cipher loop completed too early: there are unprocessed bytes");
                }
                boolean z4 = !borrow2.hasRemaining();
                if (_Assertions.ENABLED && !z4) {
                    throw new AssertionError("Not all bytes were appended to the packet");
                }
                int outputSize = cipher.getOutputSize(0);
                if (outputSize != 0) {
                    if (outputSize > borrow2.capacity()) {
                        byte[] doFinal = cipher.doFinal();
                        Intrinsics.checkExpressionValueIsNotNull(doFinal, "cipher.doFinal()");
                        OutputKt.writeFully$default((Output) BytePacketBuilder, doFinal, 0, 0, 6, (Object) null);
                    } else {
                        borrow2.clear();
                        cipher.doFinal(EmptyByteBuffer, borrow2);
                        borrow2.flip();
                        if (borrow2.hasRemaining()) {
                            BytePacketBuilder.writeFully(borrow2);
                        } else {
                            byte[] doFinal2 = cipher.doFinal();
                            Intrinsics.checkExpressionValueIsNotNull(doFinal2, "cipher.doFinal()");
                            OutputKt.writeFully$default((Output) BytePacketBuilder, doFinal2, 0, 0, 6, (Object) null);
                        }
                    }
                }
                ByteReadPacket build = BytePacketBuilder.build();
                HttpByteBufferPoolKt.getDefaultByteBufferPool().recycle(borrow);
                if (z2) {
                    CryptoBufferPool.recycle(borrow2);
                }
                return build;
            } catch (Throwable th) {
                BytePacketBuilder.release();
                throw th;
            }
        } catch (Throwable th2) {
            HttpByteBufferPoolKt.getDefaultByteBufferPool().recycle(borrow);
            if (1 != 0) {
                CryptoBufferPool.recycle(borrow2);
            }
            throw th2;
        }
    }

    private static final void set(@NotNull byte[] bArr, int i, long j) {
        for (int i2 = 0; i2 <= 7; i2++) {
            bArr[i2 + i] = (byte) (j >>> ((7 - i2) * 8));
        }
    }

    private static final void set(@NotNull byte[] bArr, int i, short s) {
        for (int i2 = 0; i2 <= 1; i2++) {
            bArr[i2 + i] = (byte) (s >>> ((1 - i2) * 8));
        }
    }

    static {
        final int i = WorkQueueKt.BUFFER_CAPACITY;
        CryptoBufferPool = new DefaultPool<ByteBuffer>(i) { // from class: io.ktor.network.tls.CipherKt$CryptoBufferPool$1
            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // kotlinx.io.pool.DefaultPool
            @NotNull
            public ByteBuffer produceInstance() {
                ByteBuffer allocate = ByteBuffer.allocate(65536);
                Intrinsics.checkExpressionValueIsNotNull(allocate, "ByteBuffer.allocate(65536)");
                return allocate;
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // kotlinx.io.pool.DefaultPool
            @NotNull
            public ByteBuffer clearInstance(@NotNull ByteBuffer instance) {
                Intrinsics.checkParameterIsNotNull(instance, "instance");
                instance.clear();
                return instance;
            }
        };
        ByteBuffer allocate = ByteBuffer.allocate(0);
        Intrinsics.checkExpressionValueIsNotNull(allocate, "ByteBuffer.allocate(0)");
        EmptyByteBuffer = allocate;
    }
}
