package tech.lp2p.quic;

import java.util.concurrent.atomic.AtomicReference;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import kotlin.jvm.internal.ByteCompanionObject;
import tech.lp2p.tls.CipherSuite;
import tech.lp2p.tls.TrafficSecrets;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class ConnectionSecrets {
    private static final byte[] STATIC_SALT_V1 = {56, 118, 44, -9, -11, 89, 52, -77, 77, 23, -102, -26, -92, -56, 12, -83, -52, -69, ByteCompanionObject.MAX_VALUE, 10};
    private static final byte[] STATIC_SALT_V2 = {-89, 7, -62, 3, -91, -101, 71, 24, 74, 29, 98, -54, 87, 4, 6, -22, 122, -29, -27, -45};
    protected final Role role;
    protected final Version version;
    private final AtomicReference<Keys> clientSecretsInitial = new AtomicReference<>(null);
    private final AtomicReference<Keys> serverSecretsInitial = new AtomicReference<>(null);
    private final AtomicReference<Keys> clientSecretsHandshake = new AtomicReference<>(null);
    private final AtomicReference<Keys> serverSecretsHandshake = new AtomicReference<>(null);
    private final AtomicReference<Keys> clientSecretsApp = new AtomicReference<>(null);
    private final AtomicReference<Keys> serverSecretsApp = new AtomicReference<>(null);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: tech.lp2p.quic.ConnectionSecrets$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$tech$lp2p$quic$Level;

        static {
            int[] iArr = new int[Level.values().length];
            $SwitchMap$tech$lp2p$quic$Level = iArr;
            try {
                iArr[Level.Handshake.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$tech$lp2p$quic$Level[Level.App.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$tech$lp2p$quic$Level[Level.Initial.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConnectionSecrets(Version version, Role role) {
        this.version = version;
        this.role = role;
    }

    private static byte[] computeInitialSecret(Version version, byte[] bArr) {
        return hmacSHA256(version.isV2() ? STATIC_SALT_V2 : STATIC_SALT_V1, bArr);
    }

    static byte[] hmacSHA256(byte[] bArr, byte[] bArr2) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "HmacSHA256");
            if (bArr2 == null || bArr2.length == 0) {
                throw new IllegalArgumentException("provided inputKeyingMaterial must be at least of size 1 and not null");
            }
            mac.init(secretKeySpec);
            return mac.doFinal(bArr2);
        } catch (Throwable th) {
            throw new IllegalStateException(th);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void computeApplicationSecrets(TrafficSecrets trafficSecrets, CipherSuite cipherSuite) {
        createKeys(Level.App, trafficSecrets, cipherSuite);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void computeHandshakeSecrets(TrafficSecrets trafficSecrets, CipherSuite cipherSuite) {
        createKeys(Level.Handshake, trafficSecrets, cipherSuite);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void computeInitialKeys(byte[] bArr) {
        byte[] computeInitialSecret = computeInitialSecret(this.version, bArr);
        this.clientSecretsInitial.set(Keys.createInitialKeys(this.version, computeInitialSecret, Role.Client));
        this.serverSecretsInitial.set(Keys.createInitialKeys(this.version, computeInitialSecret, Role.Server));
    }

    final void createKeys(Level level, TrafficSecrets trafficSecrets, CipherSuite cipherSuite) {
        if (cipherSuite != CipherSuite.TLS_AES_128_GCM_SHA256) {
            throw new IllegalStateException("unsupported cipher suite " + cipherSuite);
        }
        int i = AnonymousClass1.$SwitchMap$tech$lp2p$quic$Level[level.ordinal()];
        if (i == 1) {
            this.clientSecretsHandshake.set(Keys.computeHandshakeKeys(this.version, Role.Client, trafficSecrets));
            this.serverSecretsHandshake.set(Keys.computeHandshakeKeys(this.version, Role.Server, trafficSecrets));
        } else {
            if (i != 2) {
                throw new RuntimeException("not supported level");
            }
            this.clientSecretsApp.set(Keys.computeApplicationKeys(this.version, Role.Client, trafficSecrets));
            this.serverSecretsApp.set(Keys.computeApplicationKeys(this.version, Role.Server, trafficSecrets));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void discardHandshakeKeys() {
        this.clientSecretsHandshake.set(null);
        this.serverSecretsHandshake.set(null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void discardInitialKeys() {
        this.clientSecretsInitial.set(null);
        this.serverSecretsInitial.set(null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void discardKeys() {
        this.clientSecretsHandshake.set(null);
        this.serverSecretsHandshake.set(null);
        this.clientSecretsInitial.set(null);
        this.serverSecretsInitial.set(null);
        this.clientSecretsApp.set(null);
        this.serverSecretsApp.set(null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final Keys ownSecrets(Level level) {
        if (this.role == Role.Client) {
            int i = AnonymousClass1.$SwitchMap$tech$lp2p$quic$Level[level.ordinal()];
            if (i == 1) {
                return this.clientSecretsHandshake.get();
            }
            if (i == 2) {
                return this.clientSecretsApp.get();
            }
            if (i == 3) {
                return this.clientSecretsInitial.get();
            }
            throw new IncompatibleClassChangeError();
        }
        int i2 = AnonymousClass1.$SwitchMap$tech$lp2p$quic$Level[level.ordinal()];
        if (i2 == 1) {
            return this.serverSecretsHandshake.get();
        }
        if (i2 == 2) {
            return this.serverSecretsApp.get();
        }
        if (i2 == 3) {
            return this.serverSecretsInitial.get();
        }
        throw new IncompatibleClassChangeError();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void ownSecrets(Level level, Keys keys) {
        if (this.role == Role.Client) {
            int i = AnonymousClass1.$SwitchMap$tech$lp2p$quic$Level[level.ordinal()];
            if (i == 1) {
                this.clientSecretsHandshake.set(keys);
                return;
            } else if (i == 2) {
                this.clientSecretsApp.set(keys);
                return;
            } else {
                if (i != 3) {
                    return;
                }
                this.clientSecretsInitial.set(keys);
                return;
            }
        }
        int i2 = AnonymousClass1.$SwitchMap$tech$lp2p$quic$Level[level.ordinal()];
        if (i2 == 1) {
            this.serverSecretsHandshake.set(keys);
        } else if (i2 == 2) {
            this.serverSecretsApp.set(keys);
        } else {
            if (i2 != 3) {
                return;
            }
            this.serverSecretsInitial.set(keys);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final Keys remoteSecrets(Level level) {
        if (this.role == Role.Client) {
            int i = AnonymousClass1.$SwitchMap$tech$lp2p$quic$Level[level.ordinal()];
            if (i == 1) {
                return this.serverSecretsHandshake.get();
            }
            if (i == 2) {
                return this.serverSecretsApp.get();
            }
            if (i == 3) {
                return this.serverSecretsInitial.get();
            }
            throw new IncompatibleClassChangeError();
        }
        int i2 = AnonymousClass1.$SwitchMap$tech$lp2p$quic$Level[level.ordinal()];
        if (i2 == 1) {
            return this.clientSecretsHandshake.get();
        }
        if (i2 == 2) {
            return this.clientSecretsApp.get();
        }
        if (i2 == 3) {
            return this.clientSecretsInitial.get();
        }
        throw new IncompatibleClassChangeError();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void remoteSecrets(Level level, Keys keys) {
        if (this.role == Role.Client) {
            int i = AnonymousClass1.$SwitchMap$tech$lp2p$quic$Level[level.ordinal()];
            if (i == 1) {
                this.serverSecretsHandshake.set(keys);
                return;
            } else if (i == 2) {
                this.serverSecretsApp.set(keys);
                return;
            } else {
                if (i != 3) {
                    return;
                }
                this.serverSecretsInitial.set(keys);
                return;
            }
        }
        int i2 = AnonymousClass1.$SwitchMap$tech$lp2p$quic$Level[level.ordinal()];
        if (i2 == 1) {
            this.clientSecretsHandshake.set(keys);
        } else if (i2 == 2) {
            this.clientSecretsApp.set(keys);
        } else {
            if (i2 != 3) {
                return;
            }
            this.clientSecretsInitial.set(keys);
        }
    }
}
