package tech.lp2p.quic;

import com.android.tools.r8.RecordTag;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.AEADBadTagException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import tech.lp2p.Lite$Settings$$ExternalSyntheticRecord0;
import tech.lp2p.tls.BadRecordMacAlert;
import tech.lp2p.tls.DecryptErrorAlert;
import tech.lp2p.tls.TlsState;
import tech.lp2p.tls.TrafficSecrets;

/* loaded from: classes3.dex */
public final class Keys extends RecordTag {
    private static final short KEY_LENGTH = 16;
    private final Cipher aeadCipher;
    private final Cipher hpCipher;
    private final int keyPhaseCounter;
    private final byte[] trafficSecret;
    private final byte[] writeIV;
    private final SecretKeySpec writeSpec;

    private /* synthetic */ boolean $record$equals(Object obj) {
        if (obj != null && getClass() == obj.getClass()) {
            return Arrays.equals($record$getFieldsAsObjects(), ((Keys) obj).$record$getFieldsAsObjects());
        }
        return false;
    }

    private /* synthetic */ Object[] $record$getFieldsAsObjects() {
        return new Object[]{this.writeSpec, this.writeIV, this.hpCipher, this.aeadCipher, this.trafficSecret, Integer.valueOf(this.keyPhaseCounter)};
    }

    public Keys(SecretKeySpec secretKeySpec, byte[] bArr, Cipher cipher, Cipher cipher2, byte[] bArr2, int i) {
        this.writeSpec = secretKeySpec;
        this.writeIV = bArr;
        this.hpCipher = cipher;
        this.aeadCipher = cipher2;
        this.trafficSecret = bArr2;
        this.keyPhaseCounter = i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Keys computeApplicationKeys(Version version, Role role, TrafficSecrets trafficSecrets) {
        if (role == Role.Client) {
            return computeKeys(version, trafficSecrets.getClientApplicationTrafficSecret());
        }
        if (role == Role.Server) {
            return computeKeys(version, trafficSecrets.getServerApplicationTrafficSecret());
        }
        throw new RuntimeException("not handled role");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Keys computeHandshakeKeys(Version version, Role role, TrafficSecrets trafficSecrets) {
        if (role == Role.Client) {
            return computeKeys(version, trafficSecrets.getClientHandshakeTrafficSecret());
        }
        if (role == Role.Server) {
            return computeKeys(version, trafficSecrets.getServerHandshakeTrafficSecret());
        }
        throw new RuntimeException("not handled role");
    }

    public static Keys computeKeyUpdate(Version version, Keys keys) {
        String str = version.isV2() ? "quicv2 " : "quic ";
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            byte[] hkdfExpandLabel = hkdfExpandLabel(mac, keys.trafficSecret(), str.concat("ku"), (short) 32);
            return new Keys(new SecretKeySpec(hkdfExpandLabel(mac, hkdfExpandLabel, str.concat("key"), KEY_LENGTH), "AES"), hkdfExpandLabel(mac, hkdfExpandLabel, str.concat("iv"), (short) 12), keys.hpCipher, keys.aeadCipher, hkdfExpandLabel, keys.keyPhaseCounter() + 1);
        } catch (Throwable th) {
            throw new IllegalStateException(th);
        }
    }

    private static Keys computeKeys(Version version, byte[] bArr) {
        String str = version.isV2() ? "quicv2 " : "quic ";
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            return new Keys(new SecretKeySpec(hkdfExpandLabel(mac, bArr, str.concat("key"), KEY_LENGTH), "AES"), hkdfExpandLabel(mac, bArr, str.concat("iv"), (short) 12), getHeaderProtectionCipher(hkdfExpandLabel(mac, bArr, str.concat("hp"), KEY_LENGTH)), Cipher.getInstance("AES/GCM/NoPadding"), bArr, 0);
        } catch (Throwable th) {
            throw new IllegalStateException(th);
        }
    }

    public static Keys createInitialKeys(Version version, byte[] bArr, Role role) {
        try {
            return computeKeys(version, hkdfExpandLabel(Mac.getInstance("HmacSHA256"), bArr, role == Role.Client ? "client in" : "server in", (short) 32));
        } catch (Throwable th) {
            throw new IllegalStateException(th);
        }
    }

    private static Cipher getHeaderProtectionCipher(byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding");
            cipher.init(1, new SecretKeySpec(bArr, "AES"));
            return cipher;
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new IllegalStateException(e);
        }
    }

    private static byte[] hkdfExpandLabel(Mac mac, byte[] bArr, String str, short s) throws BadRecordMacAlert {
        byte[] bytes = "tls13 ".getBytes(StandardCharsets.ISO_8859_1);
        ByteBuffer allocate = ByteBuffer.allocate(bytes.length + 3 + str.getBytes(StandardCharsets.ISO_8859_1).length + 1 + "".getBytes(StandardCharsets.ISO_8859_1).length);
        allocate.putShort(s);
        allocate.put((byte) (bytes.length + str.getBytes().length));
        allocate.put(bytes);
        allocate.put(str.getBytes(StandardCharsets.ISO_8859_1));
        allocate.put((byte) "".getBytes(StandardCharsets.ISO_8859_1).length);
        allocate.put("".getBytes(StandardCharsets.ISO_8859_1));
        return TlsState.expandHmac(mac, bArr, allocate.array(), s);
    }

    public Cipher aeadCipher() {
        return this.aeadCipher;
    }

    public byte[] aeadDecrypt(byte[] bArr, byte[] bArr2, byte[] bArr3, int i, int i2) throws DecryptErrorAlert {
        if (bArr3.length <= 16) {
            throw new DecryptErrorAlert("ciphertext must be longer than 16 bytes");
        }
        try {
            this.aeadCipher.init(2, this.writeSpec, new GCMParameterSpec(128, bArr2));
            this.aeadCipher.updateAAD(bArr);
            return this.aeadCipher.doFinal(bArr3, i, i2);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
            throw new IllegalStateException(e);
        } catch (AEADBadTagException e2) {
            throw new DecryptErrorAlert(e2.toString());
        }
    }

    public byte[] aeadEncrypt(byte[] bArr, byte[] bArr2, byte[] bArr3, int i, int i2) {
        try {
            this.aeadCipher.init(1, this.writeSpec, new GCMParameterSpec(128, bArr2));
            this.aeadCipher.updateAAD(bArr);
            return this.aeadCipher.doFinal(bArr3, i, i2);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException unused) {
            throw new IllegalStateException();
        }
    }

    public boolean checkKeyPhase(short s) {
        return this.keyPhaseCounter % 2 != s;
    }

    public byte[] createHeaderProtectionMask(byte[] bArr) {
        try {
            return this.hpCipher.doFinal(bArr);
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            throw new IllegalStateException(e);
        }
    }

    public final boolean equals(Object obj) {
        return $record$equals(obj);
    }

    public short getKeyPhase() {
        return (short) (this.keyPhaseCounter % 2);
    }

    public byte[] getWriteIV() {
        return this.writeIV;
    }

    public final int hashCode() {
        return Lite$Settings$$ExternalSyntheticRecord0.m(getClass(), $record$getFieldsAsObjects());
    }

    public Cipher hpCipher() {
        return this.hpCipher;
    }

    public int keyPhaseCounter() {
        return this.keyPhaseCounter;
    }

    public final String toString() {
        return Lite$Settings$$ExternalSyntheticRecord0.m($record$getFieldsAsObjects(), Keys.class, "writeSpec;writeIV;hpCipher;aeadCipher;trafficSecret;keyPhaseCounter");
    }

    public byte[] trafficSecret() {
        return this.trafficSecret;
    }

    public byte[] writeIV() {
        return this.writeIV;
    }

    public SecretKeySpec writeSpec() {
        return this.writeSpec;
    }
}
