package org.eclipse.californium.scandium.dtls;

import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: classes3.dex */
public class ak {
    private static final org.slf4j.c LOGGER = org.slf4j.d.C(ak.class.getCanonicalName());
    private InetSocketAddress ggD;
    private n gjW;
    private int glA;
    private m glB;
    private byte[] glC;
    private ContentType gly;
    private ai glz;
    private int length;
    private long sequenceNumber;

    private ak(ContentType contentType, int i, long j) {
        this.gly = null;
        this.glz = new ai();
        this.glA = -1;
        this.length = 0;
        this.glB = null;
        this.glC = null;
        if (j > 281474976710655L) {
            throw new IllegalArgumentException("Sequence number must be 48 bits only");
        }
        this.gly = contentType;
        this.glA = i;
        this.sequenceNumber = j;
    }

    public ak(ContentType contentType, int i, long j, m mVar, InetSocketAddress inetSocketAddress) {
        this(contentType, i, j);
        this.ggD = inetSocketAddress;
        try {
            c(mVar);
        } catch (GeneralSecurityException e) {
            LOGGER.d("Unexpected attempt to encrypt outbound record payload", (Throwable) e);
        }
    }

    public ak(ContentType contentType, int i, long j, m mVar, n nVar) throws GeneralSecurityException {
        this(contentType, i, j);
        if (nVar == null) {
            throw new NullPointerException("Session must not be null");
        }
        this.glB = mVar;
        this.gjW = nVar;
        c(mVar);
    }

    ak(ContentType contentType, ai aiVar, int i, long j, byte[] bArr, InetSocketAddress inetSocketAddress) {
        this(contentType, i, j);
        this.glz = aiVar;
        this.glC = Arrays.copyOf(bArr, bArr.length);
        this.length = bArr.length;
        this.ggD = inetSocketAddress;
    }

    private byte[] Cf(int i) {
        org.eclipse.californium.a.b.e eVar = new org.eclipse.californium.a.b.e();
        eVar.cp(this.glA, 16);
        eVar.g(this.sequenceNumber, 48);
        eVar.cp(this.gly.getCode(), 8);
        eVar.cp(this.glz.getMajor(), 8);
        eVar.cp(this.glz.getMinor(), 8);
        eVar.cp(i, 16);
        return eVar.toByteArray();
    }

    private byte[] a(k kVar, byte[] bArr) throws GeneralSecurityException {
        Mac mac = Mac.getInstance(kVar.bJL().getMacName());
        mac.init(kVar.bJQ());
        org.eclipse.californium.a.b.e eVar = new org.eclipse.californium.a.b.e();
        eVar.writeBytes(Cf(bArr.length));
        eVar.writeBytes(bArr);
        return mac.doFinal(eVar.toByteArray());
    }

    private byte[] a(byte[] bArr, k kVar) throws GeneralSecurityException {
        if (kVar == null) {
            return bArr;
        }
        kVar.bJL();
        LOGGER.a("Decrypting record fragment using current read state{}{}", org.eclipse.californium.a.b.i.lineSeparator(), kVar);
        switch (r0.getCipherType()) {
            case NULL:
            case STREAM:
            default:
                return bArr;
            case AEAD:
                return c(bArr, kVar);
            case BLOCK:
                return b(bArr, kVar);
        }
    }

    private byte[] bKP() {
        org.eclipse.californium.a.b.e eVar = new org.eclipse.californium.a.b.e();
        eVar.cp(this.glA, 16);
        eVar.g(this.sequenceNumber, 48);
        return eVar.toByteArray();
    }

    private byte[] bS(byte[] bArr) throws GeneralSecurityException {
        if (this.gjW == null) {
            return bArr;
        }
        this.gjW.bKk().bJL();
        LOGGER.a("Encrypting record fragment using current write state{}{}", org.eclipse.californium.a.b.i.lineSeparator(), this.gjW.bKk());
        switch (r0.getCipherType()) {
            case NULL:
            case STREAM:
            default:
                return bArr;
            case AEAD:
                return bU(bArr);
            case BLOCK:
                return bT(bArr);
        }
    }

    private byte[] bV(byte[] bArr) {
        return g(bArr, bKP());
    }

    private m d(k kVar) throws GeneralSecurityException, x {
        return AlertMessage.a(a(this.glC, kVar), bIe());
    }

    private m e(k kVar) throws GeneralSecurityException {
        return b.b(a(this.glC, kVar), bIe());
    }

    public static List<ak> f(byte[] bArr, InetSocketAddress inetSocketAddress) {
        if (bArr == null) {
            throw new NullPointerException("Byte array must not be null");
        }
        if (inetSocketAddress == null) {
            throw new NullPointerException("Peer address must not be null");
        }
        ArrayList arrayList = new ArrayList();
        org.eclipse.californium.a.b.d dVar = new org.eclipse.californium.a.b.d(bArr);
        while (dVar.bIp()) {
            if (dVar.bIq() < 104) {
                LOGGER.debug("Received truncated DTLS record(s). Discarding ...");
                return arrayList;
            }
            int lZ = dVar.lZ(8);
            ai aiVar = new ai(dVar.lZ(8), dVar.lZ(8));
            int lZ2 = dVar.lZ(16);
            long BV = dVar.BV(48);
            int lZ3 = dVar.lZ(16);
            if (dVar.bIq() < lZ3) {
                LOGGER.debug("Received truncated DTLS record(s). Discarding ...");
                return arrayList;
            }
            byte[] zi = dVar.zi(lZ3);
            ContentType typeByValue = ContentType.getTypeByValue(lZ);
            if (typeByValue == null) {
                LOGGER.b("Received DTLS record of unsupported type [{}]. Discarding ...", Integer.valueOf(lZ));
            } else {
                arrayList.add(new ak(typeByValue, aiVar, lZ2, BV, zi, inetSocketAddress));
            }
        }
        return arrayList;
    }

    private m f(k kVar) throws GeneralSecurityException, x {
        return ChangeCipherSpecMessage.b(a(this.glC, kVar), bIe());
    }

    private m g(k kVar) throws GeneralSecurityException, x {
        if (LOGGER.isTraceEnabled()) {
            LOGGER.a("Decrypting HANDSHAKE message ciphertext{}{}", org.eclipse.californium.a.b.i.lineSeparator(), org.eclipse.californium.scandium.util.a.bw(this.glC));
        }
        byte[] a2 = a(this.glC, kVar);
        z zVar = null;
        if (this.gjW != null) {
            zVar = this.gjW.bKm();
        } else {
            LOGGER.debug("Parsing message without a session");
        }
        if (LOGGER.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder("Parsing HANDSHAKE message plaintext [{}]");
            if (LOGGER.isTraceEnabled()) {
                sb.append(":");
                sb.append(org.eclipse.californium.a.b.i.lineSeparator());
                sb.append(org.eclipse.californium.scandium.util.a.bw(a2));
            }
            LOGGER.b(sb.toString(), zVar);
        }
        return y.a(a2, zVar, bIe());
    }

    private byte[] g(byte[] bArr, byte[] bArr2) {
        org.eclipse.californium.a.b.e eVar = new org.eclipse.californium.a.b.e();
        eVar.writeBytes(bArr);
        eVar.writeBytes(bArr2);
        return eVar.toByteArray();
    }

    public synchronized void a(n nVar) {
        this.gjW = nVar;
        if (nVar != null) {
            this.ggD = null;
        }
    }

    protected final byte[] b(byte[] bArr, k kVar) throws GeneralSecurityException {
        if (kVar == null) {
            throw new NullPointerException("Current read state must not be null");
        }
        if (bArr == null) {
            throw new NullPointerException("Ciphertext must not be null");
        }
        org.eclipse.californium.a.b.d dVar = new org.eclipse.californium.a.b.d(bArr);
        byte[] zi = dVar.zi(kVar.getRecordIvLength());
        Cipher bVar = org.eclipse.californium.scandium.dtls.cipher.b.getInstance(kVar.bJL().getTransformation());
        bVar.init(2, kVar.bJO(), new IvParameterSpec(zi));
        byte[] doFinal = bVar.doFinal(dVar.bIo());
        int length = ((doFinal.length - 1) - doFinal[doFinal.length - 1]) - kVar.bJL().getMacLength();
        org.eclipse.californium.a.b.d dVar2 = new org.eclipse.californium.a.b.d(doFinal);
        byte[] zi2 = dVar2.zi(length);
        byte[] zi3 = dVar2.zi(kVar.bJL().getMacLength());
        byte[] a2 = a(kVar, zi2);
        if (Arrays.equals(zi3, a2)) {
            return zi2;
        }
        throw new org.eclipse.californium.scandium.dtls.cipher.c(a2, zi3);
    }

    public InetSocketAddress bIe() {
        if (this.gjW != null) {
            return this.gjW.bJb();
        }
        if (this.ggD != null) {
            return this.ggD;
        }
        throw new IllegalStateException("Record does not have a peer address");
    }

    public boolean bKQ() {
        return this.glA <= 0 && this.gly == ContentType.HANDSHAKE && this.glC != null && this.glC.length != 0 && HandshakeType.getTypeByCode(this.glC[0]) == HandshakeType.CLIENT_HELLO;
    }

    public ContentType bKR() {
        return this.gly;
    }

    public int bKS() {
        return this.glA;
    }

    public m bKT() throws GeneralSecurityException, x {
        return this.gjW != null ? c(this.gjW.bKj()) : c((k) null);
    }

    protected final byte[] bT(byte[] bArr) throws GeneralSecurityException {
        if (this.gjW == null) {
            throw new IllegalStateException("DTLS session must be set on record");
        }
        if (bArr == null) {
            throw new NullPointerException("Compressed fragment must not be null");
        }
        org.eclipse.californium.a.b.e eVar = new org.eclipse.californium.a.b.e();
        eVar.writeBytes(bArr);
        eVar.writeBytes(a(this.gjW.bKk(), bArr));
        int length = bArr.length + this.gjW.bKk().bJL().getMacLength() + 1;
        int recordIvLength = this.gjW.bKk().getRecordIvLength();
        while (recordIvLength <= length) {
            recordIvLength += this.gjW.bKk().getRecordIvLength();
        }
        int i = recordIvLength % length;
        byte[] bArr2 = new byte[i + 1];
        Arrays.fill(bArr2, (byte) i);
        eVar.writeBytes(bArr2);
        Cipher bVar = org.eclipse.californium.scandium.dtls.cipher.b.getInstance(this.gjW.bKk().bJL().getTransformation());
        bVar.init(1, this.gjW.bKk().bJO());
        org.eclipse.californium.a.b.e eVar2 = new org.eclipse.californium.a.b.e();
        eVar2.writeBytes(bVar.getIV());
        eVar2.writeBytes(bVar.doFinal(eVar.toByteArray()));
        return eVar2.toByteArray();
    }

    protected byte[] bU(byte[] bArr) throws GeneralSecurityException {
        return org.eclipse.californium.scandium.util.a.h(bKP(), org.eclipse.californium.scandium.dtls.cipher.a.b(this.gjW.bKk().bJO().getEncoded(), bV(this.gjW.bKk().bJP().getIV()), Cf(bArr.length), bArr, 8));
    }

    public m c(k kVar) throws GeneralSecurityException, x {
        if (this.glB == null) {
            switch (this.gly) {
                case ALERT:
                    this.glB = d(kVar);
                    break;
                case APPLICATION_DATA:
                    this.glB = e(kVar);
                    break;
                case CHANGE_CIPHER_SPEC:
                    this.glB = f(kVar);
                    break;
                case HANDSHAKE:
                    this.glB = g(kVar);
                    break;
                default:
                    LOGGER.e("Cannot decrypt message of unsupported type [{}]", this.gly);
                    break;
            }
        }
        return this.glB;
    }

    public synchronized void c(m mVar) throws GeneralSecurityException {
        if (this.glC == null) {
            byte[] byteArray = mVar.toByteArray();
            this.length = byteArray.length;
            switch (this.gly) {
                case ALERT:
                case APPLICATION_DATA:
                case CHANGE_CIPHER_SPEC:
                case HANDSHAKE:
                    byteArray = bS(byteArray);
                    break;
                default:
                    LOGGER.error("Unknown content type: " + this.gly.toString());
                    break;
            }
            this.glC = byteArray;
        }
        this.glB = mVar;
    }

    protected byte[] c(byte[] bArr, k kVar) throws GeneralSecurityException {
        if (kVar == null) {
            throw new NullPointerException("Current read state must not be null");
        }
        if (bArr == null) {
            throw new NullPointerException("Ciphertext must not be null");
        }
        byte[] iv = kVar.bJP().getIV();
        byte[] encoded = kVar.bJO().getEncoded();
        byte[] Cf = Cf(bArr.length - 16);
        org.eclipse.californium.a.b.d dVar = new org.eclipse.californium.a.b.d(bArr);
        byte[] bKP = bKP();
        byte[] zi = dVar.zi(8);
        if (LOGGER.isDebugEnabled() && !Arrays.equals(bKP, zi)) {
            LOGGER.debug("The explicit nonce used by the sender does not match the values provided in the DTLS record" + org.eclipse.californium.a.b.i.lineSeparator() + "Used    : " + org.eclipse.californium.scandium.util.a.bw(zi) + org.eclipse.californium.a.b.i.lineSeparator() + "Expected: " + org.eclipse.californium.scandium.util.a.bw(bKP));
        }
        return org.eclipse.californium.scandium.dtls.cipher.a.a(encoded, g(iv, zi), Cf, dVar.bIo(), 8);
    }

    public long getSequenceNumber() {
        return this.sequenceNumber;
    }

    public synchronized void setSequenceNumber(long j) throws GeneralSecurityException {
        if (j > 281474976710655L) {
            throw new IllegalArgumentException("Sequence number must have max 48 bits");
        }
        this.sequenceNumber = j;
        if (this.gjW != null && this.gjW.bKk() != null && this.glA > 0) {
            this.glC = bS(this.glB.toByteArray());
        }
    }

    public synchronized byte[] toByteArray() {
        org.eclipse.californium.a.b.e eVar;
        eVar = new org.eclipse.californium.a.b.e();
        eVar.cp(this.gly.getCode(), 8);
        eVar.cp(this.glz.getMajor(), 8);
        eVar.cp(this.glz.getMinor(), 8);
        eVar.cp(this.glA, 16);
        eVar.g(this.sequenceNumber, 48);
        this.length = this.glC.length;
        eVar.cp(this.length, 16);
        eVar.writeBytes(this.glC);
        return eVar.toByteArray();
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("==[ DTLS Record ]==============================================");
        sb.append(org.eclipse.californium.a.b.i.lineSeparator());
        sb.append("Content Type: ");
        sb.append(this.gly.toString());
        sb.append(org.eclipse.californium.a.b.i.lineSeparator());
        sb.append("Peer address: ");
        sb.append(bIe());
        sb.append(org.eclipse.californium.a.b.i.lineSeparator());
        sb.append("Version: ");
        sb.append(this.glz.getMajor());
        sb.append(", ");
        sb.append(this.glz.getMinor());
        sb.append(org.eclipse.californium.a.b.i.lineSeparator());
        sb.append("Epoch: ");
        sb.append(this.glA);
        sb.append(org.eclipse.californium.a.b.i.lineSeparator());
        sb.append("Sequence Number: ");
        sb.append(this.sequenceNumber);
        sb.append(org.eclipse.californium.a.b.i.lineSeparator());
        sb.append("Length: ");
        sb.append(this.length);
        sb.append(org.eclipse.californium.a.b.i.lineSeparator());
        sb.append("Fragment:");
        if (this.glB != null) {
            sb.append(org.eclipse.californium.a.b.i.lineSeparator());
            sb.append(this.glB);
        } else {
            sb.append(org.eclipse.californium.a.b.i.lineSeparator());
            sb.append("fragment is not decrypted yet");
        }
        sb.append(org.eclipse.californium.a.b.i.lineSeparator());
        sb.append("===============================================================");
        return sb.toString();
    }
}
