package com.citrixonline.platform.MCAPI.E2ESec;

import com.citrixonline.foundation.crypto.SecureRandom;
import com.citrixonline.foundation.utils.DataBuffer;
import com.citrixonline.foundation.utils.IntegerSet;
import com.citrixonline.platform.routingLayer.Epoch;
import com.citrixonline.platform.routingLayer.EpochPacket;
import com.citrixonline.platform.transportLayer.ChannelUUId;

/* loaded from: classes.dex */
public class PacketSecurityProcessor implements IPacketSecurityProcessor {
    public static final int COMPACT_ICV_SIZE = 4;
    public static final int COMPACT_IV_SIZE = 4;
    private DataBuffer _myNonce = new DataBuffer();
    private final ISecurityAssociationManager _sam;

    public PacketSecurityProcessor(ISecurityAssociationManager iSecurityAssociationManager) {
        this._sam = iSecurityAssociationManager;
        this._myNonce.setBuffer(new SecureRandom().generateSeed(4));
    }

    private int _calcEpochICV(IE2ECrypto iE2ECrypto, ChannelUUId channelUUId, Epoch epoch) {
        if (iE2ECrypto == null) {
            throw new IllegalArgumentException("missing epoch crypto for channel " + channelUUId);
        }
        if (!iE2ECrypto.integrityEnabled()) {
            return 0;
        }
        DataBuffer dataBuffer = new DataBuffer();
        try {
            channelUUId.serialize(dataBuffer);
            dataBuffer.writeInt(epoch.getID());
            if (epoch.working != null && !epoch.working.empty()) {
                IntegerSet.Iterator iterator = epoch.working.getIterator();
                while (iterator.hasNext()) {
                    dataBuffer.writeInt(iterator.next());
                }
            }
            dataBuffer.rewind();
            return compactICV(iE2ECrypto.digest(new DataBuffer[]{dataBuffer}));
        } catch (Exception e) {
            throw new RuntimeException("_calcEpochICV: " + e);
        }
    }

    public static int compactICV(byte[] bArr) throws Exception {
        if (bArr == null || bArr.length == 0) {
            return 0;
        }
        if (bArr.length % 4 != 0) {
            throw new Exception("Invalid ICV size");
        }
        int i = 0;
        int i2 = 0;
        int i3 = 0;
        int i4 = 0;
        int i5 = 0;
        for (int length = bArr.length / 4; length != 0; length--) {
            int i6 = i4 + 1;
            i3 ^= bArr[i4];
            int i7 = i6 + 1;
            i2 ^= bArr[i6];
            int i8 = i7 + 1;
            i ^= bArr[i7];
            i4 = i8 + 1;
            i5 ^= bArr[i8];
        }
        return (i3 << 24) | ((i2 & 255) << 16) | ((i & 255) << 8) | (i5 & 255);
    }

    public static DataBuffer expandIV(int i, int i2, DataBuffer dataBuffer, int i3) throws Exception {
        DataBuffer dataBuffer2 = new DataBuffer(i3);
        dataBuffer2.setLength(0);
        dataBuffer2.writeInt(i);
        dataBuffer2.writeInt(i2);
        dataBuffer2.append(dataBuffer, 4);
        dataBuffer2.setLength(i3);
        dataBuffer2.setPosition(0);
        return dataBuffer2;
    }

    @Override // com.citrixonline.platform.MCAPI.E2ESec.IPacketSecurityProcessor
    public boolean processEpoch(ChannelUUId channelUUId, Epoch epoch) {
        return _calcEpochICV(this._sam.getCrypto(SecInfo.getSpi(epoch.security)), channelUUId, epoch) == SecInfo.getICV(epoch.security);
    }

    @Override // com.citrixonline.platform.MCAPI.E2ESec.IPacketSecurityProcessor
    public void processPacket(EpochPacket epochPacket, int i) {
        int i2;
        IE2ECrypto crypto = this._sam.getCrypto(epochPacket.spi);
        if (crypto == null) {
            throw new IllegalArgumentException("crypto[" + epochPacket.spi + "] not found");
        }
        DataBuffer dataBuffer = epochPacket.payload;
        DataBuffer dataBuffer2 = new DataBuffer();
        if (i == 1) {
            try {
                int readInt = dataBuffer.readInt();
                dataBuffer2.writeInt(readInt);
                i2 = readInt;
            } catch (Exception e) {
                throw new RuntimeException("processPacket: " + e);
            }
        } else {
            i2 = 0;
        }
        int position = dataBuffer.getPosition();
        int length = dataBuffer.getLength();
        int i3 = crypto.secrecyEnabled() ? position + 4 : position;
        int i4 = crypto.integrityEnabled() ? length - 4 : length;
        int i5 = i4 - i3;
        if (i5 < 0) {
            throw new IllegalArgumentException("empty packet data");
        }
        int iVSize = crypto.getIVSize();
        DataBuffer dataBuffer3 = null;
        if (crypto.secrecyEnabled()) {
            dataBuffer3 = expandIV(epochPacket.getStreamId(), epochPacket.getID(), dataBuffer, iVSize);
            dataBuffer.setPosition(i3);
            crypto.decrypt(dataBuffer3, dataBuffer2, dataBuffer, i5);
        } else {
            dataBuffer.setPosition(i3);
            dataBuffer2.append(dataBuffer, i5);
        }
        if (crypto.integrityEnabled()) {
            DataBuffer dataBuffer4 = new DataBuffer();
            if (i != -1) {
                dataBuffer4.writeInt(i2);
            }
            dataBuffer4.writeByte(epochPacket.spi);
            dataBuffer4.writeInt(epochPacket.getStreamId());
            dataBuffer4.writeInt(epochPacket.getID());
            dataBuffer4.writeInt(i5);
            dataBuffer.setPosition(i4);
            int readInt2 = dataBuffer.readInt();
            dataBuffer.setLength(i4);
            dataBuffer4.setPosition(0);
            if (dataBuffer3 != null) {
                dataBuffer3.setPosition(0);
            }
            dataBuffer.setPosition(i3);
            byte[] digest = crypto.digest(new DataBuffer[]{dataBuffer4, dataBuffer3, dataBuffer});
            dataBuffer.setPosition(i4);
            dataBuffer.writeInt(readInt2);
            if (compactICV(digest) != readInt2) {
                throw new RuntimeException("packet ICV mismatch");
            }
        }
        dataBuffer2.setPosition(0);
        epochPacket.payload = dataBuffer2;
    }

    @Override // com.citrixonline.platform.MCAPI.E2ESec.IPacketSecurityProcessor
    public void protectEpoch(ChannelUUId channelUUId, Epoch epoch) {
        ChannelCryptos channelCryptos = this._sam.getChannelCryptos(channelUUId.number);
        if (channelCryptos.epochSpi == 0) {
            return;
        }
        epoch.security = SecInfo.toLong(channelCryptos.epochSpi, _calcEpochICV(channelCryptos.epochCrypto, channelUUId, epoch));
    }

    @Override // com.citrixonline.platform.MCAPI.E2ESec.IPacketSecurityProcessor
    public void protectPacket(int i, EpochPacket epochPacket, int i2) {
        int i3;
        ChannelCryptos channelCryptos = this._sam.getChannelCryptos(i);
        IE2ECrypto iE2ECrypto = channelCryptos.packetCrypto;
        if (iE2ECrypto == null) {
            throw new IllegalArgumentException("missing packet crypto for channel " + i);
        }
        DataBuffer dataBuffer = epochPacket.payload;
        DataBuffer dataBuffer2 = new DataBuffer();
        if (i2 == 1) {
            try {
                int readInt = dataBuffer.readInt();
                dataBuffer2.writeInt(readInt);
                i3 = readInt;
            } catch (Exception e) {
                throw new RuntimeException("protectPacket: " + e);
            }
        } else {
            i3 = 0;
        }
        int available = dataBuffer.available();
        int iVSize = iE2ECrypto.getIVSize();
        if (iE2ECrypto.secrecyEnabled()) {
            dataBuffer2.append(this._myNonce);
        }
        int position = dataBuffer2.getPosition();
        DataBuffer dataBuffer3 = null;
        if (iE2ECrypto.secrecyEnabled()) {
            dataBuffer3 = expandIV(epochPacket.getStreamId(), epochPacket.getID(), this._myNonce, iVSize);
            iE2ECrypto.encrypt(dataBuffer3, dataBuffer2, dataBuffer, dataBuffer.available());
        } else {
            dataBuffer2.append(dataBuffer);
        }
        dataBuffer.setPosition(dataBuffer.getLength());
        if (iE2ECrypto.integrityEnabled()) {
            DataBuffer dataBuffer4 = new DataBuffer();
            if (i2 != -1) {
                dataBuffer4.writeInt(i3);
            }
            dataBuffer4.writeByte(channelCryptos.packetSpi);
            dataBuffer4.writeInt(epochPacket.getStreamId());
            dataBuffer4.writeInt(epochPacket.getID());
            dataBuffer4.writeInt(available);
            dataBuffer4.setPosition(0);
            if (dataBuffer3 != null) {
                dataBuffer3.setPosition(0);
            }
            dataBuffer2.setPosition(position);
            byte[] digest = iE2ECrypto.digest(new DataBuffer[]{dataBuffer4, dataBuffer3, dataBuffer2});
            dataBuffer2.setPosition(dataBuffer2.getLength());
            dataBuffer2.writeInt(compactICV(digest));
        }
        dataBuffer2.setPosition(0);
        epochPacket.payload = dataBuffer2;
        epochPacket.spi = channelCryptos.packetSpi;
    }
}
