package com.xtralogic.rdplib.security;

import com.xtralogic.rdplib.BasicSecurityHeader;
import com.xtralogic.rdplib.ClientAutoReconnectPacket;
import com.xtralogic.rdplib.NativeRc4Algorithm;
import com.xtralogic.rdplib.RdpLayer;
import com.xtralogic.rdplib.RdplibException;
import com.xtralogic.rdplib.ReceivingBuffer;
import com.xtralogic.rdplib.SendingBuffer;
import com.xtralogic.rdplib.ServerAutoReconnectPacket;
import com.xtralogic.rdplib.Utilities;
import com.xtralogic.rdplib.licensing.LicenseLayer;
import com.xtralogic.rdplib.mcs.McsLayer;
import com.xtralogic.rdplib.mcs.TsUdCsCore;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.security.cert.CertificateException;

/* loaded from: classes.dex */
public class SecurityLayer {
    public static final int CLIENT_RANDOM_LENGTH = 32;
    public static final String HMAC_MD5_ALGORRITHM = "HMacMD5";
    public static final int SERVER_RANDOM_LEN = 32;
    public static final int mSupportedEncryptionMethods = 11;
    private static final byte[] pad0x36 = {54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54};
    private static final byte[] pad0x5C = {92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92};
    private McsLayer mMcsLayer;
    protected final NativeRc4Algorithm mRc4Decryptor;
    protected final NativeRc4Algorithm mRc4Encryptor;
    public final MessageDigest mReceivingMd5;
    public final MessageDigest mReceivingSha1;
    private final MessageDigest mSendingMd5;
    private final MessageDigest mSendingSha1;
    private LicenseLayer mLicenseLayer = null;
    public RdpLayer mRdpLayer = null;
    private byte[] mMacKey = new byte[16];
    private int mKeyLength = 0;
    private int mEncryptedPacketsCounter = 0;
    private int mDecryptedPacketsCounter = 0;
    protected byte[] mClientRandom = new byte[32];
    private byte[] mInitialEncryptKey = null;
    private byte[] mInitialDecryptKey = null;
    public byte[] mCurrentEncryptKey = null;
    public byte[] mCurrentDecryptKey = null;
    public final SecureRandom mSecureRandom = SecureRandom.getInstance("SHA1PRNG");

    public SecurityLayer(McsLayer mcsLayer) throws NoSuchAlgorithmException {
        this.mMcsLayer = null;
        this.mMcsLayer = mcsLayer;
        this.mSecureRandom.setSeed(System.currentTimeMillis());
        this.mReceivingSha1 = MessageDigest.getInstance("SHA1");
        this.mReceivingMd5 = MessageDigest.getInstance("MD5");
        this.mSendingSha1 = MessageDigest.getInstance("SHA1");
        this.mSendingMd5 = MessageDigest.getInstance("MD5");
        this.mRc4Encryptor = new NativeRc4Algorithm();
        this.mRc4Decryptor = new NativeRc4Algorithm();
    }

    private void reduceEntropyTo40Bits(byte[] bArr) {
        bArr[0] = -47;
        bArr[1] = 38;
        bArr[2] = -98;
    }

    private void reduceEntropyTo56Bits(byte[] bArr) {
        bArr[0] = -47;
    }

    public byte[] calculateNonFipsMac(byte[] bArr, int i, byte[] bArr2, int i2, int i3, MessageDigest messageDigest, MessageDigest messageDigest2) {
        byte[] bArr3 = {(byte) (i3 & 255), (byte) ((i3 >>> 8) & 255), (byte) ((i3 >>> 16) & 255), (byte) ((i3 >>> 24) & 255)};
        messageDigest.reset();
        messageDigest.update(bArr, 0, i);
        messageDigest.update(pad0x36, 0, pad0x36.length);
        messageDigest.update(bArr3, 0, bArr3.length);
        messageDigest.update(bArr2, i2, i3);
        messageDigest2.reset();
        messageDigest2.update(bArr, 0, i);
        messageDigest2.update(pad0x5C, 0, pad0x5C.length);
        messageDigest2.update(messageDigest.digest(), 0, 20);
        return messageDigest2.digest();
    }

    public void decrypt(byte[] bArr, int i, int i2) throws RdplibException {
        if (4096 == this.mDecryptedPacketsCounter) {
            this.mCurrentDecryptKey = updateSessionKey(this.mInitialDecryptKey, this.mCurrentDecryptKey, this.mReceivingSha1, this.mReceivingMd5);
            this.mRc4Decryptor.init(this.mCurrentDecryptKey, this.mKeyLength);
            this.mDecryptedPacketsCounter = 0;
        }
        this.mRc4Decryptor.transform(bArr, i, bArr, i, i2);
        this.mDecryptedPacketsCounter++;
    }

    protected void encrypt(byte[] bArr, int i, int i2) throws RdplibException {
        if (4096 == this.mEncryptedPacketsCounter) {
            this.mCurrentEncryptKey = updateSessionKey(this.mInitialEncryptKey, this.mCurrentEncryptKey, this.mSendingSha1, this.mSendingMd5);
            this.mRc4Encryptor.init(this.mCurrentEncryptKey, this.mKeyLength);
            this.mEncryptedPacketsCounter = 0;
        }
        this.mRc4Encryptor.transform(bArr, i, bArr, i, i2);
        this.mEncryptedPacketsCounter++;
    }

    protected byte[] encryptClientRandom() throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("RSA");
        cipher.init(1, getServerRSAPublicKey());
        Utilities.reverse(this.mClientRandom);
        byte[] doFinal = cipher.doFinal(this.mClientRandom);
        Utilities.reverse(this.mClientRandom);
        Utilities.reverse(doFinal);
        return doFinal;
    }

    public byte[] finalHash(byte[] bArr, int i, byte[] bArr2, byte[] bArr3, MessageDigest messageDigest) {
        messageDigest.reset();
        messageDigest.update(bArr, i, 16);
        messageDigest.update(bArr3, 0, 32);
        messageDigest.update(bArr2, 0, 32);
        return messageDigest.digest();
    }

    public ClientAutoReconnectPacket generateClientAutoReconnectPacket(ServerAutoReconnectPacket serverAutoReconnectPacket) throws NoSuchAlgorithmException, InvalidKeyException {
        ClientAutoReconnectPacket clientAutoReconnectPacket = new ClientAutoReconnectPacket();
        clientAutoReconnectPacket.mLogonId = serverAutoReconnectPacket.mLogonId;
        SecretKeySpec secretKeySpec = new SecretKeySpec(serverAutoReconnectPacket.mArcRandomBits, 0, serverAutoReconnectPacket.mArcRandomBits.length, HMAC_MD5_ALGORRITHM);
        Mac mac = Mac.getInstance(HMAC_MD5_ALGORRITHM);
        mac.init(secretKeySpec);
        clientAutoReconnectPacket.mSecurityVerifier = mac.doFinal(this.mClientRandom);
        return clientAutoReconnectPacket;
    }

    protected void generateClientRandom() {
        this.mSecureRandom.nextBytes(this.mClientRandom);
    }

    public byte[] generateMasterSecret(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        byte[] bArr4 = new byte[48];
        System.arraycopy(saltedHash(bArr, new byte[]{65}, bArr2, bArr3, this.mReceivingSha1, this.mReceivingMd5), 0, bArr4, 0, 16);
        System.arraycopy(saltedHash(bArr, new byte[]{66, 66}, bArr2, bArr3, this.mReceivingSha1, this.mReceivingMd5), 0, bArr4, 16, 16);
        System.arraycopy(saltedHash(bArr, new byte[]{67, 67, 67}, bArr2, bArr3, this.mReceivingSha1, this.mReceivingMd5), 0, bArr4, 32, 16);
        return bArr4;
    }

    public void generateNonFipsSessionKeys(byte[] bArr) {
        byte[] bArr2 = new byte[48];
        System.arraycopy(this.mClientRandom, 0, bArr2, 0, 24);
        System.arraycopy(bArr, 0, bArr2, 24, 24);
        byte[] generateMasterSecret = generateMasterSecret(bArr2, bArr, this.mClientRandom);
        byte[] bArr3 = new byte[48];
        System.arraycopy(saltedHash(generateMasterSecret, new byte[]{88}, bArr, this.mClientRandom, this.mReceivingSha1, this.mReceivingMd5), 0, bArr3, 0, 16);
        System.arraycopy(saltedHash(generateMasterSecret, new byte[]{89, 89}, bArr, this.mClientRandom, this.mReceivingSha1, this.mReceivingMd5), 0, bArr3, 16, 16);
        System.arraycopy(saltedHash(generateMasterSecret, new byte[]{90, 90, 90}, bArr, this.mClientRandom, this.mReceivingSha1, this.mReceivingMd5), 0, bArr3, 32, 16);
        System.arraycopy(bArr3, 0, this.mMacKey, 0, 16);
        this.mInitialDecryptKey = finalHash(bArr3, 16, bArr, this.mClientRandom, this.mReceivingMd5);
        this.mInitialEncryptKey = finalHash(bArr3, 32, bArr, this.mClientRandom, this.mReceivingMd5);
        switch (this.mMcsLayer.getEncryptionMethod()) {
            case 1:
                reduceEntropyTo40Bits(this.mMacKey);
                reduceEntropyTo40Bits(this.mInitialDecryptKey);
                reduceEntropyTo40Bits(this.mInitialEncryptKey);
                this.mKeyLength = 8;
                break;
            case 2:
                this.mKeyLength = 16;
                break;
            case 8:
                reduceEntropyTo56Bits(this.mMacKey);
                reduceEntropyTo56Bits(this.mInitialDecryptKey);
                reduceEntropyTo56Bits(this.mInitialEncryptKey);
                this.mKeyLength = 8;
                break;
        }
        this.mCurrentDecryptKey = new byte[16];
        System.arraycopy(this.mInitialDecryptKey, 0, this.mCurrentDecryptKey, 0, 16);
        this.mCurrentEncryptKey = new byte[16];
        System.arraycopy(this.mInitialEncryptKey, 0, this.mCurrentEncryptKey, 0, 16);
    }

    protected void generateSessionKeys() throws RdplibException {
        if (this.mMcsLayer.getEncryptionMethod() == 16) {
            throw new RdplibException("The FIPS security level is not implemented");
        }
        generateNonFipsSessionKeys(getServerRandom());
        this.mRc4Encryptor.init(this.mCurrentEncryptKey, this.mKeyLength);
        this.mRc4Decryptor.init(this.mCurrentDecryptKey, this.mKeyLength);
    }

    public int getEncryptionLevel() {
        return this.mMcsLayer.getEncryptionLevel();
    }

    int getEncryptionMethod() {
        return this.mMcsLayer.getEncryptionMethod();
    }

    public int getIoChannelId() {
        return this.mMcsLayer.getIoChannelId();
    }

    public RSAPublicKey getServerRSAPublicKey() {
        return this.mMcsLayer.getServerRSAPublicKey();
    }

    byte[] getServerRandom() {
        return this.mMcsLayer.getServerRandom();
    }

    public TsUdCsCore getTsUdCsCore() {
        return this.mMcsLayer.getTsUdCsCore();
    }

    public int getUserChannelId() {
        return this.mMcsLayer.getUserChannelId();
    }

    public void onLowerLevelConnected() throws IOException, RdplibException, InterruptedException, GeneralSecurityException {
        if (getEncryptionLevel() != 0) {
            generateClientRandom();
            sendClientSecurityExchange();
            generateSessionKeys();
        }
        this.mRdpLayer.onLowerLevelConnected();
    }

    public void received(ReceivingBuffer receivingBuffer, int i, int i2, int i3) throws RdplibException, IOException, InterruptedException, GeneralSecurityException, CertificateException {
        int i4 = i;
        BasicSecurityHeader basicSecurityHeader = new BasicSecurityHeader();
        switch (getEncryptionLevel()) {
            case 0:
                if (!this.mLicenseLayer.isLicenseNegotiationComplete()) {
                    i4 = basicSecurityHeader.Extract(receivingBuffer, i4);
                    break;
                }
                break;
            case 1:
            case 2:
            case 3:
                i4 = basicSecurityHeader.Extract(receivingBuffer, i4);
                if ((basicSecurityHeader._flags & 8) != 0) {
                    byte[] bArr = new byte[8];
                    receivingBuffer.getByteArray(i4, bArr, 0, bArr.length);
                    i4 += 8;
                    decrypt(receivingBuffer.getArray(), i4, i2 - (i4 - i));
                    byte[] bArr2 = new byte[8];
                    System.arraycopy(calculateNonFipsMac(this.mMacKey, this.mKeyLength, receivingBuffer.getArray(), i4, i2 - (i4 - i), this.mReceivingSha1, this.mReceivingMd5), 0, bArr2, 0, 8);
                    if (!Arrays.equals(bArr, bArr2)) {
                        throw new RdplibException("Wrong MAC value recieved from the server");
                    }
                }
                break;
            case 4:
                throw new RdplibException("The FIPS security level is not implemented");
        }
        if ((basicSecurityHeader._flags & 128) != 0) {
            this.mLicenseLayer.Received(receivingBuffer, i4, i2 - (i4 - i), i3, basicSecurityHeader._flags);
        } else {
            this.mRdpLayer.onReceived(receivingBuffer, i4, i2 - (i4 - i), i3);
        }
    }

    public void reset() {
        this.mEncryptedPacketsCounter = 0;
        this.mDecryptedPacketsCounter = 0;
    }

    public byte[] saltedHash(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, MessageDigest messageDigest, MessageDigest messageDigest2) {
        messageDigest.reset();
        messageDigest.update(bArr2, 0, bArr2.length);
        messageDigest.update(bArr, 0, 48);
        messageDigest.update(bArr4, 0, 32);
        messageDigest.update(bArr3, 0, 32);
        messageDigest2.reset();
        messageDigest2.update(bArr, 0, 48);
        messageDigest2.update(messageDigest.digest(), 0, 20);
        return messageDigest2.digest();
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:2:0x0005. Please report as an issue. */
    public void send(int i, SendingBuffer sendingBuffer, int i2, int i3, int i4) throws IOException, RdplibException, InterruptedException {
        int i5 = i2;
        switch (getEncryptionLevel()) {
            case 0:
                if ((i4 & 128) != 0 || (i4 & 64) != 0) {
                    i5 = BasicSecurityHeader.Apply(sendingBuffer, i5, i4);
                }
                this.mMcsLayer.Send(i, sendingBuffer, i5, (i5 - i2) + i3);
                return;
            case 1:
            case 2:
            case 3:
                byte[] bArr = new byte[8];
                System.arraycopy(calculateNonFipsMac(this.mMacKey, this.mKeyLength, sendingBuffer.getArray(), sendingBuffer.getCapacity() - i5, i3, this.mSendingSha1, this.mSendingMd5), 0, bArr, 0, 8);
                encrypt(sendingBuffer.getArray(), sendingBuffer.getCapacity() - i5, i3);
                int length = i5 + bArr.length;
                sendingBuffer.setByteArray(length, bArr);
                i5 = BasicSecurityHeader.Apply(sendingBuffer, length, i4 | 8);
                this.mMcsLayer.Send(i, sendingBuffer, i5, (i5 - i2) + i3);
                return;
            case 4:
                throw new RdplibException("The FIPS security level is not implemented");
            default:
                this.mMcsLayer.Send(i, sendingBuffer, i5, (i5 - i2) + i3);
                return;
        }
    }

    protected void sendClientSecurityExchange() throws IOException, RdplibException, InterruptedException, GeneralSecurityException {
        SendingBuffer allocatedDefault = SendingBuffer.allocatedDefault();
        int i = 0 + 8;
        byte[] encryptClientRandom = encryptClientRandom();
        int length = encryptClientRandom.length + 8;
        allocatedDefault.setByteArray(length, encryptClientRandom);
        int i2 = length + 4;
        allocatedDefault.set32LsbFirst(i2, encryptClientRandom.length + 8);
        int Apply = BasicSecurityHeader.Apply(allocatedDefault, i2, 513);
        this.mMcsLayer.Send(getIoChannelId(), allocatedDefault, Apply, Apply - 0);
    }

    public void setLicenseLayer(LicenseLayer licenseLayer) {
        this.mLicenseLayer = licenseLayer;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:3:0x0059, code lost:
    
        return r3;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected byte[] updateSessionKey(byte[] r7, byte[] r8, java.security.MessageDigest r9, java.security.MessageDigest r10) throws com.xtralogic.rdplib.RdplibException {
        /*
            r6 = this;
            r2 = 0
            r9.reset()
            int r4 = r6.mKeyLength
            r9.update(r7, r2, r4)
            byte[] r4 = com.xtralogic.rdplib.security.SecurityLayer.pad0x36
            byte[] r5 = com.xtralogic.rdplib.security.SecurityLayer.pad0x36
            int r5 = r5.length
            r9.update(r4, r2, r5)
            int r4 = r6.mKeyLength
            r9.update(r8, r2, r4)
            r10.reset()
            int r4 = r6.mKeyLength
            r10.update(r7, r2, r4)
            byte[] r4 = com.xtralogic.rdplib.security.SecurityLayer.pad0x5C
            byte[] r5 = com.xtralogic.rdplib.security.SecurityLayer.pad0x5C
            int r5 = r5.length
            r10.update(r4, r2, r5)
            byte[] r4 = r9.digest()
            r5 = 20
            r10.update(r4, r2, r5)
            int r4 = r6.mKeyLength
            byte[] r1 = new byte[r4]
            byte[] r4 = r10.digest()
            int r5 = r6.mKeyLength
            java.lang.System.arraycopy(r4, r2, r1, r2, r5)
            com.xtralogic.rdplib.NativeRc4Algorithm r0 = new com.xtralogic.rdplib.NativeRc4Algorithm
            r0.<init>()
            int r4 = r6.mKeyLength
            r0.init(r1, r4)
            int r4 = r6.mKeyLength
            byte[] r3 = new byte[r4]
            int r5 = r6.mKeyLength
            r4 = r2
            r0.transform(r1, r2, r3, r4, r5)
            com.xtralogic.rdplib.mcs.McsLayer r2 = r6.mMcsLayer
            int r2 = r2.getEncryptionMethod()
            switch(r2) {
                case 1: goto L5a;
                case 8: goto L5e;
                default: goto L59;
            }
        L59:
            return r3
        L5a:
            r6.reduceEntropyTo40Bits(r3)
            goto L59
        L5e:
            r6.reduceEntropyTo56Bits(r3)
            goto L59
        */
        throw new UnsupportedOperationException("Method not decompiled: com.xtralogic.rdplib.security.SecurityLayer.updateSessionKey(byte[], byte[], java.security.MessageDigest, java.security.MessageDigest):byte[]");
    }
}
