package com.android.internal.net.ipsec.ike;

import android.annotation.Nullable;
import android.content.Context;
import android.net.IpSecManager;
import android.net.IpSecTransform;
import android.net.ipsec.ike.IkeManager;
import android.util.CloseGuard;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.ipsec.ike.crypto.IkeCipher;
import com.android.internal.net.ipsec.ike.crypto.IkeMacIntegrity;
import com.android.internal.net.ipsec.ike.crypto.IkeMacPrf;
import com.android.internal.net.ipsec.ike.message.IkeKePayload;
import com.android.internal.net.ipsec.ike.message.IkeMessage;
import com.android.internal.net.ipsec.ike.message.IkeNoncePayload;
import com.android.internal.net.ipsec.ike.message.IkePayload;
import com.android.internal.net.ipsec.ike.utils.IkeAlarm;
import com.android.internal.net.ipsec.ike.utils.IkeSecurityParameterIndex;
import java.io.IOException;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.List;

/* loaded from: input_file:com/android/internal/net/ipsec/ike/SaRecord.class */
public abstract class SaRecord implements AutoCloseable {
    private static ISaRecordHelper sSaRecordHelper = new SaRecordHelper();
    private static IIpSecTransformHelper sIpSecTransformHelper = new IpSecTransformHelper();
    public final boolean isLocalInit;
    public final byte[] nonceInitiator;
    public final byte[] nonceResponder;
    private final byte[] mSkAi;
    private final byte[] mSkAr;
    private final byte[] mSkEi;
    private final byte[] mSkEr;

    @VisibleForTesting
    final SaLifetimeAlarmScheduler mSaLifetimeAlarmScheduler;
    private final CloseGuard mCloseGuard = new CloseGuard();

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/SaRecord$ChildSaRecord.class */
    public static class ChildSaRecord extends SaRecord implements Comparable<ChildSaRecord> {
        private static final String TAG = "ChildSaRecord";
        private final int mInboundSpi;
        private final int mOutboundSpi;
        private final IpSecTransform mInboundTransform;
        private final IpSecTransform mOutboundTransform;

        ChildSaRecord(int i, int i2, boolean z, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5, byte[] bArr6, IpSecTransform ipSecTransform, IpSecTransform ipSecTransform2, SaLifetimeAlarmScheduler saLifetimeAlarmScheduler) {
            super(z, bArr, bArr2, bArr3, bArr4, bArr5, bArr6, saLifetimeAlarmScheduler);
            this.mInboundSpi = i;
            this.mOutboundSpi = i2;
            this.mInboundTransform = ipSecTransform;
            this.mOutboundTransform = ipSecTransform2;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static ChildSaRecord makeChildSaRecord(Context context, List<IkePayload> list, List<IkePayload> list2, IpSecManager.SecurityParameterIndex securityParameterIndex, IpSecManager.SecurityParameterIndex securityParameterIndex2, InetAddress inetAddress, InetAddress inetAddress2, @Nullable IpSecManager.UdpEncapsulationSocket udpEncapsulationSocket, IkeMacPrf ikeMacPrf, @Nullable IkeMacIntegrity ikeMacIntegrity, IkeCipher ikeCipher, byte[] bArr, boolean z, boolean z2, SaLifetimeAlarmScheduler saLifetimeAlarmScheduler) throws GeneralSecurityException, IpSecManager.ResourceUnavailableException, IpSecManager.SpiUnavailableException, IOException {
            return SaRecord.sSaRecordHelper.makeChildSaRecord(list, list2, new ChildSaRecordConfig(context, securityParameterIndex, securityParameterIndex2, inetAddress, inetAddress2, udpEncapsulationSocket, ikeMacPrf, ikeMacIntegrity, ikeCipher, bArr, z, z2, saLifetimeAlarmScheduler));
        }

        @Override // com.android.internal.net.ipsec.ike.SaRecord
        protected String getTag() {
            return TAG;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int getLocalSpi() {
            return this.mInboundSpi;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int getRemoteSpi() {
            return this.mOutboundSpi;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public IpSecTransform getInboundIpSecTransform() {
            return this.mInboundTransform;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public IpSecTransform getOutboundIpSecTransform() {
            return this.mOutboundTransform;
        }

        @Override // java.lang.Comparable
        public int compareTo(ChildSaRecord childSaRecord) {
            return 1;
        }

        @Override // com.android.internal.net.ipsec.ike.SaRecord, java.lang.AutoCloseable
        public void close() {
            super.close();
            this.mInboundTransform.close();
            this.mOutboundTransform.close();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/SaRecord$ChildSaRecordConfig.class */
    public static final class ChildSaRecordConfig {
        public final Context context;
        public final IpSecManager.SecurityParameterIndex initSpi;
        public final IpSecManager.SecurityParameterIndex respSpi;
        public final InetAddress initAddress;
        public final InetAddress respAddress;

        @Nullable
        public final IpSecManager.UdpEncapsulationSocket udpEncapSocket;
        public final IkeMacPrf ikePrf;

        @Nullable
        public final IkeMacIntegrity integrityAlgo;
        public final IkeCipher encryptionAlgo;
        public final byte[] skD;
        public final boolean isTransport;
        public final boolean isLocalInit;
        public final boolean hasIntegrityAlgo;
        public final SaLifetimeAlarmScheduler saLifetimeAlarmScheduler;

        ChildSaRecordConfig(Context context, IpSecManager.SecurityParameterIndex securityParameterIndex, IpSecManager.SecurityParameterIndex securityParameterIndex2, InetAddress inetAddress, InetAddress inetAddress2, @Nullable IpSecManager.UdpEncapsulationSocket udpEncapsulationSocket, IkeMacPrf ikeMacPrf, @Nullable IkeMacIntegrity ikeMacIntegrity, IkeCipher ikeCipher, byte[] bArr, boolean z, boolean z2, SaLifetimeAlarmScheduler saLifetimeAlarmScheduler) {
            this.context = context;
            this.initSpi = securityParameterIndex;
            this.respSpi = securityParameterIndex2;
            this.initAddress = z2 ? inetAddress : inetAddress2;
            this.respAddress = z2 ? inetAddress2 : inetAddress;
            this.udpEncapSocket = udpEncapsulationSocket;
            this.ikePrf = ikeMacPrf;
            this.integrityAlgo = ikeMacIntegrity;
            this.encryptionAlgo = ikeCipher;
            this.skD = bArr;
            this.isTransport = z;
            this.isLocalInit = z2;
            this.hasIntegrityAlgo = ikeMacIntegrity != null;
            this.saLifetimeAlarmScheduler = saLifetimeAlarmScheduler;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/SaRecord$IIpSecTransformHelper.class */
    public interface IIpSecTransformHelper {
        IpSecTransform makeIpSecTransform(Context context, InetAddress inetAddress, IpSecManager.UdpEncapsulationSocket udpEncapsulationSocket, IpSecManager.SecurityParameterIndex securityParameterIndex, @Nullable IkeMacIntegrity ikeMacIntegrity, IkeCipher ikeCipher, byte[] bArr, byte[] bArr2, boolean z) throws IpSecManager.ResourceUnavailableException, IpSecManager.SpiUnavailableException, IOException;
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/SaRecord$ISaRecordHelper.class */
    interface ISaRecordHelper {
        IkeSaRecord makeFirstIkeSaRecord(IkeMessage ikeMessage, IkeMessage ikeMessage2, IkeSaRecordConfig ikeSaRecordConfig) throws GeneralSecurityException;

        IkeSaRecord makeRekeyedIkeSaRecord(IkeSaRecord ikeSaRecord, IkeMacPrf ikeMacPrf, IkeMessage ikeMessage, IkeMessage ikeMessage2, IkeSaRecordConfig ikeSaRecordConfig) throws GeneralSecurityException;

        ChildSaRecord makeChildSaRecord(List<IkePayload> list, List<IkePayload> list2, ChildSaRecordConfig childSaRecordConfig) throws GeneralSecurityException, IpSecManager.ResourceUnavailableException, IpSecManager.SpiUnavailableException, IOException;
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/SaRecord$IkeSaRecord.class */
    public static class IkeSaRecord extends SaRecord implements Comparable<IkeSaRecord> {
        private static final String TAG = "IkeSaRecord";
        private final IkeSecurityParameterIndex mInitiatorSpiResource;
        private final IkeSecurityParameterIndex mResponderSpiResource;
        private final byte[] mSkD;
        private final byte[] mSkPi;
        private final byte[] mSkPr;
        private int mLocalRequestMessageId;
        private int mRemoteRequestMessageId;
        private int mLastSentRespMsgId;
        private IkeMessage.DecodeResultPartial mCollectedReqFragments;
        private IkeMessage.DecodeResultPartial mCollectedRespFragments;
        private byte[] mLastRecivedReqFirstPacket;
        private List<byte[]> mLastSentRespAllPackets;

        IkeSaRecord(IkeSecurityParameterIndex ikeSecurityParameterIndex, IkeSecurityParameterIndex ikeSecurityParameterIndex2, boolean z, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5, byte[] bArr6, byte[] bArr7, byte[] bArr8, byte[] bArr9, SaLifetimeAlarmScheduler saLifetimeAlarmScheduler) {
            super(z, bArr, bArr2, bArr4, bArr5, bArr6, bArr7, saLifetimeAlarmScheduler);
            this.mInitiatorSpiResource = ikeSecurityParameterIndex;
            this.mResponderSpiResource = ikeSecurityParameterIndex2;
            this.mInitiatorSpiResource.bindToIkeSaRecord();
            this.mResponderSpiResource.bindToIkeSaRecord();
            this.mSkD = bArr3;
            this.mSkPi = bArr8;
            this.mSkPr = bArr9;
            this.mLocalRequestMessageId = 0;
            this.mRemoteRequestMessageId = 0;
            this.mLastSentRespMsgId = -1;
            this.mCollectedReqFragments = null;
            this.mCollectedRespFragments = null;
            logKey("SK_d", bArr3);
            logKey("SK_pi", bArr8);
            logKey("SK_pr", bArr9);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static IkeSaRecord makeFirstIkeSaRecord(IkeMessage ikeMessage, IkeMessage ikeMessage2, IkeSecurityParameterIndex ikeSecurityParameterIndex, IkeSecurityParameterIndex ikeSecurityParameterIndex2, IkeMacPrf ikeMacPrf, int i, int i2, SaLifetimeAlarmScheduler saLifetimeAlarmScheduler) throws GeneralSecurityException {
            return SaRecord.sSaRecordHelper.makeFirstIkeSaRecord(ikeMessage, ikeMessage2, new IkeSaRecordConfig(ikeSecurityParameterIndex, ikeSecurityParameterIndex2, ikeMacPrf, i, i2, true, saLifetimeAlarmScheduler));
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static IkeSaRecord makeRekeyedIkeSaRecord(IkeSaRecord ikeSaRecord, IkeMacPrf ikeMacPrf, IkeMessage ikeMessage, IkeMessage ikeMessage2, IkeSecurityParameterIndex ikeSecurityParameterIndex, IkeSecurityParameterIndex ikeSecurityParameterIndex2, IkeMacPrf ikeMacPrf2, int i, int i2, boolean z, SaLifetimeAlarmScheduler saLifetimeAlarmScheduler) throws GeneralSecurityException {
            return SaRecord.sSaRecordHelper.makeRekeyedIkeSaRecord(ikeSaRecord, ikeMacPrf, ikeMessage, ikeMessage2, new IkeSaRecordConfig(ikeSecurityParameterIndex, ikeSecurityParameterIndex2, ikeMacPrf2, i, i2, z, saLifetimeAlarmScheduler));
        }

        private void logKey(String str, byte[] bArr) {
            IkeManager.getIkeLog().d(TAG, str + ": " + IkeManager.getIkeLog().pii(bArr));
        }

        @Override // com.android.internal.net.ipsec.ike.SaRecord
        protected String getTag() {
            return TAG;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public long getInitiatorSpi() {
            return this.mInitiatorSpiResource.getSpi();
        }

        @VisibleForTesting
        IkeSecurityParameterIndex getInitiatorIkeSecurityParameterIndex() {
            return this.mInitiatorSpiResource;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public long getResponderSpi() {
            return this.mResponderSpiResource.getSpi();
        }

        @VisibleForTesting
        IkeSecurityParameterIndex getResponderIkeSecurityParameterIndex() {
            return this.mResponderSpiResource;
        }

        public long getLocalSpi() {
            return this.isLocalInit ? this.mInitiatorSpiResource.getSpi() : this.mResponderSpiResource.getSpi();
        }

        public long getRemoteSpi() {
            return this.isLocalInit ? this.mResponderSpiResource.getSpi() : this.mInitiatorSpiResource.getSpi();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public byte[] getSkD() {
            return this.mSkD;
        }

        public byte[] getSkPi() {
            return this.mSkPi;
        }

        public byte[] getSkPr() {
            return this.mSkPr;
        }

        @Override // java.lang.Comparable
        public int compareTo(IkeSaRecord ikeSaRecord) {
            return 1;
        }

        public int getLocalRequestMessageId() {
            return this.mLocalRequestMessageId;
        }

        public int getRemoteRequestMessageId() {
            return this.mRemoteRequestMessageId;
        }

        public void incrementLocalRequestMessageId() {
            this.mLocalRequestMessageId++;
        }

        public void incrementRemoteRequestMessageId() {
            this.mRemoteRequestMessageId++;
        }

        public IkeMessage.DecodeResultPartial getCollectedFragments(boolean z) {
            return z ? this.mCollectedRespFragments : this.mCollectedReqFragments;
        }

        public void updateCollectedFragments(IkeMessage.DecodeResultPartial decodeResultPartial, boolean z) {
            if (z) {
                this.mCollectedRespFragments = decodeResultPartial;
            } else {
                this.mCollectedReqFragments = decodeResultPartial;
            }
        }

        public void resetCollectedFragments(boolean z) {
            updateCollectedFragments(null, z);
        }

        public void updateLastReceivedReqFirstPacket(byte[] bArr) {
            this.mLastRecivedReqFirstPacket = bArr;
        }

        public void updateLastSentRespAllPackets(List<byte[]> list, int i) {
            this.mLastSentRespAllPackets = list;
            this.mLastSentRespMsgId = i;
        }

        public int getLastSentRespMsgId() {
            return this.mLastSentRespMsgId;
        }

        public boolean isRetransmittedRequest(byte[] bArr) {
            return Arrays.equals(this.mLastRecivedReqFirstPacket, bArr);
        }

        public List<byte[]> getLastSentRespAllPackets() {
            return this.mLastSentRespAllPackets;
        }

        @Override // com.android.internal.net.ipsec.ike.SaRecord, java.lang.AutoCloseable
        public void close() {
            super.close();
            this.mInitiatorSpiResource.unbindFromIkeSaRecord();
            this.mResponderSpiResource.unbindFromIkeSaRecord();
            this.mInitiatorSpiResource.close();
            this.mResponderSpiResource.close();
        }

        public void migrate(InetAddress inetAddress, InetAddress inetAddress2) throws IOException {
            this.mInitiatorSpiResource.migrate(inetAddress);
            this.mResponderSpiResource.migrate(inetAddress2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/SaRecord$IkeSaRecordConfig.class */
    public static class IkeSaRecordConfig {
        public final IkeSecurityParameterIndex initSpi;
        public final IkeSecurityParameterIndex respSpi;
        public final IkeMacPrf prf;
        public final int integrityKeyLength;
        public final int encryptionKeyLength;
        public final boolean isLocalInit;
        public final SaLifetimeAlarmScheduler saLifetimeAlarmScheduler;

        IkeSaRecordConfig(IkeSecurityParameterIndex ikeSecurityParameterIndex, IkeSecurityParameterIndex ikeSecurityParameterIndex2, IkeMacPrf ikeMacPrf, int i, int i2, boolean z, SaLifetimeAlarmScheduler saLifetimeAlarmScheduler) {
            this.initSpi = ikeSecurityParameterIndex;
            this.respSpi = ikeSecurityParameterIndex2;
            this.prf = ikeMacPrf;
            this.integrityKeyLength = i;
            this.encryptionKeyLength = i2;
            this.isLocalInit = z;
            this.saLifetimeAlarmScheduler = saLifetimeAlarmScheduler;
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/SaRecord$IpSecTransformHelper.class */
    static class IpSecTransformHelper implements IIpSecTransformHelper {
        private static final String TAG = "IpSecTransformHelper";

        IpSecTransformHelper() {
        }

        @Override // com.android.internal.net.ipsec.ike.SaRecord.IIpSecTransformHelper
        public IpSecTransform makeIpSecTransform(Context context, InetAddress inetAddress, IpSecManager.UdpEncapsulationSocket udpEncapsulationSocket, IpSecManager.SecurityParameterIndex securityParameterIndex, @Nullable IkeMacIntegrity ikeMacIntegrity, IkeCipher ikeCipher, byte[] bArr, byte[] bArr2, boolean z) throws IpSecManager.ResourceUnavailableException, IpSecManager.SpiUnavailableException, IOException {
            IpSecTransform.Builder builder = new IpSecTransform.Builder(context);
            if (ikeCipher.isAead()) {
                builder.setAuthenticatedEncryption(ikeCipher.buildIpSecAlgorithmWithKey(bArr2));
            } else {
                builder.setEncryption(ikeCipher.buildIpSecAlgorithmWithKey(bArr2));
                builder.setAuthentication(ikeMacIntegrity.buildIpSecAlgorithmWithKey(bArr));
            }
            if (udpEncapsulationSocket != null && (inetAddress instanceof Inet6Address)) {
                IkeManager.getIkeLog().wtf(TAG, "Kernel does not support UDP encapsulation for IPv6 SAs");
            }
            if (udpEncapsulationSocket != null && (inetAddress instanceof Inet4Address)) {
                builder.setIpv4Encapsulation(udpEncapsulationSocket, IkeSocket.SERVER_PORT_UDP_ENCAPSULATED);
            }
            return z ? builder.buildTransportModeTransform(inetAddress, securityParameterIndex) : builder.buildTunnelModeTransform(inetAddress, securityParameterIndex);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/android/internal/net/ipsec/ike/SaRecord$SaLifetimeAlarmScheduler.class */
    public static class SaLifetimeAlarmScheduler {
        private final long mDeleteDelayMs;
        private final long mRekeyDelayMs;
        private final IkeAlarm mDeleteAlarm;
        private final IkeAlarm mRekeyAlarm;

        /* JADX INFO: Access modifiers changed from: package-private */
        public SaLifetimeAlarmScheduler(IkeAlarm.IkeAlarmConfig ikeAlarmConfig, IkeAlarm.IkeAlarmConfig ikeAlarmConfig2) {
            this.mDeleteDelayMs = ikeAlarmConfig.delayMs;
            this.mRekeyDelayMs = ikeAlarmConfig2.delayMs;
            this.mDeleteAlarm = IkeAlarm.newExactAlarm(ikeAlarmConfig);
            this.mRekeyAlarm = IkeAlarm.newExactAndAllowWhileIdleAlarm(ikeAlarmConfig2);
        }

        public void scheduleLifetimeExpiryAlarm(String str) {
            this.mDeleteAlarm.schedule();
            this.mRekeyAlarm.schedule();
            IkeManager.getIkeLog().d(str, "Lifetime alarm set: Hard lifetime (" + this.mDeleteDelayMs + "ms) Soft lifetime (" + this.mRekeyDelayMs + "ms)");
        }

        public void rescheduleRekey(long j) {
            this.mRekeyAlarm.schedule();
        }

        public void cancelLifetimeExpiryAlarm(String str) {
            this.mDeleteAlarm.cancel();
            this.mRekeyAlarm.cancel();
            IkeManager.getIkeLog().d(str, "Hard and soft lifetime alarm cancelled");
        }
    }

    /* loaded from: input_file:com/android/internal/net/ipsec/ike/SaRecord$SaRecordHelper.class */
    static class SaRecordHelper implements ISaRecordHelper {
        SaRecordHelper() {
        }

        @Override // com.android.internal.net.ipsec.ike.SaRecord.ISaRecordHelper
        public IkeSaRecord makeFirstIkeSaRecord(IkeMessage ikeMessage, IkeMessage ikeMessage2, IkeSaRecordConfig ikeSaRecordConfig) throws GeneralSecurityException {
            byte[] bArr = ((IkeNoncePayload) ikeMessage.getPayloadForType(40, IkeNoncePayload.class)).nonceData;
            byte[] bArr2 = ((IkeNoncePayload) ikeMessage2.getPayloadForType(40, IkeNoncePayload.class)).nonceData;
            return makeIkeSaRecord(ikeSaRecordConfig.prf.generateSKeySeed(bArr, bArr2, getSharedKey(ikeMessage, ikeMessage2)), bArr, bArr2, ikeSaRecordConfig);
        }

        @Override // com.android.internal.net.ipsec.ike.SaRecord.ISaRecordHelper
        public IkeSaRecord makeRekeyedIkeSaRecord(IkeSaRecord ikeSaRecord, IkeMacPrf ikeMacPrf, IkeMessage ikeMessage, IkeMessage ikeMessage2, IkeSaRecordConfig ikeSaRecordConfig) throws GeneralSecurityException {
            byte[] bArr = ((IkeNoncePayload) ikeMessage.getPayloadForType(40, IkeNoncePayload.class)).nonceData;
            byte[] bArr2 = ((IkeNoncePayload) ikeMessage2.getPayloadForType(40, IkeNoncePayload.class)).nonceData;
            return makeIkeSaRecord(ikeMacPrf.generateRekeyedSKeySeed(ikeSaRecord.mSkD, bArr, bArr2, getSharedKey(ikeSaRecordConfig.isLocalInit ? ikeMessage : ikeMessage2, ikeSaRecordConfig.isLocalInit ? ikeMessage2 : ikeMessage)), bArr, bArr2, ikeSaRecordConfig);
        }

        private byte[] getSharedKey(IkeMessage ikeMessage, IkeMessage ikeMessage2) throws GeneralSecurityException {
            IkeKePayload ikeKePayload = (IkeKePayload) ikeMessage.getPayloadForType(34, IkeKePayload.class);
            IkeKePayload ikeKePayload2 = (IkeKePayload) ikeMessage2.getPayloadForType(34, IkeKePayload.class);
            return IkeKePayload.getSharedKey(ikeKePayload.localPrivateKey, ikeKePayload2.keyExchangeData, ikeKePayload2.dhGroup);
        }

        @VisibleForTesting
        IkeSaRecord makeIkeSaRecord(byte[] bArr, byte[] bArr2, byte[] bArr3, IkeSaRecordConfig ikeSaRecordConfig) {
            ByteBuffer allocate = ByteBuffer.allocate(bArr2.length + bArr3.length + 16);
            IkeSecurityParameterIndex ikeSecurityParameterIndex = ikeSaRecordConfig.initSpi;
            IkeSecurityParameterIndex ikeSecurityParameterIndex2 = ikeSaRecordConfig.respSpi;
            IkeMacPrf ikeMacPrf = ikeSaRecordConfig.prf;
            int i = ikeSaRecordConfig.integrityKeyLength;
            int i2 = ikeSaRecordConfig.encryptionKeyLength;
            allocate.put(bArr2).put(bArr3).putLong(ikeSecurityParameterIndex.getSpi()).putLong(ikeSecurityParameterIndex2.getSpi());
            int keyLength = ikeMacPrf.getKeyLength();
            byte[] generateKeyMat = ikeMacPrf.generateKeyMat(bArr, allocate.array(), keyLength + (2 * i) + (2 * i2) + (2 * ikeMacPrf.getKeyLength()));
            byte[] bArr4 = new byte[keyLength];
            byte[] bArr5 = new byte[i];
            byte[] bArr6 = new byte[i];
            byte[] bArr7 = new byte[i2];
            byte[] bArr8 = new byte[i2];
            byte[] bArr9 = new byte[ikeMacPrf.getKeyLength()];
            byte[] bArr10 = new byte[ikeMacPrf.getKeyLength()];
            ByteBuffer.wrap(generateKeyMat).get(bArr4).get(bArr5).get(bArr6).get(bArr7).get(bArr8).get(bArr9).get(bArr10);
            return new IkeSaRecord(ikeSecurityParameterIndex, ikeSecurityParameterIndex2, ikeSaRecordConfig.isLocalInit, bArr2, bArr3, bArr4, bArr5, bArr6, bArr7, bArr8, bArr9, bArr10, ikeSaRecordConfig.saLifetimeAlarmScheduler);
        }

        @Override // com.android.internal.net.ipsec.ike.SaRecord.ISaRecordHelper
        public ChildSaRecord makeChildSaRecord(List<IkePayload> list, List<IkePayload> list2, ChildSaRecordConfig childSaRecordConfig) throws GeneralSecurityException, IpSecManager.ResourceUnavailableException, IpSecManager.SpiUnavailableException, IOException {
            return makeChildSaRecord(getChildSharedKey(list, list2, childSaRecordConfig.isLocalInit), ((IkeNoncePayload) IkePayload.getPayloadForTypeInProvidedList(40, IkeNoncePayload.class, list)).nonceData, ((IkeNoncePayload) IkePayload.getPayloadForTypeInProvidedList(40, IkeNoncePayload.class, list2)).nonceData, childSaRecordConfig);
        }

        @VisibleForTesting
        static byte[] getChildSharedKey(List<IkePayload> list, List<IkePayload> list2, boolean z) throws GeneralSecurityException {
            IkeKePayload ikeKePayload = (IkeKePayload) IkePayload.getPayloadForTypeInProvidedList(34, IkeKePayload.class, list);
            if (ikeKePayload == null) {
                return new byte[0];
            }
            IkeKePayload ikeKePayload2 = (IkeKePayload) IkePayload.getPayloadForTypeInProvidedList(34, IkeKePayload.class, list2);
            IkeKePayload ikeKePayload3 = z ? ikeKePayload : ikeKePayload2;
            IkeKePayload ikeKePayload4 = z ? ikeKePayload2 : ikeKePayload;
            return IkeKePayload.getSharedKey(ikeKePayload3.localPrivateKey, ikeKePayload4.keyExchangeData, ikeKePayload4.dhGroup);
        }

        @VisibleForTesting
        ChildSaRecord makeChildSaRecord(byte[] bArr, byte[] bArr2, byte[] bArr3, ChildSaRecordConfig childSaRecordConfig) throws IpSecManager.ResourceUnavailableException, IpSecManager.SpiUnavailableException, IOException {
            ByteBuffer allocate = ByteBuffer.allocate(bArr.length + bArr2.length + bArr3.length);
            allocate.put(bArr).put(bArr2).put(bArr3);
            int keyLength = childSaRecordConfig.encryptionAlgo.getKeyLength();
            int keyLength2 = childSaRecordConfig.hasIntegrityAlgo ? childSaRecordConfig.integrityAlgo.getKeyLength() : 0;
            byte[] generateKeyMat = childSaRecordConfig.ikePrf.generateKeyMat(childSaRecordConfig.skD, allocate.array(), (2 * keyLength) + (2 * keyLength2));
            byte[] bArr4 = new byte[keyLength];
            byte[] bArr5 = new byte[keyLength2];
            byte[] bArr6 = new byte[keyLength];
            byte[] bArr7 = new byte[keyLength2];
            ByteBuffer.wrap(generateKeyMat).get(bArr4).get(bArr5).get(bArr6).get(bArr7);
            IpSecTransform ipSecTransform = null;
            IpSecTransform ipSecTransform2 = null;
            try {
                ipSecTransform = SaRecord.sIpSecTransformHelper.makeIpSecTransform(childSaRecordConfig.context, childSaRecordConfig.initAddress, childSaRecordConfig.udpEncapSocket, childSaRecordConfig.respSpi, childSaRecordConfig.integrityAlgo, childSaRecordConfig.encryptionAlgo, bArr5, bArr4, childSaRecordConfig.isTransport);
                ipSecTransform2 = SaRecord.sIpSecTransformHelper.makeIpSecTransform(childSaRecordConfig.context, childSaRecordConfig.respAddress, childSaRecordConfig.udpEncapSocket, childSaRecordConfig.initSpi, childSaRecordConfig.integrityAlgo, childSaRecordConfig.encryptionAlgo, bArr7, bArr6, childSaRecordConfig.isTransport);
                int spi = childSaRecordConfig.initSpi.getSpi();
                int spi2 = childSaRecordConfig.respSpi.getSpi();
                boolean z = childSaRecordConfig.isLocalInit;
                return new ChildSaRecord(z ? spi : spi2, z ? spi2 : spi, z, bArr2, bArr3, bArr5, bArr7, bArr4, bArr6, z ? ipSecTransform2 : ipSecTransform, z ? ipSecTransform : ipSecTransform2, childSaRecordConfig.saLifetimeAlarmScheduler);
            } catch (Exception e) {
                if (ipSecTransform != null) {
                    ipSecTransform.close();
                }
                if (ipSecTransform2 != null) {
                    ipSecTransform2.close();
                }
                throw e;
            }
        }
    }

    SaRecord(boolean z, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5, byte[] bArr6, SaLifetimeAlarmScheduler saLifetimeAlarmScheduler) {
        this.isLocalInit = z;
        this.nonceInitiator = bArr;
        this.nonceResponder = bArr2;
        this.mSkAi = bArr3;
        this.mSkAr = bArr4;
        this.mSkEi = bArr5;
        this.mSkEr = bArr6;
        logKey("SK_ai", bArr3);
        logKey("SK_ar", bArr4);
        logKey("SK_ei", bArr5);
        logKey("SK_er", bArr6);
        this.mSaLifetimeAlarmScheduler = saLifetimeAlarmScheduler;
        this.mSaLifetimeAlarmScheduler.scheduleLifetimeExpiryAlarm(getTag());
        this.mCloseGuard.open("close");
    }

    private void logKey(String str, byte[] bArr) {
        IkeManager.getIkeLog().d(getTag(), str + ": " + IkeManager.getIkeLog().pii(bArr));
    }

    protected abstract String getTag();

    public byte[] getOutboundIntegrityKey() {
        return this.isLocalInit ? this.mSkAi : this.mSkAr;
    }

    public byte[] getInboundIntegrityKey() {
        return this.isLocalInit ? this.mSkAr : this.mSkAi;
    }

    public byte[] getOutboundEncryptionKey() {
        return this.isLocalInit ? this.mSkEi : this.mSkEr;
    }

    public byte[] getInboundDecryptionKey() {
        return this.isLocalInit ? this.mSkEr : this.mSkEi;
    }

    public void rescheduleRekey(long j) {
        this.mSaLifetimeAlarmScheduler.rescheduleRekey(j);
    }

    protected void finalize() throws Throwable {
        if (this.mCloseGuard != null) {
            this.mCloseGuard.warnIfOpen();
        }
        close();
    }

    @Override // java.lang.AutoCloseable
    public void close() {
        this.mSaLifetimeAlarmScheduler.cancelLifetimeExpiryAlarm(getTag());
    }

    @VisibleForTesting
    static void setSaRecordHelper(ISaRecordHelper iSaRecordHelper) {
        sSaRecordHelper = iSaRecordHelper;
    }

    @VisibleForTesting
    static void setIpSecTransformHelper(IIpSecTransformHelper iIpSecTransformHelper) {
        sIpSecTransformHelper = iIpSecTransformHelper;
    }
}
