package de.cardcontact.opencard.service.eac20;

import de.cardcontact.opencard.security.IsoCredentialStore;
import de.cardcontact.opencard.security.IsoSecureChannel;
import de.cardcontact.opencard.security.IsoSecureChannelCredential;
import de.cardcontact.opencard.security.SecureChannel;
import de.cardcontact.opencard.security.SecureChannelCredential;
import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMCardService;
import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMKey;
import de.cardcontact.tlv.ConstructedTLV;
import de.cardcontact.tlv.PrimitiveTLV;
import de.cardcontact.tlv.TLVEncodingException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECFieldFp;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.EllipticCurve;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import opencard.core.service.CardChannel;
import opencard.core.service.CardServiceException;
import opencard.core.terminal.CardTerminalException;
import opencard.opt.iso.fs.CardFilePath;
import opencard.opt.security.CredentialStore;

/* loaded from: input_file:de/cardcontact/opencard/service/eac20/EAC20.class */
public class EAC20 {
    private static final Logger log;
    private SmartCardHSMCardService hsms;
    private CardChannel channel;
    private ECPrivateKey prkCA;
    private ECPublicKey pukCA;
    private byte[] ephemeralPublicKeyIfd;
    private ECPublicKey devAuthPK;
    private SecretKey kenc;
    private SecretKey kmac;
    private IsoSecureChannel sc;
    private IsoSecureChannelCredential credential;
    private CredentialStore store;
    static final /* synthetic */ boolean $assertionsDisabled;
    private byte[] mseData = {Byte.MIN_VALUE, 10, 4, 0, Byte.MAX_VALUE, 0, 7, 2, 2, 3, 2, 1};
    private CardFilePath securityDomain = new CardFilePath("#E82B0601040181C31F0201");
    private byte[] protocol = {4, 0, Byte.MAX_VALUE, 0, 7, 2, 2, 3, 2, 1};

    public EAC20(SmartCardHSMCardService smartCardHSMCardService, ECPublicKey eCPublicKey) {
        this.hsms = smartCardHSMCardService;
        this.devAuthPK = eCPublicKey;
    }

    public SecureChannelCredential performChipAuthentication() throws CardServiceException, CardTerminalException {
        generateEphemeralCAKeyPair();
        this.hsms.manageSE(this.mseData);
        ConstructedTLV constructedTLV = null;
        try {
            constructedTLV = new ConstructedTLV(doGeneralAuthenticate());
        } catch (TLVEncodingException e) {
            log.log(Level.WARNING, e.getLocalizedMessage(), (Throwable) e);
        }
        PrimitiveTLV primitiveTLV = (PrimitiveTLV) constructedTLV.get(0);
        PrimitiveTLV primitiveTLV2 = (PrimitiveTLV) constructedTLV.get(1);
        byte[] value = primitiveTLV.getValue();
        byte[] value2 = primitiveTLV2.getValue();
        PublicKey publicKey = null;
        try {
            publicKey = KeyFactory.getInstance(SmartCardHSMKey.EC, "BC").generatePublic(new ECPublicKeySpec(this.devAuthPK.getW(), this.prkCA.getParams()));
        } catch (NoSuchAlgorithmException e2) {
            log.log(Level.WARNING, e2.getLocalizedMessage(), (Throwable) e2);
        } catch (NoSuchProviderException e3) {
            log.log(Level.WARNING, e3.getLocalizedMessage(), (Throwable) e3);
        } catch (InvalidKeySpecException e4) {
            log.log(Level.WARNING, e4.getLocalizedMessage(), (Throwable) e4);
        }
        byte[] bArr = null;
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH", "BC");
            keyAgreement.init(this.prkCA);
            keyAgreement.doPhase(publicKey, true);
            bArr = keyAgreement.generateSecret();
        } catch (InvalidKeyException e5) {
            log.log(Level.WARNING, e5.getLocalizedMessage(), (Throwable) e5);
        } catch (NoSuchAlgorithmException e6) {
            log.log(Level.WARNING, e6.getLocalizedMessage(), (Throwable) e6);
        } catch (NoSuchProviderException e7) {
            log.log(Level.WARNING, e7.getLocalizedMessage(), (Throwable) e7);
        }
        this.kenc = deriveKey(bArr, 1, value);
        this.kmac = deriveKey(bArr, 2, value);
        boolean verifyAuthenticationToken = verifyAuthenticationToken(value2);
        if (!$assertionsDisabled && !verifyAuthenticationToken) {
            throw new AssertionError();
        }
        this.sc = new IsoSecureChannel();
        this.sc.setEncKey(this.kenc);
        this.sc.setMacKey(this.kmac);
        this.sc.setMACSendSequenceCounter(new byte[8]);
        this.credential = new IsoSecureChannelCredential(SecureChannel.ALL, this.sc);
        this.store = new IsoCredentialStore();
        ((IsoCredentialStore) this.store).setSecureChannelCredential(this.securityDomain, this.credential);
        return this.credential;
    }

    private void generateEphemeralCAKeyPair() {
        KeyPairGenerator keyPairGenerator = null;
        try {
            keyPairGenerator = KeyPairGenerator.getInstance(SmartCardHSMKey.EC, "BC");
        } catch (NoSuchAlgorithmException e) {
            log.log(Level.WARNING, e.getLocalizedMessage(), (Throwable) e);
        } catch (NoSuchProviderException e2) {
            log.log(Level.WARNING, e2.getLocalizedMessage(), (Throwable) e2);
        }
        try {
            keyPairGenerator.initialize(new ECParameterSpec(new EllipticCurve(new ECFieldFp(new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", 16)), new BigInteger("7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", 16), new BigInteger("26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", 16)), new ECPoint(new BigInteger("8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", 16), new BigInteger("547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", 16)), new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", 16), 1));
        } catch (InvalidAlgorithmParameterException e3) {
            log.log(Level.WARNING, e3.getLocalizedMessage(), (Throwable) e3);
        }
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        this.prkCA = (ECPrivateKey) generateKeyPair.getPrivate();
        this.pukCA = (ECPublicKey) generateKeyPair.getPublic();
    }

    private byte[] doGeneralAuthenticate() throws CardTerminalException, CardServiceException {
        byte[] unsignedBigIntegerToByteArray = unsignedBigIntegerToByteArray(this.pukCA.getW().getAffineX(), 256);
        byte[] unsignedBigIntegerToByteArray2 = unsignedBigIntegerToByteArray(this.pukCA.getW().getAffineY(), 256);
        this.ephemeralPublicKeyIfd = new byte[(unsignedBigIntegerToByteArray.length * 2) + 1];
        this.ephemeralPublicKeyIfd[0] = 4;
        System.arraycopy(unsignedBigIntegerToByteArray, 0, this.ephemeralPublicKeyIfd, 1, unsignedBigIntegerToByteArray.length);
        System.arraycopy(unsignedBigIntegerToByteArray2, 0, this.ephemeralPublicKeyIfd, 1 + unsignedBigIntegerToByteArray.length, unsignedBigIntegerToByteArray2.length);
        byte[] bArr = null;
        try {
            ConstructedTLV constructedTLV = new ConstructedTLV(124);
            constructedTLV.add(new PrimitiveTLV(IsoCredentialStore.DEACTIVATE, this.ephemeralPublicKeyIfd));
            bArr = constructedTLV.getBytes();
        } catch (TLVEncodingException e) {
            log.log(Level.WARNING, e.getLocalizedMessage(), (Throwable) e);
        }
        return this.hsms.generalAuthenticate(bArr);
    }

    public SecureChannelCredential getCredential() {
        return this.credential;
    }

    private SecretKey deriveKey(byte[] bArr, int i, byte[] bArr2) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write(bArr);
            byteArrayOutputStream.write(bArr2);
        } catch (IOException e) {
            log.log(Level.WARNING, e.getLocalizedMessage(), (Throwable) e);
        }
        byteArrayOutputStream.write(0);
        byteArrayOutputStream.write(0);
        byteArrayOutputStream.write(0);
        byteArrayOutputStream.write(i);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        MessageDigest messageDigest = null;
        try {
            messageDigest = MessageDigest.getInstance("SHA1");
        } catch (NoSuchAlgorithmException e2) {
            log.log(Level.WARNING, e2.getLocalizedMessage(), (Throwable) e2);
        }
        messageDigest.update(byteArray);
        byte[] digest = messageDigest.digest();
        byte[] bArr3 = new byte[24];
        System.arraycopy(digest, 0, bArr3, 0, 16);
        System.arraycopy(digest, 0, bArr3, 16, 8);
        DESedeKeySpec dESedeKeySpec = null;
        try {
            dESedeKeySpec = new DESedeKeySpec(bArr3);
        } catch (InvalidKeyException e3) {
            log.log(Level.WARNING, e3.getLocalizedMessage(), (Throwable) e3);
        }
        SecretKey secretKey = null;
        try {
            secretKey = SecretKeyFactory.getInstance("DESede").generateSecret(dESedeKeySpec);
        } catch (NoSuchAlgorithmException e4) {
            log.log(Level.WARNING, e4.getLocalizedMessage(), (Throwable) e4);
        } catch (InvalidKeySpecException e5) {
            log.log(Level.WARNING, e5.getLocalizedMessage(), (Throwable) e5);
        }
        return secretKey;
    }

    public boolean verifyAuthenticationToken(byte[] bArr) {
        byte[] bArr2 = null;
        byte[] encodePublicKey = encodePublicKey();
        try {
            Mac mac = Mac.getInstance("ISO9797ALG3Mac");
            mac.init(this.kmac);
            mac.update(encodePublicKey);
            bArr2 = mac.doFinal();
        } catch (InvalidKeyException e) {
            log.log(Level.WARNING, e.getLocalizedMessage(), (Throwable) e);
        } catch (NoSuchAlgorithmException e2) {
            log.log(Level.WARNING, e2.getLocalizedMessage(), (Throwable) e2);
        }
        return Arrays.equals(bArr2, bArr);
    }

    public byte[] encodePublicKey() {
        ConstructedTLV constructedTLV = null;
        try {
            constructedTLV = new ConstructedTLV(32585);
            constructedTLV.add(new PrimitiveTLV(6, this.protocol));
            constructedTLV.add(new PrimitiveTLV(134, this.ephemeralPublicKeyIfd));
        } catch (TLVEncodingException e) {
            log.log(Level.WARNING, e.getLocalizedMessage(), (Throwable) e);
        }
        return constructedTLV.getBytes();
    }

    protected static byte[] unsignedBigIntegerToByteArray(BigInteger bigInteger, int i) {
        byte[] byteArray = bigInteger.toByteArray();
        int i2 = (i >> 3) + ((i & 7) == 0 ? 0 : 1);
        byte[] bArr = new byte[i2];
        int length = i2 - byteArray.length;
        int i3 = 0;
        if (length < 0) {
            if (length < -1 || byteArray[0] != 0) {
                throw new IllegalArgumentException("Size mismatch converting big integer to byte array");
            }
            i3 = -length;
            length = 0;
        }
        System.arraycopy(byteArray, i3, bArr, length, i2 - length);
        return bArr;
    }

    static {
        $assertionsDisabled = !EAC20.class.desiredAssertionStatus();
        log = Logger.getLogger(EAC20.class.getName());
    }
}
