package de.cardcontact.opencard.security;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import opencard.core.service.CardServiceInvalidParameterException;
import opencard.core.terminal.CommandAPDU;
import opencard.core.terminal.ResponseAPDU;

/* loaded from: input_file:de/cardcontact/opencard/security/GPSCP02SecureChannel.class */
public class GPSCP02SecureChannel implements SecureChannel {
    public static final byte THREE_SECURE_CHANNEL_BASE_KEYS = 1;
    public static final byte CMAC_ON_MODIFIED_APDU = 0;
    public static final byte INITIATION_MODE_EXPLICIT = 4;
    public static final byte ICV_SET_TO_ZERO = 0;
    public static final byte ICV_ENCRYPTION_FOR_CMAC_SESSION = 16;
    public static final byte NO_RMAC_SUPPORT = 0;
    public static final byte WELL_KNOWN_PSEUDO_RANDOM_ALGORITHM = 64;
    public static final byte UNSPECIFIED_CARD_CHALLENGE_GENERATION = 0;
    public static final byte NONE = 0;
    public static final byte C_MAC = 1;
    public static final byte C_MAC_AND_C_ENC = 3;
    protected String provider;
    private Key senc;
    private Key smac;
    private Key dek;
    private byte[] iv = new byte[8];
    private byte securitylevel;
    private Mac mac;
    private Cipher singleDES;
    private Cipher tripleDES;
    private static final byte[] ZERO_ICV = {0, 0, 0, 0, 0, 0, 0, 0};
    private static final byte[] ISO_PADDING = {Byte.MIN_VALUE, 0, 0, 0, 0, 0, 0, 0};

    public GPSCP02SecureChannel(Key key, Key key2, Key key3, byte[] bArr, byte b, String str) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException {
        this.securitylevel = (byte) 0;
        this.mac = null;
        this.singleDES = null;
        this.tripleDES = null;
        this.provider = str;
        this.senc = key;
        this.smac = key2;
        this.dek = key3;
        this.securitylevel = b;
        System.arraycopy(bArr, 0, this.iv, 0, 8);
        this.mac = Mac.getInstance("ISO9797ALG3Mac", str);
        this.singleDES = Cipher.getInstance("DES/CBC/NoPadding", str);
        this.tripleDES = Cipher.getInstance("DESede/CBC/NoPadding", str);
    }

    @Override // de.cardcontact.opencard.security.SecureChannel
    public ResponseAPDU unwrap(ResponseAPDU responseAPDU, int i) {
        return responseAPDU;
    }

    @Override // de.cardcontact.opencard.security.SecureChannel
    public CommandAPDU wrap(CommandAPDU commandAPDU, int i) {
        if (this.securitylevel == 0) {
            return commandAPDU;
        }
        if (commandAPDU.getLength() >= 248) {
            throw new CardServiceInvalidParameterException("Length of C-Data must not exceed 247 in C_MAC mode");
        }
        byte[] bytes = commandAPDU.getBytes();
        byte b = -1;
        short s = 0;
        if (bytes.length != 4) {
            if (bytes.length == 5) {
                b = bytes[4];
            } else if (bytes.length >= 6) {
                s = (short) (bytes[4] & 255);
                if ((bytes.length - s) - 4 > 0) {
                    b = bytes[bytes.length - 1];
                }
            }
        }
        int i2 = 8 - ((5 + s) % 8);
        if (i2 == 0) {
            i2 = 8;
        }
        byte[] bArr = new byte[5 + s + i2];
        bArr[0] = (byte) (bytes[0] | 4);
        bArr[1] = bytes[1];
        bArr[2] = bytes[2];
        bArr[3] = bytes[3];
        bArr[4] = (byte) (s + 8);
        if (s > 0) {
            System.arraycopy(bytes, 5, bArr, 5, s);
            System.arraycopy(ISO_PADDING, 0, bArr, 5 + s, i2);
        } else {
            System.arraycopy(ISO_PADDING, 0, bArr, 5, i2);
        }
        try {
            byte[] bArr2 = new byte[8];
            System.arraycopy(this.smac.getEncoded(), 0, bArr2, 0, 8);
            this.singleDES.init(1, new SecretKeySpec(bArr2, "DES"), new IvParameterSpec(ZERO_ICV));
            this.mac.init(this.smac, new IvParameterSpec(this.singleDES.doFinal(this.iv)));
            this.iv = this.mac.doFinal(bArr);
            CommandAPDU commandAPDU2 = new CommandAPDU(262);
            byte[] bArr3 = new byte[5];
            System.arraycopy(bArr, 0, bArr3, 0, 5);
            if (this.securitylevel != 3) {
                commandAPDU2.append(bArr3);
                if (s > 0) {
                    byte[] bArr4 = new byte[s];
                    System.arraycopy(bytes, 5, bArr4, 0, s);
                    commandAPDU2.append(bArr4);
                }
            } else if (s <= 0) {
                commandAPDU2.append(bArr3);
            } else {
                if (s >= 240) {
                    throw new CardServiceInvalidParameterException("Length of C-Data must not exceed 239 in C_MAC_AND_C_ENC mode");
                }
                try {
                    int i3 = 8 - (s % 8);
                    if (i3 == 0) {
                        i3 = 8;
                    }
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    this.tripleDES.init(1, this.senc, new IvParameterSpec(ZERO_ICV));
                    byte[] update = this.tripleDES.update(bytes, 5, s);
                    if (update != null) {
                        byteArrayOutputStream.write(update);
                    }
                    byte[] update2 = this.tripleDES.update(ISO_PADDING, 0, i3);
                    if (update2 != null) {
                        byteArrayOutputStream.write(update2);
                    }
                    byte[] doFinal = this.tripleDES.doFinal();
                    if (doFinal != null) {
                        byteArrayOutputStream.write(doFinal);
                    }
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    bArr3[4] = (byte) (byteArray.length + 8);
                    commandAPDU2.append(bArr3);
                    commandAPDU2.append(byteArray);
                } catch (IOException e) {
                    throw new CardServiceInvalidParameterException("I/O error during encryption : " + e.getLocalizedMessage());
                } catch (InvalidAlgorithmParameterException e2) {
                    throw new CardServiceInvalidParameterException("Invalid algorithm parameter for ENC : " + e2.getLocalizedMessage());
                } catch (InvalidKeyException e3) {
                    throw new CardServiceInvalidParameterException("Wrong key for ENC : " + e3.getLocalizedMessage());
                } catch (BadPaddingException e4) {
                    throw new CardServiceInvalidParameterException("Bad padding for ENC : " + e4.getLocalizedMessage());
                } catch (IllegalBlockSizeException e5) {
                    throw new CardServiceInvalidParameterException("Illegal block size for ENC : " + e5.getLocalizedMessage());
                }
            }
            commandAPDU2.append(this.iv);
            if (b != -1) {
                commandAPDU2.append(b);
            }
            return commandAPDU2;
        } catch (IllegalStateException e6) {
            throw new CardServiceInvalidParameterException("Illegal state for MAC calculation : " + e6.getLocalizedMessage());
        } catch (InvalidAlgorithmParameterException e7) {
            throw new CardServiceInvalidParameterException("Invalid algorithm parameter for MAC calculation : " + e7.getLocalizedMessage());
        } catch (InvalidKeyException e8) {
            throw new CardServiceInvalidParameterException("Wrong key for MAC calculation : " + e8.getLocalizedMessage());
        } catch (BadPaddingException e9) {
            throw new CardServiceInvalidParameterException("Bad padding for MAC calculation : " + e9.getLocalizedMessage());
        } catch (IllegalBlockSizeException e10) {
            throw new CardServiceInvalidParameterException("Illegal block size for MAC calculation : " + e10.getLocalizedMessage());
        }
    }

    public static boolean scpOptionsSupported(byte b, byte b2) {
        if (b == 2) {
            return b2 == 21 || b2 == 85;
        }
        return false;
    }
}
