package de.cardcontact.opencard.security;

import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMKey;
import java.nio.ByteBuffer;
import java.util.Arrays;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import opencard.core.OpenCardException;
import opencard.core.service.CardServiceException;

/* loaded from: input_file:de/cardcontact/opencard/security/GPSCP03Authenticator.class */
public class GPSCP03Authenticator extends GPSCPAuthenticator {
    private Mac aesCMAC;

    public GPSCP03Authenticator(byte[] bArr) {
        super(bArr);
        try {
            this.aesCMAC = Mac.getInstance("AESCMAC");
        } catch (Exception e) {
            throw new RuntimeException("Failed to create cipher instance", e);
        }
    }

    @Override // de.cardcontact.opencard.security.GPSCPAuthenticator
    public void processInitializeUpdateResponse(byte[] bArr) throws OpenCardException {
        if (bArr.length != 29 && bArr.length != 32) {
            throw new CardServiceException("INITIALIZE UPDATE failed - wrong length of response data (" + bArr.length + ")");
        }
        this.keyDiversificationData = new byte[10];
        System.arraycopy(bArr, 0, this.keyDiversificationData, 0, this.keyDiversificationData.length);
        this.keyInformation = new byte[3];
        System.arraycopy(bArr, 10, this.keyInformation, 0, this.keyInformation.length);
        this.cardChallenge = new byte[8];
        System.arraycopy(bArr, 13, this.cardChallenge, 0, this.cardChallenge.length);
        this.cardCryptogram = new byte[8];
        System.arraycopy(bArr, 21, this.cardCryptogram, 0, this.cardCryptogram.length);
        if (bArr.length == 29) {
            this.sequenceCounter = new byte[0];
        } else {
            this.sequenceCounter = new byte[3];
            System.arraycopy(bArr, 29, this.sequenceCounter, 0, this.sequenceCounter.length);
        }
    }

    private byte[] deriveData(SecretKey secretKey, byte b, int i, byte[] bArr) {
        ByteBuffer allocate = ByteBuffer.allocate(256);
        int i2 = i;
        byte b2 = 1;
        while (true) {
            byte b3 = b2;
            if (i2 <= 0) {
                allocate.flip();
                byte[] bArr2 = new byte[allocate.remaining()];
                allocate.get(bArr2);
                return bArr2;
            }
            ByteBuffer allocate2 = ByteBuffer.allocate(256);
            allocate2.put(new byte[11]);
            allocate2.put(b);
            allocate2.put((byte) 0);
            allocate2.put((byte) (((i << 3) >> 8) & 255));
            allocate2.put((byte) ((i << 3) & 255));
            allocate2.put(b3);
            allocate2.put(bArr);
            allocate2.flip();
            byte[] bArr3 = new byte[allocate2.remaining()];
            allocate2.get(bArr3);
            try {
                this.aesCMAC.init(secretKey);
                byte[] doFinal = this.aesCMAC.doFinal(bArr3);
                int length = doFinal.length < i2 ? doFinal.length : i2;
                allocate.put(doFinal, 0, length);
                i2 -= length;
                b2 = (byte) (b3 + 1);
            } catch (Exception e) {
                throw new RuntimeException("Failed to calculate MAC", e);
            }
        }
    }

    @Override // de.cardcontact.opencard.security.GPSCPAuthenticator
    public void deriveSessionKeys(GPKeySet gPKeySet) {
        byte[] bArr = new byte[16];
        System.arraycopy(this.hostChallenge, 0, bArr, 0, 8);
        System.arraycopy(this.cardChallenge, 0, bArr, 8, 8);
        byte length = (byte) gPKeySet.getEncKey().getEncoded().length;
        this.sessionKeys = new GPKeySet(gPKeySet.getVersion(), new SecretKeySpec(deriveData(gPKeySet.getEncKey(), (byte) 4, length, bArr), SmartCardHSMKey.AES), new SecretKeySpec(deriveData(gPKeySet.getMacKey(), (byte) 6, length, bArr), SmartCardHSMKey.AES), new SecretKeySpec(deriveData(gPKeySet.getMacKey(), (byte) 7, length, bArr), SmartCardHSMKey.AES), gPKeySet.getDekKey());
    }

    @Override // de.cardcontact.opencard.security.GPSCPAuthenticator
    public boolean isCardCryptogramValid() {
        byte[] bArr = new byte[16];
        System.arraycopy(this.hostChallenge, 0, bArr, 0, 8);
        System.arraycopy(this.cardChallenge, 0, bArr, 8, 8);
        return Arrays.compare(this.cardCryptogram, deriveData(this.sessionKeys.getMacKey(), (byte) 0, 8, bArr)) == 0;
    }

    @Override // de.cardcontact.opencard.security.GPSCPAuthenticator
    public byte[] calculateHostCryptogram(byte b) {
        byte[] bArr = new byte[16];
        System.arraycopy(this.hostChallenge, 0, bArr, 0, 8);
        System.arraycopy(this.cardChallenge, 0, bArr, 8, 8);
        byte[] deriveData = deriveData(this.sessionKeys.getMacKey(), (byte) 1, 8, bArr);
        byte[] bArr2 = new byte[29];
        bArr2[16] = -124;
        bArr2[17] = -126;
        bArr2[18] = b;
        bArr2[19] = 0;
        bArr2[20] = 16;
        System.arraycopy(deriveData, 0, bArr2, 21, 8);
        try {
            this.aesCMAC.init(this.sessionKeys.getMacKey());
            byte[] doFinal = this.aesCMAC.doFinal(bArr2);
            byte[] bArr3 = new byte[16];
            System.arraycopy(deriveData, 0, bArr3, 0, 8);
            System.arraycopy(doFinal, 0, bArr3, 8, 8);
            this.secureChannel = new GPSCP03SecureChannel(this.sessionKeys.getEncKey(), this.sessionKeys.getMacKey(), this.sessionKeys.getRmacKey(), this.sessionKeys.getDekKey(), doFinal, b, "BC");
            return bArr3;
        } catch (Exception e) {
            throw new RuntimeException("Failed to calculate MAC", e);
        }
    }
}
