package de.cardcontact.opencard.security;

import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMKey;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:de/cardcontact/opencard/security/MessageAuthenticationCode.class */
public abstract class MessageAuthenticationCode {

    /* loaded from: input_file:de/cardcontact/opencard/security/MessageAuthenticationCode$CBCBasedCMAC.class */
    private static class CBCBasedCMAC extends MessageAuthenticationCode {
        private Cipher aes;
        private static final byte[] zero = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
        private static final byte[] rb = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -121};
        private static final IvParameterSpec iv = new IvParameterSpec(zero);
        private byte[] k1 = new byte[16];
        private byte[] k2 = new byte[16];

        public CBCBasedCMAC(String str, String str2) {
            try {
                if (str2 != null) {
                    this.aes = Cipher.getInstance("AES/CBC/NoPadding", str2);
                } else {
                    this.aes = Cipher.getInstance("AES/CBC/NoPadding");
                }
            } catch (Exception e) {
                throw new RuntimeException("Could not create AES/CBC/NoPadding instance", e);
            }
        }

        @Override // de.cardcontact.opencard.security.MessageAuthenticationCode
        public void init(Key key) {
            try {
                this.aes.init(1, key, iv);
                byte[] doFinal = this.aes.doFinal(zero);
                byte b = (byte) (doFinal[0] & 128);
                doLeftShiftOneBit(doFinal);
                if (b == Byte.MIN_VALUE) {
                    xor128(doFinal, 0, rb);
                }
                System.arraycopy(doFinal, 0, this.k1, 0, 16);
                byte b2 = (byte) (doFinal[0] & 128);
                doLeftShiftOneBit(doFinal);
                if (b2 == Byte.MIN_VALUE) {
                    xor128(doFinal, 0, rb);
                }
                System.arraycopy(doFinal, 0, this.k2, 0, 16);
            } catch (InvalidAlgorithmParameterException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
                throw new RuntimeException("Could not set AES key and calculate k0", e);
            }
        }

        @Override // de.cardcontact.opencard.security.MessageAuthenticationCode
        public byte[] doFinal(byte[] bArr) {
            int length = ((bArr.length + 15) / 16) * 16;
            if (length == 0) {
                length = 16;
            }
            byte[] bArr2 = new byte[length];
            System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
            if (length == bArr.length) {
                xor128(bArr2, length - 16, this.k1);
            } else {
                bArr2[bArr.length] = Byte.MIN_VALUE;
                xor128(bArr2, length - 16, this.k2);
            }
            try {
                byte[] doFinal = this.aes.doFinal(bArr2);
                byte[] bArr3 = new byte[16];
                System.arraycopy(doFinal, length - 16, bArr3, 0, 16);
                return bArr3;
            } catch (BadPaddingException | IllegalBlockSizeException e) {
                throw new RuntimeException("Could not perform AES/CBC", e);
            }
        }

        private static void xor128(byte[] bArr, int i, byte[] bArr2) {
            for (int i2 = 0; i2 < bArr2.length; i2++) {
                bArr[i + i2] = (byte) (bArr[i + i2] ^ bArr2[i2]);
            }
        }

        private static void doLeftShiftOneBit(byte[] bArr) {
            int i = 0;
            for (int length = bArr.length - 1; length >= 0; length--) {
                byte b = (byte) ((bArr[length] << 1) | i);
                i = (bArr[length] & 128) == 128 ? 1 : 0;
                bArr[length] = b;
            }
        }

        public static void test() {
            SecretKeySpec secretKeySpec = new SecretKeySpec(new byte[]{43, 126, 21, 22, 40, -82, -46, -90, -85, -9, 21, -120, 9, -49, 79, 60}, SmartCardHSMKey.AES);
            CBCBasedCMAC cBCBasedCMAC = new CBCBasedCMAC("", "");
            cBCBasedCMAC.init(secretKeySpec);
            if (!Arrays.equals(new byte[]{-69, 29, 105, 41, -23, 89, 55, 40, Byte.MAX_VALUE, -93, 125, 18, -101, 117, 103, 70}, cBCBasedCMAC.doFinal(new byte[0]))) {
                throw new RuntimeException("AES CMAC Selftest failed.");
            }
            if (!Arrays.equals(new byte[]{7, 10, 22, -76, 107, 77, 65, 68, -9, -101, -35, -99, -48, 74, 40, 124}, cBCBasedCMAC.doFinal(new byte[]{107, -63, -66, -30, 46, 64, -97, -106, -23, 61, 126, 17, 115, -109, 23, 42}))) {
                throw new RuntimeException("AES CMAC Selftest failed.");
            }
            if (!Arrays.equals(new byte[]{-33, -90, 103, 71, -34, -102, -26, 48, 48, -54, 50, 97, 20, -105, -56, 39}, cBCBasedCMAC.doFinal(new byte[]{107, -63, -66, -30, 46, 64, -97, -106, -23, 61, 126, 17, 115, -109, 23, 42, -82, 45, -118, 87, 30, 3, -84, -100, -98, -73, 111, -84, 69, -81, -114, 81, 48, -56, 28, 70, -93, 92, -28, 17}))) {
                throw new RuntimeException("AES CMAC Selftest failed.");
            }
            if (!Arrays.equals(new byte[]{81, -16, -66, -65, 126, 59, -99, -110, -4, 73, 116, 23, 121, 54, 60, -2}, cBCBasedCMAC.doFinal(new byte[]{107, -63, -66, -30, 46, 64, -97, -106, -23, 61, 126, 17, 115, -109, 23, 42, -82, 45, -118, 87, 30, 3, -84, -100, -98, -73, 111, -84, 69, -81, -114, 81, 48, -56, 28, 70, -93, 92, -28, 17, -27, -5, -63, 25, 26, 10, 82, -17, -10, -97, 36, 69, -33, 79, -101, 23, -83, 43, 65, 123, -26, 108, 55, 16}))) {
                throw new RuntimeException("AES CMAC Selftest failed.");
            }
        }
    }

    /* loaded from: input_file:de/cardcontact/opencard/security/MessageAuthenticationCode$NativeMAC.class */
    private static class NativeMAC extends MessageAuthenticationCode {
        Mac mac;

        public NativeMAC(String str, String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
            if (str2 != null) {
                this.mac = Mac.getInstance(str, str2);
            } else {
                this.mac = Mac.getInstance(str);
            }
        }

        @Override // de.cardcontact.opencard.security.MessageAuthenticationCode
        public void init(Key key) {
            try {
                this.mac.init(key);
            } catch (InvalidKeyException e) {
                e.printStackTrace();
            }
        }

        @Override // de.cardcontact.opencard.security.MessageAuthenticationCode
        public byte[] doFinal(byte[] bArr) {
            return this.mac.doFinal(bArr);
        }
    }

    public static MessageAuthenticationCode getInstance(String str, String str2) throws GeneralSecurityException {
        MessageAuthenticationCode cBCBasedCMAC;
        try {
            cBCBasedCMAC = new NativeMAC(str, str2);
        } catch (Exception e) {
            cBCBasedCMAC = new CBCBasedCMAC(str, str2);
        }
        return cBCBasedCMAC;
    }

    public abstract void init(Key key);

    public abstract byte[] doFinal(byte[] bArr);
}
