package de.cardcontact.opencard.security;

import de.cardcontact.opencard.service.isocard.IsoCommandAPDU;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import opencard.core.service.CardServiceInvalidCredentialException;
import opencard.core.service.CardServiceInvalidParameterException;
import opencard.core.terminal.CommandAPDU;
import opencard.core.terminal.ResponseAPDU;

/* loaded from: input_file:de/cardcontact/opencard/security/GPSCP03SecureChannel.class */
public class GPSCP03SecureChannel implements GPSecureChannel {
    private static final byte[] ALL_ONES = {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1};
    private static final byte[] ALL_ZEROS = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
    public static final byte PSEUDO_RANDOM_CARD_CHALLENGE = 16;
    public static final byte RESPONSE_MAC_ENC_MASK = 96;
    public static final byte RESPONSE_NO_ENC_NO_MAC = 0;
    public static final byte RESPONSE_NO_ENC_BUT_MAC = 32;
    public static final byte RESPONSE_ENC_AND_MAC = 96;
    public static final byte NONE = 0;
    public static final byte C_MAC = 1;
    public static final byte C_ENC = 2;
    public static final byte R_MAC = 16;
    public static final byte R_ENC = 32;
    protected String provider;
    private Key senc;
    private Key smac;
    private Key srmac;
    private Key dek;
    private byte[] chain;
    private byte securitylevel;
    private int enccnt = 1;
    private Mac cmac;
    private Cipher aesecb;
    private Cipher aescbc;

    public GPSCP03SecureChannel(Key key, Key key2, Key key3, Key key4, byte[] bArr, byte b, String str) {
        this.chain = new byte[16];
        this.securitylevel = (byte) 0;
        this.cmac = null;
        this.aesecb = null;
        this.aescbc = null;
        this.provider = str;
        this.senc = key;
        this.smac = key2;
        this.srmac = key3;
        this.dek = key4;
        this.chain = bArr;
        this.securitylevel = b;
        try {
            this.cmac = Mac.getInstance("AESCMAC", str);
            this.aesecb = Cipher.getInstance("AES/ECB/NoPadding", str);
            this.aescbc = Cipher.getInstance("AES/CBC/NoPadding", str);
        } catch (Exception e) {
            throw new RuntimeException("Failed to obtain crypto instance", e);
        }
    }

    private byte[] isoPadding(byte[] bArr) {
        byte[] bArr2 = new byte[(bArr.length & 65520) + 16];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        bArr2[bArr.length] = Byte.MIN_VALUE;
        return bArr2;
    }

    private IvParameterSpec calcIV(boolean z) throws GeneralSecurityException {
        byte[] bArr = new byte[16];
        if (!z) {
            bArr[0] = Byte.MIN_VALUE;
        }
        byte[] byteArray = BigInteger.valueOf(this.enccnt).toByteArray();
        System.arraycopy(byteArray, 0, bArr, bArr.length - byteArray.length, byteArray.length);
        this.aesecb.init(1, this.senc);
        return new IvParameterSpec(this.aesecb.doFinal(bArr));
    }

    @Override // de.cardcontact.opencard.security.SecureChannel
    public ResponseAPDU unwrap(ResponseAPDU responseAPDU, int i) {
        byte[] bArr;
        if ((this.securitylevel & 16) == 16 && responseAPDU.getLength() > 2) {
            try {
                this.cmac.init(this.srmac);
                this.cmac.update(this.chain);
                this.cmac.update(responseAPDU.getBuffer(), 0, responseAPDU.getLength() - 10);
                this.cmac.update(responseAPDU.getBuffer(), responseAPDU.getLength() - 2, 2);
                if (Arrays.compare(this.cmac.doFinal(), 0, 8, responseAPDU.getBuffer(), responseAPDU.getLength() - 10, responseAPDU.getLength() - 2) != 0) {
                    throw new CardServiceInvalidParameterException("MAC verification failed");
                }
                if ((this.securitylevel & 32) != 32 || responseAPDU.getLength() <= 10) {
                    bArr = new byte[responseAPDU.getLength() - 8];
                    System.arraycopy(responseAPDU.getBuffer(), 0, bArr, 0, responseAPDU.getLength() - 10);
                    System.arraycopy(responseAPDU.getBuffer(), responseAPDU.getLength() - 2, bArr, responseAPDU.getLength() - 10, 2);
                } else {
                    try {
                        this.aescbc.init(2, this.senc, calcIV(false));
                        byte[] update = this.aescbc.update(responseAPDU.getBuffer(), 0, responseAPDU.getLength() - 10);
                        this.aescbc.doFinal();
                        int length = update.length - 1;
                        while (length > 0 && update[length] == 0) {
                            length--;
                        }
                        if (update[length] != Byte.MIN_VALUE) {
                            throw new CardServiceInvalidCredentialException("Invalid padding in enciphered block");
                        }
                        bArr = new byte[length + 2];
                        System.arraycopy(update, 0, bArr, 0, length);
                        System.arraycopy(responseAPDU.getBuffer(), responseAPDU.getLength() - 2, bArr, length, 2);
                    } catch (Exception e) {
                        throw new CardServiceInvalidParameterException(e.getMessage());
                    }
                }
                responseAPDU = new ResponseAPDU(bArr);
            } catch (Exception e2) {
                throw new CardServiceInvalidParameterException("MAC calculation failed : " + e2.getMessage());
            }
        }
        this.enccnt++;
        return responseAPDU;
    }

    @Override // de.cardcontact.opencard.security.SecureChannel
    public CommandAPDU wrap(CommandAPDU commandAPDU, int i) {
        if ((this.securitylevel & 3) == 0) {
            return commandAPDU;
        }
        int i2 = -1;
        byte[] bArr = new byte[0];
        boolean z = false;
        int length = commandAPDU.getLength() - 4;
        if (length > 0) {
            int i3 = 4 + 1;
            int i4 = commandAPDU.getByte(4);
            int i5 = length - 1;
            if (i4 == 0 && i5 > 0) {
                z = true;
                if (i5 < 2) {
                    throw new CardServiceInvalidParameterException("Invalid Le in extended APDU");
                }
                i4 = (commandAPDU.getByte(i3) << 8) + commandAPDU.getByte(i3 + 1);
                i3 += 2;
                i5 -= 2;
            }
            if (i5 > 0) {
                if (i5 < i4) {
                    throw new CardServiceInvalidParameterException("Invalid Lc in APDU");
                }
                bArr = new byte[i4];
                System.arraycopy(commandAPDU.getBuffer(), i3, bArr, 0, i4);
                int i6 = i3 + i4;
                i5 -= i4;
                if (i5 > 0) {
                    int i7 = i6 + 1;
                    i2 = commandAPDU.getByte(i6);
                    i5--;
                    if (z) {
                        if (i5 < 1) {
                            throw new CardServiceInvalidParameterException("Invalid Le in extended APDU");
                        }
                        int i8 = i7 + 1;
                        i2 = (i2 << 8) + commandAPDU.getByte(i7);
                        i5--;
                    }
                }
            } else if (i4 == 0) {
                i2 = z ? 65536 : 256;
            } else {
                i2 = i4;
            }
            if (i5 > 0) {
                throw new CardServiceInvalidParameterException("Unexpected bytes in APDU");
            }
        }
        if (bArr.length > 0 && (this.securitylevel & 2) == 2) {
            try {
                this.aescbc.init(1, this.senc, calcIV(true));
                bArr = this.aescbc.doFinal(isoPadding(bArr));
            } catch (Exception e) {
                throw new CardServiceInvalidParameterException(e.getMessage());
            }
        }
        if (bArr.length + 8 >= 256) {
            z = true;
        }
        byte[] bArr2 = new byte[4 + (z ? 3 : 1)];
        int i9 = 0 + 1;
        bArr2[0] = (byte) (commandAPDU.getByte(0) | 4);
        int i10 = i9 + 1;
        bArr2[i9] = (byte) commandAPDU.getByte(1);
        int i11 = i10 + 1;
        bArr2[i10] = (byte) commandAPDU.getByte(2);
        int i12 = i11 + 1;
        bArr2[i11] = (byte) commandAPDU.getByte(3);
        if (z) {
            int i13 = i12 + 1;
            bArr2[i12] = 0;
            i12 = i13 + 1;
            bArr2[i13] = (byte) ((bArr.length + 8) >> 8);
        }
        int i14 = i12;
        int i15 = i12 + 1;
        bArr2[i14] = (byte) (bArr.length + 8);
        try {
            this.cmac.init(this.smac);
            this.cmac.update(this.chain);
            this.cmac.update(bArr2);
            this.chain = this.cmac.doFinal(bArr);
            byte[] bArr3 = new byte[bArr.length + 8];
            System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
            System.arraycopy(this.chain, 0, bArr3, bArr.length, 8);
            IsoCommandAPDU isoCommandAPDU = new IsoCommandAPDU((byte) (commandAPDU.getByte(0) | 4), (byte) commandAPDU.getByte(1), (byte) commandAPDU.getByte(2), (byte) commandAPDU.getByte(3), bArr3, i2);
            isoCommandAPDU.setQueueable(commandAPDU.isQueueable());
            return isoCommandAPDU;
        } catch (Exception e2) {
            throw new CardServiceInvalidParameterException("MAC calculation failed : " + e2.getMessage());
        }
    }

    @Override // de.cardcontact.opencard.security.GPSecureChannel
    public byte[] encryptKey(SecretKey secretKey) {
        byte[] bArr = new byte[22];
        try {
            this.aesecb.init(1, secretKey);
            byte[] doFinal = this.aesecb.doFinal(ALL_ONES);
            this.aescbc.init(1, this.dek, new IvParameterSpec(ALL_ZEROS));
            byte[] encoded = secretKey.getEncoded();
            byte[] doFinal2 = this.aescbc.doFinal(encoded);
            ByteBuffer allocate = ByteBuffer.allocate(39);
            allocate.put((byte) -120);
            allocate.put((byte) (encoded.length + 1));
            allocate.put((byte) encoded.length);
            allocate.put(doFinal2);
            allocate.put((byte) 3);
            allocate.put(doFinal, 0, 3);
            allocate.flip();
            byte[] bArr2 = new byte[allocate.remaining()];
            allocate.get(bArr2);
            return bArr2;
        } catch (Exception e) {
            throw new RuntimeException("Failed to prepare cryptogram", e);
        }
    }

    public static boolean scpOptionsSupported(byte b) {
        return true;
    }
}
