package de.cardcontact.scdp.gp;

import de.cardcontact.opencard.security.GPSCP02SecureChannel;
import de.cardcontact.opencard.security.GPSCP02SecureChannelCredential;
import de.cardcontact.opencard.security.IsoCredentialStore;
import de.cardcontact.opencard.service.globalplatform.SecurityDomainCardService;
import de.cardcontact.scdp.utils.ArgChecker;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import opencard.core.service.CardServiceException;
import opencard.core.service.InvalidCardChannelException;
import opencard.core.terminal.CardTerminalException;
import opencard.core.terminal.ResponseAPDU;
import opencard.core.util.HexString;
import opencard.opt.applet.AppletID;
import opencard.opt.security.CredentialBag;
import org.mozilla.javascript.Context;
import org.mozilla.javascript.Function;
import org.mozilla.javascript.Scriptable;
import org.mozilla.javascript.ScriptableObject;

/* loaded from: input_file:de/cardcontact/scdp/gp/GPScp02.class */
public class GPScp02 extends GPSecureChannel {
    private static final long serialVersionUID = 6299742073894014119L;
    private static final String clazzName = "GPScp02";
    private static final byte[] EIGHT_BYTES_PADDING_BLOCK = {Byte.MIN_VALUE, 0, 0, 0, 0, 0, 0, 0};
    private byte[] hostChallenge;
    private byte[] keyDiversificationData;
    private byte[] keyInformation;
    private byte[] sequenceCounter;
    private byte[] cardChallenge;
    private byte[] cardCryptogram;
    private GPSecurityDomain securityDomain = null;
    private byte securityLevel = 0;
    private byte keySetVersion = 0;
    private GPKey encKey = null;
    private GPKey macKey = null;
    private GPKey dekKey = null;

    public static Scriptable jsConstructor(Context context, Object[] objArr, Function function, boolean z) throws Exception {
        if (!z) {
            Context.reportError("GPScp02() can not be called as function");
        }
        ArgChecker.checkRange(function, clazzName, objArr, 1, 1);
        GPScp02 gPScp02 = new GPScp02();
        ScriptableObject.putProperty(gPScp02, "crypto", objArr[0]);
        return gPScp02;
    }

    public static ByteString jsFunction_initializeUpdate(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        ArgChecker.checkRange(scriptable, clazzName, objArr, 2, 2);
        byte b = (byte) ArgChecker.getInt(scriptable, clazzName, objArr, 0, 0);
        byte b2 = (byte) ArgChecker.getInt(scriptable, clazzName, objArr, 1, 0);
        GPScp02 gPScp02 = (GPScp02) scriptable;
        ResponseAPDU responseAPDU = null;
        try {
            gPScp02.hostChallenge = ((GPCrypto) ScriptableObject.getProperty(scriptable, "crypto")).getImpl().generateRandom(8);
            gPScp02.securityDomain.getSecurityDomainCardService();
            responseAPDU = gPScp02.securityDomain.sdcs.initializeUpdate(b, b2, gPScp02.hostChallenge);
            if (responseAPDU.sw() != 36864) {
                GPError.throwAsGPErrorEx(scriptable, clazzName, 4, 0, "INITIALIZE UPDATE failed with SW = " + HexString.hexify(responseAPDU.sw()));
            }
            byte[] data = responseAPDU.data();
            if (data.length != 28) {
                GPError.throwAsGPErrorEx(scriptable, clazzName, 4, 0, "INITIALIZE UPDATE failed - wrong length of response data (" + data.length + ")");
            }
            gPScp02.keyDiversificationData = new byte[10];
            System.arraycopy(data, 0, gPScp02.keyDiversificationData, 0, gPScp02.keyDiversificationData.length);
            gPScp02.keyInformation = new byte[2];
            System.arraycopy(data, 10, gPScp02.keyInformation, 0, gPScp02.keyInformation.length);
            gPScp02.sequenceCounter = new byte[2];
            System.arraycopy(data, 12, gPScp02.sequenceCounter, 0, gPScp02.sequenceCounter.length);
            gPScp02.cardChallenge = new byte[6];
            System.arraycopy(data, 14, gPScp02.cardChallenge, 0, gPScp02.cardChallenge.length);
            gPScp02.cardCryptogram = new byte[8];
            System.arraycopy(data, 20, gPScp02.cardCryptogram, 0, gPScp02.cardCryptogram.length);
        } catch (CardServiceException e) {
            GPError.throwAsGPErrorEx(scriptable, clazzName, 3, 0, "INITIALIZE UPDATE failed with: " + e);
        } catch (CardTerminalException e2) {
            GPError.throwAsGPErrorEx(scriptable, clazzName, 3, 0, "INITIALIZE UPDATE failed with: " + e2);
        } catch (GPErrorException e3) {
            GPError.throwAsGPErrorEx(scriptable, e3);
        } catch (InvalidCardChannelException e4) {
            GPError.throwAsGPErrorEx(scriptable, clazzName, 3, 0, "INITIALIZE UPDATE failed with: " + e4);
        }
        ScriptableObject.putConstProperty(gPScp02, "hostChallenge", ByteString.newInstance(gPScp02, gPScp02.hostChallenge));
        ScriptableObject.putConstProperty(gPScp02, "keyVersion", Integer.valueOf(b));
        ScriptableObject.putConstProperty(gPScp02, "cardChallenge", ByteString.newInstance(gPScp02, gPScp02.cardChallenge));
        ScriptableObject.putConstProperty(gPScp02, "cardCryptogram", ByteString.newInstance(gPScp02, gPScp02.cardCryptogram));
        ScriptableObject.putConstProperty(gPScp02, "diversificationData", ByteString.newInstance(gPScp02, gPScp02.keyDiversificationData));
        ScriptableObject.putConstProperty(gPScp02, "sequenceCounter", ByteString.newInstance(gPScp02, gPScp02.sequenceCounter));
        return ByteString.newInstance(gPScp02, responseAPDU.data());
    }

    public static void jsFunction_externalAuthenticate(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        ArgChecker.checkRange(scriptable, clazzName, objArr, 1, 1);
        byte b = (byte) ArgChecker.getInt(scriptable, clazzName, objArr, 0, 0);
        GPScp02 gPScp02 = (GPScp02) scriptable;
        GPCrypto gPCrypto = (GPCrypto) ScriptableObject.getProperty(scriptable, "crypto");
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(gPScp02.hostChallenge);
            byteArrayOutputStream.write(gPScp02.sequenceCounter);
            byteArrayOutputStream.write(gPScp02.cardChallenge);
            byteArrayOutputStream.write(EIGHT_BYTES_PADDING_BLOCK);
            if (!gPCrypto.getImpl().verify(gPScp02.encKey, 8, byteArrayOutputStream.toByteArray(), gPScp02.cardCryptogram, null)) {
                GPError.throwAsGPErrorEx(scriptable, clazzName, 5, 0, "Card cryptogram verification failed");
            }
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            byteArrayOutputStream2.write(gPScp02.sequenceCounter);
            byteArrayOutputStream2.write(gPScp02.cardChallenge);
            byteArrayOutputStream2.write(gPScp02.hostChallenge);
            byteArrayOutputStream2.write(EIGHT_BYTES_PADDING_BLOCK);
            byte[] sign = gPCrypto.getImpl().sign(gPScp02.encKey, 8, byteArrayOutputStream2.toByteArray(), null);
            ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
            byteArrayOutputStream3.write(-124);
            byteArrayOutputStream3.write(-126);
            byteArrayOutputStream3.write(b);
            byteArrayOutputStream3.write(0);
            byteArrayOutputStream3.write(16);
            byteArrayOutputStream3.write(sign);
            byteArrayOutputStream3.write(-128);
            byteArrayOutputStream3.write(0);
            byteArrayOutputStream3.write(0);
            byte[] sign2 = gPCrypto.getImpl().sign(gPScp02.macKey, 9, byteArrayOutputStream3.toByteArray(), null);
            ByteArrayOutputStream byteArrayOutputStream4 = new ByteArrayOutputStream();
            byteArrayOutputStream4.write(sign);
            byteArrayOutputStream4.write(sign2);
            gPScp02.securityDomain.getSecurityDomainCardService();
            ResponseAPDU externalAuthenticate = gPScp02.securityDomain.sdcs.externalAuthenticate(b, byteArrayOutputStream4.toByteArray());
            if (externalAuthenticate.sw() != 36864) {
                GPError.throwAsGPErrorEx(scriptable, clazzName, 4, 0, "EXTERNAL AUTHENTICATE failed with SW = " + HexString.hexifyShort(externalAuthenticate.sw()));
            }
            if (b > 0) {
                GPSCP02SecureChannelCredential gPSCP02SecureChannelCredential = new GPSCP02SecureChannelCredential(b, new GPSCP02SecureChannel(gPScp02.encKey.getJCEKey("BC"), gPScp02.macKey.getJCEKey("BC"), (Key) null, sign2, b, "BC"));
                Object property = ScriptableObject.getProperty(gPScp02.securityDomain, "aid");
                AppletID appletID = !(property instanceof ByteString) ? SecurityDomainCardService.ISD_AID : new AppletID(((ByteString) property).getBytes());
                IsoCredentialStore isoCredentialStore = new IsoCredentialStore();
                isoCredentialStore.setSecureChannelCredential(appletID, gPSCP02SecureChannelCredential);
                CredentialBag credentialBag = new CredentialBag();
                credentialBag.addCredentialStore(isoCredentialStore);
                gPScp02.securityDomain.sdcs.provideCredentials(appletID, credentialBag);
                gPScp02.securityDomain.getCard().setCredentialBag(appletID, credentialBag);
            }
        } catch (IOException e) {
            GPError.throwAsGPErrorEx(scriptable, clazzName, 36, 0, "EXTERNAL AUTHENTICATE due to memory allocation problems: " + e);
        } catch (InvalidCardChannelException e2) {
            GPError.throwAsGPErrorEx(scriptable, clazzName, 3, 0, "EXTERNAL AUTHENTICATE failed with: " + e2);
        } catch (GPErrorException e3) {
            GPError.throwAsGPErrorEx(scriptable, e3);
        } catch (NoSuchAlgorithmException e4) {
            GPError.throwAsGPErrorEx(scriptable, clazzName, 36, 0, "EXTERNAL AUTHENTICATE failed with: " + e4);
        } catch (NoSuchProviderException e5) {
            GPError.throwAsGPErrorEx(scriptable, clazzName, 36, 0, "EXTERNAL AUTHENTICATE failed with: " + e5);
        } catch (GeneralSecurityException e6) {
            GPError.throwAsGPErrorEx(scriptable, clazzName, 36, 0, "EXTERNAL AUTHENTICATE failed with: " + e6);
        } catch (CardServiceException e7) {
            GPError.throwAsGPErrorEx(scriptable, clazzName, 3, 0, "EXTERNAL AUTHENTICATE failed with: " + e7);
        } catch (CardTerminalException e8) {
            GPError.throwAsGPErrorEx(scriptable, clazzName, 3, 0, "EXTERNAL AUTHENTICATE failed with: " + e8);
        }
        gPScp02.setSecurityLevel(b);
    }

    public static void jsFunction_setEncKey(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        ArgChecker.checkRange(scriptable, clazzName, objArr, 1, 1);
        Object obj = objArr[0];
        if (!(obj instanceof GPKey)) {
            GPError.throwAsGPErrorEx(scriptable, clazzName, 8, 0, "Wrong argument type for setEncKey()");
        }
        ((GPScp02) scriptable).encKey = (GPKey) obj;
    }

    public static void jsFunction_setMacKey(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        ArgChecker.checkRange(scriptable, clazzName, objArr, 1, 1);
        Object obj = objArr[0];
        if (!(obj instanceof GPKey)) {
            GPError.throwAsGPErrorEx(scriptable, clazzName, 8, 0, "Wrong argument type for setMacKey()");
        }
        ((GPScp02) scriptable).macKey = (GPKey) obj;
    }

    public static void jsFunction_setDekKey(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        ArgChecker.checkRange(scriptable, clazzName, objArr, 1, 1);
        Object obj = objArr[0];
        if (!(obj instanceof GPKey)) {
            GPError.throwAsGPErrorEx(scriptable, clazzName, 8, 0, "Wrong argument type for setMacKey()");
        }
        ((GPScp02) scriptable).dekKey = (GPKey) obj;
    }

    public static GPKey jsFunction_getDekKey(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        ArgChecker.checkRange(scriptable, clazzName, objArr, 0, 0);
        return ((GPScp02) scriptable).dekKey;
    }

    @Override // de.cardcontact.scdp.gp.GPSecureChannel
    public int jsGet_state() {
        return getState();
    }

    public int jsGet_securityLevel() {
        return this.securityLevel;
    }

    public void setSecurityDomain(GPSecurityDomain gPSecurityDomain) {
        this.securityDomain = gPSecurityDomain;
    }

    public void setSecurityLevel(byte b) {
        this.securityLevel = b;
    }

    public void setKeySetVersion(byte b) {
        this.keySetVersion = b;
    }

    @Override // de.cardcontact.scdp.gp.GPSecureChannel
    public String getClassName() {
        return clazzName;
    }
}
