package org.irmacard.credentials.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.Serializable;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.Iterator;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import net.sourceforge.scuba.smartcards.APDUWrapper;
import net.sourceforge.scuba.smartcards.CommandAPDU;
import net.sourceforge.scuba.smartcards.ProtocolCommand;
import net.sourceforge.scuba.smartcards.ProtocolCommands;
import net.sourceforge.scuba.smartcards.ProtocolResponse;
import net.sourceforge.scuba.smartcards.ProtocolResponses;
import net.sourceforge.scuba.smartcards.ResponseAPDU;
import net.sourceforge.scuba.tlv.TLVUtil;
import net.sourceforge.scuba.util.Hex;
import org.bouncycastle.asn1.eac.CertificateBody;

/* loaded from: classes.dex */
public class SecureMessagingWrapper implements APDUWrapper, Serializable {
    private static final String ALGORITHM = "3DES";
    private static final IvParameterSpec ZERO_IV_PARAM_SPEC;
    private static final long serialVersionUID = -2859033943345961793L;
    private transient Cipher cipher;
    private SecretKey ksEnc;
    private SecretKey ksMac;
    private transient Mac mac;
    private long ssc;

    static {
        ZERO_IV_PARAM_SPEC = new IvParameterSpec(ALGORITHM.equalsIgnoreCase("AES") ? new byte[16] : new byte[8]);
    }

    public SecureMessagingWrapper(SecretKey secretKey, SecretKey secretKey2) throws GeneralSecurityException {
        this(secretKey, secretKey2, 0L);
    }

    public SecureMessagingWrapper(SecretKey secretKey, SecretKey secretKey2, long j) throws GeneralSecurityException {
        this.ksEnc = secretKey;
        this.ksMac = secretKey2;
        this.ssc = j;
        if (ALGORITHM.equalsIgnoreCase("AES")) {
            this.cipher = Cipher.getInstance("AES/CBC/NoPadding");
            this.mac = Mac.getInstance("AESCMAC");
        } else {
            this.cipher = Cipher.getInstance("DESede/CBC/NoPadding");
            this.mac = Mac.getInstance("DESEDEMAC64");
        }
    }

    private boolean checkMac(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
            this.ssc++;
            dataOutputStream.writeLong(this.ssc);
            byte[] pad = pad(bArr, 0, ((bArr.length - 2) - 8) - 2);
            dataOutputStream.write(pad, 0, pad.length);
            dataOutputStream.flush();
            this.mac.init(this.ksMac);
            byte[] doFinal = this.mac.doFinal(byteArrayOutputStream.toByteArray());
            dataOutputStream.close();
            return Arrays.equals(bArr2, doFinal);
        } catch (IOException e) {
            return false;
        }
    }

    public static byte[] pad(byte[] bArr) {
        return pad(bArr, 0, bArr.length);
    }

    public static byte[] pad(byte[] bArr, int i, int i2) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(bArr, i, i2);
        byteArrayOutputStream.write(-128);
        while (byteArrayOutputStream.size() % 8 != 0) {
            byteArrayOutputStream.write(0);
        }
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] readDO87(DataInputStream dataInputStream, boolean z) throws IOException, GeneralSecurityException {
        int readUnsignedByte;
        int i = 0;
        int readUnsignedByte2 = dataInputStream.readUnsignedByte();
        if ((readUnsignedByte2 & 128) == 128) {
            int i2 = readUnsignedByte2 & CertificateBody.profileType;
            readUnsignedByte2 = 0;
            while (i < i2) {
                i++;
                readUnsignedByte2 = dataInputStream.readUnsignedByte() | (readUnsignedByte2 << 8);
            }
            if (!z && dataInputStream.readUnsignedByte() != 1) {
                throw new IllegalStateException("DO'87 expected 0x01 marker");
            }
        } else if (!z && (readUnsignedByte = dataInputStream.readUnsignedByte()) != 1) {
            throw new IllegalStateException("DO'87 expected 0x01 marker, found " + Hex.byteToHexString((byte) readUnsignedByte));
        }
        if (!z) {
            readUnsignedByte2--;
        }
        byte[] bArr = new byte[readUnsignedByte2];
        dataInputStream.readFully(bArr);
        return unpad(this.cipher.doFinal(bArr));
    }

    private byte[] readDO8E(DataInputStream dataInputStream) throws IOException, GeneralSecurityException {
        if (dataInputStream.readUnsignedByte() != 8) {
            throw new IllegalStateException("DO'8E wrong length");
        }
        byte[] bArr = new byte[8];
        dataInputStream.readFully(bArr);
        return bArr;
    }

    private short readDO99(DataInputStream dataInputStream) throws IOException {
        if (dataInputStream.readUnsignedByte() != 2) {
            throw new IllegalStateException("DO'99 wrong length");
        }
        return (short) (((dataInputStream.readByte() & 255) << 8) | (dataInputStream.readByte() & 255));
    }

    public static byte[] unpad(byte[] bArr) {
        int length = bArr.length - 1;
        while (length >= 0 && bArr[length] == 0) {
            length--;
        }
        if ((bArr[length] & 255) != 128) {
            throw new IllegalStateException("unpad expected constant 0x80, found 0x" + Integer.toHexString(bArr[length] & 255) + "\nDEBUG: in = " + Hex.bytesToHexString(bArr) + ", index = " + length);
        }
        byte[] bArr2 = new byte[length];
        System.arraycopy(bArr, 0, bArr2, 0, length);
        return bArr2;
    }

    private byte[] unwrapResponseAPDU(byte[] bArr, int i) throws GeneralSecurityException, IOException {
        boolean z = false;
        long j = this.ssc;
        if (bArr != null) {
            try {
                if (bArr.length >= 2 && i >= 2) {
                    this.cipher.init(2, this.ksEnc, ZERO_IV_PARAM_SPEC);
                    DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
                    byte[] bArr2 = new byte[0];
                    byte[] bArr3 = null;
                    short s = 0;
                    while (!z) {
                        switch (dataInputStream.readByte()) {
                            case -123:
                                bArr2 = readDO87(dataInputStream, true);
                                break;
                            case -121:
                                bArr2 = readDO87(dataInputStream, false);
                                break;
                            case -114:
                                bArr3 = readDO8E(dataInputStream);
                                z = true;
                                break;
                            case -103:
                                s = readDO99(dataInputStream);
                                break;
                        }
                    }
                    if (!checkMac(bArr, bArr3)) {
                        throw new IllegalStateException("Invalid MAC");
                    }
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    byteArrayOutputStream.write(bArr2, 0, bArr2.length);
                    byteArrayOutputStream.write((65280 & s) >> 8);
                    byteArrayOutputStream.write(s & 255);
                    return byteArrayOutputStream.toByteArray();
                }
            } finally {
                if (this.ssc == j) {
                    this.ssc++;
                }
            }
        }
        throw new IllegalArgumentException("Invalid response APDU");
    }

    private CommandAPDU wrapCommandAPDU(CommandAPDU commandAPDU) throws GeneralSecurityException, IOException {
        byte[] bArr;
        int nc = commandAPDU.getNc();
        int ne = commandAPDU.getNe();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr2 = {(byte) (commandAPDU.getCLA() | 12), (byte) commandAPDU.getINS(), (byte) commandAPDU.getP1(), (byte) commandAPDU.getP2()};
        byte[] pad = pad(bArr2);
        boolean z = ((byte) commandAPDU.getINS()) == -79;
        byte[] bArr3 = new byte[0];
        byte[] bArr4 = new byte[0];
        if (ne > 0) {
            byteArrayOutputStream.reset();
            byteArrayOutputStream.write(-105);
            byteArrayOutputStream.write(1);
            byteArrayOutputStream.write((byte) ne);
            bArr4 = byteArrayOutputStream.toByteArray();
        }
        if (nc > 0) {
            byte[] pad2 = pad(commandAPDU.getData());
            this.cipher.init(1, this.ksEnc, ZERO_IV_PARAM_SPEC);
            byte[] doFinal = this.cipher.doFinal(pad2);
            byteArrayOutputStream.reset();
            byteArrayOutputStream.write(z ? -123 : -121);
            byteArrayOutputStream.write(TLVUtil.getLengthAsBytes((z ? 0 : 1) + doFinal.length));
            if (!z) {
                byteArrayOutputStream.write(1);
            }
            byteArrayOutputStream.write(doFinal, 0, doFinal.length);
            bArr = byteArrayOutputStream.toByteArray();
        } else {
            bArr = bArr3;
        }
        byteArrayOutputStream.reset();
        byteArrayOutputStream.write(pad, 0, pad.length);
        byteArrayOutputStream.write(bArr, 0, bArr.length);
        byteArrayOutputStream.write(bArr4, 0, bArr4.length);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        byteArrayOutputStream.reset();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        this.ssc++;
        dataOutputStream.writeLong(this.ssc);
        dataOutputStream.write(byteArray, 0, byteArray.length);
        dataOutputStream.flush();
        byte[] pad3 = pad(byteArrayOutputStream.toByteArray());
        this.mac.init(this.ksMac);
        byte[] doFinal2 = this.mac.doFinal(pad3);
        byteArrayOutputStream.reset();
        byteArrayOutputStream.write(-114);
        byteArrayOutputStream.write(doFinal2.length);
        byteArrayOutputStream.write(doFinal2, 0, doFinal2.length);
        byte[] byteArray2 = byteArrayOutputStream.toByteArray();
        byteArrayOutputStream.reset();
        byteArrayOutputStream.write(bArr);
        byteArrayOutputStream.write(bArr4);
        byteArrayOutputStream.write(byteArray2);
        return new CommandAPDU(bArr2[0], bArr2[1], bArr2[2], bArr2[3], byteArrayOutputStream.toByteArray(), 256);
    }

    public long getSendSequenceCounter() {
        return this.ssc;
    }

    public void unWrapAsync(ProtocolCommands protocolCommands, ProtocolResponses protocolResponses, long j) {
        this.ssc = j;
        Iterator<ProtocolCommand> it = protocolCommands.iterator();
        while (it.hasNext()) {
            ProtocolCommand next = it.next();
            ProtocolResponse protocolResponse = protocolResponses.get(next.getKey());
            ResponseAPDU apdu = protocolResponse.getAPDU();
            protocolResponse.setAPDU(unwrap(apdu, apdu.getBytes().length));
            protocolResponses.remove(next.getKey());
            protocolResponses.put(protocolResponse.getKey(), protocolResponse);
            this.ssc++;
        }
    }

    @Override // net.sourceforge.scuba.smartcards.APDUWrapper
    public ResponseAPDU unwrap(ResponseAPDU responseAPDU, int i) {
        try {
            byte[] bytes = responseAPDU.getBytes();
            if (bytes.length == 2) {
                throw new IllegalStateException("Card indicates SM error, SW = " + Hex.bytesToHexString(bytes));
            }
            return new ResponseAPDU(unwrapResponseAPDU(bytes, i));
        } catch (IOException e) {
            e.printStackTrace();
            throw new IllegalStateException(e.toString());
        } catch (GeneralSecurityException e2) {
            e2.printStackTrace();
            throw new IllegalStateException(e2.toString());
        }
    }

    @Override // net.sourceforge.scuba.smartcards.APDUWrapper
    public CommandAPDU wrap(CommandAPDU commandAPDU) {
        try {
            return wrapCommandAPDU(commandAPDU);
        } catch (IOException e) {
            e.printStackTrace();
            throw new IllegalStateException(e.toString());
        } catch (GeneralSecurityException e2) {
            e2.printStackTrace();
            throw new IllegalStateException(e2.toString());
        }
    }

    public void wrapAsync(ProtocolCommands protocolCommands) {
        Iterator<ProtocolCommand> it = protocolCommands.iterator();
        while (it.hasNext()) {
            ProtocolCommand next = it.next();
            next.setAPDU(wrap(next.getAPDU()));
            this.ssc++;
        }
    }
}
