package pro.javacard.gp;

import apdu4j.HexUtils;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pro.javacard.gp.GPCardKeys;
import pro.javacard.gp.GPKeyInfo;

/* loaded from: input_file:pro/javacard/gp/PlaintextKeys.class */
public class PlaintextKeys extends GPCardKeys {
    private static final Logger logger = LoggerFactory.getLogger(PlaintextKeys.class);
    static final byte[] defaultKeyBytes = HexUtils.hex2bin("404142434445464748494A4B4C4D4E4F");
    public static final Map<GPCardKeys.KeyPurpose, byte[]> SCP02_CONSTANTS;
    public static final Map<GPCardKeys.KeyPurpose, Byte> SCP03_CONSTANTS;
    public static final Map<GPCardKeys.KeyPurpose, byte[]> SCP03_KDF_CONSTANTS;
    Diversification diversifier;
    private int version;
    private byte[] masterKey;
    private HashMap<GPCardKeys.KeyPurpose, byte[]> cardKeys;
    private HashMap<GPCardKeys.KeyPurpose, byte[]> sessionKeys;

    /* renamed from: pro.javacard.gp.PlaintextKeys$1, reason: invalid class name */
    /* loaded from: input_file:pro/javacard/gp/PlaintextKeys$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$pro$javacard$gp$GPSecureChannel = new int[GPSecureChannel.values().length];

        static {
            try {
                $SwitchMap$pro$javacard$gp$GPSecureChannel[GPSecureChannel.SCP01.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$pro$javacard$gp$GPSecureChannel[GPSecureChannel.SCP02.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$pro$javacard$gp$GPSecureChannel[GPSecureChannel.SCP03.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:pro/javacard/gp/PlaintextKeys$Diversification.class */
    public enum Diversification {
        NONE,
        VISA2,
        EMV,
        KDF3;

        public static Diversification lookup(String str) {
            for (Diversification diversification : values()) {
                if (diversification.name().equalsIgnoreCase(str)) {
                    return diversification;
                }
            }
            return null;
        }
    }

    private PlaintextKeys(byte[] bArr, Diversification diversification) {
        this(bArr, bArr, bArr, diversification);
        this.masterKey = (byte[]) bArr.clone();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private PlaintextKeys(byte[] bArr, byte[] bArr2, byte[] bArr3, Diversification diversification) {
        this.version = 0;
        this.cardKeys = new HashMap<>();
        this.sessionKeys = new HashMap<>();
        this.cardKeys.put(GPCardKeys.KeyPurpose.ENC, bArr.clone());
        this.cardKeys.put(GPCardKeys.KeyPurpose.MAC, bArr2.clone());
        this.cardKeys.put(GPCardKeys.KeyPurpose.DEK, bArr3.clone());
        this.diversifier = diversification;
    }

    public static Optional<PlaintextKeys> fromEnvironment() {
        return fromEnvironment(System.getenv(), "GP_KEY");
    }

    static byte[] validateKey(byte[] bArr) {
        if (bArr.length == 16 || bArr.length == 24 || bArr.length == 32) {
            return bArr;
        }
        throw new IllegalArgumentException(String.format("Invalid key length %d: %s", Integer.valueOf(bArr.length), HexUtils.bin2hex(bArr)));
    }

    public static Optional<PlaintextKeys> fromStrings(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        if (!(str == null && str2 == null && str3 == null) && (str == null || str2 == null || str3 == null || str4 != null)) {
            throw new IllegalArgumentException("Either all or nothing of enc/mac/dek keys must be set, and no mk at the same time!");
        }
        if (str != null && str2 != null && str3 != null) {
            logger.trace("Using three individual keys");
            PlaintextKeys fromKeys = fromKeys(validateKey(HexUtils.stringToBin(str)), validateKey(HexUtils.stringToBin(str2)), validateKey(HexUtils.stringToBin(str3)));
            if (str7 != null) {
                fromKeys.setVersion(GPUtils.intValue(str7));
            }
            if (str5 != null) {
                logger.warn("Different keys and using derivation, is this right?");
                fromKeys.setDiversifier((Diversification) Optional.ofNullable(Diversification.lookup(str5)).orElseThrow(() -> {
                    return new IllegalArgumentException("Invalid diversification:  " + str5);
                }));
            }
            return Optional.of(fromKeys);
        }
        if (str4 == null) {
            return Optional.empty();
        }
        logger.trace("Using a master key");
        PlaintextKeys fromMasterKey = fromMasterKey(validateKey(HexUtils.stringToBin(str4)));
        if (str5 != null) {
            fromMasterKey.setDiversifier((Diversification) Optional.ofNullable(Diversification.lookup(str5)).orElseThrow(() -> {
                return new IllegalArgumentException("Invalid diversification:  " + str5);
            }));
        } else {
            logger.warn("Using master key without derivation, is this right?");
        }
        if (str6 != null) {
            fromMasterKey.kdd = HexUtils.stringToBin(str6);
        }
        if (str7 != null) {
            fromMasterKey.setVersion(GPUtils.intValue(str7));
        }
        return Optional.of(fromMasterKey);
    }

    public static Optional<PlaintextKeys> fromEnvironment(Map<String, String> map, String str) {
        Optional<PlaintextKeys> fromStrings = fromStrings(map.get(str + "_ENC"), map.get(str + "_MAC"), map.get(str + "_DEK"), map.get(str), map.get(str + "_DIV"), map.get(str + "_KDD"), map.get(str + "_VER"));
        if (fromStrings.isPresent()) {
            logger.debug("Got keys from environment, prefix=" + str);
        }
        return fromStrings;
    }

    public static PlaintextKeys fromMasterKey(byte[] bArr) {
        return derivedFromMasterKey(bArr, null, Diversification.NONE);
    }

    public static PlaintextKeys defaultKey() {
        return derivedFromMasterKey(defaultKeyBytes, null, Diversification.NONE);
    }

    public static PlaintextKeys derivedFromMasterKey(byte[] bArr, byte[] bArr2, Diversification diversification) {
        if (bArr2 != null && bArr2.length == 3) {
            byte[] kcv_3des = GPCrypto.kcv_3des(bArr);
            byte[] kcv_aes = GPCrypto.kcv_aes(bArr);
            if (Arrays.equals(kcv_3des, bArr2)) {
                logger.debug("KCV matches 3DES");
            } else {
                if (!Arrays.equals(kcv_aes, bArr2)) {
                    throw new IllegalArgumentException(String.format("KCV mismatch: %s vs %s (3DES) or %s (AES)", HexUtils.bin2hex(bArr2), HexUtils.bin2hex(kcv_3des), HexUtils.bin2hex(kcv_aes)));
                }
                logger.debug("KCV matches AES");
            }
        }
        return new PlaintextKeys(bArr, diversification);
    }

    public static PlaintextKeys fromKeys(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return new PlaintextKeys(bArr, bArr2, bArr3, Diversification.NONE);
    }

    /* JADX WARN: Type inference failed for: r2v6, types: [byte[], byte[][]] */
    public static byte[] diversify(byte[] bArr, GPCardKeys.KeyPurpose keyPurpose, byte[] bArr2, Diversification diversification) throws GPException {
        byte[] fillEmv;
        try {
            try {
                if (diversification == Diversification.KDF3) {
                    return GPCrypto.scp03_kdf(bArr, new byte[0], GPUtils.concatenate(new byte[]{SCP03_KDF_CONSTANTS.get(keyPurpose), bArr2}), bArr.length);
                }
                if (diversification == Diversification.VISA2) {
                    fillEmv = fillVisa2(bArr2, keyPurpose);
                } else {
                    if (diversification != Diversification.EMV) {
                        throw new IllegalStateException("Unknown diversification method");
                    }
                    fillEmv = fillEmv(bArr2, keyPurpose);
                }
                Cipher cipher = Cipher.getInstance("DESede/ECB/NoPadding");
                cipher.init(1, GPCrypto.des3key(bArr));
                return cipher.doFinal(fillEmv);
            } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
                throw new RuntimeException("Can not diversify", e);
            }
        } catch (InvalidKeyException | BadPaddingException | IllegalBlockSizeException e2) {
            throw new GPException("Diversification failed.", e2);
        }
    }

    public static final byte[] fillVisa2(byte[] bArr, GPCardKeys.KeyPurpose keyPurpose) {
        byte[] bArr2 = new byte[16];
        System.arraycopy(bArr, 0, bArr2, 0, 2);
        System.arraycopy(bArr, 4, bArr2, 2, 4);
        bArr2[6] = -16;
        bArr2[7] = keyPurpose.getValue();
        System.arraycopy(bArr, 0, bArr2, 8, 2);
        System.arraycopy(bArr, 4, bArr2, 10, 4);
        bArr2[14] = 15;
        bArr2[15] = keyPurpose.getValue();
        return bArr2;
    }

    public static final byte[] fillVisa(byte[] bArr, GPCardKeys.KeyPurpose keyPurpose) {
        byte[] bArr2 = new byte[16];
        System.arraycopy(bArr, 0, bArr2, 0, 4);
        System.arraycopy(bArr, 8, bArr2, 4, 2);
        bArr2[6] = -16;
        bArr2[7] = keyPurpose.getValue();
        System.arraycopy(bArr, 0, bArr2, 8, 4);
        System.arraycopy(bArr, 8, bArr2, 12, 2);
        bArr2[14] = 15;
        bArr2[15] = keyPurpose.getValue();
        return bArr2;
    }

    public static final byte[] fillEmv(byte[] bArr, GPCardKeys.KeyPurpose keyPurpose) {
        byte[] bArr2 = new byte[16];
        System.arraycopy(bArr, 4, bArr2, 0, 6);
        bArr2[6] = -16;
        bArr2[7] = keyPurpose.getValue();
        System.arraycopy(bArr, 4, bArr2, 8, 6);
        bArr2[14] = 15;
        bArr2[15] = keyPurpose.getValue();
        return bArr2;
    }

    public Optional<byte[]> getMasterKey() {
        return Optional.ofNullable(this.masterKey);
    }

    @Override // pro.javacard.gp.GPCardKeys
    public GPKeyInfo getKeyInfo() {
        byte[] bArr = this.cardKeys.get(GPCardKeys.KeyPurpose.ENC);
        return new GPKeyInfo(this.version, 1, bArr.length, (bArr.length > 16 || this.scp == GPSecureChannel.SCP03) ? GPKeyInfo.GPKey.AES : GPKeyInfo.GPKey.DES3);
    }

    @Override // pro.javacard.gp.GPCardKeys
    public byte[] encrypt(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        if (this.scp == GPSecureChannel.SCP02) {
            return GPCrypto.dek_encrypt_des(this.sessionKeys.get(GPCardKeys.KeyPurpose.DEK), bArr);
        }
        if (this.scp == GPSecureChannel.SCP01) {
            return GPCrypto.dek_encrypt_des(this.cardKeys.get(GPCardKeys.KeyPurpose.DEK), bArr);
        }
        if (this.scp == GPSecureChannel.SCP03) {
            return GPCrypto.dek_encrypt_aes(this.cardKeys.get(GPCardKeys.KeyPurpose.DEK), bArr);
        }
        throw new IllegalStateException("Unknown SCP version");
    }

    @Override // pro.javacard.gp.GPCardKeys
    public byte[] encryptKey(GPCardKeys gPCardKeys, GPCardKeys.KeyPurpose keyPurpose, byte[] bArr) throws GeneralSecurityException {
        if (!(gPCardKeys instanceof PlaintextKeys)) {
            throw new IllegalArgumentException(getClass().getName() + " can only handle " + getClass().getName());
        }
        PlaintextKeys plaintextKeys = (PlaintextKeys) gPCardKeys;
        switch (AnonymousClass1.$SwitchMap$pro$javacard$gp$GPSecureChannel[this.scp.ordinal()]) {
            case 1:
                logger.debug("Encrypting {} value (KCV={}) with DEK (KCV={})", new Object[]{keyPurpose, HexUtils.bin2hex(plaintextKeys.kcv(keyPurpose)), HexUtils.bin2hex(kcv(GPCardKeys.KeyPurpose.DEK))});
                return GPCrypto.dek_encrypt_des(this.cardKeys.get(GPCardKeys.KeyPurpose.DEK), plaintextKeys.cardKeys.get(keyPurpose));
            case 2:
                logger.debug("Encrypting {} value (KCV={}) with S-DEK (KCV={})", new Object[]{keyPurpose, HexUtils.bin2hex(plaintextKeys.kcv(keyPurpose)), HexUtils.bin2hex(GPCrypto.kcv_3des(this.sessionKeys.get(GPCardKeys.KeyPurpose.DEK)))});
                return GPCrypto.dek_encrypt_des(this.sessionKeys.get(GPCardKeys.KeyPurpose.DEK), plaintextKeys.cardKeys.get(keyPurpose));
            case ISO7816.OFFSET_P2 /* 3 */:
                logger.debug("Encrypting {} value (KCV={}) with DEK (KCV={})", new Object[]{keyPurpose, HexUtils.bin2hex(plaintextKeys.kcv(keyPurpose)), HexUtils.bin2hex(kcv(GPCardKeys.KeyPurpose.DEK))});
                byte[] bArr2 = plaintextKeys.cardKeys.get(keyPurpose);
                byte[] bArr3 = new byte[((bArr2.length % 16) + 1) * bArr2.length];
                GPCrypto.random.nextBytes(bArr3);
                System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
                return GPCrypto.dek_encrypt_aes(this.cardKeys.get(GPCardKeys.KeyPurpose.DEK), bArr3);
            default:
                throw new GPException("Illegal SCP");
        }
    }

    @Override // pro.javacard.gp.GPCardKeys
    public Map<GPCardKeys.KeyPurpose, byte[]> getSessionKeys(byte[] bArr) {
        for (GPCardKeys.KeyPurpose keyPurpose : GPCardKeys.KeyPurpose.cardKeys()) {
            switch (AnonymousClass1.$SwitchMap$pro$javacard$gp$GPSecureChannel[this.scp.ordinal()]) {
                case 1:
                    this.sessionKeys.put(keyPurpose, deriveSessionKeySCP01(this.cardKeys.get(keyPurpose), keyPurpose, bArr));
                    break;
                case 2:
                    this.sessionKeys.put(keyPurpose, deriveSessionKeySCP02(this.cardKeys.get(keyPurpose), keyPurpose, bArr));
                    if (keyPurpose == GPCardKeys.KeyPurpose.MAC) {
                        this.sessionKeys.put(GPCardKeys.KeyPurpose.RMAC, deriveSessionKeySCP02(this.cardKeys.get(keyPurpose), GPCardKeys.KeyPurpose.RMAC, bArr));
                        break;
                    } else {
                        break;
                    }
                case ISO7816.OFFSET_P2 /* 3 */:
                    this.sessionKeys.put(keyPurpose, deriveSessionKeySCP03(this.cardKeys.get(keyPurpose), keyPurpose, bArr));
                    if (keyPurpose == GPCardKeys.KeyPurpose.MAC) {
                        this.sessionKeys.put(GPCardKeys.KeyPurpose.RMAC, deriveSessionKeySCP03(this.cardKeys.get(keyPurpose), GPCardKeys.KeyPurpose.RMAC, bArr));
                        break;
                    } else {
                        break;
                    }
                default:
                    throw new IllegalStateException("Illegal SCP");
            }
        }
        return this.sessionKeys;
    }

    @Override // pro.javacard.gp.GPCardKeys
    public byte[] kcv(GPCardKeys.KeyPurpose keyPurpose) {
        byte[] bArr = this.cardKeys.get(keyPurpose);
        if (this.scp == GPSecureChannel.SCP03) {
            return GPCrypto.kcv_aes(bArr);
        }
        if (this.scp == GPSecureChannel.SCP01 || this.scp == GPSecureChannel.SCP02) {
            return GPCrypto.kcv_3des(bArr);
        }
        if (bArr.length == 16) {
            logger.warn("Don't know how to calculate KCV, defaulting to SCP02");
            return GPCrypto.kcv_3des(bArr);
        }
        logger.warn("Don't know how to calculate KCV, defaulting to SCP03");
        return GPCrypto.kcv_aes(bArr);
    }

    public void setVersion(int i) {
        this.version = i;
    }

    private byte[] deriveSessionKeySCP01(byte[] bArr, GPCardKeys.KeyPurpose keyPurpose, byte[] bArr2) {
        if (keyPurpose == GPCardKeys.KeyPurpose.DEK) {
            return bArr;
        }
        byte[] bArr3 = new byte[16];
        System.arraycopy(bArr2, 12, bArr3, 0, 4);
        System.arraycopy(bArr2, 0, bArr3, 4, 4);
        System.arraycopy(bArr2, 8, bArr3, 8, 4);
        System.arraycopy(bArr2, 4, bArr3, 12, 4);
        try {
            Cipher cipher = Cipher.getInstance("DESede/ECB/NoPadding");
            cipher.init(1, GPCrypto.des3key(bArr));
            return cipher.doFinal(bArr3);
        } catch (InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
            throw new RuntimeException("Session key calculation failed", e);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e2) {
            throw new IllegalStateException("Can not calculate session keys", e2);
        }
    }

    private byte[] deriveSessionKeySCP02(byte[] bArr, GPCardKeys.KeyPurpose keyPurpose, byte[] bArr2) {
        try {
            Cipher cipher = Cipher.getInstance("DESede/CBC/NoPadding");
            byte[] bArr3 = new byte[16];
            System.arraycopy(bArr2, 0, bArr3, 2, 2);
            System.arraycopy(SCP02_CONSTANTS.get(keyPurpose), 0, bArr3, 0, 2);
            cipher.init(1, GPCrypto.des3key(bArr), GPCrypto.iv_null_8);
            return cipher.doFinal(bArr3);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
            throw new RuntimeException("Session keys calculation failed.", e);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e2) {
            throw new IllegalStateException("Session keys calculation failed.", e2);
        }
    }

    private byte[] deriveSessionKeySCP03(byte[] bArr, GPCardKeys.KeyPurpose keyPurpose, byte[] bArr2) {
        return keyPurpose == GPCardKeys.KeyPurpose.DEK ? bArr : GPCrypto.scp03_kdf(bArr, SCP03_CONSTANTS.get(keyPurpose).byteValue(), bArr2, bArr.length * 8);
    }

    @Override // pro.javacard.gp.GPCardKeys
    public PlaintextKeys diversify(GPSecureChannel gPSecureChannel, byte[] bArr) {
        super.diversify(gPSecureChannel, bArr);
        if (this.diversifier == Diversification.NONE) {
            return this;
        }
        for (Map.Entry<GPCardKeys.KeyPurpose, byte[]> entry : this.cardKeys.entrySet()) {
            this.cardKeys.put(entry.getKey(), diversify(entry.getValue(), entry.getKey(), bArr, this.diversifier));
        }
        return this;
    }

    @Override // pro.javacard.gp.GPCardKeys
    public String toString() {
        String bin2hex = HexUtils.bin2hex(this.cardKeys.get(GPCardKeys.KeyPurpose.ENC));
        String bin2hex2 = HexUtils.bin2hex(kcv(GPCardKeys.KeyPurpose.ENC));
        String bin2hex3 = HexUtils.bin2hex(this.cardKeys.get(GPCardKeys.KeyPurpose.MAC));
        String bin2hex4 = HexUtils.bin2hex(kcv(GPCardKeys.KeyPurpose.MAC));
        String bin2hex5 = HexUtils.bin2hex(this.cardKeys.get(GPCardKeys.KeyPurpose.DEK));
        String bin2hex6 = HexUtils.bin2hex(kcv(GPCardKeys.KeyPurpose.DEK));
        Object[] objArr = new Object[8];
        objArr[0] = bin2hex;
        objArr[1] = bin2hex2;
        objArr[2] = bin2hex3;
        objArr[3] = bin2hex4;
        objArr[4] = bin2hex5;
        objArr[5] = bin2hex6;
        objArr[6] = this.scp;
        objArr[7] = this.diversifier == Diversification.NONE ? "" : String.format(" with %s", this.diversifier);
        return String.format("ENC=%s (KCV: %s) MAC=%s (KCV: %s) DEK=%s (KCV: %s) for %s%s", objArr);
    }

    public void setDiversifier(Diversification diversification) {
        this.diversifier = diversification;
    }

    static {
        HashMap hashMap = new HashMap();
        hashMap.put(GPCardKeys.KeyPurpose.MAC, new byte[]{1, 1});
        hashMap.put(GPCardKeys.KeyPurpose.RMAC, new byte[]{1, 2});
        hashMap.put(GPCardKeys.KeyPurpose.DEK, new byte[]{1, -127});
        hashMap.put(GPCardKeys.KeyPurpose.ENC, new byte[]{1, -126});
        SCP02_CONSTANTS = Collections.unmodifiableMap(hashMap);
        HashMap hashMap2 = new HashMap();
        hashMap2.put(GPCardKeys.KeyPurpose.ENC, (byte) 4);
        hashMap2.put(GPCardKeys.KeyPurpose.MAC, (byte) 6);
        hashMap2.put(GPCardKeys.KeyPurpose.RMAC, (byte) 7);
        SCP03_CONSTANTS = Collections.unmodifiableMap(hashMap2);
        HashMap hashMap3 = new HashMap();
        hashMap3.put(GPCardKeys.KeyPurpose.ENC, HexUtils.hex2bin("0000000100"));
        hashMap3.put(GPCardKeys.KeyPurpose.MAC, HexUtils.hex2bin("0000000200"));
        hashMap3.put(GPCardKeys.KeyPurpose.DEK, HexUtils.hex2bin("0000000300"));
        SCP03_KDF_CONSTANTS = Collections.unmodifiableMap(hashMap3);
    }
}
