package pro.javacard.gp;

import apdu4j.core.CommandAPDU;
import apdu4j.core.HexUtils;
import apdu4j.core.ResponseAPDU;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:pro/javacard/gp/SCP02Wrapper.class */
class SCP02Wrapper extends SecureChannelWrapper {
    private static final Logger logger = LoggerFactory.getLogger(SCP02Wrapper.class);
    private final ByteArrayOutputStream rMac;
    private byte[] icv;
    private byte[] ricv;
    private boolean icvEnc;
    private boolean macModifiedAPDU;
    private boolean postAPDU;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SCP02Wrapper(byte[] bArr, byte[] bArr2, byte[] bArr3, int i) {
        super(bArr, bArr2, bArr3, i);
        this.rMac = new ByteArrayOutputStream();
        this.icv = null;
        this.ricv = null;
        this.icvEnc = false;
        this.macModifiedAPDU = false;
        this.postAPDU = false;
        setVariant(85);
    }

    private static byte clearBits(byte b, byte b2) {
        return (byte) (b & (b2 ^ (-1)) & 255);
    }

    private static byte setBits(byte b, byte b2) {
        return (byte) ((b | b2) & 255);
    }

    public void setVariant(int i) {
        this.icvEnc = true;
        this.macModifiedAPDU = true;
    }

    @Override // pro.javacard.gp.SecureChannelWrapper
    public CommandAPDU wrap(CommandAPDU commandAPDU) throws GPException {
        try {
            try {
                if (this.rmac) {
                    this.rMac.reset();
                    this.rMac.write(clearBits((byte) commandAPDU.getCLA(), (byte) 7));
                    this.rMac.write(commandAPDU.getINS());
                    this.rMac.write(commandAPDU.getP1());
                    this.rMac.write(commandAPDU.getP2());
                    if (commandAPDU.getNc() >= 0) {
                        this.rMac.write(commandAPDU.getNc());
                        this.rMac.write(commandAPDU.getData());
                    }
                }
                if (!this.mac && !this.enc) {
                    return commandAPDU;
                }
                int cla = commandAPDU.getCLA();
                int ins = commandAPDU.getINS();
                int p1 = commandAPDU.getP1();
                int p2 = commandAPDU.getP2();
                byte[] data = commandAPDU.getData();
                int nc = commandAPDU.getNc();
                int i = nc;
                byte[] bArr = null;
                int ne = commandAPDU.getNe();
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                if (nc > getBlockSize()) {
                    throw new IllegalArgumentException("APDU too long for wrapping.");
                }
                if (this.mac) {
                    if (this.icv == null) {
                        this.icv = new byte[8];
                    } else if (this.icvEnc) {
                        Cipher cipher = Cipher.getInstance("DES/ECB/NoPadding");
                        cipher.init(1, new SecretKeySpec(GPCrypto.resizeDES(this.macKey, 8), "DES"));
                        this.icv = cipher.doFinal(this.icv);
                    }
                    if (this.macModifiedAPDU) {
                        cla = setBits((byte) cla, (byte) 4);
                        i += 8;
                    }
                    byteArrayOutputStream.write(cla);
                    byteArrayOutputStream.write(ins);
                    byteArrayOutputStream.write(p1);
                    byteArrayOutputStream.write(p2);
                    byteArrayOutputStream.write(i);
                    byteArrayOutputStream.write(data);
                    logger.trace("MAC input: {}", HexUtils.bin2hex(byteArrayOutputStream.toByteArray()));
                    this.icv = GPCrypto.mac_des_3des(this.macKey, byteArrayOutputStream.toByteArray(), this.icv);
                    if (this.postAPDU) {
                        cla = setBits((byte) cla, (byte) 4);
                        i += 8;
                    }
                    byteArrayOutputStream.reset();
                    bArr = data;
                }
                if (this.enc && nc > 0) {
                    byteArrayOutputStream.write(GPCrypto.pad80(data, 8));
                    i += byteArrayOutputStream.size() - data.length;
                    Cipher cipher2 = Cipher.getInstance("DESede/CBC/NoPadding");
                    cipher2.init(1, GPCrypto.des3key(this.encKey), GPCrypto.iv_null_8);
                    bArr = cipher2.doFinal(byteArrayOutputStream.toByteArray());
                    byteArrayOutputStream.reset();
                }
                byteArrayOutputStream.write(cla);
                byteArrayOutputStream.write(ins);
                byteArrayOutputStream.write(p1);
                byteArrayOutputStream.write(p2);
                if (i > 0) {
                    byteArrayOutputStream.write(i);
                    byteArrayOutputStream.write(bArr);
                }
                if (this.mac) {
                    byteArrayOutputStream.write(this.icv);
                }
                if (ne > 0) {
                    byteArrayOutputStream.write(ne);
                }
                return new CommandAPDU(byteArrayOutputStream.toByteArray());
            } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
                throw new IllegalStateException("APDU wrapping failed", e);
            }
        } catch (IOException e2) {
            throw new RuntimeException("APDU wrapping failed", e2);
        } catch (GeneralSecurityException e3) {
            throw new GPException("APDU wrapping failed", e3);
        }
    }

    @Override // pro.javacard.gp.SecureChannelWrapper
    public ResponseAPDU unwrap(ResponseAPDU responseAPDU) throws GPException {
        if (this.rmac) {
            if (responseAPDU.getData().length < 8) {
                throw new GPException("Wrong response length (too short).");
            }
            int length = responseAPDU.getData().length - 8;
            this.rMac.write(length);
            this.rMac.write(responseAPDU.getData(), 0, length);
            this.rMac.write(responseAPDU.getSW1());
            this.rMac.write(responseAPDU.getSW2());
            this.ricv = GPCrypto.mac_des_3des(this.rmacKey, GPCrypto.pad80(this.rMac.toByteArray(), 8), this.ricv);
            byte[] bArr = new byte[8];
            System.arraycopy(responseAPDU.getData(), length, bArr, 0, 8);
            if (!Arrays.equals(this.ricv, bArr)) {
                throw new GPException("RMAC invalid.");
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(responseAPDU.getBytes(), 0, length);
            byteArrayOutputStream.write(responseAPDU.getSW1());
            byteArrayOutputStream.write(responseAPDU.getSW2());
            responseAPDU = new ResponseAPDU(byteArrayOutputStream.toByteArray());
        }
        return responseAPDU;
    }
}
