package pro.javacard.gp;

import apdu4j.core.APDUBIBO;
import apdu4j.core.CommandAPDU;
import apdu4j.core.HexUtils;
import apdu4j.core.ResponseAPDU;
import com.payneteasy.tlv.BerTag;
import com.payneteasy.tlv.BerTlv;
import com.payneteasy.tlv.BerTlvParser;
import com.payneteasy.tlv.BerTlvs;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import java.util.stream.Collectors;
import javax.crypto.SecretKey;
import org.bouncycastle.asn1.x9.ECNamedCurveTable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pro.javacard.AID;
import pro.javacard.CAPFile;
import pro.javacard.gp.DMTokenizer;
import pro.javacard.gp.GPCardKeys;
import pro.javacard.gp.GPData;
import pro.javacard.gp.GPKeyInfo;
import pro.javacard.gp.GPRegistryEntry;
import pro.javacard.gp.GPSecureChannelVersion;

/* loaded from: input_file:pro/javacard/gp/GPSession.class */
public class GPSession {
    public static final int SW_NO_ERROR = 36864;
    private static final Logger logger = LoggerFactory.getLogger(GPSession.class);
    public static final EnumSet<APDUMode> defaultMode = EnumSet.of(APDUMode.MAC);
    public static final byte CLA_ISO7816 = 0;
    public static final byte CLA_GP = Byte.MIN_VALUE;
    public static final byte CLA_MAC = -124;
    public static final byte INS_SELECT = -92;
    public static final byte INS_INITIALIZE_UPDATE = 80;
    public static final byte INS_INSTALL = -26;
    public static final byte INS_LOAD = -24;
    public static final byte INS_DELETE = -28;
    public static final byte INS_GET_STATUS = -14;
    public static final byte INS_SET_STATUS = -16;
    public static final byte INS_PUT_KEY = -40;
    public static final byte INS_STORE_DATA = -30;
    public static final byte INS_EXTERNAL_AUTHENTICATE_82 = -126;
    public static final byte INS_GET_DATA = -54;
    public static final byte P1_INSTALL_AND_MAKE_SELECTABLE = 12;
    public static final byte P1_INSTALL_FOR_INSTALL = 4;
    public static final byte P1_INSTALL_FOR_LOAD = 2;
    public static final byte P1_MORE_BLOCKS = 0;
    public static final byte P1_LAST_BLOCK = Byte.MIN_VALUE;
    public static final int SW_SECURITY_STATUS_NOT_SATISFIED = 27010;
    public static final int SW_AUTHENTICATION_METHOD_BLOCKED = 27011;
    private AID sdAID;
    private GPSecureChannelVersion scpVersion;
    private int scpKeyVersion;
    GPCardProfile profile;
    private int blockSize;
    private GPCardKeys cardKeys;
    private byte[] sessionContext;
    private SecureChannelWrapper wrapper;
    private APDUBIBO channel;
    private GPRegistry registry;
    private DMTokenizer tokenizer;
    private boolean dirty;

    /* renamed from: pro.javacard.gp.GPSession$1, reason: invalid class name */
    /* loaded from: input_file:pro/javacard/gp/GPSession$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$pro$javacard$gp$GPSecureChannelVersion$SCP = new int[GPSecureChannelVersion.SCP.values().length];

        static {
            try {
                $SwitchMap$pro$javacard$gp$GPSecureChannelVersion$SCP[GPSecureChannelVersion.SCP.SCP01.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$pro$javacard$gp$GPSecureChannelVersion$SCP[GPSecureChannelVersion.SCP.SCP02.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$pro$javacard$gp$GPSecureChannelVersion$SCP[GPSecureChannelVersion.SCP.SCP03.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:pro/javacard/gp/GPSession$APDUMode.class */
    public enum APDUMode {
        CLR(0),
        MAC(1),
        ENC(2),
        RMAC(16),
        RENC(32);

        private final int value;

        APDUMode(int i) {
            this.value = i;
        }

        public static int getSetValue(EnumSet<APDUMode> enumSet) {
            int i = 0;
            Iterator it = enumSet.iterator();
            while (it.hasNext()) {
                i |= ((APDUMode) it.next()).value;
            }
            return i;
        }

        public static APDUMode fromString(String str) {
            return valueOf(str.trim().toUpperCase());
        }
    }

    public GPSession(APDUBIBO apdubibo, AID aid) {
        this(apdubibo, aid, GPCardProfile.defaultProfile());
    }

    public GPSession(APDUBIBO apdubibo, AID aid, GPCardProfile gPCardProfile) {
        this.scpKeyVersion = 0;
        this.blockSize = 255;
        this.cardKeys = null;
        this.wrapper = null;
        this.registry = null;
        this.tokenizer = DMTokenizer.none();
        this.dirty = true;
        if (apdubibo == null) {
            throw new IllegalArgumentException("A card session is required");
        }
        this.channel = apdubibo;
        this.sdAID = aid;
        this.profile = gPCardProfile;
    }

    public static GPSession discover(APDUBIBO apdubibo) throws GPException, IOException {
        BerTlv find;
        if (apdubibo == null) {
            throw new IllegalArgumentException("channel is null");
        }
        ResponseAPDU transmit = apdubibo.transmit(new CommandAPDU(0, -92, 4, 0, 256));
        if (transmit.getSW() == 27266) {
            byte[] data = apdubibo.transmit(new CommandAPDU(0, -92, 4, 0, HexUtils.hex2bin("A000000167413000FF"), 256)).getData();
            if (data.length > 15 && data[14] == 0) {
                throw new GPException("Unfused JCOP detected");
            }
        }
        if (transmit.getSW() == 27271) {
            logger.debug("Trying default ISD AID ...");
            return connect(apdubibo, new AID(GPData.defaultISDBytes));
        }
        GPException.check(transmit, "Could not SELECT default selected", 25219);
        if (transmit.getSW() == 25219) {
            logger.warn("Card Manager is LOCKED");
        }
        try {
            BerTlvs parse = new BerTlvParser().parse(transmit.getData());
            GPUtils.trace_tlv(transmit.getData(), logger);
            BerTlv find2 = parse.find(new BerTag(111));
            if (find2 == null || (find = find2.find(new BerTag(132))) == null || find.getBytesValue().length <= 0) {
                throw new GPDataException("Could not auto-detect ISD AID", transmit.getData());
            }
            AID aid = new AID(find.getBytesValue());
            logger.debug("Auto-detected ISD: " + aid);
            return new GPSession(apdubibo, aid);
        } catch (ArrayIndexOutOfBoundsException | IllegalStateException e) {
            logger.warn("Could not parse SELECT response: " + e.getMessage());
            throw new GPDataException("Could not auto-detect ISD AID", transmit.getData());
        }
    }

    public static GPSession connect(APDUBIBO apdubibo, AID aid) throws IOException, GPException {
        if (apdubibo == null) {
            throw new IllegalArgumentException("A card session is required");
        }
        if (aid == null) {
            throw new IllegalArgumentException("Security Domain AID is required");
        }
        logger.debug("(I)SD AID: " + aid);
        GPSession gPSession = new GPSession(apdubibo, aid);
        gPSession.select(aid);
        return gPSession;
    }

    public static String getVersion() {
        Properties properties = new Properties();
        try {
            InputStream resourceAsStream = GPSession.class.getResourceAsStream("git.properties");
            try {
                properties.load(resourceAsStream);
                String property = properties.getProperty("git.commit.id.describe", "unknown-development");
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
                return property;
            } finally {
            }
        } catch (IOException e) {
            return "unknown-error";
        }
    }

    public void setBlockSize(int i) {
        this.blockSize = i;
    }

    public void setTokenizer(DMTokenizer dMTokenizer) {
        this.tokenizer = dMTokenizer;
    }

    public DMTokenizer getTokenizer() {
        return this.tokenizer;
    }

    public AID getAID() {
        return new AID(this.sdAID.getBytes());
    }

    public GPSecureChannelVersion getSecureChannel() {
        return this.scpVersion;
    }

    public APDUBIBO getCardChannel() {
        return this.channel;
    }

    public int getScpKeyVersion() {
        return this.scpKeyVersion;
    }

    void select(AID aid) throws GPException {
        ResponseAPDU transmit = this.channel.transmit(new CommandAPDU(0, -92, 4, 0, aid.getBytes(), 256));
        if (transmit.getSW() == 25219) {
            logger.warn("SELECT ISD returned 6283 - CARD_LOCKED");
        }
        GPException.check(transmit, "Could not SELECT Security Domain", 25219);
        parse_select_response(transmit.getData());
    }

    private void parse_select_response(byte[] bArr) throws GPException {
        BerTlv find;
        try {
            BerTlvs parse = new BerTlvParser().parse(bArr);
            GPUtils.trace_tlv(bArr, logger);
            BerTlv find2 = parse.find(new BerTag(111));
            if (find2 == null) {
                logger.warn("No FCI returned to SELECT");
                return;
            }
            BerTlv find3 = find2.find(new BerTag(132));
            if (find3 != null) {
                AID aid = new AID(find3.getBytesValue());
                if (!aid.equals(this.sdAID)) {
                    logger.warn(String.format("SD AID in FCI (%s) does not match the requested AID (%s). Using reported AID!", aid, this.sdAID));
                    this.sdAID = aid;
                }
            }
            BerTlv find4 = find2.find(new BerTag(165));
            if (find4 == null) {
                logger.warn("No mandatory proprietary info present in FCI");
                return;
            }
            BerTlv find5 = find4.find(new BerTag(115));
            if (find5 != null) {
                BerTlv find6 = find5.find(new BerTag(6));
                if (find6 == null) {
                    logger.warn("Not global platform OID");
                } else {
                    if (!Arrays.equals(find6.getBytesValue(), HexUtils.hex2bin("2A864886FC6B01"))) {
                        throw new GPDataException("Invalid CardRecognitionData", find6.getBytesValue());
                    }
                    BerTlv find7 = find5.find(new BerTag(96));
                    if (find7 != null && (find = find7.find(new BerTag(6))) != null) {
                        logger.debug("Auto-detected GP version: " + GPData.oid2version(find.getBytesValue()));
                    }
                }
            }
            BerTlv find8 = find4.find(new BerTag(159, 110));
            if (find8 != null) {
                logger.debug("Lifecycle data (ignored): " + HexUtils.bin2hex(find8.getBytesValue()));
            }
            BerTlv find9 = find4.find(new BerTag(159, 101));
            if (find9 != null) {
                setBlockSize(find9.getBytesValue());
            }
        } catch (ArrayIndexOutOfBoundsException | IllegalStateException e) {
            logger.warn("Could not parse SELECT response: " + e.getMessage());
        }
    }

    private void setBlockSize(byte[] bArr) {
        int intValue = new BigInteger(1, bArr).intValue();
        if (intValue > this.blockSize) {
            logger.warn("Ignoring auto-detected block size that exceeds set maximum: " + intValue);
        } else {
            this.blockSize = intValue;
            logger.debug("Auto-detected block size: " + this.blockSize);
        }
    }

    List<GPKeyInfo> getKeyInfoTemplate() throws IOException, GPException {
        return new ArrayList(GPKeyInfo.parseTemplate(this.wrapper != null ? transmit(new CommandAPDU(-128, -54, 0, 224, 256)).getData() : GPData.fetchKeyInfoTemplate(this.channel)));
    }

    private void normalizeSecurityLevel(EnumSet<APDUMode> enumSet) {
        if (enumSet.contains(APDUMode.RENC)) {
            enumSet.add(APDUMode.ENC);
            enumSet.add(APDUMode.RMAC);
        }
        if (enumSet.contains(APDUMode.ENC) || enumSet.contains(APDUMode.RMAC)) {
            enumSet.add(APDUMode.MAC);
        }
    }

    /* JADX WARN: Type inference failed for: r0v80, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r1v50, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r1v73, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r1v85, types: [byte[], byte[][]] */
    public void openSecureChannel(GPCardKeys gPCardKeys, GPSecureChannelVersion gPSecureChannelVersion, byte[] bArr, EnumSet<APDUMode> enumSet) throws IOException, GPException {
        byte[] bArr2;
        byte[] scp03_kdf;
        normalizeSecurityLevel(enumSet);
        logger.info("Using card master keys with version {} for setting up session with {} ", Integer.valueOf(gPCardKeys.getKeyInfo().getVersion()), enumSet.stream().map((v0) -> {
            return v0.name();
        }).collect(Collectors.joining(", ")));
        if (bArr == null) {
            bArr = new byte[8];
            GPCrypto.random.nextBytes(bArr);
            logger.trace("Generated host challenge: " + HexUtils.bin2hex(bArr));
        }
        ResponseAPDU transmit = this.channel.transmit(new CommandAPDU(-128, 80, gPCardKeys.getKeyInfo().getVersion(), gPSecureChannelVersion.scp == GPSecureChannelVersion.SCP.SCP01 ? gPCardKeys.getKeyInfo().getID() : 0, bArr, 256));
        int sw = transmit.getSW();
        if (sw == 27010 || sw == 27011) {
            throw new GPException(sw, "INITIALIZE UPDATE failed, card LOCKED?");
        }
        GPException.check(transmit, "INITIALIZE UPDATE failed", new int[0]);
        byte[] data = transmit.getData();
        if (data.length != 28 && data.length != 29 && data.length != 32) {
            throw new GPException("Invalid INITIALIZE UPDATE response length: " + data.length);
        }
        byte[] copyOfRange = Arrays.copyOfRange(data, 0, 10);
        int length = 0 + copyOfRange.length;
        this.scpKeyVersion = data[length] & 255;
        int i = length + 1;
        int i2 = data[i] & 255;
        int i3 = i + 1;
        if (i2 == 3) {
            this.scpVersion = GPSecureChannelVersion.valueOf(i2, data[i3]);
            i3++;
        } else {
            this.scpVersion = GPSecureChannelVersion.valueOf(i2);
        }
        byte[] copyOfRange2 = Arrays.copyOfRange(data, i3, i3 + 8);
        int length2 = i3 + copyOfRange2.length;
        byte[] copyOfRange3 = Arrays.copyOfRange(data, length2, length2 + 8);
        int length3 = length2 + copyOfRange3.length;
        if (this.scpVersion.scp == GPSecureChannelVersion.SCP.SCP02) {
            bArr2 = Arrays.copyOfRange(data, 12, 14);
        } else if (this.scpVersion.scp == GPSecureChannelVersion.SCP.SCP03 && data.length == 32) {
            bArr2 = Arrays.copyOfRange(data, length3, 32);
            length3 += bArr2.length;
        } else {
            bArr2 = null;
        }
        if (length3 != data.length) {
            logger.error("Unhandled data in INITIALIZE UPDATE response: {}", HexUtils.bin2hex(Arrays.copyOfRange(data, length3, data.length)));
        }
        logger.debug("KDD: {}", HexUtils.bin2hex(copyOfRange));
        if (bArr2 != null) {
            logger.debug("SSC: {}", HexUtils.bin2hex(bArr2));
        }
        logger.debug("Host challenge: " + HexUtils.bin2hex(bArr));
        logger.debug("Card challenge: " + HexUtils.bin2hex(copyOfRange2));
        logger.debug("Card reports {} with key version {}", this.scpVersion, GPUtils.intString(this.scpKeyVersion));
        GPKeyInfo keyInfo = gPCardKeys.getKeyInfo();
        if (keyInfo.getVersion() > 0 && this.scpKeyVersion != keyInfo.getVersion()) {
            throw new GPException("Key version mismatch: " + keyInfo.getVersion() + " != " + this.scpKeyVersion);
        }
        if (this.scpVersion.scp == GPSecureChannelVersion.SCP.SCP01 && enumSet.contains(APDUMode.RMAC)) {
            logger.warn("SCP01 does not support RMAC, removing.");
        }
        this.cardKeys = gPCardKeys.diversify(this.scpVersion.scp, copyOfRange);
        logger.info("Diversified card keys: {}", this.cardKeys);
        if (this.scpVersion.scp == GPSecureChannelVersion.SCP.SCP02) {
            this.sessionContext = (byte[]) bArr2.clone();
        } else {
            this.sessionContext = GPUtils.concatenate(new byte[]{bArr, copyOfRange2});
        }
        byte[] sessionKey = this.cardKeys.getSessionKey(GPCardKeys.KeyPurpose.ENC, this.sessionContext);
        byte[] sessionKey2 = this.cardKeys.getSessionKey(GPCardKeys.KeyPurpose.MAC, this.sessionContext);
        byte[] sessionKey3 = this.cardKeys.getSessionKey(GPCardKeys.KeyPurpose.RMAC, this.sessionContext);
        Logger logger2 = logger;
        Object[] objArr = new Object[3];
        objArr[0] = HexUtils.bin2hex(sessionKey);
        objArr[1] = HexUtils.bin2hex(sessionKey2);
        objArr[2] = sessionKey3 == null ? "N/A" : HexUtils.bin2hex(sessionKey3);
        logger2.info("Session keys: ENC={} MAC={} RMAC={}", objArr);
        byte[] concatenate = GPUtils.concatenate(new byte[]{bArr, copyOfRange2});
        byte[] mac_3des_nulliv = (this.scpVersion.scp == GPSecureChannelVersion.SCP.SCP01 || this.scpVersion.scp == GPSecureChannelVersion.SCP.SCP02) ? GPCrypto.mac_3des_nulliv(sessionKey, concatenate) : GPCrypto.scp03_kdf(sessionKey2, (byte) 0, concatenate, 64);
        if (!Arrays.equals(copyOfRange3, mac_3des_nulliv)) {
            throw new GPException("Card cryptogram invalid!\nReceived: " + HexUtils.bin2hex(copyOfRange3) + "\nExpected: " + HexUtils.bin2hex(mac_3des_nulliv) + "\n!!! DO NOT RE-TRY THE SAME COMMAND/KEYS OR YOU MAY BRICK YOUR CARD !!!");
        }
        logger.debug("Verified card cryptogram: " + HexUtils.bin2hex(mac_3des_nulliv));
        switch (AnonymousClass1.$SwitchMap$pro$javacard$gp$GPSecureChannelVersion$SCP[this.scpVersion.scp.ordinal()]) {
            case GPData.readyStatus /* 1 */:
                scp03_kdf = GPCrypto.mac_3des_nulliv(sessionKey, GPUtils.concatenate(new byte[]{copyOfRange2, bArr}));
                this.wrapper = new SCP01Wrapper(sessionKey, sessionKey2, this.blockSize);
                break;
            case P1_INSTALL_FOR_LOAD /* 2 */:
                scp03_kdf = GPCrypto.mac_3des_nulliv(sessionKey, GPUtils.concatenate(new byte[]{copyOfRange2, bArr}));
                this.wrapper = new SCP02Wrapper(sessionKey, sessionKey2, sessionKey3, this.blockSize);
                break;
            case 3:
                scp03_kdf = GPCrypto.scp03_kdf(sessionKey2, (byte) 1, concatenate, 64);
                this.wrapper = new SCP03Wrapper(sessionKey, sessionKey2, sessionKey3, this.blockSize);
                break;
            default:
                throw new IllegalStateException("Unknown SCP");
        }
        logger.debug("Calculated host cryptogram: " + HexUtils.bin2hex(scp03_kdf));
        GPException.check(transmit(new CommandAPDU(CLA_MAC, INS_EXTERNAL_AUTHENTICATE_82, APDUMode.getSetValue(enumSet), 0, scp03_kdf)), "EXTERNAL AUTHENTICATE failed", new int[0]);
        this.wrapper.setSecurityLevel(enumSet);
    }

    public ResponseAPDU transmit(CommandAPDU commandAPDU) throws IOException {
        try {
            return this.wrapper.unwrap(this.channel.transmit(this.wrapper.wrap(commandAPDU)));
        } catch (GPException e) {
            throw new IOException("Secure channel failure: " + e.getMessage(), e);
        }
    }

    private ResponseAPDU transmitLV(CommandAPDU commandAPDU) throws IOException {
        logger.trace("LV payload: ");
        try {
            GPUtils.trace_lv(commandAPDU.getData(), logger);
        } catch (Exception e) {
            logger.error("Invalid LV: {}", HexUtils.bin2hex(commandAPDU.getData()));
        }
        return transmit(commandAPDU);
    }

    private ResponseAPDU transmitTLV(CommandAPDU commandAPDU) throws IOException {
        logger.trace("TLV payload: ");
        try {
            GPUtils.trace_tlv(commandAPDU.getData(), logger);
        } catch (Exception e) {
            logger.error("Invalid TLV: {}", HexUtils.bin2hex(commandAPDU.getData()));
        }
        return transmit(commandAPDU);
    }

    public void loadCapFile(CAPFile cAPFile, AID aid, GPData.LFDBH lfdbh) throws IOException, GPException {
        if (aid == null) {
            aid = this.sdAID;
        }
        loadCapFile(cAPFile, aid, null, null, lfdbh);
    }

    public void loadCapFile(CAPFile cAPFile, AID aid, AID aid2, byte[] bArr, GPData.LFDBH lfdbh) throws GPException, IOException {
        byte[] loadFileDataHash = lfdbh == null ? new byte[0] : cAPFile.getLoadFileDataHash(lfdbh.algo);
        byte[] code = cAPFile.getCode();
        byte[] bArr2 = new byte[0];
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write(cAPFile.getPackageAID().getLength());
            byteArrayOutputStream.write(cAPFile.getPackageAID().getBytes());
            byteArrayOutputStream.write(aid.getLength());
            byteArrayOutputStream.write(aid.getBytes());
            byteArrayOutputStream.write(loadFileDataHash.length);
            byteArrayOutputStream.write(loadFileDataHash);
            byteArrayOutputStream.write(GPUtils.encodeLength(bArr2.length));
            byteArrayOutputStream.write(bArr2);
            GPException.check(transmitLV(this.tokenizer.tokenize(new CommandAPDU(-128, -26, 2, 0, byteArrayOutputStream.toByteArray(), 256))), "INSTALL [for load] failed", new int[0]);
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            if (bArr != null && aid2 != null) {
                try {
                    byteArrayOutputStream2.write(226);
                    byteArrayOutputStream2.write(GPUtils.encodeLength(aid2.getLength() + bArr.length + GPUtils.encodeLength(bArr.length).length + 3));
                    byteArrayOutputStream2.write(79);
                    byteArrayOutputStream2.write(aid2.getLength());
                    byteArrayOutputStream2.write(aid2.getBytes());
                    byteArrayOutputStream2.write(195);
                    byteArrayOutputStream2.write(GPUtils.encodeLength(bArr.length));
                    byteArrayOutputStream2.write(bArr);
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
            byteArrayOutputStream2.write(196);
            byteArrayOutputStream2.write(GPUtils.encodeLength(code.length));
            byteArrayOutputStream2.write(code);
            List<byte[]> splitArray = GPUtils.splitArray(byteArrayOutputStream2.toByteArray(), this.wrapper.getBlockSize());
            int i = 0;
            while (i < splitArray.size()) {
                GPException.check(transmit(new CommandAPDU(-128, -24, i == splitArray.size() - 1 ? -128 : 0, (byte) i, splitArray.get(i))), "LOAD failed", new int[0]);
                i++;
            }
            this.dirty = true;
        } catch (IOException e2) {
            throw new RuntimeException(e2);
        }
    }

    public void installAndMakeSelectable(AID aid, AID aid2, AID aid3, Set<GPRegistryEntry.Privilege> set, byte[] bArr) throws GPException, IOException {
        if (aid3 == null) {
            aid3 = aid2;
        }
        GPException.check(transmitLV(this.tokenizer.tokenize(new CommandAPDU(-128, -26, 12, 0, buildInstallData(aid, aid2, aid3, set, bArr)))), "INSTALL [for install and make selectable] failed", new int[0]);
        this.dirty = true;
    }

    private byte[] buildInstallData(AID aid, AID aid2, AID aid3, Set<GPRegistryEntry.Privilege> set, byte[] bArr) {
        if (aid3 == null) {
            aid3 = aid2;
        }
        if (bArr == null || bArr.length == 0) {
            bArr = new byte[]{-55, 0};
        }
        if (bArr[0] != -55) {
            byte[] bArr2 = new byte[bArr.length + 2];
            bArr2[0] = -55;
            bArr2[1] = (byte) bArr.length;
            System.arraycopy(bArr, 0, bArr2, 2, bArr.length);
            bArr = bArr2;
        }
        byte[] byteOrBytes = GPRegistryEntry.Privilege.toByteOrBytes(set);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write(aid.getLength());
            byteArrayOutputStream.write(aid.getBytes());
            byteArrayOutputStream.write(aid2.getLength());
            byteArrayOutputStream.write(aid2.getBytes());
            byteArrayOutputStream.write(aid3.getLength());
            byteArrayOutputStream.write(aid3.getBytes());
            byteArrayOutputStream.write(byteOrBytes.length);
            byteArrayOutputStream.write(byteOrBytes);
            byteArrayOutputStream.write(GPUtils.encodeLength(bArr.length));
            byteArrayOutputStream.write(bArr);
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public void extradite(AID aid, AID aid2) throws GPException, IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write(aid2.getLength());
            byteArrayOutputStream.write(aid2.getBytes());
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(aid.getLength());
            byteArrayOutputStream.write(aid.getBytes());
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(0);
            GPException.check(transmitLV(this.tokenizer.tokenize(new CommandAPDU(-128, -26, 16, 0, byteArrayOutputStream.toByteArray()))), "INSTALL [for extradition] failed", new int[0]);
            this.dirty = true;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public void installForPersonalization(AID aid) throws IOException, GPException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(aid.getLength());
            byteArrayOutputStream.write(aid.getBytes());
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(0);
            GPException.check(transmitLV(new CommandAPDU(-128, -26, 32, 0, byteArrayOutputStream.toByteArray(), 256)), "INSTALL [for personalization] failed", new int[0]);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public byte[] personalizeSingle(AID aid, byte[] bArr, int i) throws IOException, GPException {
        return personalize(aid, Collections.singletonList(bArr), i).get(0);
    }

    public void personalize(AID aid, byte[] bArr, int i) throws IOException, GPException {
        installForPersonalization(aid);
        storeData(bArr, i);
    }

    public List<byte[]> personalize(AID aid, List<byte[]> list, int i) throws IOException, GPException {
        installForPersonalization(aid);
        return storeData(list, i);
    }

    public byte[] storeDataSingle(byte[] bArr, int i) throws IOException, GPException {
        if (bArr.length > this.wrapper.getBlockSize()) {
            throw new IllegalArgumentException("block size is bigger than possibility to send: " + bArr.length + ">" + this.wrapper.getBlockSize());
        }
        return storeData(Collections.singletonList(bArr), i).get(0);
    }

    public void storeData(byte[] bArr, int i) throws IOException, GPException {
        storeData(GPUtils.splitArray(bArr, this.wrapper.getBlockSize()), i);
    }

    public List<byte[]> storeData(List<byte[]> list, int i) throws IOException, GPException {
        ArrayList arrayList = new ArrayList();
        int i2 = 0;
        while (i2 < list.size()) {
            arrayList.add(GPException.check(transmit(new CommandAPDU(-128, -30, i2 == list.size() - 1 ? i | 128 : i & GPData.lockedStatus, i2, list.get(i2), 256)), "STORE DATA failed", new int[0]).getData());
            i2++;
        }
        return arrayList;
    }

    public byte[] storeDataSingle(byte[] bArr, int i, int i2) throws IOException, GPException {
        return GPException.check(transmit(new CommandAPDU(-128, -30, i, i2, bArr, 256)), "STORE DATA failed", new int[0]).getData();
    }

    public void makeDefaultSelected(AID aid) throws IOException, GPException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte b = GPRegistryEntry.Privilege.toByte(EnumSet.of(GPRegistryEntry.Privilege.CardReset));
        try {
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(aid.getLength());
            byteArrayOutputStream.write(aid.getBytes());
            byteArrayOutputStream.write(1);
            byteArrayOutputStream.write(b);
            byteArrayOutputStream.write(0);
            GPException.check(transmitLV(this.tokenizer.tokenize(new CommandAPDU(-128, -26, 8, 0, byteArrayOutputStream.toByteArray()))), "INSTALL [for make selectable] failed", new int[0]);
            this.dirty = true;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public void lockUnlockApplet(AID aid, boolean z) throws IOException, GPException {
        GPException.check(transmit(new CommandAPDU(-128, -16, 64, z ? 128 : 0, aid.getBytes())), "SET STATUS failed", new int[0]);
        this.dirty = true;
    }

    public void setCardStatus(byte b) throws IOException, GPException {
        logger.debug("Setting status to {}", GPRegistryEntry.getLifeCycleString(GPRegistryEntry.Kind.IssuerSecurityDomain, b));
        GPException.check(transmit(new CommandAPDU(-128, -16, 128, b)), "SET STATUS failed", new int[0]);
        this.dirty = true;
    }

    public void deleteAID(AID aid, boolean z) throws GPException, IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write(79);
            byteArrayOutputStream.write(aid.getLength());
            byteArrayOutputStream.write(aid.getBytes());
            GPException.check(transmitTLV(this.tokenizer.tokenize(new CommandAPDU(-128, -28, 0, z ? 128 : 0, byteArrayOutputStream.toByteArray()))), "DELETE failed", new int[0]);
            this.dirty = true;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public void deleteKey(int i) throws GPException, IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(210);
        byteArrayOutputStream.write(1);
        byteArrayOutputStream.write(i);
        GPException.check(transmit(new CommandAPDU(-128, -28, 0, 0, byteArrayOutputStream.toByteArray())), String.format("Could not delete key %s", GPUtils.intString(i)), new int[0]);
    }

    /* JADX WARN: Type inference failed for: r6v1, types: [byte[], byte[][]] */
    public void renameISD(AID aid) throws GPException, IOException {
        GPException.check(transmit(new CommandAPDU(-128, -30, 144, 0, GPUtils.concatenate(new byte[]{new byte[]{79, (byte) aid.getLength()}, aid.getBytes()}))), "Rename failed", new int[0]);
    }

    private byte[] encodeKey(GPCardKeys gPCardKeys, byte[] bArr, GPKeyInfo.GPKey gPKey) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            if (gPKey == GPKeyInfo.GPKey.AES) {
                byte[] bArr2 = new byte[((bArr.length % 16) + 1) * bArr.length];
                GPCrypto.random.nextBytes(bArr2);
                System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
                byte[] encrypt = gPCardKeys.encrypt(bArr2, this.sessionContext);
                byte[] kcv_aes = GPCrypto.kcv_aes(bArr);
                byteArrayOutputStream.write(GPKeyInfo.GPKey.AES.getType());
                byteArrayOutputStream.write(encrypt.length + 1);
                byteArrayOutputStream.write(bArr.length);
                byteArrayOutputStream.write(encrypt);
                byteArrayOutputStream.write(kcv_aes.length);
                byteArrayOutputStream.write(kcv_aes);
            } else if (gPKey == GPKeyInfo.GPKey.DES3) {
                byte[] encrypt2 = gPCardKeys.encrypt(bArr, this.sessionContext);
                byte[] kcv_3des = GPCrypto.kcv_3des(bArr);
                byteArrayOutputStream.write(GPKeyInfo.GPKey.DES3.getType());
                byteArrayOutputStream.write(encrypt2.length);
                byteArrayOutputStream.write(encrypt2);
                byteArrayOutputStream.write(kcv_3des.length);
                byteArrayOutputStream.write(kcv_3des);
            }
            return byteArrayOutputStream.toByteArray();
        } catch (IOException | GeneralSecurityException e) {
            throw new GPException("Could not wrap key", e);
        }
    }

    private byte[] encodeKey(GPCardKeys gPCardKeys, GPCardKeys gPCardKeys2, GPCardKeys.KeyPurpose keyPurpose) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            if (gPCardKeys2.getKeyInfo().getType() == GPKeyInfo.GPKey.AES) {
                byte[] encryptKey = gPCardKeys.encryptKey(gPCardKeys2, keyPurpose, this.sessionContext);
                byte[] kcv = gPCardKeys2.kcv(keyPurpose);
                byteArrayOutputStream.write(GPKeyInfo.GPKey.AES.getType());
                byteArrayOutputStream.write(encryptKey.length + 1);
                byteArrayOutputStream.write(gPCardKeys2.getKeyInfo().getLength());
                byteArrayOutputStream.write(encryptKey);
                byteArrayOutputStream.write(kcv.length);
                byteArrayOutputStream.write(kcv);
            } else if (gPCardKeys2.getKeyInfo().getType() == GPKeyInfo.GPKey.DES3) {
                byte[] encryptKey2 = gPCardKeys.encryptKey(gPCardKeys2, keyPurpose, this.sessionContext);
                byte[] kcv2 = gPCardKeys2.kcv(keyPurpose);
                byteArrayOutputStream.write(GPKeyInfo.GPKey.DES3.getType());
                byteArrayOutputStream.write(encryptKey2.length);
                byteArrayOutputStream.write(encryptKey2);
                byteArrayOutputStream.write(kcv2.length);
                byteArrayOutputStream.write(kcv2);
            }
            return byteArrayOutputStream.toByteArray();
        } catch (IOException | GeneralSecurityException e) {
            throw new GPException("Could not wrap key", e);
        }
    }

    public void putKeys(GPCardKeys gPCardKeys, boolean z) throws GPException, IOException {
        logger.debug("PUT KEY version {} replace={} {}", new Object[]{Integer.valueOf(gPCardKeys.getKeyInfo().getVersion()), Boolean.valueOf(z), gPCardKeys});
        int i = 0;
        if (z) {
            i = gPCardKeys.getKeyInfo().getVersion();
        }
        int i2 = 1 | 128;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(gPCardKeys.getKeyInfo().getVersion());
        Iterator<GPCardKeys.KeyPurpose> it = GPCardKeys.KeyPurpose.cardKeys().iterator();
        while (it.hasNext()) {
            byteArrayOutputStream.write(encodeKey(this.cardKeys, gPCardKeys, it.next()));
        }
        GPException.check(transmit(new CommandAPDU(-128, -40, i, i2, byteArrayOutputStream.toByteArray())), "PUT KEY failed", new int[0]);
    }

    byte[] encodeRSAKey(RSAPublicKey rSAPublicKey) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byte[] positive = GPUtils.positive(rSAPublicKey.getModulus());
            byte[] positive2 = GPUtils.positive(rSAPublicKey.getPublicExponent());
            byteArrayOutputStream.write(161);
            byteArrayOutputStream.write(positive.length);
            byteArrayOutputStream.write(positive);
            byteArrayOutputStream.write(160);
            byteArrayOutputStream.write(positive2.length);
            byteArrayOutputStream.write(positive2);
            byteArrayOutputStream.write(0);
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    byte[] encodeECKey(ECPublicKey eCPublicKey) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byte[] encoded = ECNamedCurveTable.getByName("secp256r1").getCurve().createPoint(eCPublicKey.getW().getAffineX(), eCPublicKey.getW().getAffineY()).getEncoded(false);
            byteArrayOutputStream.write(176);
            byteArrayOutputStream.write(encoded.length);
            byteArrayOutputStream.write(encoded);
            byteArrayOutputStream.write(240);
            byteArrayOutputStream.write(1);
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(0);
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public void putKey(Key key, int i, boolean z) throws IOException, GPException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(i);
        if (key instanceof RSAPublicKey) {
            byteArrayOutputStream.write(encodeRSAKey((RSAPublicKey) key));
        } else if (key instanceof ECPublicKey) {
            byteArrayOutputStream.write(encodeECKey((ECPublicKey) key));
        } else if (key instanceof SecretKey) {
            SecretKey secretKey = (SecretKey) key;
            if (!secretKey.getAlgorithm().equals("DESede")) {
                throw new IllegalArgumentException("Only 3DES symmetric keys are supported: " + secretKey.getAlgorithm());
            }
            byteArrayOutputStream.write(encodeKey(this.cardKeys, Arrays.copyOf(secretKey.getEncoded(), 16), GPKeyInfo.GPKey.DES3));
        }
        GPException.check(transmit(new CommandAPDU(-128, -40, z ? i : 0, 1, byteArrayOutputStream.toByteArray(), 256)), "PUT KEY failed", new int[0]);
    }

    public GPRegistry getRegistry() throws GPException, IOException {
        if (this.dirty) {
            this.registry = getStatus();
            this.dirty = false;
        }
        return this.registry;
    }

    public GPRegistryEntry getCurrentDomain() throws IOException {
        return getRegistry().getDomain(getAID()).orElseThrow(() -> {
            return new IllegalStateException("Current domain not in registry?");
        });
    }

    public boolean delegatedManagementEnabled() {
        return !(this.tokenizer instanceof DMTokenizer.NULLTokenizer);
    }

    private byte[] getConcatenatedStatus(int i, byte[] bArr, boolean z) throws IOException, GPException {
        int i2 = z ? 2 : 0;
        CommandAPDU commandAPDU = new CommandAPDU(-128, -14, i, i2, bArr, 256);
        ResponseAPDU transmit = transmit(commandAPDU);
        if (i == 128 && transmit.getSW() == 27270 && i2 == 2) {
            return getConcatenatedStatus(i, bArr, false);
        }
        int sw = transmit.getSW();
        if (sw != 36864 && sw != 25360) {
            if (sw == 27272) {
                return transmit.getData();
            }
            logger.warn("GET STATUS failed for " + HexUtils.bin2hex(commandAPDU.getBytes()) + " with " + GPData.sw2str(transmit.getSW()));
            return transmit.getData();
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write(transmit.getData());
            while (transmit.getSW() == 25360 && transmit.getData().length > 0) {
                CommandAPDU commandAPDU2 = new CommandAPDU(-128, -14, i, i2 | 1, bArr, 256);
                transmit = transmit(commandAPDU2);
                GPException.check(transmit, "GET STATUS failed for " + HexUtils.bin2hex(commandAPDU2.getBytes()), 25360);
                byteArrayOutputStream.write(transmit.getData());
            }
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private GPRegistry getStatus() throws IOException, GPException {
        GPRegistry gPRegistry = new GPRegistry();
        gPRegistry.parse_and_populate(128, getConcatenatedStatus(128, new byte[]{79, 0}, this.profile.getStatusUsesTags()), GPRegistryEntry.Kind.IssuerSecurityDomain, this.profile);
        gPRegistry.parse_and_populate(64, getConcatenatedStatus(64, new byte[]{79, 0}, this.profile.getStatusUsesTags()), GPRegistryEntry.Kind.Application, this.profile);
        if (this.profile.doesReportModules()) {
            gPRegistry.parse_and_populate(16, getConcatenatedStatus(16, new byte[]{79, 0}, this.profile.getStatusUsesTags()), GPRegistryEntry.Kind.ExecutableLoadFile, this.profile);
        }
        gPRegistry.parse_and_populate(32, getConcatenatedStatus(32, new byte[]{79, 0}, this.profile.getStatusUsesTags()), GPRegistryEntry.Kind.ExecutableLoadFile, this.profile);
        return gPRegistry;
    }
}
