package pro.javacard.gptool;

import apdu4j.core.HexUtils;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import javax.crypto.NoSuchPaddingException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pro.javacard.gp.GPCardKeys;
import pro.javacard.gp.GPCrypto;
import pro.javacard.gp.GPException;
import pro.javacard.gp.GPKeyInfo;
import pro.javacard.gp.GPSecureChannelVersion;
import pro.javacard.gp.GPUtils;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:pro/javacard/gptool/PlaintextKeys.class */
public class PlaintextKeys extends GPCardKeys {
    private static final Logger logger = LoggerFactory.getLogger(PlaintextKeys.class);
    static final byte[] defaultKeyBytes = HexUtils.hex2bin("404142434445464748494A4B4C4D4E4F");
    public static final Map<GPCardKeys.KeyPurpose, byte[]> SCP02_CONSTANTS;
    public static final Map<GPCardKeys.KeyPurpose, Byte> SCP03_CONSTANTS;
    public static final Map<String, String> kdf_templates;
    String kdf_template;
    private int version;
    private byte[] masterKey;
    private HashMap<GPCardKeys.KeyPurpose, byte[]> cardKeys;

    /* renamed from: pro.javacard.gptool.PlaintextKeys$1, reason: invalid class name */
    /* loaded from: input_file:pro/javacard/gptool/PlaintextKeys$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$pro$javacard$gp$GPSecureChannelVersion$SCP = new int[GPSecureChannelVersion.SCP.values().length];

        static {
            try {
                $SwitchMap$pro$javacard$gp$GPSecureChannelVersion$SCP[GPSecureChannelVersion.SCP.SCP01.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$pro$javacard$gp$GPSecureChannelVersion$SCP[GPSecureChannelVersion.SCP.SCP02.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$pro$javacard$gp$GPSecureChannelVersion$SCP[GPSecureChannelVersion.SCP.SCP03.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    private PlaintextKeys(byte[] bArr, String str) {
        this(bArr, bArr, bArr, str);
        this.masterKey = (byte[]) bArr.clone();
    }

    private PlaintextKeys(byte[] bArr, byte[] bArr2, byte[] bArr3, String str) {
        this.version = 0;
        this.cardKeys = new HashMap<>();
        this.cardKeys.put(GPCardKeys.KeyPurpose.ENC, (byte[]) bArr.clone());
        this.cardKeys.put(GPCardKeys.KeyPurpose.MAC, (byte[]) bArr2.clone());
        this.cardKeys.put(GPCardKeys.KeyPurpose.DEK, (byte[]) bArr3.clone());
        this.kdf_template = str;
    }

    public static Optional<PlaintextKeys> fromEnvironment() {
        return fromEnvironment(System.getenv(), "GP_KEY");
    }

    static byte[] validateKey(byte[] bArr) {
        if (bArr.length == 16 || bArr.length == 24 || bArr.length == 32) {
            return bArr;
        }
        throw new IllegalArgumentException(String.format("Invalid key length %d: %s", Integer.valueOf(bArr.length), HexUtils.bin2hex(bArr)));
    }

    public static Optional<PlaintextKeys> fromBytes(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, String str, byte[] bArr5, int i) {
        if (!(bArr == null && bArr2 == null && bArr3 == null) && (bArr == null || bArr2 == null || bArr3 == null || bArr4 != null)) {
            throw new IllegalArgumentException("Either all or nothing of enc/mac/dek keys must be set, and no mk at the same time!");
        }
        if (bArr != null && bArr2 != null && bArr3 != null) {
            logger.trace("Using three individual keys");
            PlaintextKeys fromKeys = fromKeys(validateKey(bArr), validateKey(bArr2), validateKey(bArr3));
            if (i != 0) {
                fromKeys.setVersion(i);
            }
            if (str != null) {
                logger.warn("Different keys and using derivation, is this right?");
                fromKeys.setDiversifier(str);
            }
            return Optional.of(fromKeys);
        }
        if (bArr4 == null) {
            return Optional.empty();
        }
        logger.trace("Using a master key");
        PlaintextKeys fromMasterKey = fromMasterKey(validateKey(bArr4));
        if (str != null) {
            fromMasterKey.setDiversifier(str);
        } else {
            logger.warn("Using master key without derivation, is this right?");
        }
        if (bArr5 != null) {
            fromMasterKey.kdd = (byte[]) bArr5.clone();
        }
        if (i != 0) {
            fromMasterKey.setVersion(i);
        }
        return Optional.of(fromMasterKey);
    }

    public static Optional<PlaintextKeys> fromStrings(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        if (!(str == null && str2 == null && str3 == null) && (str == null || str2 == null || str3 == null || str4 != null)) {
            throw new IllegalArgumentException("Either all or nothing of enc/mac/dek keys must be set, and no mk at the same time!");
        }
        if (str != null && str2 != null && str3 != null) {
            logger.trace("Using three individual keys");
            PlaintextKeys fromKeys = fromKeys(validateKey(HexUtils.stringToBin(str)), validateKey(HexUtils.stringToBin(str2)), validateKey(HexUtils.stringToBin(str3)));
            if (str7 != null) {
                fromKeys.setVersion(GPUtils.intValue(str7));
            }
            if (str5 != null) {
                String orDefault = kdf_templates.getOrDefault(str5, str5);
                logger.warn("Different keys and using derivation, is this right?");
                fromKeys.setDiversifier(orDefault);
            }
            return Optional.of(fromKeys);
        }
        if (str4 == null) {
            return Optional.empty();
        }
        logger.trace("Using a master key");
        PlaintextKeys fromMasterKey = fromMasterKey(validateKey(HexUtils.stringToBin(str4)));
        if (str5 != null) {
            fromMasterKey.setDiversifier(str5);
        } else {
            logger.warn("Using master key without derivation, is this right?");
        }
        if (str6 != null) {
            fromMasterKey.kdd = HexUtils.stringToBin(str6);
        }
        if (str7 != null) {
            fromMasterKey.setVersion(GPUtils.intValue(str7));
        }
        return Optional.of(fromMasterKey);
    }

    public static Optional<PlaintextKeys> fromEnvironment(Map<String, String> map, String str) {
        String str2 = map.get(str + "_ENC");
        String str3 = map.get(str + "_MAC");
        String str4 = map.get(str + "_DEK");
        String str5 = map.get(str);
        String str6 = map.get(str + "_KDF");
        if (str6 != null) {
            str6 = kdf_templates.getOrDefault(str6, str6);
        }
        Optional<PlaintextKeys> fromStrings = fromStrings(str2, str3, str4, str5, str6, map.get(str + "_KDD"), map.get(str + "_VER"));
        if (fromStrings.isPresent()) {
            logger.debug("Got keys from environment, prefix=" + str);
        }
        return fromStrings;
    }

    public static PlaintextKeys fromMasterKey(byte[] bArr) {
        return new PlaintextKeys(bArr, null);
    }

    public static PlaintextKeys fromMasterKey(byte[] bArr, String str) {
        return new PlaintextKeys(bArr, str);
    }

    public static PlaintextKeys defaultKey() {
        return new PlaintextKeys(defaultKeyBytes, null);
    }

    public static PlaintextKeys fromKeys(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return new PlaintextKeys(bArr, bArr2, bArr3, null);
    }

    byte[] diversify(byte[] bArr, GPCardKeys.KeyPurpose keyPurpose, byte[] bArr2, String str) throws GPException {
        String kdf_template_expand = kdf_template_expand(str, bArr2, keyPurpose.getValue());
        try {
            if (this.scp != GPSecureChannelVersion.SCP.SCP03) {
                return GPCrypto.des3_ecb(kdf_template_finalize(kdf_template_expand), bArr);
            }
            String kdf_template_bitlength = kdf_template_bitlength(kdf_template_expand, bArr.length * 8);
            return GPCrypto.scp03_kdf(bArr, kdf_template_finalize(kdf_template_blocka(kdf_template_bitlength)), kdf_template_finalize(kdf_template_blockb(kdf_template_bitlength)), bArr.length);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("KDF failed", e);
        }
    }

    public Optional<byte[]> getMasterKey() {
        return Optional.ofNullable(this.masterKey);
    }

    public GPKeyInfo getKeyInfo() {
        byte[] bArr = this.cardKeys.get(GPCardKeys.KeyPurpose.ENC);
        return new GPKeyInfo(this.version, 1, bArr.length, (bArr.length > 16 || this.scp == GPSecureChannelVersion.SCP.SCP03) ? GPKeyInfo.GPKey.AES : GPKeyInfo.GPKey.DES3);
    }

    public byte[] encrypt(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        if (this.scp == GPSecureChannelVersion.SCP.SCP02) {
            return GPCrypto.des3_ecb(bArr, deriveSessionKeySCP02(this.cardKeys.get(GPCardKeys.KeyPurpose.DEK), GPCardKeys.KeyPurpose.DEK, bArr2));
        }
        if (this.scp == GPSecureChannelVersion.SCP.SCP01) {
            return GPCrypto.des3_ecb(bArr, this.cardKeys.get(GPCardKeys.KeyPurpose.DEK));
        }
        if (this.scp == GPSecureChannelVersion.SCP.SCP03) {
            return GPCrypto.aes_cbc(bArr, this.cardKeys.get(GPCardKeys.KeyPurpose.DEK), new byte[16]);
        }
        throw new IllegalStateException("Unknown SCP version");
    }

    public byte[] encryptKey(GPCardKeys gPCardKeys, GPCardKeys.KeyPurpose keyPurpose, byte[] bArr) throws GeneralSecurityException {
        if (!(gPCardKeys instanceof PlaintextKeys)) {
            throw new IllegalArgumentException(getClass().getName() + " can only handle " + getClass().getName());
        }
        PlaintextKeys plaintextKeys = (PlaintextKeys) gPCardKeys;
        switch (AnonymousClass1.$SwitchMap$pro$javacard$gp$GPSecureChannelVersion$SCP[this.scp.ordinal()]) {
            case 1:
                logger.debug("Encrypting {} value (KCV={}) with DEK (KCV={})", new Object[]{keyPurpose, HexUtils.bin2hex(plaintextKeys.kcv(keyPurpose)), HexUtils.bin2hex(kcv(GPCardKeys.KeyPurpose.DEK))});
                return GPCrypto.des3_ecb(plaintextKeys.cardKeys.get(keyPurpose), this.cardKeys.get(GPCardKeys.KeyPurpose.DEK));
            case 2:
                byte[] deriveSessionKeySCP02 = deriveSessionKeySCP02(this.cardKeys.get(GPCardKeys.KeyPurpose.DEK), GPCardKeys.KeyPurpose.DEK, bArr);
                logger.debug("Encrypting {} value (KCV={}) with S-DEK (KCV={})", new Object[]{keyPurpose, HexUtils.bin2hex(plaintextKeys.kcv(keyPurpose)), HexUtils.bin2hex(GPCrypto.kcv_3des(deriveSessionKeySCP02))});
                return GPCrypto.des3_ecb(plaintextKeys.cardKeys.get(keyPurpose), deriveSessionKeySCP02);
            case 3:
                logger.debug("Encrypting {} value (KCV={}) with DEK (KCV={})", new Object[]{keyPurpose, HexUtils.bin2hex(plaintextKeys.kcv(keyPurpose)), HexUtils.bin2hex(kcv(GPCardKeys.KeyPurpose.DEK))});
                byte[] bArr2 = plaintextKeys.cardKeys.get(keyPurpose);
                byte[] random = GPCrypto.random(((bArr2.length % 16) + 1) * bArr2.length);
                System.arraycopy(bArr2, 0, random, 0, bArr2.length);
                return GPCrypto.aes_cbc(random, this.cardKeys.get(GPCardKeys.KeyPurpose.DEK), new byte[16]);
            default:
                throw new GPException("Illegal SCP");
        }
    }

    public byte[] getSessionKey(GPCardKeys.KeyPurpose keyPurpose, byte[] bArr) {
        switch (AnonymousClass1.$SwitchMap$pro$javacard$gp$GPSecureChannelVersion$SCP[this.scp.ordinal()]) {
            case 1:
                return deriveSessionKeySCP01(this.cardKeys.get(keyPurpose), keyPurpose, bArr);
            case 2:
                return keyPurpose == GPCardKeys.KeyPurpose.RMAC ? deriveSessionKeySCP02(this.cardKeys.get(GPCardKeys.KeyPurpose.MAC), GPCardKeys.KeyPurpose.RMAC, bArr) : deriveSessionKeySCP02(this.cardKeys.get(keyPurpose), keyPurpose, bArr);
            case 3:
                return keyPurpose == GPCardKeys.KeyPurpose.RMAC ? deriveSessionKeySCP03(this.cardKeys.get(GPCardKeys.KeyPurpose.MAC), GPCardKeys.KeyPurpose.RMAC, bArr) : deriveSessionKeySCP03(this.cardKeys.get(keyPurpose), keyPurpose, bArr);
            default:
                throw new IllegalStateException("Unknown SCP");
        }
    }

    public byte[] kcv(GPCardKeys.KeyPurpose keyPurpose) {
        byte[] bArr = this.cardKeys.get(keyPurpose);
        if (this.scp == GPSecureChannelVersion.SCP.SCP03) {
            return GPCrypto.kcv_aes(bArr);
        }
        if (this.scp == GPSecureChannelVersion.SCP.SCP01 || this.scp == GPSecureChannelVersion.SCP.SCP02) {
            return GPCrypto.kcv_3des(bArr);
        }
        if (bArr.length == 16) {
            logger.warn("Don't know how to calculate KCV, defaulting to SCP02");
            return GPCrypto.kcv_3des(bArr);
        }
        logger.warn("Don't know how to calculate KCV, defaulting to SCP03");
        return GPCrypto.kcv_aes(bArr);
    }

    public void setVersion(int i) {
        this.version = i;
    }

    private byte[] deriveSessionKeySCP01(byte[] bArr, GPCardKeys.KeyPurpose keyPurpose, byte[] bArr2) {
        if (keyPurpose == GPCardKeys.KeyPurpose.DEK) {
            return bArr;
        }
        if (keyPurpose == GPCardKeys.KeyPurpose.RMAC) {
            return null;
        }
        byte[] bArr3 = new byte[16];
        System.arraycopy(bArr2, 12, bArr3, 0, 4);
        System.arraycopy(bArr2, 0, bArr3, 4, 4);
        System.arraycopy(bArr2, 8, bArr3, 8, 4);
        System.arraycopy(bArr2, 4, bArr3, 12, 4);
        try {
            return GPCrypto.des3_ecb(bArr3, bArr);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new IllegalStateException("Can not calculate session keys", e);
        } catch (GeneralSecurityException e2) {
            throw new RuntimeException("Session key calculation failed", e2);
        }
    }

    private byte[] deriveSessionKeySCP02(byte[] bArr, GPCardKeys.KeyPurpose keyPurpose, byte[] bArr2) {
        try {
            byte[] bArr3 = new byte[16];
            System.arraycopy(SCP02_CONSTANTS.get(keyPurpose), 0, bArr3, 0, 2);
            System.arraycopy(bArr2, 0, bArr3, 2, 2);
            return GPCrypto.des3_cbc(bArr3, bArr, new byte[8]);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("Session keys calculation failed.", e);
        }
    }

    private byte[] deriveSessionKeySCP03(byte[] bArr, GPCardKeys.KeyPurpose keyPurpose, byte[] bArr2) {
        return keyPurpose == GPCardKeys.KeyPurpose.DEK ? bArr : GPCrypto.scp03_kdf(bArr, SCP03_CONSTANTS.get(keyPurpose).byteValue(), bArr2, bArr.length * 8);
    }

    /* renamed from: diversify, reason: merged with bridge method [inline-methods] */
    public PlaintextKeys m7diversify(GPSecureChannelVersion.SCP scp, byte[] bArr) {
        super.diversify(scp, bArr);
        if (this.kdf_template == null) {
            return this;
        }
        logger.debug("KDF: applying '{}' to {} KDD {}", new Object[]{this.kdf_template, scp, HexUtils.bin2hex(bArr)});
        for (Map.Entry<GPCardKeys.KeyPurpose, byte[]> entry : this.cardKeys.entrySet()) {
            this.cardKeys.put(entry.getKey(), diversify(entry.getValue(), entry.getKey(), bArr, this.kdf_template));
        }
        return this;
    }

    public String toString() {
        return String.format("ENC=%s (KCV: %s) MAC=%s (KCV: %s) DEK=%s (KCV: %s) for %s", HexUtils.bin2hex(this.cardKeys.get(GPCardKeys.KeyPurpose.ENC)), HexUtils.bin2hex(kcv(GPCardKeys.KeyPurpose.ENC)), HexUtils.bin2hex(this.cardKeys.get(GPCardKeys.KeyPurpose.MAC)), HexUtils.bin2hex(kcv(GPCardKeys.KeyPurpose.MAC)), HexUtils.bin2hex(this.cardKeys.get(GPCardKeys.KeyPurpose.DEK)), HexUtils.bin2hex(kcv(GPCardKeys.KeyPurpose.DEK)), this.scp);
    }

    public void setDiversifier(String str) {
        if (this.kdf_template != null) {
            throw new IllegalStateException("KDF already set");
        }
        this.kdf_template = str;
    }

    public byte[] scp3_kdf(GPCardKeys.KeyPurpose keyPurpose, byte[] bArr, byte[] bArr2, int i) {
        return GPCrypto.scp03_kdf(this.cardKeys.get(keyPurpose), bArr, bArr2, i);
    }

    static String kdf_template_expand(String str, byte[] bArr, byte b) {
        String replace = str.toLowerCase(Locale.ENGLISH).replace(" ", "").replace("0x", "");
        for (int i = 0; i < bArr.length; i++) {
            replace = replace.replace(String.format("$%x", Integer.valueOf(i)), String.format("%02x", Byte.valueOf(bArr[i])));
        }
        return replace.replace("$k", String.format("%02x", Byte.valueOf(b)));
    }

    static String kdf_template_bitlength(String str, int i) {
        return str.replace("$l$l", String.format("%04x", Integer.valueOf(i)));
    }

    static String kdf_template_blocka(String str) {
        int indexOf = str.indexOf("$_");
        if (indexOf == -1) {
            throw new IllegalArgumentException("Invalid template (missing '$_'): " + str);
        }
        return str.substring(0, indexOf);
    }

    static String kdf_template_blockb(String str) {
        int indexOf = str.indexOf("$_");
        if (indexOf == -1) {
            throw new IllegalArgumentException("Invalid template (missing '$_'): " + str);
        }
        return str.substring(indexOf + 2);
    }

    static byte[] kdf_template_finalize(String str) throws IllegalArgumentException {
        if (str.contains("$")) {
            throw new IllegalArgumentException("Invalid template (still includes '$'): " + str);
        }
        return HexUtils.hex2bin(str);
    }

    static {
        HashMap hashMap = new HashMap();
        hashMap.put(GPCardKeys.KeyPurpose.MAC, new byte[]{1, 1});
        hashMap.put(GPCardKeys.KeyPurpose.RMAC, new byte[]{1, 2});
        hashMap.put(GPCardKeys.KeyPurpose.DEK, new byte[]{1, -127});
        hashMap.put(GPCardKeys.KeyPurpose.ENC, new byte[]{1, -126});
        SCP02_CONSTANTS = Collections.unmodifiableMap(hashMap);
        HashMap hashMap2 = new HashMap();
        hashMap2.put(GPCardKeys.KeyPurpose.ENC, (byte) 4);
        hashMap2.put(GPCardKeys.KeyPurpose.MAC, (byte) 6);
        hashMap2.put(GPCardKeys.KeyPurpose.RMAC, (byte) 7);
        SCP03_CONSTANTS = Collections.unmodifiableMap(hashMap2);
        HashMap hashMap3 = new HashMap();
        hashMap3.put("emv", "$4 $5 $6 $7 $8 $9 0xF0 $k $4 $5 $6 $7 $8 $9 0x0F $k");
        hashMap3.put("visa2", "$0 $1 $4 $5 $6 $7 0xF0 $k $0 $1 $4 $5 $6 $7 0x0F $k");
        hashMap3.put("visa", "$0 $1 $2 $3 $8 $9 0xF0 $k $0 $1 $2 $3 $8 $9 0x0F $k");
        hashMap3.put("kdf3", "$_ 0x00 0x00 0x00 $k 0x00 $0 $1 $2 $3 $4 $5 $6 $7 $8 $9");
        kdf_templates = Collections.unmodifiableMap(hashMap3);
    }
}
