package pro.javacard.pace;

import apdu4j.core.BIBO;
import apdu4j.core.BIBOException;
import apdu4j.core.CommandAPDU;
import apdu4j.core.HexUtils;
import apdu4j.core.ResponseAPDU;
import com.payneteasy.tlv.BerTag;
import com.payneteasy.tlv.BerTlv;
import com.payneteasy.tlv.BerTlvBuilder;
import com.payneteasy.tlv.BerTlvParser;
import com.payneteasy.tlv.BerTlvs;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:pro/javacard/pace/AESSecureChannel.class */
public final class AESSecureChannel implements BIBO {
    private static final Logger log = LoggerFactory.getLogger(AESSecureChannel.class);
    private final byte[] ssc = new byte[16];
    private final byte[] mac_key;
    private final byte[] enc_key;
    final BIBO channel;

    public AESSecureChannel(byte[] bArr, byte[] bArr2, BIBO bibo) {
        this.enc_key = (byte[]) bArr.clone();
        this.mac_key = (byte[]) bArr2.clone();
        this.channel = bibo;
    }

    /* JADX WARN: Type inference failed for: r0v54, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r1v40, types: [byte[], byte[][]] */
    public CommandAPDU wrap(CommandAPDU commandAPDU) throws GeneralSecurityException, IOException {
        byte[] bArr;
        log.debug("CommandAPDU  : {}", HexUtils.bin2hex(commandAPDU.getBytes()));
        buffer_increment(this.ssc);
        log.trace("Command SSC  : {}", HexUtils.bin2hex(this.ssc));
        byte[] encrypt = encrypt(this.enc_key, new byte[16], this.ssc);
        log.trace("IV           : {}", HexUtils.bin2hex(encrypt));
        int cla = commandAPDU.getCLA() | 12;
        int ins = commandAPDU.getINS();
        int p1 = commandAPDU.getP1();
        int p2 = commandAPDU.getP2();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(this.ssc);
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        byteArrayOutputStream2.write(cla);
        byteArrayOutputStream2.write(ins);
        byteArrayOutputStream2.write(p1);
        byteArrayOutputStream2.write(p2);
        byteArrayOutputStream.write(pad80(byteArrayOutputStream2.toByteArray(), 16));
        if (commandAPDU.getData().length > 0) {
            byte[] pad80 = pad80(commandAPDU.getData(), 16);
            log.trace("ENC payload  : {}", HexUtils.bin2hex(pad80));
            byte[] encrypt2 = encrypt(this.enc_key, encrypt, pad80);
            bArr = concatenate(new byte[]{new byte[]{-121, (byte) (encrypt2.length + 1), 1}, encrypt2});
            log.trace("New payload  : {}", HexUtils.bin2hex(bArr));
            byteArrayOutputStream.write(pad80(concatenate(new byte[]{bArr, new byte[]{-105, 1, (byte) commandAPDU.getNe()}}), 16));
        } else {
            bArr = new byte[0];
            byteArrayOutputStream.write(pad80(new byte[]{-105, 1, (byte) commandAPDU.getNe()}, 16));
        }
        log.trace("MAC input    : {}", HexUtils.bin2hex(byteArrayOutputStream.toByteArray()));
        byte[] aes_mac8 = PACE.aes_mac8(this.mac_key, byteArrayOutputStream.toByteArray());
        log.trace("Calculated MAC: {}", HexUtils.bin2hex(aes_mac8));
        ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
        if (commandAPDU.getData().length > 0) {
            byteArrayOutputStream3.write(bArr);
        }
        byteArrayOutputStream3.write(new byte[]{-105, 1, (byte) commandAPDU.getNe()});
        byteArrayOutputStream3.write(142);
        byteArrayOutputStream3.write(aes_mac8.length);
        byteArrayOutputStream3.write(aes_mac8);
        return new CommandAPDU(cla, ins, p1, p2, byteArrayOutputStream3.toByteArray(), 256);
    }

    public ResponseAPDU unwrap(ResponseAPDU responseAPDU) throws SecureChannelException, IOException, GeneralSecurityException {
        if (responseAPDU.getSW() == 27015) {
            throw new SecureChannelException("Expected Secure Messaging data objects are missing");
        }
        if (responseAPDU.getSW() == 27016) {
            throw new SecureChannelException("Secure Messaging data objects are incorrect");
        }
        buffer_increment(this.ssc);
        log.trace("Response SSC  : {}", HexUtils.bin2hex(this.ssc));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        byteArrayOutputStream2.write(this.ssc);
        byte[] bArr = null;
        BerTlvs parse = new BerTlvParser().parse(responseAPDU.getData());
        BerTlv find = parse.find(new BerTag(135));
        if (find != null) {
            byte[] encrypt = encrypt(this.enc_key, new byte[16], this.ssc);
            log.trace("IV           : {}", HexUtils.bin2hex(encrypt));
            byte[] bytesValue = find.getBytesValue();
            byte[] copyOfRange = Arrays.copyOfRange(bytesValue, 1, bytesValue.length);
            log.trace("cgram        : {}", HexUtils.bin2hex(copyOfRange));
            byte[] decrypt = decrypt(this.enc_key, encrypt, copyOfRange);
            log.trace("plaintext    : {}", HexUtils.bin2hex(decrypt));
            byteArrayOutputStream.write(unpad80(decrypt));
            byteArrayOutputStream2.write(new BerTlvBuilder().addBytes(new BerTag(135), bytesValue).buildArray());
        }
        BerTlv find2 = parse.find(new BerTag(153));
        if (find2 != null) {
            byteArrayOutputStream2.write(new BerTlvBuilder().addBytes(new BerTag(153), find2.getBytesValue()).buildArray());
            byteArrayOutputStream.write(find2.getBytesValue());
        }
        BerTlv find3 = parse.find(new BerTag(142));
        if (find3 != null) {
            bArr = find3.getBytesValue();
        }
        byte[] aes_mac8 = PACE.aes_mac8(this.mac_key, pad80(byteArrayOutputStream2.toByteArray(), 16));
        log.trace("Our mac       : {}", HexUtils.bin2hex(aes_mac8));
        if (!Arrays.equals(bArr, aes_mac8)) {
            throw new SecureChannelException("Secure channel response MAC failed");
        }
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        log.debug("ResponseAPDU : {}", HexUtils.bin2hex(byteArray));
        return new ResponseAPDU(byteArray);
    }

    public static byte[] pad80(byte[] bArr, int i) {
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, ((bArr.length / i) + 1) * i);
        copyOfRange[bArr.length] = Byte.MIN_VALUE;
        return copyOfRange;
    }

    public static byte[] unpad80(byte[] bArr) throws BadPaddingException {
        if (bArr.length < 1) {
            throw new BadPaddingException("Invalid ISO 7816-4 padding");
        }
        int length = bArr.length - 1;
        while (length > 0 && bArr[length] == 0) {
            length--;
        }
        if (bArr[length] != Byte.MIN_VALUE) {
            throw new BadPaddingException("Invalid ISO 7816-4 padding");
        }
        return Arrays.copyOf(bArr, length);
    }

    private static void buffer_increment(byte[] bArr, int i, int i2) {
        if (i2 < 1) {
            return;
        }
        for (int i3 = (i + i2) - 1; i3 >= i; i3--) {
            if (bArr[i3] != -1) {
                int i4 = i3;
                bArr[i4] = (byte) (bArr[i4] + 1);
                return;
            }
            bArr[i3] = 0;
        }
    }

    public static void buffer_increment(byte[] bArr) {
        buffer_increment(bArr, 0, bArr.length);
    }

    public byte[] transceive(byte[] bArr) throws BIBOException {
        try {
            return unwrap(new ResponseAPDU(this.channel.transceive(wrap(new CommandAPDU(bArr)).getBytes()))).getBytes();
        } catch (IOException | GeneralSecurityException e) {
            throw new BIBOException("Could not wrap/unwrap: " + e.getMessage(), e);
        }
    }

    public void close() {
        Arrays.fill(this.mac_key, (byte) 0);
        Arrays.fill(this.enc_key, (byte) 0);
    }

    public int getMaxTransceiveLength() {
        return 222;
    }

    public static byte[] concatenate(byte[]... bArr) {
        int i = 0;
        int i2 = 0;
        for (byte[] bArr2 : bArr) {
            i += bArr2.length;
        }
        byte[] bArr3 = new byte[i];
        for (byte[] bArr4 : bArr) {
            System.arraycopy(bArr4, 0, bArr3, i2, bArr4.length);
            i2 += bArr4.length;
        }
        return bArr3;
    }

    static byte[] encrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
        cipher.init(1, new SecretKeySpec(bArr, "AES"), new IvParameterSpec(bArr2));
        return cipher.doFinal(bArr3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] decrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
        cipher.init(2, new SecretKeySpec(bArr, "AES"), new IvParameterSpec(bArr2));
        return cipher.doFinal(bArr3);
    }
}
