package org.eclipse.keyple.card.calypso;

import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import org.calypsonet.terminal.calypso.WriteAccessLevel;
import org.calypsonet.terminal.calypso.card.CalypsoCard;
import org.calypsonet.terminal.calypso.transaction.UnauthorizedKeyException;
import org.calypsonet.terminal.card.ApduResponseApi;
import org.eclipse.keyple.card.calypso.CardCommand;
import org.eclipse.keyple.card.calypso.DtoAdapters;
import org.eclipse.keyple.core.util.ApduUtil;
import org.eclipse.keyple.core.util.ByteArrayUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/keyple/card/calypso/CmdCardOpenSecureSession.class */
final class CmdCardOpenSecureSession extends CardCommand {
    private static final Logger logger = LoggerFactory.getLogger(CmdCardOpenSecureSession.class);
    private static final String EXTRA_INFO_FORMAT = "KEYINDEX:%d, SFI:%02Xh, REC:%d";
    private static final String PATTERN_1_BYTE_HEX = "%02Xh";
    private static final Map<Integer, CardCommand.StatusProperties> STATUS_TABLE;
    private final WriteAccessLevel writeAccessLevel;
    private final boolean isExtendedModeAllowed;
    private SymmetricCryptoSecuritySettingAdapter symmetricCryptoSecuritySetting;
    private transient boolean isPreOpenMode;
    private transient byte[] preOpenDataOut;
    private transient boolean isReadModeConfigured;
    private int sfi;
    private int recordNumber;
    private transient boolean isPreviousSessionRatified;
    private byte[] challengeTransactionCounter;
    private byte[] challengeRandomNumber;
    private Byte kif;
    private Byte kvc;
    private byte[] recordData;

    /* renamed from: org.eclipse.keyple.card.calypso.CmdCardOpenSecureSession$1, reason: invalid class name */
    /* loaded from: input_file:org/eclipse/keyple/card/calypso/CmdCardOpenSecureSession$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$calypsonet$terminal$calypso$card$CalypsoCard$ProductType = new int[CalypsoCard.ProductType.values().length];

        static {
            try {
                $SwitchMap$org$calypsonet$terminal$calypso$card$CalypsoCard$ProductType[CalypsoCard.ProductType.PRIME_REVISION_1.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$calypsonet$terminal$calypso$card$CalypsoCard$ProductType[CalypsoCard.ProductType.PRIME_REVISION_2.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$calypsonet$terminal$calypso$card$CalypsoCard$ProductType[CalypsoCard.ProductType.PRIME_REVISION_3.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$calypsonet$terminal$calypso$card$CalypsoCard$ProductType[CalypsoCard.ProductType.LIGHT.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$calypsonet$terminal$calypso$card$CalypsoCard$ProductType[CalypsoCard.ProductType.BASIC.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CmdCardOpenSecureSession(CalypsoCardAdapter calypsoCardAdapter, WriteAccessLevel writeAccessLevel, byte[] bArr, int i, int i2, boolean z) {
        super(CardCommandRef.OPEN_SECURE_SESSION, 0, calypsoCardAdapter, null, null);
        this.isExtendedModeAllowed = z;
        this.writeAccessLevel = writeAccessLevel;
        this.sfi = i;
        this.recordNumber = i2;
        byte ordinal = (byte) (writeAccessLevel.ordinal() + 1);
        switch (AnonymousClass1.$SwitchMap$org$calypsonet$terminal$calypso$card$CalypsoCard$ProductType[getCalypsoCard().getProductType().ordinal()]) {
            case 1:
                createRev10(ordinal, bArr);
                return;
            case 2:
                createRev24(ordinal, bArr);
                return;
            case 3:
            case 4:
            case 5:
                createRev3(ordinal, bArr);
                return;
            default:
                throw new IllegalArgumentException("Product type " + getCalypsoCard().getProductType() + " isn't supported");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CmdCardOpenSecureSession(WriteAccessLevel writeAccessLevel) {
        super(CardCommandRef.OPEN_SECURE_SESSION, 0, null, null, null);
        this.isExtendedModeAllowed = true;
        this.writeAccessLevel = writeAccessLevel;
        createRev3((byte) (writeAccessLevel.ordinal() + 1), new byte[0]);
        if (logger.isDebugEnabled()) {
            addSubName("PREOPEN");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CmdCardOpenSecureSession(DtoAdapters.TransactionContextDto transactionContextDto, DtoAdapters.CommandContextDto commandContextDto, SymmetricCryptoSecuritySettingAdapter symmetricCryptoSecuritySettingAdapter, WriteAccessLevel writeAccessLevel, boolean z) {
        super(CardCommandRef.OPEN_SECURE_SESSION, 0, null, transactionContextDto, commandContextDto);
        this.writeAccessLevel = writeAccessLevel;
        this.symmetricCryptoSecuritySetting = symmetricCryptoSecuritySettingAdapter;
        this.isExtendedModeAllowed = z;
        this.preOpenDataOut = transactionContextDto.getCard().getPreOpenDataOut();
        this.isPreOpenMode = this.preOpenDataOut != null;
    }

    private void createRev3(byte b, byte[] bArr) {
        byte b2;
        byte[] bArr2;
        byte b3 = (byte) ((this.recordNumber * 8) + b);
        if (this.isExtendedModeAllowed) {
            b2 = (byte) ((this.sfi * 8) + 2);
            bArr2 = new byte[bArr.length + 1];
            System.arraycopy(bArr, 0, bArr2, 1, bArr.length);
        } else {
            b2 = (byte) ((this.sfi * 8) + 1);
            bArr2 = bArr;
        }
        setApduRequest(new DtoAdapters.ApduRequestAdapter(ApduUtil.build(CalypsoCardClass.ISO.getValue(), CardCommandRef.OPEN_SECURE_SESSION.getInstructionByte(), b3, b2, bArr2, (byte) 0)));
        if (logger.isDebugEnabled()) {
            addSubName(String.format(EXTRA_INFO_FORMAT, Byte.valueOf(b), Integer.valueOf(this.sfi), Integer.valueOf(this.recordNumber)));
        }
    }

    private void createRev24(byte b, byte[] bArr) {
        buildLegacyApduRequest(b, bArr, this.sfi, this.recordNumber, (byte) (128 + (this.recordNumber * 8) + b));
    }

    private void createRev10(byte b, byte[] bArr) {
        buildLegacyApduRequest(b, bArr, this.sfi, this.recordNumber, (byte) ((this.recordNumber * 8) + b));
    }

    private void buildLegacyApduRequest(byte b, byte[] bArr, int i, int i2, byte b2) {
        setApduRequest(new DtoAdapters.ApduRequestAdapter(ApduUtil.build(CalypsoCardClass.LEGACY.getValue(), CardCommandRef.OPEN_SECURE_SESSION.getInstructionByte(), b2, (byte) (i * 8), bArr, (byte) 0)));
        if (logger.isDebugEnabled()) {
            addSubName(String.format(EXTRA_INFO_FORMAT, Byte.valueOf(b), Integer.valueOf(i), Integer.valueOf(i2)));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.eclipse.keyple.card.calypso.CardCommand
    public boolean isSessionBufferUsed() {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void configureReadMode(int i, int i2) {
        this.sfi = i;
        this.recordNumber = i2;
        this.isReadModeConfigured = true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isReadModeConfigured() {
        return this.isReadModeConfigured;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.eclipse.keyple.card.calypso.CardCommand
    public void finalizeRequest() {
        try {
            byte[] initTerminalSecureSessionContext = getTransactionContext().getSymmetricCryptoTransactionManagerSpi().initTerminalSecureSessionContext();
            byte ordinal = (byte) (this.writeAccessLevel.ordinal() + 1);
            switch (AnonymousClass1.$SwitchMap$org$calypsonet$terminal$calypso$card$CalypsoCard$ProductType[getTransactionContext().getCard().getProductType().ordinal()]) {
                case 1:
                    createRev10(ordinal, initTerminalSecureSessionContext);
                    return;
                case 2:
                    createRev24(ordinal, initTerminalSecureSessionContext);
                    return;
                case 3:
                case 4:
                case 5:
                    createRev3(ordinal, initTerminalSecureSessionContext);
                    return;
                default:
                    throw new IllegalArgumentException("Product type " + getTransactionContext().getCard().getProductType() + " not supported");
            }
        } catch (SymmetricCryptoException e) {
            throw ((RuntimeException) e.getCause());
        } catch (SymmetricCryptoIOException e2) {
            throw ((RuntimeException) e2.getCause());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.eclipse.keyple.card.calypso.CardCommand
    public boolean isCryptoServiceRequiredToFinalizeRequest() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.eclipse.keyple.card.calypso.CardCommand
    public boolean synchronizeCryptoServiceBeforeCardProcessing() {
        if (!this.isPreOpenMode) {
            return false;
        }
        if (isCryptoServiceSynchronized()) {
            return true;
        }
        parseRev3(this.preOpenDataOut);
        synchronizeCryptoService(this.preOpenDataOut);
        return true;
    }

    private void synchronizeCryptoService(byte[] bArr) {
        Byte computeKvc = computeKvc();
        Byte computeKif = computeKif(computeKvc);
        if (!this.symmetricCryptoSecuritySetting.isSessionKeyAuthorized(computeKif, computeKvc)) {
            Object[] objArr = new Object[2];
            objArr[0] = computeKif != null ? String.format(PATTERN_1_BYTE_HEX, computeKif) : null;
            objArr[1] = computeKvc != null ? String.format(PATTERN_1_BYTE_HEX, computeKvc) : null;
            throw new UnauthorizedKeyException(String.format("Unauthorized key error: KIF=%s, KVC=%s", objArr));
        }
        try {
            getTransactionContext().getSymmetricCryptoTransactionManagerSpi().initTerminalSessionMac(bArr, computeKif.byteValue(), computeKvc.byteValue());
            confirmCryptoServiceSuccessfullySynchronized();
        } catch (SymmetricCryptoException e) {
            throw ((RuntimeException) e.getCause());
        } catch (SymmetricCryptoIOException e2) {
            throw ((RuntimeException) e2.getCause());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.eclipse.keyple.card.calypso.CardCommand
    public void parseResponse(ApduResponseApi apduResponseApi) throws CardCommandException {
        super.setApduResponseAndCheckStatus(apduResponseApi);
        CalypsoCardAdapter card = getTransactionContext().getCard();
        card.backupFiles();
        getTransactionContext().setSecureSessionOpen(true);
        byte[] dataOut = getApduResponse().getDataOut();
        switch (AnonymousClass1.$SwitchMap$org$calypsonet$terminal$calypso$card$CalypsoCard$ProductType[card.getProductType().ordinal()]) {
            case 1:
                parseRev10(dataOut);
                break;
            case 2:
                parseRev24(dataOut);
                break;
            default:
                parseRev3(dataOut);
                break;
        }
        card.setDfRatified(this.isPreviousSessionRatified);
        card.setTransactionCounter(ByteArrayUtil.extractInt(this.challengeTransactionCounter, 0, 3, false));
        if (this.recordData.length > 0) {
            card.setContent((byte) this.sfi, this.recordNumber, this.recordData);
        }
        if (!isCryptoServiceSynchronized()) {
            synchronizeCryptoService(dataOut);
        } else if (!Arrays.equals(dataOut, this.preOpenDataOut)) {
            throw new CardSecurityContextException("Session has been pre-opened but 'dataOut' fields do not match", CardCommandRef.OPEN_SECURE_SESSION);
        }
    }

    private Byte computeKvc() {
        return this.kvc != null ? this.kvc : this.symmetricCryptoSecuritySetting.getDefaultKvc(this.writeAccessLevel);
    }

    private Byte computeKif(Byte b) {
        if ((this.kif != null && this.kif.byteValue() != -1) || b == null) {
            return this.kif;
        }
        Byte kif = this.symmetricCryptoSecuritySetting.getKif(this.writeAccessLevel, b.byteValue());
        if (kif == null) {
            kif = this.symmetricCryptoSecuritySetting.getDefaultKif(this.writeAccessLevel);
        }
        return kif;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.eclipse.keyple.card.calypso.CardCommand
    public void setApduResponseAndCheckStatus(ApduResponseApi apduResponseApi) throws CardCommandException {
        super.setApduResponseAndCheckStatus(apduResponseApi);
        byte[] dataOut = apduResponseApi.getDataOut();
        CalypsoCardAdapter calypsoCard = getCalypsoCard();
        switch (AnonymousClass1.$SwitchMap$org$calypsonet$terminal$calypso$card$CalypsoCard$ProductType[calypsoCard.getProductType().ordinal()]) {
            case 1:
                parseRev10(dataOut);
                break;
            case 2:
                parseRev24(dataOut);
                break;
            default:
                parseRev3(dataOut);
                break;
        }
        calypsoCard.setDfRatified(this.isPreviousSessionRatified);
        calypsoCard.setTransactionCounter(ByteArrayUtil.extractInt(this.challengeTransactionCounter, 0, 3, false));
        if (this.recordData.length > 0) {
            calypsoCard.setContent((byte) this.sfi, this.recordNumber, this.recordData);
        }
        if (apduResponseApi.getStatusWord() == 25088) {
            calypsoCard.setPreOpenWriteAccessLevel(this.writeAccessLevel);
            calypsoCard.setPreOpenDataOut(dataOut);
        }
    }

    private void parseRev3(byte[] bArr) {
        int i;
        CalypsoCardAdapter card = getTransactionContext() != null ? getTransactionContext().getCard() : getCalypsoCard();
        if (this.isExtendedModeAllowed) {
            i = 4;
            this.isPreviousSessionRatified = (bArr[8] & 1) == 0;
            if (!((bArr[8] & 2) == 2)) {
                card.disableExtendedMode();
            }
        } else {
            i = 0;
            this.isPreviousSessionRatified = bArr[4] == 0;
            card.disableExtendedMode();
        }
        this.challengeTransactionCounter = Arrays.copyOfRange(bArr, 0, 3);
        this.challengeRandomNumber = Arrays.copyOfRange(bArr, 3, 4 + i);
        this.kif = Byte.valueOf(bArr[5 + i]);
        this.kvc = Byte.valueOf(bArr[6 + i]);
        this.recordData = Arrays.copyOfRange(bArr, 8 + i, 8 + i + bArr[7 + i]);
    }

    private void parseRev24(byte[] bArr) {
        switch (bArr.length) {
            case 5:
                this.isPreviousSessionRatified = true;
                this.recordData = new byte[0];
                break;
            case 7:
                this.isPreviousSessionRatified = false;
                this.recordData = new byte[0];
                break;
            case 34:
                this.isPreviousSessionRatified = true;
                this.recordData = Arrays.copyOfRange(bArr, 5, 34);
                break;
            case 36:
                this.isPreviousSessionRatified = false;
                this.recordData = Arrays.copyOfRange(bArr, 7, 36);
                break;
            default:
                throw new IllegalStateException("Bad response length to Open Secure Session: " + bArr.length);
        }
        this.challengeTransactionCounter = Arrays.copyOfRange(bArr, 1, 4);
        this.challengeRandomNumber = Arrays.copyOfRange(bArr, 4, 5);
        this.kif = null;
        this.kvc = Byte.valueOf(bArr[0]);
    }

    private void parseRev10(byte[] bArr) {
        switch (bArr.length) {
            case 4:
                this.isPreviousSessionRatified = true;
                this.recordData = new byte[0];
                break;
            case 6:
                this.isPreviousSessionRatified = false;
                this.recordData = new byte[0];
                break;
            case 33:
                this.isPreviousSessionRatified = true;
                this.recordData = Arrays.copyOfRange(bArr, 4, 33);
                break;
            case 35:
                this.isPreviousSessionRatified = false;
                this.recordData = Arrays.copyOfRange(bArr, 6, 35);
                break;
            default:
                throw new IllegalStateException("Bad response length to Open Secure Session: " + bArr.length);
        }
        this.challengeTransactionCounter = Arrays.copyOfRange(bArr, 0, 3);
        this.challengeRandomNumber = Arrays.copyOfRange(bArr, 3, 4);
        this.kif = null;
        this.kvc = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getCardChallenge() {
        return this.challengeRandomNumber;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Byte getKif() {
        return this.kif;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Byte getKvc() {
        return this.kvc;
    }

    @Override // org.eclipse.keyple.card.calypso.CardCommand
    Map<Integer, CardCommand.StatusProperties> getStatusTable() {
        return STATUS_TABLE;
    }

    static {
        HashMap hashMap = new HashMap(CardCommand.STATUS_TABLE);
        hashMap.put(26368, new CardCommand.StatusProperties("Lc value not supported.", CardIllegalParameterException.class));
        hashMap.put(26880, new CardCommand.StatusProperties("Transaction Counter is 0", CardTerminatedException.class));
        hashMap.put(27009, new CardCommand.StatusProperties("Command forbidden (read requested and current EF is a Binary file).", CardDataAccessException.class));
        hashMap.put(27010, new CardCommand.StatusProperties("Security conditions not fulfilled (PIN code not presented, AES key forbidding the compatibility mode, encryption required).", CardSecurityContextException.class));
        hashMap.put(27013, new CardCommand.StatusProperties("Access forbidden (Never access mode, Session already opened).", CardAccessForbiddenException.class));
        hashMap.put(27014, new CardCommand.StatusProperties("Command not allowed (read requested and no current EF).", CardDataAccessException.class));
        hashMap.put(27265, new CardCommand.StatusProperties("Wrong key index.", CardIllegalParameterException.class));
        hashMap.put(27266, new CardCommand.StatusProperties("File not found.", CardDataAccessException.class));
        hashMap.put(27267, new CardCommand.StatusProperties("Record not found (record index is above NumRec).", CardDataAccessException.class));
        hashMap.put(27392, new CardCommand.StatusProperties("P1 or P2 value not supported (key index incorrect, wrong P2, extended mode not supported).", CardIllegalParameterException.class));
        hashMap.put(25087, new CardCommand.StatusProperties("Correct execution (ISO7816 T=0)."));
        hashMap.put(25088, new CardCommand.StatusProperties("Successful execution, with warning (Pre-Open variant, secure session not opened)."));
        STATUS_TABLE = hashMap;
    }
}
