package org.nightcode.javacard.channel.scp;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.Iterator;
import javax.crypto.Cipher;
import javax.smartcardio.CommandAPDU;
import javax.smartcardio.ResponseAPDU;
import org.nightcode.common.base.Hexs;
import org.nightcode.common.util.logging.LogManager;
import org.nightcode.common.util.logging.Logger;
import org.nightcode.javacard.JavaCardException;
import org.nightcode.javacard.channel.CardChannelContext;
import org.nightcode.javacard.channel.SecureChannelSession;
import org.nightcode.javacard.channel.key.KeySet;
import org.nightcode.javacard.channel.key.KeyUsage;
import org.nightcode.javacard.channel.key.SessionKeys;
import org.nightcode.javacard.common.Apdu;
import org.nightcode.javacard.common.SecurityLevel;
import org.nightcode.javacard.util.ApduPreconditions;
import org.nightcode.javacard.util.ByteArrayGenerator;
import org.nightcode.javacard.util.Iso7816D4;
import org.nightcode.javacard.util.JcCryptoUtils;
import org.nightcode.javacard.util.JcUtils;
import org.nightcode.javacard.util.SecureRandomByteArrayGenerator;

/* loaded from: input_file:org/nightcode/javacard/channel/scp/Scp02Session.class */
public class Scp02Session implements SecureChannelSession {
    private static final Logger LOGGER = LogManager.getLogger(Scp02Session.class);
    private static final Hexs HEX = Hexs.hex();
    private final CardChannelContext context;
    private final ByteArrayGenerator byteArrayGenerator;
    private volatile Scp02ApduChannel channel;
    private final Cipher desEdeCipher;

    public Scp02Session(CardChannelContext cardChannelContext) {
        this(cardChannelContext, new SecureRandomByteArrayGenerator());
    }

    Scp02Session(CardChannelContext cardChannelContext, ByteArrayGenerator byteArrayGenerator) {
        this.context = cardChannelContext;
        this.byteArrayGenerator = byteArrayGenerator;
        try {
            this.desEdeCipher = Cipher.getInstance(JcCryptoUtils.DES_EDE_ECB_NO_PADDING);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.nightcode.javacard.channel.SecureChannelSession
    public byte[] encryptData(byte[] bArr) throws GeneralSecurityException {
        this.desEdeCipher.init(1, this.context.getSessionKeys().getDesEde(KeyUsage.DEK));
        return this.desEdeCipher.doFinal(bArr);
    }

    @Override // org.nightcode.javacard.channel.SecureChannelSession
    public void openSecureChannel(EnumSet<SecurityLevel> enumSet) throws IOException, JavaCardException {
        if (enumSet.contains(SecurityLevel.C_DECRYPTION) && !enumSet.contains(SecurityLevel.C_MAC)) {
            throw new IllegalArgumentException("C_DECRYPTION must be combined with C_MAC");
        }
        byte[] externalAuthenticate = externalAuthenticate(initializeUpdate(this.context.getCardProperties().getKeyVersionNumber()), enumSet);
        this.channel = new Scp02ApduChannel(this.context, enumSet, externalAuthenticate);
        this.channel.setRicv(externalAuthenticate);
    }

    @Override // org.nightcode.javacard.channel.Channel
    public ResponseAPDU transmit(CommandAPDU commandAPDU) throws IOException {
        return this.channel.transmit(commandAPDU);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v18, types: [byte[], byte[][]] */
    Scp02Context initializeUpdate(byte b) throws IOException, JavaCardException {
        byte[] generate = this.byteArrayGenerator.generate(8);
        ResponseAPDU transmit = this.context.channel().transmit(new CommandAPDU(-128, 80, b, 0, generate, 256));
        int sw = transmit.getSW();
        if (sw == 27010 || sw == 27011) {
            throw new JavaCardException("[SW=0x%04X] INITIALIZE UPDATE failed, card LOCKED?", Integer.valueOf(sw));
        }
        if (sw == 27272) {
            throw new JavaCardException("[SW=0x%04X] INITIALIZE UPDATE failed, referenced data not found", Integer.valueOf(sw));
        }
        ApduPreconditions.checkSw("INITIALIZE UPDATE failed", sw, Apdu.SW_NO_ERROR);
        byte[] data = transmit.getData();
        if (data.length != 28) {
            throw new JavaCardException("invalid INITIALIZE UPDATE response message length %dB", Integer.valueOf(data.length));
        }
        byte[] copyOfRange = Arrays.copyOfRange(data, 0, 10);
        int length = 0 + copyOfRange.length;
        byte[] copyOfRange2 = Arrays.copyOfRange(data, length, length + 2);
        byte b2 = (byte) (copyOfRange2[0] & 255);
        int i = copyOfRange2[1] & 255;
        int length2 = length + copyOfRange2.length;
        byte[] copyOfRange3 = Arrays.copyOfRange(data, length2, length2 + 2);
        int length3 = length2 + copyOfRange3.length;
        byte[] copyOfRange4 = Arrays.copyOfRange(data, length3, length3 + 6);
        int length4 = length3 + copyOfRange4.length;
        byte[] copyOfRange5 = Arrays.copyOfRange(data, length4, length4 + 8);
        LOGGER.debug("  Key diversification data: %s\n  Key information:          keyVersionNumber=%s; SCP_0%s\n  Sequence counter:         %s\n  Card challenge:           %s\n  Card cryptogram:          %s", new Object[]{HEX.fromByteArray(copyOfRange), Byte.valueOf(b2), Integer.valueOf(i), HEX.fromByteArray(copyOfRange3), HEX.fromByteArray(copyOfRange4), HEX.fromByteArray(copyOfRange5)});
        if (ScpVersion.SCP_02.version() != i) {
            throw new JavaCardException("SCP version mismatch: SCP_02 != SCP_0%s", Integer.valueOf(i));
        }
        if (b > 0 && b != b2) {
            throw new JavaCardException("key version mismatch: %s != %s", Byte.valueOf(b), Byte.valueOf(b2));
        }
        SessionKeys deriveSessionKeys = KeySet.of(ScpVersion.SCP_02, this.context.keyProvider()).deriveSessionKeys(this.context.getCardProperties(), copyOfRange3);
        this.context.setSessionKeys(deriveSessionKeys);
        try {
            byte[] generateCryptogram = generateCryptogram(deriveSessionKeys.getDesEde(KeyUsage.ENC), new byte[]{generate, copyOfRange3, copyOfRange4});
            if (!Arrays.equals(copyOfRange5, generateCryptogram)) {
                throw new JavaCardException("Card Cryptogram verification failed:     \nCard cryptogram:       %s    \nCalculated cryptogram: %s", HEX.fromByteArray(copyOfRange5), HEX.fromByteArray(generateCryptogram));
            }
            LOGGER.info("verified Card Cryptogram: %s", new Object[]{HEX.fromByteArray(copyOfRange5)});
            return new Scp02Context(generate, copyOfRange4, copyOfRange3);
        } catch (GeneralSecurityException e) {
            throw new JavaCardException("can't calculate card cryptogram", e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v4, types: [byte[], byte[][]] */
    byte[] externalAuthenticate(Scp02Context scp02Context, EnumSet<SecurityLevel> enumSet) throws IOException, JavaCardException {
        int i = 0;
        Iterator it = enumSet.iterator();
        while (it.hasNext()) {
            i |= ((SecurityLevel) it.next()).bitMask();
        }
        Scp02ApduChannel scp02ApduChannel = new Scp02ApduChannel(this.context, EnumSet.of(SecurityLevel.C_MAC));
        try {
            ResponseAPDU transmit = scp02ApduChannel.transmit(new CommandAPDU(-128, Apdu.INS_EXTERNAL_AUTHENTICATE, i, 0, generateCryptogram(this.context.getSessionKeys().getDesEde(KeyUsage.ENC), new byte[]{scp02Context.getSequenceCounter(), scp02Context.getCardChallenge(), scp02Context.getHostChallenge()})));
            int sw = transmit.getSW();
            if (transmit.getSW() == 25344) {
                throw new JavaCardException("[SW=0x%04X] EXTERNAL AUTHENTICATE authentication of host cryptogram failed", Integer.valueOf(sw));
            }
            ApduPreconditions.checkSw("EXTERNAL AUTHENTICATE failed", sw, Apdu.SW_NO_ERROR);
            return scp02ApduChannel.getIcv();
        } catch (GeneralSecurityException e) {
            throw new JavaCardException("can't generate host cryptogram", e);
        }
    }

    private byte[] generateCryptogram(Key key, byte[]... bArr) throws GeneralSecurityException {
        byte[] pad = Iso7816D4.pad(JcUtils.joinArrays(bArr));
        Cipher cipher = Cipher.getInstance(JcCryptoUtils.DES_EDE_CBC_NO_PADDING);
        cipher.init(1, key, JcCryptoUtils.ZERO_IV_PARAMETER_SPEC);
        byte[] doFinal = cipher.doFinal(pad, 0, pad.length);
        return Arrays.copyOfRange(doFinal, doFinal.length - 8, doFinal.length);
    }
}
