package org.nightcode.javacard.channel.scp;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.util.Arrays;
import java.util.EnumSet;
import javax.crypto.Cipher;
import javax.smartcardio.CommandAPDU;
import javax.smartcardio.ResponseAPDU;
import org.nightcode.common.base.Hexs;
import org.nightcode.javacard.JavaCardException;
import org.nightcode.javacard.channel.ApduChannel;
import org.nightcode.javacard.channel.CardChannelContext;
import org.nightcode.javacard.channel.key.KeyUsage;
import org.nightcode.javacard.channel.key.SessionKeys;
import org.nightcode.javacard.common.SecurityLevel;
import org.nightcode.javacard.util.Iso7816D4;
import org.nightcode.javacard.util.JcCryptoUtils;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/nightcode/javacard/channel/scp/Scp02ApduChannel.class */
public final class Scp02ApduChannel implements ApduChannel {
    private static final int CMAC_LENGTH = 8;
    private static final int ENC_LENGTH = 8;
    private static final int SWS_LENGTH = 2;
    private static final Hexs HEX = Hexs.hex();
    private final ApduChannel channel;
    private final SessionKeys sessionKeys;
    private final EnumSet<SecurityLevel> securityLevel;
    private final Scp02ParameterI i;
    private final int maxDataLength;
    private volatile byte[] icv;
    private volatile byte[] rIcv;
    private volatile byte[] rMac;
    private final Cipher desCipher;
    private final Cipher desCbcCipher;

    /* JADX INFO: Access modifiers changed from: package-private */
    public Scp02ApduChannel(CardChannelContext cardChannelContext, EnumSet<SecurityLevel> enumSet) {
        this(cardChannelContext, enumSet, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Scp02ApduChannel(CardChannelContext cardChannelContext, EnumSet<SecurityLevel> enumSet, byte[] bArr) {
        this.channel = cardChannelContext.channel();
        this.i = Scp02ParameterI.of(cardChannelContext.getCardRecognitionData());
        this.sessionKeys = cardChannelContext.getSessionKeys();
        this.securityLevel = enumSet;
        this.icv = bArr;
        int maxLength = cardChannelContext.getMaxLength();
        if (enumSet.contains(SecurityLevel.C_MAC)) {
            maxLength -= 8;
            if (enumSet.contains(SecurityLevel.C_DECRYPTION)) {
                maxLength -= 8;
            }
        }
        this.maxDataLength = maxLength;
        try {
            this.desCipher = Cipher.getInstance(JcCryptoUtils.DES_ECB_NO_PADDING);
            this.desCbcCipher = Cipher.getInstance(JcCryptoUtils.DES_EDE_CBC_NO_PADDING);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("unsupported cryptographic algorithm", e);
        }
    }

    @Override // org.nightcode.javacard.channel.Channel
    public ResponseAPDU transmit(CommandAPDU commandAPDU) throws IOException {
        try {
            return unwrap(this.channel.transmit(wrap(commandAPDU)));
        } catch (Exception e) {
            throw new IOException(String.format("APDU [%s] transmit problem: %s", HEX.fromByteArray(commandAPDU.getBytes()), e.getMessage()), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getIcv() {
        return this.icv;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRicv(byte[] bArr) {
        this.rIcv = bArr;
    }

    private byte[] commandEncryption(Key key, byte[] bArr) throws GeneralSecurityException {
        this.desCbcCipher.init(1, key, JcCryptoUtils.ZERO_IV_PARAMETER_SPEC);
        return this.desCbcCipher.doFinal(bArr);
    }

    private byte[] icvEncryption(Key key, byte[] bArr) throws GeneralSecurityException {
        this.desCipher.init(1, key);
        return this.desCipher.doFinal(bArr);
    }

    private ResponseAPDU unwrap(ResponseAPDU responseAPDU) throws JavaCardException {
        if (!this.securityLevel.contains(SecurityLevel.R_MAC)) {
            return responseAPDU;
        }
        byte[] data = responseAPDU.getData();
        if (data.length < 8) {
            throw new JavaCardException("received invalid APDU response %s", Hexs.hex().fromByteArray(data));
        }
        int length = data.length - 8;
        byte[] bArr = new byte[Iso7816D4.paddedLength(this.rMac.length + 1 + length + 2)];
        System.arraycopy(this.rMac, 0, bArr, 0, this.rMac.length);
        int length2 = 0 + this.rMac.length;
        int i = length2 + 1;
        bArr[length2] = (byte) length;
        System.arraycopy(data, 0, bArr, i, length);
        int i2 = i + length;
        int i3 = i2 + 1;
        bArr[i2] = (byte) responseAPDU.getSW1();
        int i4 = i3 + 1;
        bArr[i3] = (byte) responseAPDU.getSW2();
        bArr[i4] = Byte.MIN_VALUE;
        byte[] macAlgorithm3 = JcCryptoUtils.macAlgorithm3(this.sessionKeys.getDesEde(KeyUsage.R_MAC), this.rIcv, bArr);
        this.rIcv = macAlgorithm3;
        byte[] bArr2 = new byte[8];
        System.arraycopy(data, length, bArr2, 0, bArr2.length);
        if (Arrays.equals(macAlgorithm3, bArr2)) {
            return new ResponseAPDU(Arrays.copyOfRange(bArr, this.rMac.length + 1, i4));
        }
        throw new JavaCardException("invalid RMAC value %s, expected %s", HEX.fromByteArray(bArr2), HEX.fromByteArray(macAlgorithm3));
    }

    private CommandAPDU wrap(CommandAPDU commandAPDU) throws IOException, GeneralSecurityException {
        byte[] data;
        byte[] bytes = commandAPDU.getBytes();
        int nc = commandAPDU.getNc();
        if (this.securityLevel.contains(SecurityLevel.R_MAC)) {
            if (nc == 0) {
                this.rMac = Arrays.copyOf(bytes, 4);
            } else {
                this.rMac = Arrays.copyOf(bytes, 5 + nc);
            }
            byte[] bArr = this.rMac;
            bArr[0] = (byte) (bArr[0] & (-8));
        }
        if (!this.securityLevel.contains(SecurityLevel.C_MAC)) {
            return commandAPDU;
        }
        if (nc > this.maxDataLength) {
            throw new IOException(String.format("APDU command DATA length %d MUST be <= %d", Integer.valueOf(nc), Integer.valueOf(this.maxDataLength)));
        }
        byte[] bArr2 = new byte[Iso7816D4.paddedLength(5 + nc)];
        System.arraycopy(bytes, 0, bArr2, 0, 4);
        bArr2[4] = (byte) nc;
        if (nc > 0) {
            System.arraycopy(bytes, 5, bArr2, 5, nc);
        }
        bArr2[5 + nc] = Byte.MIN_VALUE;
        if (this.i.cMacOnModifiedApdu()) {
            bArr2[0] = (byte) (bArr2[0] | 4);
            bArr2[4] = (byte) (bArr2[4] + 8);
        }
        if (this.icv == null) {
            this.icv = new byte[8];
        } else if (this.i.icvEncryptionForCMacSession()) {
            this.icv = icvEncryption(this.sessionKeys.getDes(KeyUsage.MAC), this.icv);
        }
        byte[] macAlgorithm3 = JcCryptoUtils.macAlgorithm3(this.sessionKeys.getDesEde(KeyUsage.MAC), this.icv, bArr2);
        this.icv = macAlgorithm3;
        if (this.i.cMacOnUnmodifiedApdu()) {
            bArr2[0] = (byte) (bArr2[0] | 4);
            bArr2[4] = (byte) (bArr2[4] + 8);
        }
        if (nc <= 0 || !this.securityLevel.contains(SecurityLevel.C_DECRYPTION)) {
            data = commandAPDU.getData();
        } else {
            Key desEde = this.sessionKeys.getDesEde(KeyUsage.ENC);
            byte[] pad = Iso7816D4.pad(bytes, 5, nc);
            data = commandEncryption(desEde, pad);
            bArr2[4] = (byte) (bArr2[4] + (pad.length - nc));
        }
        byte[] bArr3 = new byte[5 + data.length + 8 + (commandAPDU.getNe() > 0 ? 1 : 0)];
        System.arraycopy(bArr2, 0, bArr3, 0, 5);
        int i = 0 + 5;
        if (data.length > 0) {
            System.arraycopy(data, 0, bArr3, i, data.length);
            i += data.length;
        }
        System.arraycopy(macAlgorithm3, 0, bArr3, i, macAlgorithm3.length);
        if (commandAPDU.getNe() > 0) {
            bArr3[i + macAlgorithm3.length] = (byte) commandAPDU.getNe();
        }
        return new CommandAPDU(bArr3);
    }
}
