package es.gob.jmulticard.apdu.connection.cwa14890;

import es.gob.jmulticard.CryptoHelper;
import es.gob.jmulticard.HexUtils;
import es.gob.jmulticard.apdu.CommandApdu;
import es.gob.jmulticard.apdu.ResponseApdu;
import es.gob.jmulticard.apdu.StatusWord;
import es.gob.jmulticard.apdu.connection.AbstractApduEncrypter;
import es.gob.jmulticard.apdu.connection.ApduConnection;
import es.gob.jmulticard.apdu.connection.ApduConnectionException;
import es.gob.jmulticard.apdu.connection.ApduConnectionProtocol;
import es.gob.jmulticard.apdu.connection.ApduEncrypterDes;
import es.gob.jmulticard.apdu.connection.CardConnectionListener;
import es.gob.jmulticard.card.cwa14890.Cwa14890Card;
import es.gob.jmulticard.card.cwa14890.Cwa14890PrivateConstants;
import es.gob.jmulticard.card.cwa14890.Cwa14890PublicConstants;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;

/* loaded from: input_file:es/gob/jmulticard/apdu/connection/cwa14890/Cwa14890OneV1Connection.class */
public class Cwa14890OneV1Connection implements Cwa14890Connection {
    private static final int KICC_LENGTH = 32;
    private static final int KIFD_LENGTH = 32;
    private static final byte ISO_9796_2_PADDING_START = 106;
    private static final byte ISO_9796_2_PADDING_END = -68;
    private static final byte MSB_INCORRECT_LE = 108;
    private static final byte MSB_INCORRECT_LE_PACE = 98;
    protected final transient CryptoHelper cryptoHelper;
    private transient Cwa14890Card card;
    protected transient ApduConnection subConnection;
    private transient byte[] kenc = null;
    private transient byte[] kmac = null;
    private transient byte[] ssc = null;
    protected transient boolean openState = false;
    protected final transient AbstractApduEncrypter apduEncrypter;
    private transient Cwa14890PublicConstants pubConsts;
    private transient Cwa14890PrivateConstants privConsts;
    private static final StatusWord INVALID_CRYPTO_CHECKSUM = new StatusWord((byte) 102, (byte) -120);
    private static final byte[] SECURE_CHANNEL_KENC_AUX = {0, 0, 0, 1};
    private static final byte[] SECURE_CHANNEL_KMAC_AUX = {0, 0, 0, 2};

    protected AbstractApduEncrypter instantiateApduEncrypter() {
        return new ApduEncrypterDes();
    }

    public String toString() {
        return "Conexion de tipo CWA-14890-V1 " + (isOpen() ? "abierta sobre " + getSubConnection() : "cerrada");
    }

    public Cwa14890OneV1Connection(ApduConnection apduConnection, CryptoHelper cryptoHelper) {
        if (cryptoHelper == null) {
            throw new IllegalArgumentException("CryptoHelper no puede ser nulo");
        }
        this.subConnection = apduConnection instanceof Cwa14890Connection ? ((Cwa14890Connection) apduConnection).getSubConnection() : apduConnection;
        this.cryptoHelper = cryptoHelper;
        this.apduEncrypter = instantiateApduEncrypter();
    }

    public Cwa14890OneV1Connection(Cwa14890Card cwa14890Card, ApduConnection apduConnection, CryptoHelper cryptoHelper, Cwa14890PublicConstants cwa14890PublicConstants, Cwa14890PrivateConstants cwa14890PrivateConstants) {
        if (cwa14890Card == null) {
            throw new IllegalArgumentException("No se ha proporcionado la tarjeta CWA-14890 con la que abrir el canal seguro");
        }
        if (cryptoHelper == null) {
            throw new IllegalArgumentException("CryptoHelper no puede ser nulo");
        }
        if (cwa14890PublicConstants == null) {
            throw new IllegalArgumentException("las claves CWA-14890 no pueden ser nulas");
        }
        this.card = cwa14890Card;
        this.subConnection = apduConnection instanceof Cwa14890Connection ? ((Cwa14890Connection) apduConnection).getSubConnection() : apduConnection;
        this.cryptoHelper = cryptoHelper;
        this.apduEncrypter = instantiateApduEncrypter();
        this.pubConsts = cwa14890PublicConstants;
        this.privConsts = cwa14890PrivateConstants;
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public void open() throws ApduConnectionException {
        ApduConnection apduConnection = this.subConnection;
        apduConnection.open();
        byte[] paddedSerial = getPaddedSerial();
        try {
            this.card.verifyCaIntermediateIcc();
            this.card.verifyIcc();
            try {
                RSAPublicKey rSAPublicKey = (RSAPublicKey) this.card.getIccCert().getPublicKey();
                try {
                    this.card.verifyIfdCertificateChain(this.pubConsts);
                    try {
                        byte[] generateRandomBytes = this.cryptoHelper.generateRandomBytes(8);
                        try {
                            byte[] internalAuthentication = internalAuthentication(generateRandomBytes, rSAPublicKey);
                            byte[] challenge = this.card.getChallenge();
                            try {
                                byte[] xor = HexUtils.xor(internalAuthentication, externalAuthentication(paddedSerial, challenge, rSAPublicKey));
                                try {
                                    this.kenc = generateKenc(xor);
                                    try {
                                        this.kmac = generateKmac(xor);
                                        this.ssc = generateSsc(generateRandomBytes, challenge);
                                        this.openState = true;
                                    } catch (IOException e) {
                                        apduConnection.close();
                                        throw new ApduConnectionException("Error al generar la clave Kmac para el tratamiento del canal seguro", e);
                                    }
                                } catch (IOException e2) {
                                    apduConnection.close();
                                    throw new ApduConnectionException("Error al generar la clave Kenc para el tratamiento del canal seguro", e2);
                                }
                            } catch (Exception e3) {
                                apduConnection.close();
                                throw new ApduConnectionException("Error durante el proceso de autenticacion externa de la tarjeta", e3);
                            }
                        } catch (Exception e4) {
                            apduConnection.close();
                            throw new ApduConnectionException("Error durante el proceso de autenticacion interna de la tarjeta", e4);
                        }
                    } catch (IOException e5) {
                        apduConnection.close();
                        throw new SecureChannelException("No se pudo generar el array de aleatorios", e5);
                    }
                } catch (Exception e6) {
                    apduConnection.close();
                    throw new ApduConnectionException("Error al verificar la cadena de certificados del controlador", e6);
                }
            } catch (IOException e7) {
                apduConnection.close();
                throw new ApduConnectionException("No se pudo leer certificado de componente", e7);
            }
        } catch (IOException e8) {
            apduConnection.close();
            throw new IllegalStateException("No se han podido validar los certificados CWA-14890", e8);
        } catch (SecurityException e9) {
            apduConnection.close();
            throw new IllegalStateException("Condicion de seguridad no satisfecha en la validacion de los certificados CWA-14890", e9);
        } catch (CertificateException e10) {
            apduConnection.close();
            throw new IllegalStateException("No se han podido tratar los certificados CWA-14890", e10);
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [byte[], byte[][]] */
    private byte[] generateKenc(byte[] bArr) throws IOException {
        byte[] bArr2 = new byte[16];
        System.arraycopy(this.cryptoHelper.digest(CryptoHelper.DigestAlgorithm.SHA1, HexUtils.concatenateByteArrays(new byte[]{bArr, SECURE_CHANNEL_KENC_AUX})), 0, bArr2, 0, bArr2.length);
        return bArr2;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [byte[], byte[][]] */
    private byte[] generateKmac(byte[] bArr) throws IOException {
        byte[] bArr2 = new byte[16];
        System.arraycopy(this.cryptoHelper.digest(CryptoHelper.DigestAlgorithm.SHA1, HexUtils.concatenateByteArrays(new byte[]{bArr, SECURE_CHANNEL_KMAC_AUX})), 0, bArr2, 0, bArr2.length);
        return bArr2;
    }

    private static byte[] generateSsc(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[8];
        System.arraycopy(bArr2, 4, bArr3, 0, 4);
        System.arraycopy(bArr, 4, bArr3, 4, 4);
        return bArr3;
    }

    public static byte[] internalAuthGetInternalAuthenticateMessage(Cwa14890Card cwa14890Card, Cwa14890PublicConstants cwa14890PublicConstants, byte[] bArr) throws ApduConnectionException {
        try {
            cwa14890Card.setKeysToAuthentication(cwa14890Card.getChrCCvIfd(cwa14890PublicConstants), cwa14890Card.getRefIccPrivateKey(cwa14890PublicConstants));
            return cwa14890Card.getInternalAuthenticateMessage(bArr, cwa14890Card.getChrCCvIfd(cwa14890PublicConstants));
        } catch (Exception e) {
            throw new SecureChannelException("Error durante el establecimiento de la clave publica de Terminal y la privada de Componente para su autenticacion", e);
        }
    }

    public static byte[] internalAuthValidateInternalAuthenticateMessage(byte[] bArr, byte[] bArr2, byte[] bArr3, RSAPrivateKey rSAPrivateKey, int i, Cwa14890PrivateConstants cwa14890PrivateConstants, Cwa14890PublicConstants cwa14890PublicConstants, RSAPublicKey rSAPublicKey, CryptoHelper cryptoHelper) throws IOException {
        byte[] rsaDecrypt = cryptoHelper.rsaDecrypt(bArr2, rSAPrivateKey);
        byte[] rsaEncrypt = cryptoHelper.rsaEncrypt(rsaDecrypt, rSAPublicKey);
        if (rsaEncrypt[0] != ISO_9796_2_PADDING_START || rsaEncrypt[rsaEncrypt.length - 1] != ISO_9796_2_PADDING_END) {
            byte[] byteArray = rSAPublicKey.getModulus().subtract(new BigInteger(rsaDecrypt)).toByteArray();
            byte[] bArr4 = new byte[i];
            if (byteArray.length <= i || byteArray[0] != 0) {
                System.arraycopy(byteArray, 0, bArr4, 0, byteArray.length);
            } else {
                System.arraycopy(byteArray, 1, bArr4, 0, byteArray.length - 1);
            }
            rsaEncrypt = cryptoHelper.rsaDecrypt(bArr4, rSAPublicKey);
            if (rsaEncrypt[0] != ISO_9796_2_PADDING_START || rsaEncrypt[rsaEncrypt.length - 1] != ISO_9796_2_PADDING_END) {
                throw new SecureChannelException("Error en la autenticacion interna para el establecimiento del canal seguro. El mensaje descifrado es:\n" + HexUtils.hexify(rsaEncrypt, true));
            }
        }
        byte[] bArr5 = new byte[((i - 32) - CryptoHelper.DigestAlgorithm.SHA1.getDigestLength()) - 2];
        System.arraycopy(rsaEncrypt, 1, bArr5, 0, bArr5.length);
        byte[] bArr6 = new byte[32];
        System.arraycopy(rsaEncrypt, bArr5.length + 1, bArr6, 0, bArr6.length);
        byte[] bArr7 = new byte[CryptoHelper.DigestAlgorithm.SHA1.getDigestLength()];
        System.arraycopy(rsaEncrypt, bArr5.length + bArr6.length + 1, bArr7, 0, bArr7.length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(bArr5);
        byteArrayOutputStream.write(bArr6);
        byteArrayOutputStream.write(bArr3);
        byteArrayOutputStream.write(bArr);
        byte[] digest = cryptoHelper.digest(CryptoHelper.DigestAlgorithm.SHA1, byteArrayOutputStream.toByteArray());
        if (HexUtils.arrayEquals(bArr7, digest)) {
            return bArr6;
        }
        throw new SecureChannelException("Error en la comprobacion de la clave de autenticacion interna. Se obtuvo el hash '" + HexUtils.hexify(digest, false) + "' cuando se esperaba: '" + HexUtils.hexify(bArr7, false) + "'");
    }

    private byte[] internalAuthentication(byte[] bArr, RSAPublicKey rSAPublicKey) throws SecureChannelException, ApduConnectionException, IOException {
        return internalAuthValidateInternalAuthenticateMessage(this.card.getChrCCvIfd(this.pubConsts), internalAuthGetInternalAuthenticateMessage(this.card, this.pubConsts, bArr), bArr, this.card.getIfdPrivateKey(this.privConsts), this.card.getIfdKeyLength(this.pubConsts), this.privConsts, this.pubConsts, rSAPublicKey, this.cryptoHelper);
    }

    private byte[] externalAuthentication(byte[] bArr, byte[] bArr2, RSAPublicKey rSAPublicKey) throws IOException {
        byte[] generateRandomBytes = this.cryptoHelper.generateRandomBytes(((this.card.getIfdKeyLength(this.pubConsts) - 2) - 32) - CryptoHelper.DigestAlgorithm.SHA1.getDigestLength());
        byte[] generateRandomBytes2 = this.cryptoHelper.generateRandomBytes(32);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(generateRandomBytes);
        byteArrayOutputStream.write(generateRandomBytes2);
        byteArrayOutputStream.write(bArr2);
        byteArrayOutputStream.write(bArr);
        byte[] digest = this.cryptoHelper.digest(CryptoHelper.DigestAlgorithm.SHA1, byteArrayOutputStream.toByteArray());
        byteArrayOutputStream.reset();
        byteArrayOutputStream.write(ISO_9796_2_PADDING_START);
        byteArrayOutputStream.write(generateRandomBytes);
        byteArrayOutputStream.write(generateRandomBytes2);
        byteArrayOutputStream.write(digest);
        byteArrayOutputStream.write(ISO_9796_2_PADDING_END);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        RSAPrivateKey ifdPrivateKey = this.card.getIfdPrivateKey(this.privConsts);
        BigInteger bigInteger = new BigInteger(1, this.cryptoHelper.rsaDecrypt(byteArray, ifdPrivateKey));
        if (this.card.externalAuthentication(this.cryptoHelper.rsaEncrypt(ifdPrivateKey.getModulus().subtract(bigInteger).min(bigInteger).toByteArray(), rSAPublicKey))) {
            return generateRandomBytes2;
        }
        throw new SecureChannelException("Error durante la autenticacion externa del canal seguro");
    }

    private byte[] getPaddedSerial() throws ApduConnectionException {
        byte[] serialNumber = this.card.getSerialNumber();
        byte[] bArr = serialNumber;
        if (bArr.length < 8) {
            bArr = new byte[8];
            int i = 0;
            while (i < 8 - serialNumber.length) {
                bArr[i] = 0;
                i++;
            }
            System.arraycopy(serialNumber, 0, bArr, i, serialNumber.length);
        }
        return bArr;
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public void close() throws ApduConnectionException {
        if (this.openState) {
            this.subConnection.close();
            this.openState = false;
        }
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public ResponseApdu transmit(CommandApdu commandApdu) throws ApduConnectionException {
        try {
            this.ssc = increment(this.ssc);
            ResponseApdu transmit = this.subConnection.transmit(this.apduEncrypter.protectAPDU(commandApdu, this.kenc, this.kmac, this.ssc, this.cryptoHelper));
            if (INVALID_CRYPTO_CHECKSUM.equals(transmit.getStatusWord())) {
                throw new InvalidCryptographicChecksumException();
            }
            try {
                this.ssc = increment(this.ssc);
                ResponseApdu decryptResponseApdu = this.apduEncrypter.decryptResponseApdu(transmit, this.kenc, this.ssc, this.kmac, this.cryptoHelper);
                if (decryptResponseApdu.getStatusWord().getMsb() == MSB_INCORRECT_LE) {
                    commandApdu.setLe(decryptResponseApdu.getStatusWord().getLsb());
                    return transmit(commandApdu);
                }
                if (decryptResponseApdu.getStatusWord().getMsb() != MSB_INCORRECT_LE_PACE) {
                    return decryptResponseApdu;
                }
                commandApdu.setLe(commandApdu.getLe().intValue() - 1);
                return transmit(commandApdu);
            } catch (Exception e) {
                throw new ApduConnectionException("Error en la desencriptacion de la APDU de respuesta recibida por el canal seguro", e);
            }
        } catch (IOException e2) {
            throw new SecureChannelException("Error en la encriptacion de la APDU para su envio por el canal seguro", e2);
        }
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public byte[] reset() throws ApduConnectionException {
        this.openState = false;
        byte[] reset = this.subConnection.reset();
        open();
        return reset;
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public void addCardConnectionListener(CardConnectionListener cardConnectionListener) {
        this.subConnection.addCardConnectionListener(cardConnectionListener);
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public void removeCardConnectionListener(CardConnectionListener cardConnectionListener) {
        this.subConnection.removeCardConnectionListener(cardConnectionListener);
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public long[] getTerminals(boolean z) throws ApduConnectionException {
        return this.subConnection.getTerminals(z);
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public String getTerminalInfo(int i) throws ApduConnectionException {
        return this.subConnection.getTerminalInfo(i);
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public void setTerminal(int i) throws ApduConnectionException {
        this.subConnection.setTerminal(i);
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public boolean isOpen() {
        return this.openState && this.subConnection.isOpen();
    }

    private static byte[] increment(byte[] bArr) {
        byte[] byteArray = new BigInteger(1, bArr).add(BigInteger.ONE).toByteArray();
        if (byteArray.length > 8) {
            byte[] bArr2 = new byte[8];
            System.arraycopy(byteArray, byteArray.length - bArr2.length, bArr2, 0, bArr2.length);
            return bArr2;
        }
        if (byteArray.length >= 8) {
            return byteArray;
        }
        byte[] bArr3 = new byte[8];
        System.arraycopy(byteArray, 0, bArr3, bArr3.length - byteArray.length, byteArray.length);
        return bArr3;
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public ApduConnection getSubConnection() {
        return this.subConnection;
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public void setProtocol(ApduConnectionProtocol apduConnectionProtocol) {
        if (this.subConnection != null) {
            this.subConnection.setProtocol(apduConnectionProtocol);
        }
    }

    @Override // es.gob.jmulticard.apdu.connection.cwa14890.Cwa14890Connection
    public byte[] getKenc() {
        return this.kenc;
    }

    @Override // es.gob.jmulticard.apdu.connection.cwa14890.Cwa14890Connection
    public byte[] getKmac() {
        return this.kmac;
    }

    @Override // es.gob.jmulticard.apdu.connection.cwa14890.Cwa14890Connection
    public byte[] getSsc() {
        return this.ssc;
    }
}
