package es.gob.jmulticard.de.tsenger.androsmex.iso7816;

import es.gob.jmulticard.CryptoHelper;
import es.gob.jmulticard.HexUtils;
import es.gob.jmulticard.apdu.CommandApdu;
import es.gob.jmulticard.apdu.ResponseApdu;
import es.gob.jmulticard.asn1.Tlv;
import es.gob.jmulticard.asn1.TlvException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.logging.Logger;

/* loaded from: input_file:es/gob/jmulticard/de/tsenger/androsmex/iso7816/SecureMessaging.class */
public final class SecureMessaging {
    private final transient byte[] kenc;
    private final transient byte[] kmac;
    private final transient byte[] ssc;
    private final transient CryptoHelper cryptoHelper;
    public static final int BLOCK_SIZE = 16;

    public SecureMessaging(byte[] bArr, byte[] bArr2, byte[] bArr3, CryptoHelper cryptoHelper) {
        this.cryptoHelper = cryptoHelper;
        this.kenc = (byte[]) bArr.clone();
        this.kmac = (byte[]) bArr2.clone();
        this.ssc = (byte[]) bArr3.clone();
    }

    public CommandApdu wrap(CommandApdu commandApdu) throws SecureMessagingException {
        byte b = 0;
        DO97 do97 = null;
        DO87 do87 = null;
        incrementAtIndex(this.ssc);
        byte[] bArr = new byte[4];
        System.arraycopy(commandApdu.getBytes(), 0, bArr, 0, 4);
        bArr[0] = (byte) (bArr[0] | 12);
        if (getAPDUStructure(commandApdu) == 3 || getAPDUStructure(commandApdu) == 4) {
            do87 = buildDO87((byte[]) commandApdu.getData().clone());
            b = (byte) (0 + do87.getEncoded().length);
        }
        if (getAPDUStructure(commandApdu) == 2 || getAPDUStructure(commandApdu) == 4) {
            do97 = buildDO97(commandApdu.getLe().intValue());
            b = (byte) (b + do97.getEncoded().length);
        }
        DO8E buildDO8E = buildDO8E(bArr, do87, do97);
        byte length = (byte) (b + buildDO8E.getEncoded().length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write(bArr);
            byteArrayOutputStream.write(length);
            if (do87 != null) {
                byteArrayOutputStream.write(do87.getEncoded());
            }
            if (do97 != null) {
                byteArrayOutputStream.write(do97.getEncoded());
            }
            byteArrayOutputStream.write(buildDO8E.getEncoded());
            byteArrayOutputStream.write(0);
            return new CommandApdu(byteArrayOutputStream.toByteArray());
        } catch (IOException e) {
            throw new SecureMessagingException(e);
        }
    }

    public ResponseApdu unwrap(ResponseApdu responseApdu) throws SecureMessagingException {
        byte[] bArr;
        DO87 do87 = null;
        DO99 do99 = null;
        DO8E do8e = null;
        incrementAtIndex(this.ssc);
        int i = 0;
        byte[] data = responseApdu.getData();
        byte[] bArr2 = new byte[data.length];
        while (i < data.length) {
            System.arraycopy(data, i, bArr2, 0, data.length - i);
            try {
                byte[] bytes = new Tlv(bArr2).getBytes();
                switch (bytes[0]) {
                    case -121:
                        do87 = new DO87(bytes);
                        break;
                    case -114:
                        do8e = new DO8E(bytes);
                        break;
                    case -103:
                        do99 = new DO99(bytes);
                        break;
                    default:
                        Logger.getLogger("es.gob.jmulticard").warning("Encontrada estructura desconocida en la APDU protegida: " + HexUtils.hexify(bytes, false));
                        break;
                }
                i += bytes.length;
            } catch (TlvException e) {
                throw new SecureMessagingException("Los datos de la APDU protegida no forman un TLV valido", e);
            }
        }
        if (do99 == null || do8e == null) {
            throw new SecureMessagingException("Error desempaquetando el mensaje seguro, DO99 o DO8E no encontrados en la APDU de respuesta: " + HexUtils.hexify(data, true));
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (do87 != null) {
            try {
                byteArrayOutputStream.write(do87.getEncoded());
            } catch (IOException e2) {
                throw new SecureMessagingException(e2);
            }
        }
        byteArrayOutputStream.write(do99.getEncoded());
        try {
            byte[] mac = getMac(byteArrayOutputStream.toByteArray(), this.ssc, this.kmac);
            byte[] data2 = do8e.getData();
            if (!Arrays.equals(mac, data2)) {
                throw new SecureMessagingException("Checksum incorrecto (CC Calculado = " + HexUtils.hexify(mac, false) + ", CC en DO8E = " + HexUtils.hexify(data2, false) + ")");
            }
            if (do87 != null) {
                try {
                    byte[] aesDecrypt = this.cryptoHelper.aesDecrypt(do87.getData(), this.cryptoHelper.aesEncrypt(this.ssc, null, this.kenc, CryptoHelper.BlockMode.ECB, CryptoHelper.Padding.NOPADDING), this.kenc, CryptoHelper.BlockMode.CBC, CryptoHelper.Padding.ISO7816_4PADDING);
                    bArr = new byte[aesDecrypt.length + 2];
                    System.arraycopy(aesDecrypt, 0, bArr, 0, aesDecrypt.length);
                    byte[] data3 = do99.getData();
                    System.arraycopy(data3, 0, bArr, aesDecrypt.length, data3.length);
                } catch (IOException e3) {
                    throw new SecureMessagingException(e3);
                }
            } else {
                bArr = (byte[]) do99.getData().clone();
            }
            return new ResponseApdu(bArr);
        } catch (InvalidKeyException | NoSuchAlgorithmException e4) {
            throw new SecureMessagingException("Error calculando el CMAC", e4);
        }
    }

    private DO87 buildDO87(byte[] bArr) throws SecureMessagingException {
        try {
            return new DO87(this.cryptoHelper.aesEncrypt(bArr, this.cryptoHelper.aesEncrypt(this.ssc, null, this.kenc, CryptoHelper.BlockMode.ECB, CryptoHelper.Padding.NOPADDING), this.kenc, CryptoHelper.BlockMode.CBC, CryptoHelper.Padding.ISO7816_4PADDING));
        } catch (IOException e) {
            throw new SecureMessagingException(e);
        }
    }

    private DO8E buildDO8E(byte[] bArr, DO87 do87, DO97 do97) throws SecureMessagingException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            if (do87 == null && do97 == null) {
                byteArrayOutputStream.write(bArr);
            } else {
                byteArrayOutputStream.write(addPadding(bArr));
            }
            if (do87 != null) {
                byteArrayOutputStream.write(do87.getEncoded());
            }
            if (do97 != null) {
                byteArrayOutputStream.write(do97.getEncoded());
            }
            try {
                return new DO8E(getMac(byteArrayOutputStream.toByteArray(), this.ssc, this.kmac));
            } catch (InvalidKeyException | NoSuchAlgorithmException e) {
                throw new SecureMessagingException("Error calculando el CMAC", e);
            }
        } catch (IOException e2) {
            throw new SecureMessagingException(e2);
        }
    }

    private static DO97 buildDO97(int i) {
        return new DO97(i);
    }

    private static byte getAPDUStructure(CommandApdu commandApdu) {
        byte[] bytes = commandApdu.getBytes();
        if (bytes.length == 4) {
            return (byte) 1;
        }
        if (bytes.length == 5) {
            return (byte) 2;
        }
        if (bytes.length == 5 + (bytes[4] & 255) && bytes[4] != 0) {
            return (byte) 3;
        }
        if (bytes.length == 6 + (bytes[4] & 255) && bytes[4] != 0) {
            return (byte) 4;
        }
        if (bytes.length == 7 && bytes[4] == 0) {
            return (byte) 5;
        }
        if (bytes.length == 7 + ((bytes[5] & 255) * 256) + (bytes[6] & 255) && bytes[4] == 0 && (bytes[5] != 0 || bytes[6] != 0)) {
            return (byte) 6;
        }
        if (bytes.length == 9 + ((bytes[5] & 255) * 256) + (bytes[6] & 255) && bytes[4] == 0) {
            return (bytes[5] == 0 && bytes[6] == 0) ? (byte) 0 : (byte) 7;
        }
        return (byte) 0;
    }

    private static void incrementAtIndex(byte[] bArr) {
        byte[] byteArray = new BigInteger(bArr).add(BigInteger.ONE).toByteArray();
        if (byteArray.length > bArr.length) {
            Arrays.fill(bArr, (byte) 0);
            return;
        }
        int length = bArr.length;
        int length2 = byteArray.length;
        for (int i = 0; i < length2; i++) {
            bArr[(length - 1) - i] = byteArray[(length2 - 1) - i];
        }
    }

    private byte[] getMac(byte[] bArr, byte[] bArr2, byte[] bArr3) throws InvalidKeyException, NoSuchAlgorithmException {
        byte[] bArr4 = new byte[bArr2.length + bArr.length];
        System.arraycopy(bArr2, 0, bArr4, 0, bArr2.length);
        System.arraycopy(bArr, 0, bArr4, bArr2.length, bArr.length);
        return this.cryptoHelper.doAesCmac(addPadding(bArr4), bArr3);
    }

    private static byte[] addPadding(byte[] bArr) {
        int length = bArr.length;
        byte[] bArr2 = new byte[((length / 16) + 1) * 16];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        bArr2[length] = Byte.MIN_VALUE;
        while (true) {
            length++;
            if (length >= bArr2.length) {
                return bArr2;
            }
            bArr2[length] = 0;
        }
    }
}
