package org.jmrtd.protocol;

import com.facebook.soloader.MinElf;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.Serializable;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import net.sf.scuba.smartcards.CommandAPDU;
import net.sf.scuba.smartcards.ResponseAPDU;
import net.sf.scuba.tlv.TLVUtil;
import org.jmrtd.Util;
import org.spongycastle.asn1.eac.CertificateBody;

/* loaded from: classes41.dex */
public class DESedeSecureMessagingWrapper extends SecureMessagingWrapper implements Serializable {
    private static final Logger LOGGER = Logger.getLogger("org.jmrtd");
    public static final IvParameterSpec ZERO_IV_PARAM_SPEC = new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
    private static final long serialVersionUID = -2859033943345961793L;
    private transient Cipher cipher;
    private SecretKey ksEnc;
    private SecretKey ksMac;
    private transient Mac mac;
    private boolean shouldCheckMAC;
    private long ssc;

    public DESedeSecureMessagingWrapper(SecretKey secretKey, SecretKey secretKey2) throws GeneralSecurityException {
        this(secretKey, secretKey2, true);
    }

    public DESedeSecureMessagingWrapper(SecretKey secretKey, SecretKey secretKey2, long j) throws NoSuchAlgorithmException, NoSuchPaddingException {
        this(secretKey, secretKey2, "DESede/CBC/NoPadding", "ISO9797Alg3Mac", true, j);
    }

    private DESedeSecureMessagingWrapper(SecretKey secretKey, SecretKey secretKey2, String str, String str2, boolean z, long j) throws NoSuchAlgorithmException, NoSuchPaddingException {
        this.ksEnc = secretKey;
        this.ksMac = secretKey2;
        this.shouldCheckMAC = z;
        this.ssc = j;
        this.cipher = Util.getCipher(str);
        this.mac = Util.getMac(str2);
    }

    public DESedeSecureMessagingWrapper(SecretKey secretKey, SecretKey secretKey2, boolean z) throws GeneralSecurityException {
        this(secretKey, secretKey2, z, 0L);
    }

    public DESedeSecureMessagingWrapper(SecretKey secretKey, SecretKey secretKey2, boolean z, long j) throws NoSuchAlgorithmException, NoSuchPaddingException {
        this(secretKey, secretKey2, "DESede/CBC/NoPadding", "ISO9797Alg3Mac", z, j);
    }

    private boolean checkMac(byte[] bArr, byte[] bArr2, long j) throws GeneralSecurityException {
        byte[] bArr3;
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
            dataOutputStream.writeLong(j);
            byte[] pad = Util.pad(bArr, 0, ((bArr.length - 2) - 8) - 2, 8);
            dataOutputStream.write(pad, 0, pad.length);
            dataOutputStream.flush();
            dataOutputStream.close();
            this.mac.init(this.ksMac);
            byte[] doFinal = this.mac.doFinal(byteArrayOutputStream.toByteArray());
            if (doFinal.length <= 8 || bArr2.length != 8) {
                bArr3 = doFinal;
            } else {
                bArr3 = new byte[8];
                System.arraycopy(doFinal, 0, bArr3, 0, bArr3.length);
            }
            return Arrays.equals(bArr2, bArr3);
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, "Exception checking MAC", (Throwable) e);
            return false;
        }
    }

    private byte[] readDO87(DataInputStream dataInputStream, boolean z) throws IOException, GeneralSecurityException {
        int i = 0;
        int readUnsignedByte = dataInputStream.readUnsignedByte();
        if ((readUnsignedByte & 128) == 128) {
            int i2 = readUnsignedByte & CertificateBody.profileType;
            readUnsignedByte = 0;
            while (i < i2) {
                i++;
                readUnsignedByte = dataInputStream.readUnsignedByte() | (readUnsignedByte << 8);
            }
        }
        if (!z) {
            int readUnsignedByte2 = dataInputStream.readUnsignedByte();
            if (readUnsignedByte2 != 1) {
                throw new IllegalStateException("DO'87 expected 0x01 marker, found " + Integer.toHexString(readUnsignedByte2 & 255));
            }
            readUnsignedByte--;
        }
        byte[] bArr = new byte[readUnsignedByte];
        dataInputStream.readFully(bArr);
        return Util.unpad(this.cipher.doFinal(bArr));
    }

    private byte[] readDO8E(DataInputStream dataInputStream) throws IOException, GeneralSecurityException {
        if (dataInputStream.readUnsignedByte() != 8) {
            throw new IllegalStateException("DO'8E wrong length");
        }
        byte[] bArr = new byte[8];
        dataInputStream.readFully(bArr);
        return bArr;
    }

    private short readDO99(DataInputStream dataInputStream) throws IOException {
        if (dataInputStream.readUnsignedByte() != 2) {
            throw new IllegalStateException("DO'99 wrong length");
        }
        return (short) (((dataInputStream.readByte() & 255) << 8) | (dataInputStream.readByte() & 255));
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:9:0x0033. Please report as an issue. */
    private ResponseAPDU unwrapResponseAPDU(ResponseAPDU responseAPDU, long j) throws GeneralSecurityException, IOException {
        byte[] bytes = responseAPDU.getBytes();
        if (bytes == null || bytes.length < 2) {
            throw new IllegalArgumentException("Invalid response APDU");
        }
        this.cipher.init(2, this.ksEnc, ZERO_IV_PARAM_SPEC);
        byte[] bArr = new byte[0];
        byte[] bArr2 = null;
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bytes));
        boolean z = false;
        short s = 0;
        while (!z) {
            try {
                switch (dataInputStream.readByte()) {
                    case -123:
                        bArr = readDO87(dataInputStream, true);
                    case -121:
                        bArr = readDO87(dataInputStream, false);
                    case -114:
                        bArr2 = readDO8E(dataInputStream);
                        z = true;
                    case -103:
                        s = readDO99(dataInputStream);
                }
            } catch (Throwable th) {
                dataInputStream.close();
                throw th;
            }
        }
        dataInputStream.close();
        if (this.shouldCheckMAC && !checkMac(bytes, bArr2, j)) {
            throw new IllegalStateException("Invalid MAC");
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(bArr, 0, bArr.length);
        byteArrayOutputStream.write((65280 & s) >> 8);
        byteArrayOutputStream.write(s & 255);
        return new ResponseAPDU(byteArrayOutputStream.toByteArray());
    }

    private CommandAPDU wrapCommandAPDU(CommandAPDU commandAPDU, long j) throws GeneralSecurityException, IOException {
        byte[] bArr;
        int nc = commandAPDU.getNc();
        int ne = commandAPDU.getNe();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr2 = {(byte) (commandAPDU.getCLA() | 12), (byte) commandAPDU.getINS(), (byte) commandAPDU.getP1(), (byte) commandAPDU.getP2()};
        byte[] pad = Util.pad(bArr2, 8);
        boolean z = ((byte) commandAPDU.getINS()) == -79;
        byte[] bArr3 = new byte[0];
        byte[] bArr4 = new byte[0];
        if (ne > 0) {
            byteArrayOutputStream.reset();
            byteArrayOutputStream.write(-105);
            byteArrayOutputStream.write(1);
            byteArrayOutputStream.write((byte) ne);
            bArr4 = byteArrayOutputStream.toByteArray();
        }
        this.cipher.init(1, this.ksEnc, ZERO_IV_PARAM_SPEC);
        if (nc > 0) {
            byte[] doFinal = this.cipher.doFinal(Util.pad(commandAPDU.getData(), 8));
            byteArrayOutputStream.reset();
            byteArrayOutputStream.write(z ? -123 : -121);
            byteArrayOutputStream.write(TLVUtil.getLengthAsBytes((z ? 0 : 1) + doFinal.length));
            if (!z) {
                byteArrayOutputStream.write(1);
            }
            byteArrayOutputStream.write(doFinal, 0, doFinal.length);
            bArr = byteArrayOutputStream.toByteArray();
        } else {
            bArr = bArr3;
        }
        byteArrayOutputStream.reset();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        dataOutputStream.writeLong(j);
        dataOutputStream.write(pad);
        dataOutputStream.write(bArr);
        dataOutputStream.write(bArr4);
        dataOutputStream.flush();
        byte[] pad2 = Util.pad(byteArrayOutputStream.toByteArray(), 8);
        this.mac.init(this.ksMac);
        byte[] doFinal2 = this.mac.doFinal(pad2);
        int length = doFinal2.length;
        if (length != 8) {
            length = 8;
        }
        byteArrayOutputStream.reset();
        byteArrayOutputStream.write(-114);
        byteArrayOutputStream.write(length);
        byteArrayOutputStream.write(doFinal2, 0, length);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        byteArrayOutputStream.reset();
        byteArrayOutputStream.write(bArr);
        byteArrayOutputStream.write(bArr4);
        byteArrayOutputStream.write(byteArray);
        return new CommandAPDU(bArr2[0], bArr2[1], bArr2[2], bArr2[3], byteArrayOutputStream.toByteArray(), 256);
    }

    @Override // org.jmrtd.protocol.SecureMessagingWrapper
    public SecretKey getEncryptionKey() {
        return this.ksEnc;
    }

    @Override // org.jmrtd.protocol.SecureMessagingWrapper
    public SecretKey getMACKey() {
        return this.ksMac;
    }

    @Override // org.jmrtd.protocol.SecureMessagingWrapper
    public long getSendSequenceCounter() {
        return this.ssc;
    }

    public String toString() {
        return "DESedeSecureMessagingWrapper [ " + this.ksEnc.toString() + ", " + this.ksMac.toString() + ", " + this.ssc + "]";
    }

    @Override // net.sf.scuba.smartcards.APDUWrapper
    public ResponseAPDU unwrap(ResponseAPDU responseAPDU) {
        this.ssc++;
        try {
            byte[] data = responseAPDU.getData();
            if (data == null || data.length <= 0) {
                throw new IllegalStateException("Card indicates SM error, SW = " + Integer.toHexString(responseAPDU.getSW() & MinElf.PN_XNUM));
            }
            return unwrapResponseAPDU(responseAPDU, this.ssc);
        } catch (IOException e) {
            throw new IllegalStateException("Unexpected exception", e);
        } catch (GeneralSecurityException e2) {
            throw new IllegalStateException("Unexpected exception", e2);
        }
    }

    @Override // net.sf.scuba.smartcards.APDUWrapper
    public CommandAPDU wrap(CommandAPDU commandAPDU) {
        this.ssc++;
        try {
            return wrapCommandAPDU(commandAPDU, this.ssc);
        } catch (IOException e) {
            throw new IllegalStateException("Unexpected exception", e);
        } catch (GeneralSecurityException e2) {
            throw new IllegalStateException("Unexpected exception", e2);
        }
    }
}
