package org.jmrtd.protocol;

import com.taobao.weex.el.parse.Operators;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.Serializable;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import kotlinx.coroutines.scheduling.WorkQueueKt;
import net.sf.scuba.smartcards.CommandAPDU;
import net.sf.scuba.smartcards.ResponseAPDU;
import net.sf.scuba.tlv.TLVUtil;
import org.jmrtd.Util;

/* loaded from: classes3.dex */
public class AESSecureMessagingWrapper extends SecureMessagingWrapper implements Serializable {
    public static final Logger LOGGER = Logger.getLogger("org.jmrtd");
    public static final long serialVersionUID = 2086301081448345496L;
    public transient Cipher cipher;
    public SecretKey ksEnc;
    public SecretKey ksMac;
    public transient Mac mac;
    public long ssc;
    public transient Cipher sscIVCipher;

    public AESSecureMessagingWrapper(SecretKey secretKey, SecretKey secretKey2, int i, boolean z, long j) {
        super(i, z);
        this.ksEnc = secretKey;
        this.ksMac = secretKey2;
        this.ssc = j;
        this.sscIVCipher = Util.getCipher("AES/ECB/NoPadding", 1, secretKey);
        this.cipher = Util.getCipher("AES/CBC/NoPadding");
        this.mac = Util.getMac("AESCMAC", secretKey2);
    }

    public AESSecureMessagingWrapper(SecretKey secretKey, SecretKey secretKey2, long j) {
        this(secretKey, secretKey2, 256, true, j);
    }

    private boolean checkMac(byte[] bArr, byte[] bArr2) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
            dataOutputStream.write(getSSCAsBytes(this.ssc));
            byte[] pad = Util.pad(bArr, 0, ((bArr.length - 2) - 8) - 2, 16);
            dataOutputStream.write(pad, 0, pad.length);
            dataOutputStream.flush();
            dataOutputStream.close();
            this.mac.init(this.ksMac);
            byte[] doFinal = this.mac.doFinal(byteArrayOutputStream.toByteArray());
            if (doFinal.length > 8 && bArr2.length == 8) {
                byte[] bArr3 = new byte[8];
                System.arraycopy(doFinal, 0, bArr3, 0, 8);
                doFinal = bArr3;
            }
            return Arrays.equals(bArr2, doFinal);
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, "Exception checking MAC", (Throwable) e);
            return false;
        }
    }

    private IvParameterSpec getIV(long j) {
        return new IvParameterSpec(this.sscIVCipher.doFinal(getSSCAsBytes(j)));
    }

    private IvParameterSpec getIV(byte[] bArr) {
        return new IvParameterSpec(this.sscIVCipher.doFinal(bArr));
    }

    public static byte[] getSSCAsBytes(long j) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(16);
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(0);
            DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
            dataOutputStream.writeLong(j);
            dataOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, "Exception", (Throwable) e);
            return null;
        }
    }

    private byte[] readDO87(DataInputStream dataInputStream, boolean z) {
        int readUnsignedByte;
        int readUnsignedByte2 = dataInputStream.readUnsignedByte();
        if ((readUnsignedByte2 & 128) == 128) {
            int i = readUnsignedByte2 & WorkQueueKt.MASK;
            int i2 = 0;
            for (int i3 = 0; i3 < i; i3++) {
                i2 = (i2 << 8) | dataInputStream.readUnsignedByte();
            }
            if (!z && dataInputStream.readUnsignedByte() != 1) {
                throw new IllegalStateException("DO'87 expected 0x01 marker");
            }
            readUnsignedByte2 = i2;
        } else if (!z && (readUnsignedByte = dataInputStream.readUnsignedByte()) != 1) {
            throw new IllegalStateException("DO'87 expected 0x01 marker, found " + Integer.toHexString(readUnsignedByte & 255));
        }
        if (!z) {
            readUnsignedByte2--;
        }
        byte[] bArr = new byte[readUnsignedByte2];
        dataInputStream.readFully(bArr);
        return Util.unpad(this.cipher.doFinal(bArr));
    }

    private byte[] readDO8E(DataInputStream dataInputStream) {
        int readUnsignedByte = dataInputStream.readUnsignedByte();
        if (readUnsignedByte != 8 && readUnsignedByte != 16) {
            throw new IllegalStateException("DO'8E wrong length for MAC: " + readUnsignedByte);
        }
        byte[] bArr = new byte[readUnsignedByte];
        dataInputStream.readFully(bArr);
        return bArr;
    }

    private short readDO99(DataInputStream dataInputStream) {
        if (dataInputStream.readUnsignedByte() != 2) {
            throw new IllegalStateException("DO'99 wrong length");
        }
        return (short) (((dataInputStream.readByte() & 255) << 8) | (dataInputStream.readByte() & 255));
    }

    private byte[] unwrapResponseAPDU(byte[] bArr) {
        byte[] readDO87;
        long j = this.ssc;
        if (bArr != null) {
            try {
                if (bArr.length >= 2) {
                    long j2 = j + 1;
                    this.ssc = j2;
                    this.cipher.init(2, this.ksEnc, getIV(j2));
                    byte[] bArr2 = null;
                    byte[] bArr3 = new byte[0];
                    DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
                    boolean z = false;
                    short s = 0;
                    while (!z) {
                        try {
                            byte readByte = dataInputStream.readByte();
                            if (readByte == -123) {
                                readDO87 = readDO87(dataInputStream, true);
                            } else if (readByte == -121) {
                                readDO87 = readDO87(dataInputStream, false);
                            } else if (readByte == -114) {
                                bArr2 = readDO8E(dataInputStream);
                                z = true;
                            } else if (readByte != -103) {
                                LOGGER.warning("Unexpected tag " + Integer.toHexString(readByte));
                            } else {
                                s = readDO99(dataInputStream);
                            }
                            bArr3 = readDO87;
                        } catch (Throwable th) {
                            dataInputStream.close();
                            throw th;
                        }
                    }
                    dataInputStream.close();
                    if (shouldCheckMAC() && !checkMac(bArr, bArr2)) {
                        throw new IllegalStateException("Invalid MAC");
                    }
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    byteArrayOutputStream.write(bArr3, 0, bArr3.length);
                    byteArrayOutputStream.write((65280 & s) >> 8);
                    byteArrayOutputStream.write(s & 255);
                    return byteArrayOutputStream.toByteArray();
                }
            } finally {
                long j3 = this.ssc;
                if (j3 == j) {
                    this.ssc = j3 + 1;
                }
            }
        }
        throw new IllegalArgumentException("Invalid response APDU");
    }

    private CommandAPDU wrapCommandAPDU(CommandAPDU commandAPDU) {
        int nc = commandAPDU.getNc();
        int ne = commandAPDU.getNe();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = {(byte) (commandAPDU.getCLA() | 12), (byte) commandAPDU.getINS(), (byte) commandAPDU.getP1(), (byte) commandAPDU.getP2()};
        byte[] pad = Util.pad(bArr, 16);
        int i = ((byte) commandAPDU.getINS()) == -79 ? 1 : 0;
        byte[] bArr2 = new byte[0];
        byte[] bArr3 = new byte[0];
        int ins = commandAPDU.getINS();
        if ((ne > 0 && ne < getMaxTranceiveLength()) || ((byte) ins) == -120) {
            byteArrayOutputStream.reset();
            byteArrayOutputStream.write(-105);
            byteArrayOutputStream.write(1);
            byteArrayOutputStream.write((byte) ne);
            bArr3 = byteArrayOutputStream.toByteArray();
        }
        long j = this.ssc + 1;
        this.ssc = j;
        byte[] sSCAsBytes = getSSCAsBytes(j);
        if (nc > 0) {
            byte[] pad2 = Util.pad(commandAPDU.getData(), 16);
            this.cipher.init(1, this.ksEnc, getIV(sSCAsBytes));
            byte[] doFinal = this.cipher.doFinal(pad2);
            byteArrayOutputStream.reset();
            byteArrayOutputStream.write(i != 0 ? -123 : -121);
            byteArrayOutputStream.write(TLVUtil.getLengthAsBytes(doFinal.length + (i ^ 1)));
            if (i == 0) {
                byteArrayOutputStream.write(1);
            }
            byteArrayOutputStream.write(doFinal);
            bArr2 = byteArrayOutputStream.toByteArray();
        }
        byteArrayOutputStream.reset();
        byteArrayOutputStream.write(pad);
        byteArrayOutputStream.write(bArr2);
        byteArrayOutputStream.write(bArr3);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        byteArrayOutputStream.reset();
        byteArrayOutputStream.write(sSCAsBytes);
        byteArrayOutputStream.write(byteArray);
        byteArrayOutputStream.flush();
        byte[] pad3 = Util.pad(byteArrayOutputStream.toByteArray(), 16);
        this.mac.init(this.ksMac);
        byte[] doFinal2 = this.mac.doFinal(pad3);
        int length = doFinal2.length;
        if (length != 8) {
            length = 8;
        }
        byteArrayOutputStream.reset();
        byteArrayOutputStream.write(-114);
        byteArrayOutputStream.write(length);
        byteArrayOutputStream.write(doFinal2, 0, length);
        byte[] byteArray2 = byteArrayOutputStream.toByteArray();
        byteArrayOutputStream.reset();
        byteArrayOutputStream.write(bArr2);
        byteArrayOutputStream.write(bArr3);
        byteArrayOutputStream.write(byteArray2);
        return new CommandAPDU(bArr[0], bArr[1], bArr[2], bArr[3], byteArrayOutputStream.toByteArray(), getMaxTranceiveLength());
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || AESSecureMessagingWrapper.class != obj.getClass()) {
            return false;
        }
        AESSecureMessagingWrapper aESSecureMessagingWrapper = (AESSecureMessagingWrapper) obj;
        SecretKey secretKey = this.ksEnc;
        if (secretKey == null) {
            if (aESSecureMessagingWrapper.ksEnc != null) {
                return false;
            }
        } else if (!secretKey.equals(aESSecureMessagingWrapper.ksEnc)) {
            return false;
        }
        SecretKey secretKey2 = this.ksMac;
        if (secretKey2 == null) {
            if (aESSecureMessagingWrapper.ksMac != null) {
                return false;
            }
        } else if (!secretKey2.equals(aESSecureMessagingWrapper.ksMac)) {
            return false;
        }
        return this.ssc == aESSecureMessagingWrapper.ssc;
    }

    @Override // org.jmrtd.protocol.SecureMessagingWrapper
    public SecretKey getEncryptionKey() {
        return this.ksEnc;
    }

    @Override // org.jmrtd.protocol.SecureMessagingWrapper
    public SecretKey getMACKey() {
        return this.ksMac;
    }

    @Override // org.jmrtd.protocol.SecureMessagingWrapper
    public long getSendSequenceCounter() {
        return this.ssc;
    }

    @Override // net.sf.scuba.smartcards.APDUWrapper
    public String getType() {
        return "AES";
    }

    public int hashCode() {
        SecretKey secretKey = this.ksEnc;
        int hashCode = ((secretKey == null ? 0 : secretKey.hashCode()) + 31) * 31;
        SecretKey secretKey2 = this.ksMac;
        int hashCode2 = (hashCode + (secretKey2 != null ? secretKey2.hashCode() : 0)) * 31;
        long j = this.ssc;
        return hashCode2 + ((int) (j ^ (j >>> 32)));
    }

    public String toString() {
        return "AESSecureMessagingWrapper [ " + this.ksEnc.toString() + ", " + this.ksMac.toString() + ", " + this.ssc + Operators.ARRAY_END_STR;
    }

    @Override // net.sf.scuba.smartcards.APDUWrapper
    public ResponseAPDU unwrap(ResponseAPDU responseAPDU) {
        try {
            byte[] bytes = responseAPDU.getBytes();
            if (bytes.length != 2) {
                return new ResponseAPDU(unwrapResponseAPDU(bytes));
            }
            throw new IllegalStateException("Card indicates SM error, SW = " + Integer.toHexString(responseAPDU.getSW() & 65535));
        } catch (IOException e) {
            throw new IllegalStateException("Exception", e);
        } catch (GeneralSecurityException e2) {
            throw new IllegalStateException("Exception", e2);
        }
    }

    @Override // net.sf.scuba.smartcards.APDUWrapper
    public CommandAPDU wrap(CommandAPDU commandAPDU) {
        try {
            return wrapCommandAPDU(commandAPDU);
        } catch (IOException e) {
            throw new IllegalStateException("Exception", e);
        } catch (GeneralSecurityException e2) {
            throw new IllegalStateException("Exception", e2);
        }
    }
}
