package com.assaabloy.seos.access.commands;

import com.assaabloy.seos.access.auth.PrivacyKeyset;
import com.assaabloy.seos.access.crypto.EncryptionAlgorithm;
import com.assaabloy.seos.access.crypto.HashAlgorithm;
import com.assaabloy.seos.access.crypto.SeosCipher;
import com.assaabloy.seos.access.domain.Diversifier;
import com.assaabloy.seos.access.domain.Oid;
import com.assaabloy.seos.access.domain.SelectionResult;
import com.assaabloy.seos.access.domain.SeosInputStream;
import com.assaabloy.seos.access.domain.SeosObject;
import com.assaabloy.seos.access.internal.crypto.CryptoUtils;
import com.assaabloy.seos.access.internal.crypto.SecureData;
import com.assaabloy.seos.access.internal.crypto.SecureDataTag;
import com.assaabloy.seos.access.util.SeosException;
import java.io.IOException;
import java.util.Arrays;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
final class PrivacyUtils {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) PrivacyUtils.class);

    private PrivacyUtils() {
    }

    private static byte[] decryptAndVerifySecureData(PrivacyKeyset privacyKeyset, SecureData secureData, EncryptionAlgorithm encryptionAlgorithm, SecureDataTag secureDataTag) {
        byte[] data = secureDataTag.getData();
        int blockSize = encryptionAlgorithm.blockSize();
        byte[] copyOf = Arrays.copyOf(data, blockSize);
        byte[] copyOfRange = Arrays.copyOfRange(data, blockSize, data.length);
        SeosCipher privacyCrypto = privacyKeyset.privacyCrypto(encryptionAlgorithm, copyOf);
        byte[] trimMacToSeosSize = CryptoUtils.trimMacToSeosSize(privacyCrypto.calculateMac(secureData.toByteArrayExcludeMac()));
        if (trimMacToSeosSize != null) {
            CryptoUtils.validateMac(trimMacToSeosSize, secureData.getDataTag(SecureData.Tags.MAC).getData());
        }
        return privacyCrypto.decrypt(copyOfRange);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SelectionResult parseSelectResponse(PrivacyKeyset privacyKeyset, byte[] bArr) {
        SecureData parseFromBytes = SecureData.parseFromBytes(bArr);
        SecureDataTag dataTag = parseFromBytes.getDataTag(SecureData.Tags.ALGORITHM_INFO);
        try {
            EncryptionAlgorithm fromId = EncryptionAlgorithm.fromId(dataTag.getData()[0]);
            HashAlgorithm fromId2 = HashAlgorithm.fromId(dataTag.getData()[1]);
            SecureDataTag dataTag2 = parseFromBytes.getDataTag(SecureData.Tags.CRYPTOGRAM);
            byte[] decryptAndVerifySecureData = dataTag2 != null ? decryptAndVerifySecureData(privacyKeyset, parseFromBytes, fromId, dataTag2) : Arrays.copyOfRange(bArr, dataTag.length(), bArr.length);
            if (decryptAndVerifySecureData.length == 0) {
                throw new SeosException("Selection failed, no data in response");
            }
            try {
                SeosInputStream seosInputStream = new SeosInputStream(decryptAndVerifySecureData);
                SeosObject readObject = seosInputStream.readObject();
                SeosObject readObject2 = seosInputStream.readObject();
                LOGGER.debug("Selection results, encryption algorithm: {}, hash algorithm: {}, {}, {}", fromId, fromId2, readObject, readObject2);
                return new SelectionResultImpl(fromId, fromId2, (Oid) readObject, (Diversifier) readObject2);
            } catch (IOException e) {
                throw new SeosException("Failed to read selection response", e);
            }
        } catch (IllegalArgumentException e2) {
            throw new SeosException("Encryption or hash algorithm not supported: " + e2.getMessage(), e2);
        }
    }
}
