package at.gv.egiz.smcc;

import at.gv.egiz.smcc.util.SMCCHelper;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import javax.smartcardio.CardChannel;
import javax.smartcardio.CardException;
import javax.smartcardio.CommandAPDU;
import javax.smartcardio.ResponseAPDU;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:at/gv/egiz/smcc/DNIeSecuredChannel.class */
public class DNIeSecuredChannel extends T0CardChannel {
    private static final String ROOT_CA_MODULO = "EADEDA455332945039DAA404C8EBC4D3B7F5DC869283CDEA2F101E2AB54FB0D0B03D8F030DAF2458028288F54CE552F8FA57AB2FB103B112427E11131D1D27E10A5B500EAAE5D940301E30EB26C3E9066B257156ED639D70CCC090B863AFBB3BFED8C17BE7673034B9823E977ED657252927F9575B9FFF6691DB64F80B5E92CD";
    private static final String ROOT_CA_PUBEXP = "010001";
    private final String TERMINAL_MODULO = "DB2CB41E112BACFA2BD7C3D3D7967E84FB9434FC261F9D090A8983947DAF8488D3DF8FBDCC1F92493585E134A1B42DE519F463244D7ED384E26D516CC7A4FF7895B1992140043AACADFC12E856B202346AF8226B1A882137DC3C5A57F0D2815C1FCD4BB46FA9157FDFFD79EC3A10A824CCC1EB3CE0B6B4396AE236590016BA69";
    private final String TERMINAL_PRIVEXP = "18B44A3D155C61EBF4E3261C8BB157E36F63FE30E9AF28892B59E2ADEB18CC8C8BAD284B9165819CA4DEC94AA06B69BCE81706D1C1B668EB128695E5F7FEDE18A908A3011A646A481D3EA71D8A387D474609BD57A882B182E047DE80E04B4221416BD39DFA1FAC0300641962ADB109E28CAF50061B68C9CABD9B00313C0F46ED";
    private final byte[] C_CV_CA;
    private final byte[] CHR;
    private final byte[] KEY_SELECTOR;
    private final byte[] C_CV_IFD;
    private final byte[] APDU_GET_CHIP_INFO;
    private final byte[] SECURE_CHANNEL_COMP_CERT_ID;
    private final byte[] SECURE_CHANNEL_INTERMEDIAT_CERT_ID;
    private final byte[] TERMINAL_CHALLENGE_TAIL;
    private final byte[] KENC_COMPUTATION_TAIL;
    private final byte[] KMAC_COMPUTATION_TAIL;
    private final int BLOCK_LENGTH = 8;
    private final Logger log;
    private byte[] snIcc;
    private byte[] componentCert;
    private byte[] intermediateCert;
    private byte[] rndIfd;
    private byte[] rndIcc;
    private int prndLength;
    private byte[] kicc;
    private byte[] kifd;
    private byte[] kEnc;
    private byte[] kMac;
    private byte[] ssc;
    private boolean established;

    public DNIeSecuredChannel(CardChannel cardChannel) {
        super(cardChannel);
        this.TERMINAL_MODULO = "DB2CB41E112BACFA2BD7C3D3D7967E84FB9434FC261F9D090A8983947DAF8488D3DF8FBDCC1F92493585E134A1B42DE519F463244D7ED384E26D516CC7A4FF7895B1992140043AACADFC12E856B202346AF8226B1A882137DC3C5A57F0D2815C1FCD4BB46FA9157FDFFD79EC3A10A824CCC1EB3CE0B6B4396AE236590016BA69";
        this.TERMINAL_PRIVEXP = "18B44A3D155C61EBF4E3261C8BB157E36F63FE30E9AF28892B59E2ADEB18CC8C8BAD284B9165819CA4DEC94AA06B69BCE81706D1C1B668EB128695E5F7FEDE18A908A3011A646A481D3EA71D8A387D474609BD57A882B182E047DE80E04B4221416BD39DFA1FAC0300641962ADB109E28CAF50061B68C9CABD9B00313C0F46ED";
        this.C_CV_CA = new byte[]{Byte.MAX_VALUE, 33, -127, -50, 95, 55, -127, Byte.MIN_VALUE, 60, -70, -36, 54, -124, -66, -13, 32, 65, -83, 21, 80, -119, 37, -115, -3, 32, -58, -111, 21, -41, 47, -100, 56, -86, -103, -83, 108, 26, -19, -6, -78, -65, -84, -112, -110, -4, 112, -52, -64, 12, -81, 72, 42, 75, -29, 26, -3, -67, 60, -68, -116, -125, -126, -49, 6, -68, 7, 25, -70, -85, -75, 107, 110, -56, 7, 96, -92, -87, 63, -94, -41, -61, 71, -13, 68, 39, -7, -1, 92, -115, -26, -42, 93, -84, -107, -14, -15, -99, -84, 0, 83, -33, 17, -91, 7, -5, 98, 94, -21, -115, -92, -64, 41, -98, 74, 33, 18, -85, 112, 71, 88, -117, -115, 109, -89, 89, 34, 20, -14, -37, -95, 64, -57, -47, 34, 87, -101, 95, 56, 61, 34, 83, -56, -71, -53, 91, -61, 84, 58, 85, 102, 11, -38, Byte.MIN_VALUE, -108, 106, -5, 5, 37, -24, -27, 88, 107, 78, 99, -24, -110, 65, 73, 120, 54, -40, -45, -85, 8, -116, -44, 76, 33, 77, 106, -56, 86, -30, -96, 7, -12, 79, -125, 116, 51, 55, 55, 26, -35, -114, 3, 0, 1, 0, 1, 66, 8, 101, 115, 82, 68, 73, 96, 0, 6};
        this.CHR = new byte[]{-125, 8, 101, 115, 83, 68, 73, 96, 0, 6};
        this.KEY_SELECTOR = new byte[]{-125, 12, 0, 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, 1, -124, 2, 2, 31};
        this.C_CV_IFD = new byte[]{Byte.MAX_VALUE, 33, -127, -51, 95, 55, -127, Byte.MIN_VALUE, -126, 91, 105, -58, 69, 30, 95, 81, 112, 116, 56, 95, 47, 23, -42, 77, -2, 46, 104, 86, 117, 103, 9, 75, 87, -13, -59, 120, -24, 48, -28, 37, 87, 45, -24, 40, -6, -12, -34, 27, 1, -61, -108, -29, 69, -62, -5, 6, 41, -93, -109, 73, 47, -108, -11, 112, -80, 11, 29, 103, 119, 41, -9, 85, -47, 7, 2, 43, -80, -95, 22, -31, -41, -41, 101, -99, -75, -60, -84, 13, -34, -85, 7, -1, 4, 95, 55, -75, -38, -15, 115, 43, 84, -22, -78, 56, -94, -50, 23, -55, 121, 65, -121, 117, -100, -22, -97, -110, -95, 120, 5, -94, 124, 16, 21, -20, 86, -52, 126, 71, 26, 72, -114, 111, 27, -111, -9, -86, 95, 56, 60, -83, -4, 18, -24, 86, -78, 2, 52, 106, -8, 34, 107, 26, -120, 33, 55, -36, 60, 90, 87, -16, -46, -127, 92, 31, -51, 75, -76, 111, -87, 21, Byte.MAX_VALUE, -33, -3, 121, -20, 58, 16, -88, 36, -52, -63, -21, 60, -32, -74, -76, 57, 106, -30, 54, 89, 0, 22, -70, 105, 0, 1, 0, 1, 66, 8, 101, 115, 83, 68, 73, 96, 0, 6};
        this.APDU_GET_CHIP_INFO = new byte[]{-112, -72, 0, 0, 7};
        this.SECURE_CHANNEL_COMP_CERT_ID = new byte[]{96, 31};
        this.SECURE_CHANNEL_INTERMEDIAT_CERT_ID = new byte[]{96, 32};
        this.TERMINAL_CHALLENGE_TAIL = new byte[]{32, 0, 0, 0, 0, 0, 0, 1};
        this.KENC_COMPUTATION_TAIL = new byte[]{0, 0, 0, 1};
        this.KMAC_COMPUTATION_TAIL = new byte[]{0, 0, 0, 2};
        this.BLOCK_LENGTH = 8;
        this.log = LoggerFactory.getLogger((Class<?>) DNIeSecuredChannel.class);
        this.established = false;
        try {
            establish();
        } catch (CardException e) {
            this.log.error("Error establishing secure channel with card.", e);
        }
    }

    public void establish() throws CardException {
        this.log.trace("Try to set up secure channel to card..");
        executeSelectMasterFile();
        this.snIcc = executeGetChipInfo();
        this.intermediateCert = executeReadCardCertificate(this.SECURE_CHANNEL_INTERMEDIAT_CERT_ID);
        this.componentCert = executeReadCardCertificate(this.SECURE_CHANNEL_COMP_CERT_ID);
        verifyCertificates();
        loadTerminalCertsAndSelectKeys();
        performInternalAuthentication();
        performExternalAuthentication();
        calculateChannelKeys();
        this.established = true;
        this.log.trace("Secure channel successfully established.");
    }

    @Override // at.gv.egiz.smcc.LogCardChannel
    public int transmit(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) throws CardException {
        byte[] bArr = new byte[byteBuffer.remaining()];
        for (int i = 0; i < bArr.length; i++) {
            bArr[i] = byteBuffer.get();
        }
        byte[] bytes = transmit(new CommandAPDU(bArr)).getBytes();
        for (byte b : bytes) {
            byteBuffer2.put(b);
        }
        return bytes.length;
    }

    @Override // at.gv.egiz.smcc.T0CardChannel, at.gv.egiz.smcc.LogCardChannel
    public ResponseAPDU transmit(CommandAPDU commandAPDU) throws CardException {
        if (!this.established) {
            establish();
        }
        return new ResponseAPDU(verifyAndDecryptSecuredResponseAPDU(super.transmit(new CommandAPDU(secureAPDU(commandAPDU.getBytes()))).getData()));
    }

    private byte[] executeGetChipInfo() throws CardException {
        ResponseAPDU transmit = super.transmit(new CommandAPDU(this.APDU_GET_CHIP_INFO));
        if (transmit.getSW() == 36864) {
            return transmit.getData();
        }
        this.log.error("Error getting chip info: " + Integer.toHexString(transmit.getSW()));
        throw new CardException("Error getting chip info: " + Integer.toHexString(transmit.getSW()));
    }

    private byte[] executeReadCardCertificate(byte[] bArr) throws CardException {
        byte[] executeSelect = executeSelect(bArr);
        if (executeSelect == null || executeSelect.length < 7) {
            this.log.error("Error reading card certificate: Invalid FCI");
            throw new CardException("Invalid FCI obtained from card.");
        }
        byte b = executeSelect[7];
        byte b2 = executeSelect[8];
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        int i = (b * 256) + b2;
        int i2 = 0;
        boolean z = false;
        int i3 = 0;
        while (!z) {
            int i4 = i - i2 > 255 ? 255 : i - i2;
            byte[] byteArray = SMCCHelper.toByteArray(i3);
            byte[] data = super.transmit(new CommandAPDU(new byte[]{0, -80, byteArray[0], byteArray[1], (byte) i4})).getData();
            try {
                byteArrayOutputStream.write(data);
                i2 += data.length;
                i3 = i2;
                if (i2 == i) {
                    z = true;
                }
            } catch (IOException e) {
                this.log.error("Error reading card certificate.", (Throwable) e);
                throw new CardException("Error reading certificate from card", e);
            }
        }
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] executeSelect(byte[] bArr) throws CardException {
        byte[] bArr2 = {0, -92, 0, 0};
        byte[] bArr3 = new byte[bArr2.length + 1 + bArr.length];
        System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
        bArr3[bArr2.length] = (byte) bArr.length;
        System.arraycopy(bArr, 0, bArr3, bArr2.length + 1, bArr.length);
        ResponseAPDU transmit = super.transmit(new CommandAPDU(bArr3));
        if (transmit.getSW() == 36864) {
            return transmit.getData();
        }
        this.log.error("Error selecting DF or EF: " + Integer.toHexString(transmit.getSW()));
        throw new CardException("Unexpected response to Select Command: " + Integer.toHexString(transmit.getSW()));
    }

    private void executeSelectMasterFile() throws CardException {
        byte[] bArr = new byte[ESDNIeCard.MASTER_FILE_ID.length + 5];
        bArr[0] = 0;
        bArr[1] = -92;
        bArr[2] = 4;
        bArr[3] = 0;
        bArr[4] = (byte) ESDNIeCard.MASTER_FILE_ID.length;
        System.arraycopy(ESDNIeCard.MASTER_FILE_ID, 0, bArr, 5, ESDNIeCard.MASTER_FILE_ID.length);
        ResponseAPDU transmit = super.transmit(new CommandAPDU(bArr));
        if (transmit.getSW() != 36864) {
            this.log.error("Error selecting master file: " + Integer.toHexString(transmit.getSW()));
            throw new CardException("Error selecting master file: " + Integer.toHexString(transmit.getSW()));
        }
    }

    private void verifyCertificates() throws CardException {
        RSAPublicKey createRSAPublicKey = DNIeCryptoUtil.createRSAPublicKey(ROOT_CA_MODULO, ROOT_CA_PUBEXP);
        X509Certificate createCertificate = DNIeCryptoUtil.createCertificate(this.intermediateCert);
        try {
            DNIeCryptoUtil.createCertificate(this.componentCert).verify(createCertificate.getPublicKey());
            createCertificate.verify(createRSAPublicKey);
        } catch (Exception e) {
            this.log.error("Error verifying SM card certificate.", (Throwable) e);
            throw new CardException("Certificate verification failed.", e);
        }
    }

    private void loadTerminalCertsAndSelectKeys() throws CardException {
        executeManageSecurityEnvironment((byte) -127, (byte) -74, new byte[]{-125, 2, 2, 15});
        executePerformSecurityOperation(this.C_CV_CA);
        executeManageSecurityEnvironment((byte) -127, (byte) -74, this.CHR);
        executePerformSecurityOperation(this.C_CV_IFD);
        executeManageSecurityEnvironment((byte) -63, (byte) -92, this.KEY_SELECTOR);
    }

    private void executeManageSecurityEnvironment(byte b, byte b2, byte[] bArr) throws CardException {
        ResponseAPDU transmit = super.transmit(new CommandAPDU(0, 34, b, b2, bArr));
        if (transmit.getSW() != 36864) {
            this.log.error("Error executing Manage Security Environment: " + Integer.toHexString(transmit.getSW()));
            throw new CardException("Unexpected response from card during preparation of secure channel credentials: " + Integer.toHexString(transmit.getSW()));
        }
    }

    private void executePerformSecurityOperation(byte[] bArr) throws CardException {
        ResponseAPDU transmit = super.transmit(new CommandAPDU(0, 42, 0, -82, bArr));
        if (transmit.getSW() != 36864) {
            this.log.error("Error executing Perform Security Operation: " + Integer.toHexString(transmit.getSW()));
            throw new CardException("Unexpected response from card during preparation of secure channel credentials: " + Integer.toHexString(transmit.getSW()));
        }
    }

    private void performInternalAuthentication() throws CardException {
        this.log.trace("Starting internal authentication..");
        byte[] randomBytes = DNIeCryptoUtil.getRandomBytes(8);
        byte[] bArr = new byte[randomBytes.length + this.TERMINAL_CHALLENGE_TAIL.length];
        this.rndIfd = randomBytes;
        System.arraycopy(randomBytes, 0, bArr, 0, randomBytes.length);
        System.arraycopy(this.TERMINAL_CHALLENGE_TAIL, 0, bArr, randomBytes.length, this.TERMINAL_CHALLENGE_TAIL.length);
        boolean verifyCardResponse = verifyCardResponse(executeSendTerminalChallenge(bArr));
        this.log.trace("Internal Authentiction succeeded: " + verifyCardResponse);
        if (verifyCardResponse) {
            return;
        }
        this.log.error("Internal authentication failed - unable to sucessfully verify card response.");
        throw new CardException("Internal authentication failed");
    }

    private byte[] executeSendTerminalChallenge(byte[] bArr) throws CardException {
        ResponseAPDU transmit = super.transmit(new CommandAPDU(0, -120, 0, 0, bArr));
        if (transmit.getSW() == 36864) {
            return transmit.getData();
        }
        this.log.error("Error sending terminal challenge to card: " + Integer.toHexString(transmit.getSW()));
        throw new CardException("Invalid response to terminal challenge: " + Integer.toHexString(transmit.getSW()));
    }

    private boolean verifyCardResponse(byte[] bArr) throws CardException {
        byte[] bArr2 = this.rndIfd;
        try {
            byte[] rsaDecrypt = DNIeCryptoUtil.rsaDecrypt(DNIeCryptoUtil.createRSAPrivateKey("DB2CB41E112BACFA2BD7C3D3D7967E84FB9434FC261F9D090A8983947DAF8488D3DF8FBDCC1F92493585E134A1B42DE519F463244D7ED384E26D516CC7A4FF7895B1992140043AACADFC12E856B202346AF8226B1A882137DC3C5A57F0D2815C1FCD4BB46FA9157FDFFD79EC3A10A824CCC1EB3CE0B6B4396AE236590016BA69", "18B44A3D155C61EBF4E3261C8BB157E36F63FE30E9AF28892B59E2ADEB18CC8C8BAD284B9165819CA4DEC94AA06B69BCE81706D1C1B668EB128695E5F7FEDE18A908A3011A646A481D3EA71D8A387D474609BD57A882B182E047DE80E04B4221416BD39DFA1FAC0300641962ADB109E28CAF50061B68C9CABD9B00313C0F46ED"), bArr);
            PublicKey publicKey = DNIeCryptoUtil.createCertificate(this.componentCert).getPublicKey();
            try {
                byte[] rsaDecrypt2 = DNIeCryptoUtil.rsaDecrypt(publicKey, rsaDecrypt);
                if (rsaDecrypt2 == null) {
                    this.log.error("Error verifying card response - decryption result is null");
                    throw new CardException("Invalid decryption result: null.");
                }
                if (rsaDecrypt2[0] != 106 || rsaDecrypt2[rsaDecrypt2.length - 1] != -68) {
                    byte[] byteArray = ((RSAPublicKey) publicKey).getModulus().subtract(SMCCHelper.createUnsignedBigInteger(rsaDecrypt)).toByteArray();
                    byte[] bArr3 = new byte[128];
                    System.arraycopy(byteArray, byteArray.length - 128, bArr3, 0, 128);
                    try {
                        rsaDecrypt2 = DNIeCryptoUtil.rsaDecrypt(publicKey, bArr3);
                    } catch (Exception e) {
                        this.log.error("Error verifying card response.", (Throwable) e);
                        throw new CardException("Error decrypting card response.", e);
                    }
                }
                byte[] bArr4 = new byte[20];
                byte[] bArr5 = new byte[32];
                byte[] bArr6 = new byte[((rsaDecrypt2.length - 2) - 20) - 32];
                this.prndLength = bArr6.length;
                System.arraycopy(rsaDecrypt2, 1, bArr6, 0, bArr6.length);
                System.arraycopy(rsaDecrypt2, bArr6.length + 1, bArr5, 0, bArr5.length);
                System.arraycopy(rsaDecrypt2, bArr6.length + bArr5.length + 1, bArr4, 0, bArr4.length);
                byte[] bArr7 = new byte[bArr6.length + bArr5.length + bArr2.length + this.TERMINAL_CHALLENGE_TAIL.length];
                System.arraycopy(bArr6, 0, bArr7, 0, bArr6.length);
                System.arraycopy(bArr5, 0, bArr7, bArr6.length, bArr5.length);
                System.arraycopy(bArr2, 0, bArr7, bArr6.length + bArr5.length, bArr2.length);
                System.arraycopy(this.TERMINAL_CHALLENGE_TAIL, 0, bArr7, bArr6.length + bArr5.length + bArr2.length, this.TERMINAL_CHALLENGE_TAIL.length);
                boolean equals = Arrays.equals(bArr4, DNIeCryptoUtil.computeSHA1Hash(bArr7));
                if (equals) {
                    this.kicc = bArr5;
                }
                return equals;
            } catch (Exception e2) {
                this.log.error("Error verifying card response.", (Throwable) e2);
                throw new CardException("Error decrypting card response with card's public key", e2);
            }
        } catch (Exception e3) {
            this.log.error("Error verifying card response.");
            throw new CardException("Error decrypting card response.", e3);
        }
    }

    private void performExternalAuthentication() throws CardException {
        this.log.trace("Performing external authentication.");
        byte[] executeRequestCardChallenge = executeRequestCardChallenge();
        this.rndIcc = executeRequestCardChallenge;
        byte[] randomBytes = DNIeCryptoUtil.getRandomBytes(this.prndLength);
        byte[] randomBytes2 = DNIeCryptoUtil.getRandomBytes(32);
        byte[] bArr = new byte[randomBytes.length + randomBytes2.length + executeRequestCardChallenge.length + 8];
        System.arraycopy(randomBytes, 0, bArr, 0, randomBytes.length);
        System.arraycopy(randomBytes2, 0, bArr, randomBytes.length, randomBytes2.length);
        System.arraycopy(executeRequestCardChallenge, 0, bArr, randomBytes.length + randomBytes2.length, executeRequestCardChallenge.length);
        int length = 8 - this.snIcc.length;
        for (int i = 0; i < length; i++) {
            bArr[randomBytes.length + randomBytes2.length + executeRequestCardChallenge.length + i] = 0;
        }
        System.arraycopy(this.snIcc, 0, bArr, randomBytes.length + randomBytes2.length + executeRequestCardChallenge.length + length, this.snIcc.length);
        byte[] computeSHA1Hash = DNIeCryptoUtil.computeSHA1Hash(bArr);
        byte[] bArr2 = new byte[2 + randomBytes.length + randomBytes2.length + computeSHA1Hash.length];
        bArr2[0] = 106;
        System.arraycopy(randomBytes, 0, bArr2, 1, randomBytes.length);
        System.arraycopy(randomBytes2, 0, bArr2, 1 + randomBytes.length, randomBytes2.length);
        System.arraycopy(computeSHA1Hash, 0, bArr2, 1 + randomBytes.length + randomBytes2.length, computeSHA1Hash.length);
        bArr2[bArr2.length - 1] = -68;
        try {
            BigInteger createUnsignedBigInteger = SMCCHelper.createUnsignedBigInteger(DNIeCryptoUtil.rsaEncrypt(DNIeCryptoUtil.createRSAPrivateKey("DB2CB41E112BACFA2BD7C3D3D7967E84FB9434FC261F9D090A8983947DAF8488D3DF8FBDCC1F92493585E134A1B42DE519F463244D7ED384E26D516CC7A4FF7895B1992140043AACADFC12E856B202346AF8226B1A882137DC3C5A57F0D2815C1FCD4BB46FA9157FDFFD79EC3A10A824CCC1EB3CE0B6B4396AE236590016BA69", "18B44A3D155C61EBF4E3261C8BB157E36F63FE30E9AF28892B59E2ADEB18CC8C8BAD284B9165819CA4DEC94AA06B69BCE81706D1C1B668EB128695E5F7FEDE18A908A3011A646A481D3EA71D8A387D474609BD57A882B182E047DE80E04B4221416BD39DFA1FAC0300641962ADB109E28CAF50061B68C9CABD9B00313C0F46ED"), bArr2));
            try {
                if (!executeExternalAuthenticate(DNIeCryptoUtil.rsaEncrypt(DNIeCryptoUtil.createCertificate(this.componentCert).getPublicKey(), new BigInteger("DB2CB41E112BACFA2BD7C3D3D7967E84FB9434FC261F9D090A8983947DAF8488D3DF8FBDCC1F92493585E134A1B42DE519F463244D7ED384E26D516CC7A4FF7895B1992140043AACADFC12E856B202346AF8226B1A882137DC3C5A57F0D2815C1FCD4BB46FA9157FDFFD79EC3A10A824CCC1EB3CE0B6B4396AE236590016BA69", 16).subtract(createUnsignedBigInteger).min(createUnsignedBigInteger).toByteArray()))) {
                    this.log.error("Error performing external authentication");
                    throw new CardException("External Authentication failed.");
                }
                this.log.trace("External authentication succeeded.");
                this.kifd = randomBytes2;
            } catch (Exception e) {
                this.log.error("Error performing external authentication.", (Throwable) e);
                throw new CardException("Error encrypting authentication data.", e);
            }
        } catch (Exception e2) {
            this.log.error("Error performing external authentication.", (Throwable) e2);
            throw new CardException("Error encrypting authentication data.", e2);
        }
    }

    private byte[] executeRequestCardChallenge() throws CardException {
        ResponseAPDU transmit = super.transmit(new CommandAPDU(0, ACOSCard.KID_PUK_INF, 0, 0, 8));
        if (transmit.getSW() == 36864) {
            return transmit.getData();
        }
        this.log.error("Error requesting challenge from card: " + Integer.toHexString(transmit.getSW()));
        throw new CardException("Invalid response from card upon challenge request: " + Integer.toHexString(transmit.getSW()));
    }

    private boolean executeExternalAuthenticate(byte[] bArr) throws CardException {
        ResponseAPDU transmit = super.transmit(new CommandAPDU(0, -126, 0, 0, bArr));
        this.log.trace("Card answer to EXTERNL AUTHENTICATE: " + Integer.toHexString(transmit.getSW()));
        return transmit.getSW() == 36864;
    }

    private void calculateChannelKeys() throws CardException {
        if (this.kicc == null || this.kifd == null) {
            this.log.error("Error generating channel keys - required key data is null.");
            throw new CardException("Required data for deriving keys not available.");
        }
        if (this.kicc.length != this.kifd.length) {
            this.log.error("Error generating channel keys - invalid key data");
            throw new CardException("Required data for deriving keys is invalid.");
        }
        byte[] bArr = new byte[this.kicc.length];
        for (int i = 0; i < bArr.length; i++) {
            bArr[i] = (byte) (this.kicc[i] ^ this.kifd[i]);
        }
        byte[] bArr2 = new byte[bArr.length + this.KENC_COMPUTATION_TAIL.length];
        byte[] bArr3 = new byte[bArr.length + this.KMAC_COMPUTATION_TAIL.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(this.KENC_COMPUTATION_TAIL, 0, bArr2, bArr.length, this.KENC_COMPUTATION_TAIL.length);
        System.arraycopy(this.KMAC_COMPUTATION_TAIL, 0, bArr3, bArr.length, this.KMAC_COMPUTATION_TAIL.length);
        byte[] computeSHA1Hash = DNIeCryptoUtil.computeSHA1Hash(bArr2);
        byte[] computeSHA1Hash2 = DNIeCryptoUtil.computeSHA1Hash(bArr3);
        this.kEnc = Arrays.copyOfRange(computeSHA1Hash, 0, 16);
        this.kMac = Arrays.copyOfRange(computeSHA1Hash2, 0, 16);
        if (this.rndIcc == null || this.rndIfd == null || this.rndIcc.length < 4 || this.rndIfd.length < 4) {
            this.log.error("Error generating channel keys - invlaid ssc data");
            throw new CardException("Data required to compute SSC not valid.");
        }
        this.ssc = new byte[8];
        System.arraycopy(this.rndIcc, this.rndIcc.length - 4, this.ssc, 0, 4);
        System.arraycopy(this.rndIfd, this.rndIfd.length - 4, this.ssc, 4, 4);
    }

    private byte[] secureAPDUWithoutData(byte[] bArr) throws CardException {
        int i;
        if (bArr.length < 4 || bArr.length > 5) {
            this.log.error("Error securing APDU - invalid APDU length: " + bArr.length);
            throw new CardException("Invalid APDU length.");
        }
        boolean z = bArr.length == 5;
        byte b = (byte) (bArr[0] | 12);
        byte[] applyPadding = DNIeCryptoUtil.applyPadding(8, new byte[]{b, bArr[1], bArr[2], bArr[3]});
        byte[] bArr2 = null;
        if (z) {
            bArr2 = new byte[]{-105, 1, bArr[4]};
            i = bArr2.length;
        } else {
            i = 0;
        }
        byte[] bArr3 = new byte[applyPadding.length + i];
        System.arraycopy(applyPadding, 0, bArr3, 0, applyPadding.length);
        if (z) {
            System.arraycopy(bArr2, 0, bArr3, applyPadding.length, bArr2.length);
            bArr3 = DNIeCryptoUtil.applyPadding(8, bArr3);
        }
        incrementSSC();
        byte[] calculateAPDUMAC = DNIeCryptoUtil.calculateAPDUMAC(bArr3, this.kMac, this.ssc, 8);
        byte[] bArr4 = new byte[calculateAPDUMAC.length + 2];
        bArr4[0] = -114;
        bArr4[1] = (byte) calculateAPDUMAC.length;
        System.arraycopy(calculateAPDUMAC, 0, bArr4, 2, calculateAPDUMAC.length);
        byte[] bArr5 = new byte[5 + i + bArr4.length];
        bArr5[0] = b;
        bArr5[1] = bArr[1];
        bArr5[2] = bArr[2];
        bArr5[3] = bArr[3];
        bArr5[4] = (byte) (bArr4.length + i);
        if (z) {
            System.arraycopy(bArr2, 0, bArr5, 5, bArr2.length);
        }
        System.arraycopy(bArr4, 0, bArr5, 5 + i, bArr4.length);
        return bArr5;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private byte[] secureAPDUWithData(byte[] bArr) throws CardException {
        Object[] objArr;
        if (bArr.length < 6) {
            this.log.error("Error securing APDU - invalid APDU length: " + bArr.length);
            throw new CardException("Error securing APDU - invalid APDU length: " + bArr.length);
        }
        boolean z = bArr[0];
        boolean z2 = bArr[1];
        boolean z3 = bArr[2];
        boolean z4 = bArr[3];
        int i = bArr[4];
        if (bArr.length == i + 5 + 1) {
            objArr = true;
        } else {
            if (bArr.length != i + 5) {
                this.log.error("Error securing APDU - invalid APDU length: " + bArr.length);
                throw new CardException("Invalid APDU length or format.");
            }
            objArr = false;
        }
        byte[] bArr2 = null;
        if (objArr != false) {
            bArr2 = new byte[]{-105, 1, bArr[bArr.length - 1] ? 1 : 0};
        }
        byte[] bArr3 = new byte[i];
        System.arraycopy(bArr, 5, bArr3, 0, i);
        try {
            byte[] perform3DESCipherOperation = DNIeCryptoUtil.perform3DESCipherOperation(DNIeCryptoUtil.applyPadding(8, bArr3), this.kEnc, 1);
            byte[] bArr4 = new byte[perform3DESCipherOperation.length + 3];
            bArr4[0] = -121;
            bArr4[1] = (byte) (perform3DESCipherOperation.length + 1);
            bArr4[2] = 1;
            System.arraycopy(perform3DESCipherOperation, 0, bArr4, 3, perform3DESCipherOperation.length);
            byte b = (byte) ((z ? 1 : 0) | 12);
            byte[] applyPadding = DNIeCryptoUtil.applyPadding(8, new byte[]{b, z2 ? 1 : 0, z3 ? 1 : 0, z4 ? 1 : 0});
            byte[] bArr5 = new byte[applyPadding.length + bArr4.length];
            System.arraycopy(applyPadding, 0, bArr5, 0, applyPadding.length);
            System.arraycopy(bArr4, 0, bArr5, applyPadding.length, bArr4.length);
            if (objArr != false) {
                byte[] bArr6 = new byte[bArr5.length + bArr2.length];
                System.arraycopy(bArr5, 0, bArr6, 0, bArr5.length);
                System.arraycopy(bArr2, 0, bArr6, bArr5.length, bArr2.length);
                bArr5 = bArr6;
            }
            byte[] applyPadding2 = DNIeCryptoUtil.applyPadding(8, bArr5);
            incrementSSC();
            byte[] calculateAPDUMAC = DNIeCryptoUtil.calculateAPDUMAC(applyPadding2, this.kMac, this.ssc, 8);
            byte[] bArr7 = new byte[calculateAPDUMAC.length + 2];
            bArr7[0] = -114;
            bArr7[1] = (byte) calculateAPDUMAC.length;
            System.arraycopy(calculateAPDUMAC, 0, bArr7, 2, calculateAPDUMAC.length);
            int length = objArr != false ? bArr2.length : 0;
            byte[] bArr8 = new byte[5 + bArr4.length + bArr7.length + length];
            bArr8[0] = b;
            bArr8[1] = z2 ? 1 : 0;
            bArr8[2] = z3 ? 1 : 0;
            bArr8[3] = z4 ? 1 : 0;
            bArr8[4] = (byte) (bArr4.length + length + bArr7.length);
            System.arraycopy(bArr4, 0, bArr8, 5, bArr4.length);
            if (objArr != false) {
                System.arraycopy(bArr2, 0, bArr8, 5 + bArr4.length, length);
            }
            System.arraycopy(bArr7, 0, bArr8, 5 + bArr4.length + length, bArr7.length);
            return bArr8;
        } catch (Exception e) {
            this.log.error("Error encrypting APDU.", (Throwable) e);
            throw new CardException("Error encrypting APDU.", e);
        }
    }

    private byte[] secureAPDU(byte[] bArr) throws CardException {
        if (bArr == null || bArr.length < 4) {
            this.log.error("Invalid APDU to secure.");
            throw new CardException("Invalid APDU to secure.");
        }
        if (bArr.length == 4 || bArr.length == 5) {
            return secureAPDUWithoutData(bArr);
        }
        if (bArr.length > 5) {
            return secureAPDUWithData(bArr);
        }
        throw new CardException("Error securing APDU - unexpected APDU length.");
    }

    private byte[] verifyAndDecryptSecuredResponseAPDU(byte[] bArr) throws CardException {
        byte[] bArr2 = new byte[bArr.length - 10];
        byte[] bArr3 = new byte[4];
        byte[] bArr4 = new byte[4];
        System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
        System.arraycopy(bArr, bArr2.length, bArr3, 0, bArr3.length);
        System.arraycopy(bArr, bArr2.length + bArr3.length + 2, bArr4, 0, bArr4.length);
        byte[] bArr5 = new byte[bArr2.length + bArr3.length];
        System.arraycopy(bArr2, 0, bArr5, 0, bArr2.length);
        System.arraycopy(bArr3, 0, bArr5, bArr2.length, bArr3.length);
        byte[] applyPadding = DNIeCryptoUtil.applyPadding(8, bArr5);
        incrementSSC();
        if (!Arrays.equals(DNIeCryptoUtil.calculateAPDUMAC(applyPadding, this.kMac, this.ssc, 8), bArr4)) {
            this.log.error("Error verifiying MAC of secured response. MAC values do not match.");
            throw new CardException("Unable to verify MAC of Response APDU.");
        }
        if (bArr2.length <= 0) {
            byte[] bArr6 = new byte[2];
            bArr6[bArr6.length - 2] = bArr3[2];
            bArr6[bArr6.length - 1] = bArr3[3];
            return bArr6;
        }
        byte[] bArr7 = new byte[bArr2.length - DNIeCryptoUtil.getCutOffLength(bArr2, 8)];
        System.arraycopy(bArr2, DNIeCryptoUtil.getCutOffLength(bArr2, 8), bArr7, 0, bArr7.length);
        try {
            byte[] removePadding = DNIeCryptoUtil.removePadding(DNIeCryptoUtil.perform3DESCipherOperation(bArr7, this.kEnc, 2));
            byte[] bArr8 = new byte[removePadding.length + 2];
            System.arraycopy(removePadding, 0, bArr8, 0, removePadding.length);
            bArr8[bArr8.length - 2] = bArr3[2];
            bArr8[bArr8.length - 1] = bArr3[3];
            return bArr8;
        } catch (Exception e) {
            this.log.error("Error decrypting data.", (Throwable) e);
            throw new CardException("Unable to decrypt data.", e);
        }
    }

    private void incrementSSC() {
        this.ssc = new BigInteger(this.ssc).add(new BigInteger("1", 10)).toByteArray();
    }
}
