package org.openecard.ifd.protocol.pace.crypto;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import org.openecard.bouncycastle.crypto.engines.AESEngine;
import org.openecard.bouncycastle.crypto.macs.CMac;
import org.openecard.bouncycastle.crypto.params.KeyParameter;
import org.openecard.common.tlv.TLV;
import org.openecard.common.tlv.TagClass;
import org.openecard.common.util.ByteUtils;
import org.openecard.crypto.common.asn1.eac.PACESecurityInfos;
import org.openecard.crypto.common.asn1.utils.ObjectIdentifierUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openecard/ifd/protocol/pace/crypto/AuthenticationToken.class */
public final class AuthenticationToken {
    private static final Logger logger = LoggerFactory.getLogger(AuthenticationToken.class.getName());
    private byte[] token = new byte[8];
    private byte[] currentCAR;
    private byte[] previousCAR;
    private PACESecurityInfos psi;

    public AuthenticationToken(PACESecurityInfos pACESecurityInfos) {
        this.psi = pACESecurityInfos;
    }

    public void generateToken(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        byte[] bArr3 = new byte[16];
        byte[] mACObject = getMACObject(bArr2);
        CMac cMac = new CMac(new AESEngine());
        cMac.init(new KeyParameter(bArr));
        cMac.update(mACObject, 0, mACObject.length);
        cMac.doFinal(bArr3, 0);
        System.arraycopy(bArr3, 0, this.token, 0, 8);
    }

    public boolean verifyToken(AuthenticationToken authenticationToken, boolean z) throws GeneralSecurityException {
        return verifyToken(authenticationToken.toByteArray(), z);
    }

    public boolean verifyToken(byte[] bArr, boolean z) throws GeneralSecurityException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        byte read = (byte) byteArrayInputStream.read();
        byte read2 = (byte) byteArrayInputStream.read();
        if (read != 124 || (read2 & 255) != byteArrayInputStream.available()) {
            throw new GeneralSecurityException("Malformed authentication token");
        }
        byte read3 = (byte) byteArrayInputStream.read();
        byte read4 = (byte) byteArrayInputStream.read();
        if (read3 != -122 || (read4 & 255) != 8) {
            throw new GeneralSecurityException("Malformed authentication token");
        }
        byte[] bArr2 = new byte[8];
        byteArrayInputStream.read(bArr2, 0, 8);
        if (!ByteUtils.compare(bArr2, this.token)) {
            throw new GeneralSecurityException("Cannot verify authentication token");
        }
        byte read5 = (byte) byteArrayInputStream.read();
        int read6 = (byte) byteArrayInputStream.read();
        if (z) {
            if (read5 != -121 || read6 != 14) {
                throw new GeneralSecurityException("Malformed authentication token");
            }
            this.currentCAR = new byte[read6];
            byteArrayInputStream.read(this.currentCAR, 0, read6);
            byte read7 = (byte) byteArrayInputStream.read();
            int read8 = (byte) byteArrayInputStream.read();
            if (byteArrayInputStream.available() > 0) {
                if (read7 != -120 || read8 != 14) {
                    throw new GeneralSecurityException("Malformed authentication token");
                }
                this.previousCAR = new byte[read8];
                byteArrayInputStream.read(this.previousCAR, 0, read8);
            }
        }
        if (byteArrayInputStream.available() != 0) {
            throw new GeneralSecurityException("Malformed authentication token");
        }
        try {
            byteArrayInputStream.close();
            return true;
        } catch (IOException e) {
            return true;
        }
    }

    public byte[] toByteArray() {
        return this.token;
    }

    public byte[] getCurrentCAR() {
        return this.currentCAR;
    }

    public byte[] getPreviousCAR() {
        return this.previousCAR;
    }

    private byte[] getMACObject(byte[] bArr) throws GeneralSecurityException {
        try {
            TLV tlv = new TLV();
            tlv.setTagNumWithClass((byte) -122);
            tlv.setValue(ByteUtils.cutLeadingNullBytes(bArr));
            TLV tlv2 = new TLV();
            tlv2.setTagNumWithClass((byte) 6);
            tlv2.setValue(ObjectIdentifierUtils.getValue(this.psi.getPACEInfo().getProtocol()));
            tlv2.addToEnd(tlv);
            TLV tlv3 = new TLV();
            tlv3.setTagNum((byte) 73);
            tlv3.setTagClass(TagClass.APPLICATION);
            tlv3.setChild(tlv2);
            return tlv3.toBER(true);
        } catch (Throwable th) {
            logger.error(th.getMessage(), th);
            throw new GeneralSecurityException(th);
        }
    }
}
