package org.openecard.ifd.protocol.pace;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.openecard.bouncycastle.crypto.engines.AESFastEngine;
import org.openecard.bouncycastle.crypto.macs.CMac;
import org.openecard.bouncycastle.crypto.params.KeyParameter;
import org.openecard.common.apdu.common.CardCommandAPDU;
import org.openecard.common.tlv.TLV;
import org.openecard.common.util.ByteUtils;

/* loaded from: input_file:org/openecard/ifd/protocol/pace/SecureMessaging.class */
public class SecureMessaging {
    private static final byte[] NULL = {0};
    private static final byte PAD = Byte.MIN_VALUE;
    private byte[] secureMessagingSSC = new byte[16];
    private byte[] keyMAC;
    private byte[] keyENC;

    public SecureMessaging(byte[] bArr, byte[] bArr2) {
        this.keyENC = bArr2;
        this.keyMAC = bArr;
    }

    public byte[] encrypt(byte[] bArr) throws Exception {
        incrementSSC(this.secureMessagingSSC);
        byte[] encrypt = encrypt(bArr, this.secureMessagingSSC);
        incrementSSC(this.secureMessagingSSC);
        return encrypt;
    }

    private byte[] encrypt(byte[] bArr, byte[] bArr2) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CardCommandAPDU cardCommandAPDU = new CardCommandAPDU(bArr);
        if (cardCommandAPDU.isSecureMessaging()) {
            throw new IllegalArgumentException("Malformed APDU.");
        }
        byte[] data = cardCommandAPDU.getData();
        byte[] header = cardCommandAPDU.getHeader();
        int lc = cardCommandAPDU.getLC();
        int le = cardCommandAPDU.getLE();
        if (data != null) {
            byte[] concatenate = ByteUtils.concatenate((byte) 1, getCipher(bArr2, 1).doFinal(pad(data, 16)));
            TLV tlv = new TLV();
            tlv.setTagNumWithClass((byte) -121);
            tlv.setValue(concatenate);
            byteArrayOutputStream.write(tlv.toBER());
        }
        if (le >= 0) {
            TLV tlv2 = new TLV();
            tlv2.setTagNumWithClass((byte) -105);
            if (le == 256) {
                tlv2.setValue(NULL);
            } else if (le > 256) {
                tlv2.setValue(new byte[]{(byte) ((le >> 8) & 255), (byte) (le & 255)});
            } else {
                tlv2.setValue(new byte[]{(byte) le});
            }
            byteArrayOutputStream.write(tlv2.toBER());
        }
        header[0] = (byte) (header[0] | 12);
        byte[] bArr3 = new byte[16];
        CMac cmac = getCMAC(bArr2);
        byte[] pad = pad(header, 16);
        cmac.update(pad, 0, pad.length);
        if (byteArrayOutputStream.size() > 0) {
            byte[] pad2 = pad(byteArrayOutputStream.toByteArray(), 16);
            cmac.update(pad2, 0, pad2.length);
            lc = byteArrayOutputStream.size();
        }
        cmac.doFinal(bArr3, 0);
        byte[] copy = ByteUtils.copy(bArr3, 0, 8);
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        byteArrayOutputStream2.write(header);
        int i = lc + 10;
        if (i > 255 || le > 256) {
            byteArrayOutputStream2.write(NULL);
            byteArrayOutputStream2.write((i >> 8) & 255);
            byteArrayOutputStream2.write(i & 255);
        } else {
            byteArrayOutputStream2.write(i & 255);
        }
        if (byteArrayOutputStream.size() > 0) {
            byteArrayOutputStream2.write(byteArrayOutputStream.toByteArray());
        }
        byteArrayOutputStream2.write(new byte[]{-114, 8});
        byteArrayOutputStream2.write(copy);
        byteArrayOutputStream2.write(NULL);
        if (i > 255 || le > 256) {
            byteArrayOutputStream2.write(NULL);
        }
        return byteArrayOutputStream2.toByteArray();
    }

    public byte[] decrypt(byte[] bArr) throws Exception {
        if (bArr.length < 12) {
            throw new IllegalArgumentException("Malformed Secure Messaging APDU");
        }
        return decrypt(bArr, this.secureMessagingSSC);
    }

    private byte[] decrypt(byte[] bArr, byte[] bArr2) throws Exception {
        byte[] copy;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(bArr.length - 10);
        byte[] bArr3 = new byte[2];
        byte[] bArr4 = null;
        byte[] bArr5 = new byte[8];
        byte read = (byte) byteArrayInputStream.read();
        if (read == -121) {
            int read2 = byteArrayInputStream.read();
            if (read2 > 128) {
                byte[] bArr6 = new byte[read2 & 15];
                byteArrayInputStream.read(bArr6, 0, bArr6.length);
                read2 = new BigInteger(1, bArr6).intValue();
            }
            byteArrayInputStream.skip(1L);
            bArr4 = new byte[read2 - 1];
            byteArrayInputStream.read(bArr4, 0, bArr4.length);
            read = (byte) byteArrayInputStream.read();
        }
        if (read != -103) {
            throw new IOException("Malformed Secure Messaging APDU");
        }
        if (byteArrayInputStream.read() == 2) {
            byteArrayInputStream.read(bArr3, 0, 2);
            read = (byte) byteArrayInputStream.read();
        }
        if (read != -114) {
            throw new IOException("Malformed Secure Messaging APDU");
        }
        if (byteArrayInputStream.read() == 8) {
            byteArrayInputStream.read(bArr5, 0, 8);
        }
        if (byteArrayInputStream.available() != 2) {
            throw new IOException("Malformed Secure Messaging APDU");
        }
        CMac cmac = getCMAC(bArr2);
        byte[] bArr7 = new byte[16];
        synchronized (cmac) {
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            if (bArr4 != null) {
                TLV tlv = new TLV();
                tlv.setTagNumWithClass((byte) -121);
                tlv.setValue(ByteUtils.concatenate((byte) 1, bArr4));
                byteArrayOutputStream2.write(tlv.toBER());
            }
            TLV tlv2 = new TLV();
            tlv2.setTagNumWithClass((byte) -103);
            tlv2.setValue(bArr3);
            byteArrayOutputStream2.write(tlv2.toBER());
            byte[] pad = pad(byteArrayOutputStream2.toByteArray(), 16);
            cmac.update(pad, 0, pad.length);
            cmac.doFinal(bArr7, 0);
            copy = ByteUtils.copy(bArr7, 0, 8);
        }
        if (!ByteUtils.compare(copy, bArr5)) {
            throw new GeneralSecurityException("Secure Messaging MAC verification failed");
        }
        if (bArr4 != null) {
            byteArrayOutputStream.write(unpad(getCipher(bArr2, 2).doFinal(bArr4)));
        }
        byteArrayOutputStream.write(bArr3);
        return byteArrayOutputStream.toByteArray();
    }

    public static void incrementSSC(byte[] bArr) {
        for (int length = bArr.length - 1; length >= 0; length--) {
            int i = length;
            bArr[i] = (byte) (bArr[i] + 1);
            if (bArr[length] != 0) {
                return;
            }
        }
    }

    private Cipher getCipher(byte[] bArr, int i) throws Exception {
        Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
        cipher.init(i, new SecretKeySpec(this.keyENC, "AES"), new IvParameterSpec(getCipherIV(bArr)));
        return cipher;
    }

    private byte[] getCipherIV(byte[] bArr) throws Exception {
        Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding");
        cipher.init(1, new SecretKeySpec(this.keyENC, "AES"));
        return cipher.doFinal(bArr);
    }

    private CMac getCMAC(byte[] bArr) {
        CMac cMac = new CMac(new AESFastEngine());
        cMac.init(new KeyParameter(this.keyMAC));
        cMac.update(bArr, 0, bArr.length);
        return cMac;
    }

    private byte[] pad(byte[] bArr, int i) {
        byte[] bArr2 = new byte[bArr.length + (i - (bArr.length % i))];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        bArr2[bArr.length] = Byte.MIN_VALUE;
        return bArr2;
    }

    private byte[] unpad(byte[] bArr) {
        for (int length = bArr.length - 1; length >= 0; length--) {
            if (bArr[length] == Byte.MIN_VALUE) {
                return ByteUtils.copy(bArr, 0, length);
            }
        }
        return bArr;
    }
}
