package de.persosim.simulator.protocols.pace;

import de.persosim.simulator.apdu.CommandApdu;
import de.persosim.simulator.apdu.CommandApduFactory;
import de.persosim.simulator.apdu.IsoSecureMessagingCommandApdu;
import de.persosim.simulator.apdu.ResponseApdu;
import de.persosim.simulator.apdu.SmMarkerApdu;
import de.persosim.simulator.apdumatching.ApduSpecificationConstants;
import de.persosim.simulator.cardobjects.AuthObjectIdentifier;
import de.persosim.simulator.cardobjects.CardObject;
import de.persosim.simulator.cardobjects.CardObjectUtils;
import de.persosim.simulator.cardobjects.MasterFile;
import de.persosim.simulator.cardobjects.PasswordAuthObject;
import de.persosim.simulator.cardobjects.PasswordAuthObjectWithRetryCounter;
import de.persosim.simulator.cardobjects.TrustPointCardObject;
import de.persosim.simulator.cardobjects.TrustPointIdentifier;
import de.persosim.simulator.crypto.certificates.PublicKeyReference;
import de.persosim.simulator.platform.CardStateAccessor;
import de.persosim.simulator.platform.Iso7816;
import de.persosim.simulator.platform.Iso7816Lib;
import de.persosim.simulator.processing.ProcessingData;
import de.persosim.simulator.protocols.GenericOid;
import de.persosim.simulator.protocols.Protocol;
import de.persosim.simulator.protocols.ProtocolUpdate;
import de.persosim.simulator.protocols.ResponseData;
import de.persosim.simulator.protocols.SecInfoPublicity;
import de.persosim.simulator.protocols.ta.CertificateHolderAuthorizationTemplate;
import de.persosim.simulator.protocols.ta.CertificateRole;
import de.persosim.simulator.protocols.ta.RelativeAuthorization;
import de.persosim.simulator.protocols.ta.TerminalType;
import de.persosim.simulator.secstatus.AuthorizationStore;
import de.persosim.simulator.secstatus.ConfinedAuthorizationMechanism;
import de.persosim.simulator.secstatus.PaceMechanism;
import de.persosim.simulator.secstatus.SecStatus;
import de.persosim.simulator.secstatus.SecStatusMechanismUpdatePropagation;
import de.persosim.simulator.tlv.ConstructedTlvDataObject;
import de.persosim.simulator.tlv.PrimitiveTlvDataObject;
import de.persosim.simulator.tlv.TlvConstants;
import de.persosim.simulator.tlv.TlvDataObject;
import de.persosim.simulator.tlv.TlvDataObjectContainer;
import de.persosim.simulator.utils.BitField;
import de.persosim.simulator.utils.HexString;
import de.persosim.simulator.utils.Utils;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import org.globaltester.logging.BasicLogger;
import org.globaltester.logging.InfoSource;
import org.globaltester.logging.tags.LogLevel;

/* loaded from: classes6.dex */
public class PaceBypassProtocol implements Pace, Protocol, Iso7816, ApduSpecificationConstants, InfoSource, TlvConstants {
    private CardStateAccessor cardState;
    private boolean pseudoSmIsActive = false;
    private boolean moveToStack = true;
    private ProcessingData lastSeenProcessingData = null;

    public PaceBypassProtocol() {
        reset();
    }

    private void processInitPaceBypass(ProcessingData processingData) {
        TlvDataObjectContainer tlvDataObjectContainer = new TlvDataObjectContainer();
        short s = Iso7816.SW_9000_NO_ERROR;
        String str = "";
        TlvDataObjectContainer commandDataObjectContainer = processingData.getCommandApdu().getCommandDataObjectContainer();
        PasswordAuthObject passwordAuthObject = null;
        CardObject specificChild = CardObjectUtils.getSpecificChild(this.cardState.getMasterFile(), new AuthObjectIdentifier(commandDataObjectContainer.getTlvDataObject(TAG_83).getValueField()));
        if (specificChild instanceof PasswordAuthObject) {
            passwordAuthObject = (PasswordAuthObject) specificChild;
            BasicLogger.log(this, "selected password is: " + AbstractPaceProtocol.getPasswordName(passwordAuthObject.getPasswordIdentifier()), LogLevel.DEBUG);
        } else {
            s = Iso7816.SW_6A88_REFERENCE_DATA_NOT_FOUND;
            str = "no fitting authentication object found";
        }
        byte[] bArr = null;
        TlvDataObject tlvDataObject = commandDataObjectContainer.getTlvDataObject(TAG_92);
        if (tlvDataObject != null) {
            bArr = tlvDataObject.getValueField();
        } else if (s == -28672) {
            s = Iso7816.SW_6A80_WRONG_DATA;
            str = "no password provided";
        }
        CertificateHolderAuthorizationTemplate certificateHolderAuthorizationTemplate = null;
        TrustPointCardObject trustPointCardObject = null;
        TlvDataObject tlvDataObject2 = commandDataObjectContainer.getTlvDataObject(TAG_7F4C);
        if (tlvDataObject2 != null) {
            ConstructedTlvDataObject constructedTlvDataObject = (ConstructedTlvDataObject) tlvDataObject2;
            TlvDataObject tlvDataObject3 = constructedTlvDataObject.getTlvDataObject(TAG_06);
            byte[] valueField = constructedTlvDataObject.getTlvDataObject(TAG_53).getValueField();
            certificateHolderAuthorizationTemplate = new CertificateHolderAuthorizationTemplate(TerminalType.getFromOid(new GenericOid(tlvDataObject3.getValueField())), new RelativeAuthorization(CertificateRole.getFromMostSignificantBits(valueField[0]), BitField.buildFromBigEndian((valueField.length * 8) - 2, valueField)));
            trustPointCardObject = (TrustPointCardObject) CardObjectUtils.getSpecificChild(this.cardState.getMasterFile(), new TrustPointIdentifier(certificateHolderAuthorizationTemplate.getTerminalType()));
            if (!AbstractPaceProtocol.checkPasswordAndAccessRights(certificateHolderAuthorizationTemplate, passwordAuthObject) && s == -28672) {
                s = Iso7816.SW_6A80_WRONG_DATA;
                str = "The given terminal type and password does not match the access rights";
            }
        }
        boolean z = false;
        if (s == -28672) {
            ResponseData isPasswordUsable = AbstractPaceProtocol.isPasswordUsable(passwordAuthObject, this.cardState);
            if (isPasswordUsable == null) {
                tlvDataObjectContainer.addTlvDataObject(new PrimitiveTlvDataObject(TAG_80, Utils.toUnsignedByteArray(Iso7816.SW_9000_NO_ERROR)));
            } else {
                tlvDataObjectContainer.addTlvDataObject(new PrimitiveTlvDataObject(TAG_80, Utils.toUnsignedByteArray(isPasswordUsable.getStatusWord())));
            }
        }
        if (s == -28672) {
            if (passwordAuthObject == null || bArr == null || !Arrays.equals(bArr, passwordAuthObject.getPassword())) {
                BasicLogger.log(this, "Provided password does NOT match expected one", LogLevel.DEBUG);
                z = false;
                if (passwordAuthObject instanceof PasswordAuthObjectWithRetryCounter) {
                    ResponseData mutualAuthenticatePinManagementResponsePaceFailed = AbstractPaceProtocol.getMutualAuthenticatePinManagementResponsePaceFailed((PasswordAuthObjectWithRetryCounter) passwordAuthObject);
                    s = mutualAuthenticatePinManagementResponsePaceFailed.getStatusWord();
                    str = mutualAuthenticatePinManagementResponsePaceFailed.getResponse();
                } else {
                    s = Iso7816.SW_6300_AUTHENTICATION_FAILED;
                    str = "Provided password does NOT match expected one";
                }
            } else {
                BasicLogger.log(this, "Provided password matches expected one", LogLevel.DEBUG);
                if (passwordAuthObject instanceof PasswordAuthObjectWithRetryCounter) {
                    ResponseData mutualAuthenticatePinManagementResponsePaceSuccessful = AbstractPaceProtocol.getMutualAuthenticatePinManagementResponsePaceSuccessful(passwordAuthObject, this.cardState);
                    s = mutualAuthenticatePinManagementResponsePaceSuccessful.getStatusWord();
                    str = mutualAuthenticatePinManagementResponsePaceSuccessful.getResponse();
                    z = !Iso7816Lib.isReportingError(s);
                } else {
                    s = Iso7816.SW_9000_NO_ERROR;
                    str = "MutualAuthenticate processed successfully";
                    z = true;
                }
            }
        }
        if (z) {
            byte[] byteArray = HexString.toByteArray("0102030405060708900A0B0C0D0E0F1011121314");
            tlvDataObjectContainer.addTlvDataObject(new PrimitiveTlvDataObject(TAG_86, byteArray));
            if (trustPointCardObject != null && trustPointCardObject.getCurrentCertificate() != null && (trustPointCardObject.getCurrentCertificate().getCertificateHolderReference() instanceof PublicKeyReference)) {
                tlvDataObjectContainer.addTlvDataObject(new PrimitiveTlvDataObject(TAG_87, trustPointCardObject.getCurrentCertificate().getCertificateHolderReference().getBytes()));
                if (trustPointCardObject.getPreviousCertificate() != null && (trustPointCardObject.getPreviousCertificate().getCertificateHolderReference() instanceof PublicKeyReference)) {
                    tlvDataObjectContainer.addTlvDataObject(new PrimitiveTlvDataObject(TAG_88, trustPointCardObject.getPreviousCertificate().getCertificateHolderReference().getBytes()));
                }
            }
            this.pseudoSmIsActive = true;
            if (s == -28672) {
                PaceMechanism paceMechanism = new PaceMechanism(Pace.OID_id_PACE_ECDH_GM_AES_CBC_CMAC_128, passwordAuthObject, byteArray, HexString.toByteArray("0102030405060708090A0B0C0D0E0F1011121314"), certificateHolderAuthorizationTemplate != null ? certificateHolderAuthorizationTemplate.getTerminalType().getAsOid() : null);
                if (certificateHolderAuthorizationTemplate != null) {
                    HashMap hashMap = new HashMap();
                    hashMap.put(certificateHolderAuthorizationTemplate.getTerminalType().getAsOid(), certificateHolderAuthorizationTemplate.getRelativeAuthorization());
                    processingData.addUpdatePropagation(this, "Security status updated with authorization mechanism", new SecStatusMechanismUpdatePropagation(SecStatus.SecContext.APPLICATION, new ConfinedAuthorizationMechanism(new AuthorizationStore(hashMap))));
                }
                processingData.addUpdatePropagation(this, "Security status updated with PACE mechanism", new SecStatusMechanismUpdatePropagation(SecStatus.SecContext.APPLICATION, paceMechanism));
            }
            str = "Established PACE Bypass";
        }
        processingData.updateResponseAPDU(this, str, new ResponseApdu(new TlvDataObjectContainer(tlvDataObjectContainer), s));
    }

    private void processSm(ProcessingData processingData) {
        CommandApdu commandApdu = processingData.getCommandApdu();
        if ((commandApdu.getCla() & 3) == 3) {
            if (this.pseudoSmIsActive) {
                SmMarkerApdu smMarkerApdu = new SmMarkerApdu(commandApdu);
                processingData.updateCommandApdu(this, "SM marker APDU added", smMarkerApdu);
                byte[] byteArray = commandApdu.toByteArray();
                byteArray[0] = (byte) (byteArray[0] & (-4));
                processingData.updateCommandApdu(this, "Unmasked plain APDU", CommandApduFactory.createCommandApdu(byteArray, smMarkerApdu));
                return;
            }
            return;
        }
        if (this.pseudoSmIsActive) {
            if ((commandApdu instanceof IsoSecureMessagingCommandApdu) && ((IsoSecureMessagingCommandApdu) commandApdu).wasSecureMessaging()) {
                return;
            }
            BasicLogger.log(this, "Plain APDU received, breaking pseudo SM");
            this.pseudoSmIsActive = false;
            processingData.addUpdatePropagation(this, "Pseudo SM deactivated, no need to stay on stack", new ProtocolUpdate(true));
        }
    }

    @Override // org.globaltester.logging.InfoSource
    public String getIDString() {
        return "PaceBypass";
    }

    @Override // de.persosim.simulator.protocols.Protocol
    public String getProtocolName() {
        return "PaceBypass";
    }

    @Override // de.persosim.simulator.protocols.Protocol
    public Collection<TlvDataObject> getSecInfos(SecInfoPublicity secInfoPublicity, MasterFile masterFile) {
        return Collections.emptySet();
    }

    @Override // de.persosim.simulator.protocols.Protocol
    public boolean isMoveToStackRequested() {
        return this.moveToStack;
    }

    @Override // de.persosim.simulator.protocols.Protocol
    public void process(ProcessingData processingData) {
        if (processingData == this.lastSeenProcessingData) {
            this.moveToStack = false;
        } else {
            this.moveToStack = true;
            this.lastSeenProcessingData = processingData;
        }
        byte cla = processingData.getCommandApdu().getCla();
        byte ins = processingData.getCommandApdu().getIns();
        if (cla == -1 && ins == -122) {
            processInitPaceBypass(processingData);
        } else {
            processSm(processingData);
        }
    }

    @Override // de.persosim.simulator.protocols.Protocol
    public void reset() {
    }

    @Override // de.persosim.simulator.protocols.Protocol
    public void setCardStateAccessor(CardStateAccessor cardStateAccessor) {
        this.cardState = cardStateAccessor;
    }
}
