package de.persosim.simulator.protocols.ri;

import de.persosim.simulator.apdu.ResponseApdu;
import de.persosim.simulator.apdumatching.ApduSpecificationConstants;
import de.persosim.simulator.cardobjects.CardObject;
import de.persosim.simulator.cardobjects.CardObjectIdentifier;
import de.persosim.simulator.cardobjects.CardObjectUtils;
import de.persosim.simulator.cardobjects.KeyIdentifier;
import de.persosim.simulator.cardobjects.KeyPairObject;
import de.persosim.simulator.cardobjects.MasterFile;
import de.persosim.simulator.cardobjects.OidIdentifier;
import de.persosim.simulator.crypto.StandardizedDomainParameters;
import de.persosim.simulator.exception.VerificationException;
import de.persosim.simulator.platform.CardStateAccessor;
import de.persosim.simulator.platform.Iso7816;
import de.persosim.simulator.platform.PlatformUtil;
import de.persosim.simulator.processing.ProcessingData;
import de.persosim.simulator.protocols.GenericOid;
import de.persosim.simulator.protocols.Oid;
import de.persosim.simulator.protocols.Protocol;
import de.persosim.simulator.protocols.RoleOid;
import de.persosim.simulator.protocols.SecInfoPublicity;
import de.persosim.simulator.protocols.ta.Authorization;
import de.persosim.simulator.protocols.ta.TerminalAuthenticationMechanism;
import de.persosim.simulator.protocols.ta.TerminalType;
import de.persosim.simulator.secstatus.EffectiveAuthorizationMechanism;
import de.persosim.simulator.secstatus.SecMechanism;
import de.persosim.simulator.secstatus.SecStatus;
import de.persosim.simulator.tlv.ConstructedTlvDataObject;
import de.persosim.simulator.tlv.PrimitiveTlvDataObject;
import de.persosim.simulator.tlv.TlvConstants;
import de.persosim.simulator.tlv.TlvDataObject;
import de.persosim.simulator.tlv.TlvDataObjectContainer;
import de.persosim.simulator.tlv.TlvTag;
import de.persosim.simulator.utils.Utils;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import javax.crypto.KeyAgreement;
import org.globaltester.cryptoprovider.Crypto;
import org.globaltester.logging.InfoSource;

/* loaded from: classes6.dex */
public class RiProtocol implements Protocol, Iso7816, ApduSpecificationConstants, InfoSource, Ri, TlvConstants {
    private CardStateAccessor cardState;
    private int privateKeyReference;
    private KeyPairObject staticKeyObject;

    public RiProtocol() {
        reset();
    }

    private byte[] calculateSectorIdentifier(PrivateKey privateKey, PublicKey publicKey, KeyAgreement keyAgreement, MessageDigest messageDigest) {
        try {
            keyAgreement.init(privateKey);
            keyAgreement.doPhase(publicKey, true);
            return messageDigest.digest(keyAgreement.generateSecret());
        } catch (InvalidKeyException e) {
            return null;
        }
    }

    private boolean checkSectorPublicKeyHash(ConstructedTlvDataObject constructedTlvDataObject, MessageDigest messageDigest, byte[] bArr) {
        ConstructedTlvDataObject constructedTlvDataObject2 = new ConstructedTlvDataObject(TlvConstants.TAG_7F49);
        Iterator<TlvDataObject> it = constructedTlvDataObject.getTlvDataObjectContainer().iterator();
        while (it.hasNext()) {
            constructedTlvDataObject2.addTlvDataObject(it.next());
        }
        return Arrays.equals(bArr, messageDigest.digest(constructedTlvDataObject2.toByteArray()));
    }

    private PrimitiveTlvDataObject handleSectorKey(TlvTag tlvTag, PrivateKey privateKey, ConstructedTlvDataObject constructedTlvDataObject, MessageDigest messageDigest, byte[] bArr, TlvTag tlvTag2) throws GeneralSecurityException, VerificationException {
        TlvDataObject tlvDataObject = constructedTlvDataObject.getTlvDataObject(tlvTag);
        if (!(tlvDataObject instanceof ConstructedTlvDataObject)) {
            return null;
        }
        if (!checkSectorPublicKeyHash((ConstructedTlvDataObject) tlvDataObject, messageDigest, bArr)) {
            throw new VerificationException("The public key hash transmitted during a previous protocol does not match the given public key");
        }
        RiOid riOid = new RiOid(((ConstructedTlvDataObject) tlvDataObject).getTlvDataObject(TlvConstants.TAG_06).getValueField());
        return new PrimitiveTlvDataObject(tlvTag2, calculateSectorIdentifier(privateKey, riOid.parsePublicKey((ConstructedTlvDataObject) tlvDataObject), riOid.getKeyAgreement(), riOid.getHash()));
    }

    private void processCommandGeneralAuthenticate(ProcessingData processingData) {
        if (processingData.getCommandApdu().getCommandDataObjectContainer().getTlvDataObject(TlvConstants.TAG_7C) instanceof ConstructedTlvDataObject) {
            ConstructedTlvDataObject constructedTlvDataObject = (ConstructedTlvDataObject) processingData.getCommandApdu().getCommandDataObjectContainer().getTlvDataObject(TlvConstants.TAG_7C);
            HashSet hashSet = new HashSet();
            hashSet.add(TerminalAuthenticationMechanism.class);
            hashSet.add(EffectiveAuthorizationMechanism.class);
            Collection<SecMechanism> currentMechanisms = this.cardState.getCurrentMechanisms(SecStatus.SecContext.APPLICATION, hashSet);
            TerminalAuthenticationMechanism terminalAuthenticationMechanism = null;
            EffectiveAuthorizationMechanism effectiveAuthorizationMechanism = null;
            if (currentMechanisms.size() < 2) {
                processingData.updateResponseAPDU(this, "Restricted Identification requires preceding Terminal Authentication", new ResponseApdu(Iso7816.SW_6985_CONDITIONS_OF_USE_NOT_SATISFIED));
                return;
            }
            for (SecMechanism secMechanism : currentMechanisms) {
                if (secMechanism instanceof TerminalAuthenticationMechanism) {
                    terminalAuthenticationMechanism = (TerminalAuthenticationMechanism) secMechanism;
                }
                if (secMechanism instanceof EffectiveAuthorizationMechanism) {
                    effectiveAuthorizationMechanism = (EffectiveAuthorizationMechanism) secMechanism;
                }
            }
            if (terminalAuthenticationMechanism == null || effectiveAuthorizationMechanism == null) {
                processingData.updateResponseAPDU(this, "Restricted Identification only allowed for Authentication Terminals", new ResponseApdu(Iso7816.SW_6985_CONDITIONS_OF_USE_NOT_SATISFIED));
                return;
            }
            Authorization authorization = effectiveAuthorizationMechanism.getAuthorization(RoleOid.id_AT);
            if (!terminalAuthenticationMechanism.getTerminalType().equals(TerminalType.AT)) {
                processingData.updateResponseAPDU(this, "Restricted Identification only allowed for Authentication Terminals", new ResponseApdu(Iso7816.SW_6985_CONDITIONS_OF_USE_NOT_SATISFIED));
                return;
            }
            byte[] firstSectorPublicKeyHash = terminalAuthenticationMechanism.getFirstSectorPublicKeyHash();
            byte[] secondSectorPublicKeyHash = terminalAuthenticationMechanism.getSecondSectorPublicKeyHash();
            try {
                MessageDigest messageDigest = MessageDigest.getInstance(terminalAuthenticationMechanism.getSectorPublicKeyHashAlgorithm(), Crypto.getCryptoProvider());
                if (this.staticKeyObject == null) {
                    processingData.updateResponseAPDU(this, "The static key pair was not set correctly, probably due to missing or failed execution of setAT command", new ResponseApdu(PlatformUtil.SW_4A80_WRONG_DATA));
                    return;
                }
                KeyPair keyPair = this.staticKeyObject.getKeyPair();
                if (this.staticKeyObject.isPrivilegedOnly() && (authorization == null || !authorization.getAuthorization().getBit(2))) {
                    processingData.updateResponseAPDU(this, "Restricted Identification only allowed for authorized terminals", new ResponseApdu(Iso7816.SW_6982_SECURITY_STATUS_NOT_SATISFIED));
                    return;
                }
                PrivateKey privateKey = keyPair.getPrivate();
                ConstructedTlvDataObject constructedTlvDataObject2 = new ConstructedTlvDataObject(TlvConstants.TAG_7C);
                try {
                    if (constructedTlvDataObject.getTlvDataObject(RI_FIRST_SECTOR_KEY_TAG) != null) {
                        constructedTlvDataObject2.addTlvDataObject(handleSectorKey(RI_FIRST_SECTOR_KEY_TAG, privateKey, constructedTlvDataObject, messageDigest, firstSectorPublicKeyHash, TlvConstants.TAG_81));
                    }
                    if (constructedTlvDataObject.getTlvDataObject(RI_SECOND_SECTOR_KEY_TAG) != null) {
                        constructedTlvDataObject2.addTlvDataObject(handleSectorKey(RI_SECOND_SECTOR_KEY_TAG, privateKey, constructedTlvDataObject, messageDigest, secondSectorPublicKeyHash, TlvConstants.TAG_83));
                    }
                } catch (VerificationException e) {
                    processingData.updateResponseAPDU(this, "the given public key is invalid", new ResponseApdu(Iso7816.SW_6A80_WRONG_DATA));
                } catch (GeneralSecurityException e2) {
                    processingData.updateResponseAPDU(this, "no sector identifiers could be calculated because of errors using the public key", new ResponseApdu(Iso7816.SW_6A80_WRONG_DATA));
                    return;
                }
                if (constructedTlvDataObject2.getNoOfElements() > 0) {
                    processingData.updateResponseAPDU(this, "Restricted identification successfully executed", new ResponseApdu(new TlvDataObjectContainer(constructedTlvDataObject2), Iso7816.SW_9000_NO_ERROR));
                } else {
                    processingData.updateResponseAPDU(this, "no sector identifiers could be calculated becaus of missing or incorrect input data", new ResponseApdu(Iso7816.SW_6A80_WRONG_DATA));
                }
            } catch (GeneralSecurityException e3) {
                processingData.updateResponseAPDU(this, "The hash algorithm for checking the public key could not be instantiated", new ResponseApdu(Iso7816.SW_6FFF_IMPLEMENTATION_ERROR));
            }
        }
    }

    private void processCommandSetAt(ProcessingData processingData) {
        TlvDataObject tlvDataObject = processingData.getCommandApdu().getCommandDataObjectContainer().getTlvDataObject(TlvConstants.TAG_80);
        TlvDataObject tlvDataObject2 = processingData.getCommandApdu().getCommandDataObjectContainer().getTlvDataObject(TlvConstants.TAG_84);
        if (tlvDataObject == null) {
            processingData.updateResponseAPDU(this, "The cryptographic mechanism reference data is missing", new ResponseApdu(Iso7816.SW_6A88_REFERENCE_DATA_NOT_FOUND));
            return;
        }
        try {
            new RiOid(tlvDataObject.getValueField());
            if (tlvDataObject2 == null) {
                processingData.updateResponseAPDU(this, "The private key reference was not found", new ResponseApdu(Iso7816.SW_6A88_REFERENCE_DATA_NOT_FOUND));
                return;
            }
            this.privateKeyReference = Utils.getIntFromUnsignedByteArray(tlvDataObject2.getValueField());
            CardObject findObject = CardObjectUtils.findObject(this.cardState.getMasterFile(), new KeyIdentifier(this.privateKeyReference));
            if (!(findObject instanceof KeyPairObject)) {
                processingData.updateResponseAPDU(this, "invalid key reference", new ResponseApdu(Iso7816.SW_6A88_REFERENCE_DATA_NOT_FOUND));
            } else {
                this.staticKeyObject = (KeyPairObject) findObject;
                processingData.updateResponseAPDU(this, "Command SetAt successfully processed", new ResponseApdu(Iso7816.SW_9000_NO_ERROR));
            }
        } catch (IllegalArgumentException e) {
            processingData.updateResponseAPDU(this, "The cryptographic mechanism reference data is missing", new ResponseApdu(PlatformUtil.SW_4A80_WRONG_DATA));
        }
    }

    @Override // org.globaltester.logging.InfoSource
    public String getIDString() {
        return "Restricted Identification";
    }

    @Override // de.persosim.simulator.protocols.Protocol
    public String getProtocolName() {
        return "RI";
    }

    @Override // de.persosim.simulator.protocols.Protocol
    public Collection<TlvDataObject> getSecInfos(SecInfoPublicity secInfoPublicity, MasterFile masterFile) {
        if (secInfoPublicity != SecInfoPublicity.AUTHENTICATED && secInfoPublicity != SecInfoPublicity.PRIVILEGED) {
            return Collections.emptySet();
        }
        Collection<CardObject> findChildren = masterFile.findChildren(new KeyIdentifier(), new OidIdentifier(new GenericOid(Ri.id_RI)));
        HashSet hashSet = new HashSet();
        for (CardObject cardObject : findChildren) {
            if (cardObject instanceof KeyPairObject) {
                KeyPairObject keyPairObject = (KeyPairObject) cardObject;
                Collection<CardObjectIdentifier> allIdentifiers = keyPairObject.getAllIdentifiers();
                int i = -1;
                Iterator<CardObjectIdentifier> it = allIdentifiers.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    CardObjectIdentifier next = it.next();
                    if (next instanceof KeyIdentifier) {
                        i = ((KeyIdentifier) next).getKeyReference();
                        break;
                    }
                }
                if (i != -1) {
                    byte[] bArr = null;
                    for (CardObjectIdentifier cardObjectIdentifier : allIdentifiers) {
                        if (cardObjectIdentifier instanceof OidIdentifier) {
                            Oid oid = ((OidIdentifier) cardObjectIdentifier).getOid();
                            if (oid.startsWithPrefix(id_RI)) {
                                byte[] byteArray = oid.toByteArray();
                                bArr = Arrays.copyOfRange(byteArray, 0, 9);
                                ConstructedTlvDataObject constructedTlvDataObject = new ConstructedTlvDataObject(TAG_SEQUENCE);
                                constructedTlvDataObject.addTlvDataObject(new PrimitiveTlvDataObject(TAG_INTEGER, new byte[]{1}));
                                constructedTlvDataObject.addTlvDataObject(new PrimitiveTlvDataObject(TAG_INTEGER, new byte[]{(byte) i}));
                                if (keyPairObject.isPrivilegedOnly()) {
                                    constructedTlvDataObject.addTlvDataObject(new PrimitiveTlvDataObject(TAG_BOOLEAN, DER_BOOLEAN_TRUE));
                                } else {
                                    constructedTlvDataObject.addTlvDataObject(new PrimitiveTlvDataObject(TAG_BOOLEAN, DER_BOOLEAN_FALSE));
                                }
                                ConstructedTlvDataObject constructedTlvDataObject2 = new ConstructedTlvDataObject(TAG_SEQUENCE);
                                constructedTlvDataObject2.addTlvDataObject(new PrimitiveTlvDataObject(TAG_OID, byteArray));
                                constructedTlvDataObject2.addTlvDataObject(constructedTlvDataObject);
                                hashSet.add(constructedTlvDataObject2);
                            }
                        }
                    }
                    ConstructedTlvDataObject simplifyAlgorithmIdentifier = StandardizedDomainParameters.simplifyAlgorithmIdentifier((ConstructedTlvDataObject) new ConstructedTlvDataObject(keyPairObject.getKeyPair().getPublic().getEncoded()).getTlvDataObject(TAG_SEQUENCE));
                    ConstructedTlvDataObject constructedTlvDataObject3 = new ConstructedTlvDataObject(TAG_SEQUENCE);
                    constructedTlvDataObject3.addTlvDataObject(new PrimitiveTlvDataObject(TAG_OID, bArr));
                    constructedTlvDataObject3.addTlvDataObject(simplifyAlgorithmIdentifier);
                    hashSet.add(constructedTlvDataObject3);
                }
            }
        }
        return hashSet;
    }

    @Override // de.persosim.simulator.protocols.Protocol
    public boolean isMoveToStackRequested() {
        return false;
    }

    @Override // de.persosim.simulator.protocols.Protocol
    public void process(ProcessingData processingData) {
        if (processingData.getCommandApdu().getIns() == 34 && processingData.getCommandApdu().getP1() == 65) {
            processCommandSetAt(processingData);
        } else if (processingData.getCommandApdu().getIns() == -122) {
            processCommandGeneralAuthenticate(processingData);
        }
    }

    @Override // de.persosim.simulator.protocols.Protocol
    public void reset() {
        this.privateKeyReference = -1;
    }

    @Override // de.persosim.simulator.protocols.Protocol
    public void setCardStateAccessor(CardStateAccessor cardStateAccessor) {
        this.cardState = cardStateAccessor;
    }
}
