package de.persosim.simulator.protocols.ca;

import de.persosim.simulator.apdu.ResponseApdu;
import de.persosim.simulator.cardobjects.CardObject;
import de.persosim.simulator.cardobjects.CardObjectIdentifier;
import de.persosim.simulator.cardobjects.CardObjectUtils;
import de.persosim.simulator.cardobjects.KeyIdentifier;
import de.persosim.simulator.cardobjects.KeyObject;
import de.persosim.simulator.cardobjects.KeyPairObject;
import de.persosim.simulator.cardobjects.MasterFile;
import de.persosim.simulator.cardobjects.OidIdentifier;
import de.persosim.simulator.crypto.CryptoSupport;
import de.persosim.simulator.crypto.DomainParameterSet;
import de.persosim.simulator.crypto.KeyDerivationFunction;
import de.persosim.simulator.crypto.StandardizedDomainParameters;
import de.persosim.simulator.exception.CryptoException;
import de.persosim.simulator.exception.ProcessingException;
import de.persosim.simulator.platform.Iso7816;
import de.persosim.simulator.platform.PlatformUtil;
import de.persosim.simulator.protocols.AbstractProtocolStateMachine;
import de.persosim.simulator.protocols.Oid;
import de.persosim.simulator.protocols.ProtocolUpdate;
import de.persosim.simulator.protocols.SecInfoPublicity;
import de.persosim.simulator.protocols.Tr03110;
import de.persosim.simulator.protocols.Tr03110Utils;
import de.persosim.simulator.protocols.ta.TerminalAuthenticationMechanism;
import de.persosim.simulator.secstatus.AbstractSecMechanism;
import de.persosim.simulator.secstatus.SecMechanism;
import de.persosim.simulator.secstatus.SecStatus;
import de.persosim.simulator.secstatus.SecStatusMechanismUpdatePropagation;
import de.persosim.simulator.secstatus.SecStatusStoreUpdatePropagation;
import de.persosim.simulator.secstatus.SecurityEvent;
import de.persosim.simulator.secstatus.SessionContextIdMechanism;
import de.persosim.simulator.securemessaging.SmDataProviderTr03110;
import de.persosim.simulator.tlv.ConstructedTlvDataObject;
import de.persosim.simulator.tlv.PrimitiveTlvDataObject;
import de.persosim.simulator.tlv.TlvConstants;
import de.persosim.simulator.tlv.TlvDataObject;
import de.persosim.simulator.tlv.TlvDataObjectContainer;
import de.persosim.simulator.tlv.TlvPath;
import de.persosim.simulator.tlv.TlvTag;
import de.persosim.simulator.tlv.TlvValue;
import de.persosim.simulator.utils.HexString;
import de.persosim.simulator.utils.Utils;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import javax.crypto.KeyAgreement;
import javax.crypto.spec.SecretKeySpec;
import org.globaltester.cryptoprovider.Crypto;
import org.globaltester.logging.BasicLogger;
import org.globaltester.logging.tags.LogLevel;

/* loaded from: classes6.dex */
public abstract class AbstractCaProtocol extends AbstractProtocolStateMachine implements Ca, TlvConstants {
    protected DomainParameterSet caDomainParameters;
    protected CaOid caOid;
    protected CryptoSupport cryptoSupport;
    protected String keyAgreementAlgorithmName;
    protected int keyReference;
    private int numberOfKeyObjects;
    protected SecretKeySpec secretKeySpecENC;
    protected SecretKeySpec secretKeySpecMAC;
    protected SecureRandom secureRandom;
    protected int sessionContextIdentifier;
    protected KeyPair staticKeyPairPicc;

    public AbstractCaProtocol() {
        super("CA");
        this.sessionContextIdentifier = -1;
        this.numberOfKeyObjects = 0;
        this.secureRandom = new SecureRandom();
    }

    protected static byte[] computeAuthenticationTokenTpicc(DomainParameterSet domainParameterSet, CaOid caOid, PublicKey publicKey, CryptoSupport cryptoSupport, SecretKeySpec secretKeySpec) {
        TlvDataObjectContainer buildAuthenticationTokenInput = Tr03110Utils.buildAuthenticationTokenInput(publicKey, domainParameterSet, caOid);
        BasicLogger.log((Class<?>) AbstractCaProtocol.class, "authentication token raw data " + buildAuthenticationTokenInput, LogLevel.DEBUG);
        byte[] copyOf = Arrays.copyOf(cryptoSupport.macAuthenticationToken(buildAuthenticationTokenInput.toByteArray(), secretKeySpec), 8);
        BasicLogger.log((Class<?>) AbstractCaProtocol.class, "PICC's authentication token T_PICC of " + copyOf.length + " bytes length is: " + HexString.encode(copyOf), LogLevel.DEBUG);
        return copyOf;
    }

    private boolean isKeyIdNeeded() {
        return this.numberOfKeyObjects >= 2;
    }

    protected void addChipAuthenticationPublicKeyInfo(boolean z, ArrayList<TlvDataObject> arrayList, ArrayList<TlvDataObject> arrayList2, ConstructedTlvDataObject constructedTlvDataObject) {
        if (z) {
            arrayList.add(constructedTlvDataObject);
        } else {
            arrayList2.add(constructedTlvDataObject);
        }
    }

    protected void assertEphemeralPublicKeyPcdMatchesCompressedKeyReceivedDuringTa(PublicKey publicKey) {
        byte[] comp = this.caDomainParameters.comp(publicKey);
        byte[] ephemeralPublicKeyPcdFromTa = getEphemeralPublicKeyPcdFromTa();
        if (ephemeralPublicKeyPcdFromTa == null) {
            throw new ProcessingException(Iso7816.SW_6982_SECURITY_STATUS_NOT_SATISFIED, "PICC's compressed ephemeral public key from TA is missing. Maybe TA was not performed.");
        }
        BasicLogger.log(this, "expected compressed PCD's ephemeral public " + this.keyAgreementAlgorithmName + " key of " + comp.length + " bytes length is: " + HexString.encode(comp), LogLevel.DEBUG);
        BasicLogger.log(this, "received compressed PCD's ephemeral public " + this.keyAgreementAlgorithmName + " key of " + ephemeralPublicKeyPcdFromTa.length + " bytes length is: " + HexString.encode(ephemeralPublicKeyPcdFromTa), LogLevel.DEBUG);
        if (!Arrays.equals(comp, ephemeralPublicKeyPcdFromTa)) {
            throw new ProcessingException(Iso7816.SW_6984_REFERENCE_DATA_NOT_USABLE, "compressed representation of PCD's public " + this.keyAgreementAlgorithmName + " key does NOT match the one received during previous TA");
        }
        BasicLogger.log(this, "compressed representation of PCD's ephemeral public " + this.caDomainParameters.getKeyAgreementAlgorithm() + " key matches the one received during previous TA", LogLevel.DEBUG);
    }

    protected byte[] computeAuthenticationTokenTpicc(PublicKey publicKey) {
        return computeAuthenticationTokenTpicc(this.caDomainParameters, this.caOid, publicKey, this.cryptoSupport, this.secretKeySpecMAC);
    }

    protected void computeSessionKeys(byte[] bArr, byte[] bArr2) {
        int symmetricCipherKeyLengthInBytes = this.caOid.getSymmetricCipherKeyLengthInBytes();
        KeyDerivationFunction keyDerivationFunction = new KeyDerivationFunction(symmetricCipherKeyLengthInBytes);
        BasicLogger.log(this, "computing " + getIDString() + " session keys", LogLevel.DEBUG);
        BasicLogger.log(this, "shared secret is: " + HexString.encode(bArr), LogLevel.DEBUG);
        BasicLogger.log(this, "nonce is        : " + HexString.encode(bArr2), LogLevel.DEBUG);
        BasicLogger.log(this, "key length specified by " + getIDString() + " OID " + this.caOid + " is: " + symmetricCipherKeyLengthInBytes, LogLevel.DEBUG);
        byte[] deriveMAC = keyDerivationFunction.deriveMAC(bArr, bArr2);
        byte[] deriveENC = keyDerivationFunction.deriveENC(bArr, bArr2);
        BasicLogger.log(this, "chip's session key for MAC of " + deriveMAC.length + " bytes length is: " + HexString.encode(deriveMAC), LogLevel.DEBUG);
        BasicLogger.log(this, "chip's session key for ENC of " + deriveMAC.length + " bytes length is: " + HexString.encode(deriveENC), LogLevel.DEBUG);
        this.secretKeySpecMAC = this.cryptoSupport.generateSecretKeySpecMac(deriveMAC);
        this.secretKeySpecENC = this.cryptoSupport.generateSecretKeySpecCipher(deriveENC);
    }

    protected ConstructedTlvDataObject constructAlgorithmIdentifier(PublicKey publicKey) {
        return CaSecInfoHelper.constructAlgorithmIdentifier(publicKey);
    }

    protected ConstructedTlvDataObject constructChipAuthenticationDomainParameterInfo(byte[] bArr, TlvDataObject tlvDataObject, int i) {
        return (isKeyIdNeeded() || isKeyIdForced()) ? CaSecInfoHelper.constructChipAuthenticationDomainParameterInfo(bArr, tlvDataObject, i) : CaSecInfoHelper.constructChipAuthenticationDomainParameterInfo(bArr, tlvDataObject);
    }

    protected ConstructedTlvDataObject constructChipAuthenticationInfoObject(byte[] bArr, int i) {
        return (isKeyIdNeeded() || isKeyIdForced()) ? CaSecInfoHelper.constructChipAuthenticationInfoObject(bArr, getVersion(), i) : CaSecInfoHelper.constructChipAuthenticationInfoObject(bArr, getVersion());
    }

    protected ConstructedTlvDataObject constructChipAuthenticationPublicKeyInfo(ConstructedTlvDataObject constructedTlvDataObject, byte[] bArr, int i) {
        return (isKeyIdNeeded() || isKeyIdForced()) ? CaSecInfoHelper.constructChipAuthenticationPublicKeyInfo(constructedTlvDataObject, bArr, i) : CaSecInfoHelper.constructChipAuthenticationPublicKeyInfo(constructedTlvDataObject, bArr);
    }

    protected PrimitiveTlvDataObject constructSubjectPublicKey(PublicKey publicKey) {
        return CaSecInfoHelper.constructSubjectPublicKey(publicKey);
    }

    protected ConstructedTlvDataObject constructSubjectPublicKeyInfo(ConstructedTlvDataObject constructedTlvDataObject, PrimitiveTlvDataObject primitiveTlvDataObject) {
        return CaSecInfoHelper.constructSubjectPublicKeyInfo(constructedTlvDataObject, primitiveTlvDataObject);
    }

    public AbstractSecMechanism createSecMechanism(CaOid caOid, int i, PublicKey publicKey) {
        return new ChipAuthenticationMechanism(caOid, i, publicKey);
    }

    protected CaOid extractCaOidFromCommandData(TlvDataObjectContainer tlvDataObjectContainer) {
        try {
            CaOid oid = getOid(tlvDataObjectContainer.getTlvDataObject(TAG_80).getValueField());
            BasicLogger.log(this, "new OID is " + oid, LogLevel.DEBUG);
            return oid;
        } catch (RuntimeException e) {
            throw new ProcessingException(PlatformUtil.SW_4A80_WRONG_DATA, e.getMessage());
        }
    }

    protected KeyIdentifier extractKeyIdentifierFromCommandData(TlvDataObjectContainer tlvDataObjectContainer) {
        TlvDataObject tlvDataObject = tlvDataObjectContainer.getTlvDataObject(TAG_84);
        return tlvDataObject == null ? new KeyIdentifier() : new KeyIdentifier(tlvDataObject.getValueField());
    }

    protected int extractSessionContextId(TlvDataObjectContainer tlvDataObjectContainer) {
        ConstructedTlvDataObject constructedTlvDataObject = (ConstructedTlvDataObject) tlvDataObjectContainer.getTlvDataObject(TlvConstants.TAG_E0);
        if (constructedTlvDataObject == null) {
            return -1;
        }
        return Integer.decode("0x" + HexString.encode(constructedTlvDataObject.getTlvDataObject(TlvConstants.TAG_81).getTlvValue().toByteArray())).intValue();
    }

    protected byte[] generateRPiccNonce() {
        byte[] bArr = new byte[8];
        this.secureRandom.nextBytes(bArr);
        BasicLogger.log(this, "nonce r_PICC of 8 bytes length is: " + HexString.encode(bArr), LogLevel.DEBUG);
        return bArr;
    }

    protected int getCurrentSessionContextId() {
        HashSet hashSet = new HashSet();
        hashSet.add(SessionContextIdMechanism.class);
        for (SecMechanism secMechanism : this.cardState.getCurrentMechanisms(SecStatus.SecContext.APPLICATION, hashSet)) {
            if (secMechanism instanceof SessionContextIdMechanism) {
                return ((SessionContextIdMechanism) secMechanism).getSessionContextId();
            }
        }
        return -1;
    }

    protected byte[] getEphemeralPublicKeyPcdFromTa() {
        HashSet hashSet = new HashSet();
        hashSet.add(TerminalAuthenticationMechanism.class);
        for (SecMechanism secMechanism : this.cardState.getCurrentMechanisms(SecStatus.SecContext.APPLICATION, hashSet)) {
            if (secMechanism instanceof TerminalAuthenticationMechanism) {
                return ((TerminalAuthenticationMechanism) secMechanism).getCompressedTerminalEphemeralPublicKey();
            }
        }
        return null;
    }

    protected CaOid getOid(byte[] bArr) {
        return new CaOid(bArr);
    }

    public TlvPath getPathToPublicKeyTag() {
        return new TlvPath(new TlvTag((byte) 124), new TlvTag(Byte.MIN_VALUE));
    }

    protected byte[] getPcdPublicKeyMaterialFromApdu() {
        TlvDataObject tlvDataObject = this.processingData.getCommandApdu().getCommandDataObjectContainer().getTlvDataObject(getPathToPublicKeyTag());
        if (tlvDataObject == null) {
            throw new ProcessingException(Iso7816.SW_6A88_REFERENCE_DATA_NOT_FOUND, "Missing required public key data");
        }
        byte[] valueField = tlvDataObject.getValueField();
        this.keyAgreementAlgorithmName = this.caDomainParameters.getKeyAgreementAlgorithm();
        BasicLogger.log(this, "PCD's ephemeral public " + this.keyAgreementAlgorithmName + " key material of " + valueField.length + " bytes length is: " + HexString.encode(valueField), LogLevel.TRACE);
        return valueField;
    }

    @Override // de.persosim.simulator.protocols.AbstractProtocolStateMachine, de.persosim.simulator.protocols.Protocol
    public Collection<TlvDataObject> getSecInfos(SecInfoPublicity secInfoPublicity, MasterFile masterFile) {
        Collection<CardObject> findChildren = masterFile.findChildren(new KeyIdentifier(), new OidIdentifier(OID_id_CA));
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList<TlvDataObject> arrayList3 = new ArrayList<>();
        ArrayList<TlvDataObject> arrayList4 = new ArrayList<>();
        HashMap hashMap = new HashMap();
        for (CardObject cardObject : findChildren) {
            if (cardObject instanceof KeyPairObject) {
                KeyPairObject keyPairObject = (KeyPairObject) cardObject;
                int i = -1;
                Iterator<CardObjectIdentifier> it = keyPairObject.getAllIdentifiers().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    CardObjectIdentifier next = it.next();
                    if (next instanceof KeyIdentifier) {
                        i = ((KeyIdentifier) next).getKeyReference();
                        break;
                    }
                }
                if (i != -1) {
                    hashMap.put(keyPairObject, Integer.valueOf(i));
                }
            }
        }
        this.numberOfKeyObjects = hashMap.size();
        for (KeyPairObject keyPairObject2 : hashMap.keySet()) {
            byte[] bArr = null;
            int intValue = ((Integer) hashMap.get(keyPairObject2)).intValue();
            for (CardObjectIdentifier cardObjectIdentifier : keyPairObject2.getAllIdentifiers()) {
                if (cardObjectIdentifier instanceof OidIdentifier) {
                    Oid oid = ((OidIdentifier) cardObjectIdentifier).getOid();
                    if (oid.startsWithPrefix(id_CA)) {
                        byte[] byteArray = oid.toByteArray();
                        bArr = Arrays.copyOfRange(byteArray, 0, 9);
                        ConstructedTlvDataObject constructChipAuthenticationInfoObject = constructChipAuthenticationInfoObject(byteArray, intValue);
                        if (constructChipAuthenticationInfoObject != null) {
                            if (keyPairObject2.isPrivilegedOnly()) {
                                arrayList2.add(constructChipAuthenticationInfoObject);
                            } else {
                                arrayList.add(constructChipAuthenticationInfoObject);
                            }
                        }
                    }
                }
            }
            PublicKey publicKey = keyPairObject2.getKeyPair().getPublic();
            ConstructedTlvDataObject constructAlgorithmIdentifier = constructAlgorithmIdentifier(publicKey);
            PrimitiveTlvDataObject constructSubjectPublicKey = constructSubjectPublicKey(publicKey);
            ConstructedTlvDataObject simplifyAlgorithmIdentifier = simplifyAlgorithmIdentifier(constructAlgorithmIdentifier);
            ConstructedTlvDataObject constructChipAuthenticationDomainParameterInfo = constructChipAuthenticationDomainParameterInfo(bArr, simplifyAlgorithmIdentifier, intValue);
            if (constructChipAuthenticationDomainParameterInfo != null) {
                if (keyPairObject2.isPrivilegedOnly()) {
                    arrayList2.add(constructChipAuthenticationDomainParameterInfo);
                } else {
                    arrayList.add(constructChipAuthenticationDomainParameterInfo);
                }
            }
            ConstructedTlvDataObject constructSubjectPublicKeyInfo = constructSubjectPublicKeyInfo(simplifyAlgorithmIdentifier, constructSubjectPublicKey);
            if (secInfoPublicity == SecInfoPublicity.AUTHENTICATED || secInfoPublicity == SecInfoPublicity.PRIVILEGED) {
                ConstructedTlvDataObject constructChipAuthenticationPublicKeyInfo = constructChipAuthenticationPublicKeyInfo(constructSubjectPublicKeyInfo, Utils.concatByteArrays(Tr03110.id_PK, new byte[]{bArr[8]}), intValue);
                if (constructChipAuthenticationPublicKeyInfo != null) {
                    addChipAuthenticationPublicKeyInfo(keyPairObject2.isPrivilegedOnly(), arrayList4, arrayList3, constructChipAuthenticationPublicKeyInfo);
                }
            }
        }
        if (secInfoPublicity == SecInfoPublicity.AUTHENTICATED || secInfoPublicity == SecInfoPublicity.PRIVILEGED) {
            arrayList.addAll(arrayList3);
        }
        if (arrayList2.size() + arrayList4.size() > 0) {
            ConstructedTlvDataObject constructedTlvDataObject = new ConstructedTlvDataObject(TAG_SEQUENCE);
            constructedTlvDataObject.addTlvDataObject(new PrimitiveTlvDataObject(TAG_OID, Tr03110.id_PT));
            ConstructedTlvDataObject constructedTlvDataObject2 = new ConstructedTlvDataObject(TAG_SET);
            constructedTlvDataObject.addTlvDataObject(constructedTlvDataObject2);
            constructedTlvDataObject2.addAll(arrayList2);
            if (secInfoPublicity == SecInfoPublicity.PRIVILEGED) {
                constructedTlvDataObject2.addAll(arrayList4);
            }
            arrayList.add(constructedTlvDataObject);
        }
        return arrayList;
    }

    protected byte getVersion() {
        return (byte) 2;
    }

    protected KeyObject getkeyObjectForKeyIdentifier(KeyIdentifier keyIdentifier, CardObjectIdentifier... cardObjectIdentifierArr) {
        try {
            CardObject specificChild = CardObjectUtils.getSpecificChild(this.cardState.getMasterFile(), keyIdentifier);
            if (!(specificChild instanceof KeyObject)) {
                throw new ProcessingException(Iso7816.SW_6A88_REFERENCE_DATA_NOT_FOUND, "no fitting key object found");
            }
            KeyObject keyObject = (KeyObject) specificChild;
            if (cardObjectIdentifierArr != null) {
                for (CardObjectIdentifier cardObjectIdentifier : cardObjectIdentifierArr) {
                    if (!cardObjectIdentifier.matches(keyObject)) {
                        throw new ProcessingException(Iso7816.SW_6985_CONDITIONS_OF_USE_NOT_SATISFIED, "invalid key reference");
                    }
                }
            }
            return keyObject;
        } catch (IllegalArgumentException e) {
            throw new ProcessingException(Iso7816.SW_6A88_REFERENCE_DATA_NOT_FOUND, e.getMessage());
        }
    }

    @Override // de.persosim.simulator.statemachine.StateMachine
    public void initialize() {
    }

    protected boolean isKeyIdForced() {
        return true;
    }

    protected byte[] performKeyAgreement(PrivateKey privateKey, PublicKey publicKey) {
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance(this.caOid.getKeyAgreementName(), Crypto.getCryptoProvider());
            keyAgreement.init(privateKey);
            keyAgreement.doPhase(publicKey, true);
            byte[] generateSecret = keyAgreement.generateSecret();
            BasicLogger.log(this, "shared secret K of " + generateSecret.length + " bytes length is: " + HexString.encode(generateSecret), LogLevel.DEBUG);
            return generateSecret;
        } catch (IllegalStateException e) {
            e = e;
            throw new ProcessingException(Iso7816.SW_6FFF_IMPLEMENTATION_ERROR, e.getMessage());
        } catch (InvalidKeyException e2) {
            throw new ProcessingException(Iso7816.SW_6A80_WRONG_DATA, "invalid key");
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
            throw new ProcessingException(Iso7816.SW_6FFF_IMPLEMENTATION_ERROR, e.getMessage());
        }
    }

    protected TlvValue prepareResponseData(byte[] bArr, byte[] bArr2) {
        ConstructedTlvDataObject constructedTlvDataObject = new ConstructedTlvDataObject(TAG_7C);
        if (bArr != null) {
            PrimitiveTlvDataObject primitiveTlvDataObject = new PrimitiveTlvDataObject(TAG_81, bArr);
            BasicLogger.log(this, "primitive tag 81 is: " + primitiveTlvDataObject, LogLevel.TRACE);
            constructedTlvDataObject.addTlvDataObject(primitiveTlvDataObject);
        }
        if (bArr2 != null) {
            PrimitiveTlvDataObject primitiveTlvDataObject2 = new PrimitiveTlvDataObject(TAG_82, bArr2);
            BasicLogger.log(this, "primitive tag 82 is: " + primitiveTlvDataObject2, LogLevel.TRACE);
            constructedTlvDataObject.addTlvDataObject(primitiveTlvDataObject2);
        }
        BasicLogger.log(this, "response data to be sent is: " + constructedTlvDataObject, LogLevel.DEBUG);
        return new TlvDataObjectContainer(constructedTlvDataObject);
    }

    public void processCommandGeneralAuthenticate() {
        try {
            PublicKey reconstructEphemeralPublicKeyPcd = reconstructEphemeralPublicKeyPcd(getPcdPublicKeyMaterialFromApdu());
            assertEphemeralPublicKeyPcdMatchesCompressedKeyReceivedDuringTa(reconstructEphemeralPublicKeyPcd);
            byte[] performKeyAgreement = performKeyAgreement(this.staticKeyPairPicc.getPrivate(), reconstructEphemeralPublicKeyPcd);
            byte[] generateRPiccNonce = generateRPiccNonce();
            computeSessionKeys(performKeyAgreement, generateRPiccNonce);
            byte[] computeAuthenticationTokenTpicc = computeAuthenticationTokenTpicc(reconstructEphemeralPublicKeyPcd);
            propagateSessionKeys();
            storeCurrentSessionContext();
            this.processingData.addUpdatePropagation(this, "Updated security status with chip authentication information", new SecStatusMechanismUpdatePropagation(SecStatus.SecContext.APPLICATION, createSecMechanism(this.caOid, this.keyReference, reconstructEphemeralPublicKeyPcd)));
            TlvValue prepareResponseData = prepareResponseData(generateRPiccNonce, computeAuthenticationTokenTpicc);
            publishSessionContextId();
            this.processingData.updateResponseAPDU(this, "Command General Authenticate successfully processed", new ResponseApdu(prepareResponseData, Iso7816.SW_9000_NO_ERROR));
            this.processingData.addUpdatePropagation(this, "Command General Authenticate successfully processed - Protocol CAv" + ((int) getVersion()) + " completed", new ProtocolUpdate(true));
        } catch (ProcessingException e) {
            this.processingData.updateResponseAPDU(this, e.getMessage(), new ResponseApdu(e.getStatusWord()));
        }
    }

    public void processCommandSetAT() {
        try {
            TlvDataObjectContainer commandDataObjectContainer = this.processingData.getCommandApdu().getCommandDataObjectContainer();
            this.sessionContextIdentifier = extractSessionContextId(commandDataObjectContainer);
            this.caOid = extractCaOidFromCommandData(commandDataObjectContainer);
            KeyObject keyObject = getkeyObjectForKeyIdentifier(extractKeyIdentifierFromCommandData(commandDataObjectContainer), new OidIdentifier(this.caOid));
            if (keyObject instanceof KeyPairObject) {
                this.staticKeyPairPicc = ((KeyPairObject) keyObject).getKeyPair();
                this.caDomainParameters = Tr03110Utils.getDomainParameterSetFromKey(this.staticKeyPairPicc.getPublic());
                this.keyReference = keyObject.getPrimaryIdentifier().getInteger();
                this.caDomainParameters = Tr03110Utils.getDomainParameterSetFromKey(this.staticKeyPairPicc.getPublic());
                this.cryptoSupport = this.caOid.getCryptoSupport();
                this.processingData.updateResponseAPDU(this, "Command Set AT successfully processed", new ResponseApdu(Iso7816.SW_9000_NO_ERROR));
            } else {
                this.processingData.updateResponseAPDU(this, "The domain parameters could not be extracted from the referenced key", new ResponseApdu(PlatformUtil.SW_4984_REFERENCE_DATA_NOT_USABLE));
            }
        } catch (ProcessingException e) {
            this.processingData.updateResponseAPDU(this, e.getMessage(), new ResponseApdu(PlatformUtil.convertTo4xxxStatusWord(e.getStatusWord())));
        }
    }

    protected void propagateSessionKeys() {
        try {
            this.processingData.addUpdatePropagation(this, "init SM after successful CA", new SmDataProviderTr03110(this.secretKeySpecENC, this.secretKeySpecMAC));
        } catch (CryptoException e) {
            throw new ProcessingException(Iso7816.SW_6FFF_IMPLEMENTATION_ERROR, "Unable to initialize new secure messaging");
        }
    }

    protected void publishSessionContextId() {
        if (this.sessionContextIdentifier == 0) {
            throw new ProcessingException(Iso7816.SW_6A80_WRONG_DATA, "The identifier 0 is reserved for the default Session Context and MUST NOT be used for storing a Chip Authentication Session Context");
        }
        this.processingData.addUpdatePropagation(this, "Security status updated with SessionContextIdMechanism", new SecStatusMechanismUpdatePropagation(SecStatus.SecContext.APPLICATION, new SessionContextIdMechanism(this.sessionContextIdentifier)));
    }

    protected PublicKey reconstructEphemeralPublicKeyPcd(byte[] bArr) {
        try {
            PublicKey reconstructPublicKey = this.caDomainParameters.reconstructPublicKey(bArr);
            BasicLogger.log(this, "PCD's  ephemeral public " + this.keyAgreementAlgorithmName + " key is " + new TlvDataObjectContainer(reconstructPublicKey.getEncoded()), LogLevel.TRACE);
            return reconstructPublicKey;
        } catch (IllegalArgumentException e) {
            throw new ProcessingException(Iso7816.SW_6A80_WRONG_DATA, e.getMessage());
        } catch (Exception e2) {
            throw new ProcessingException(Iso7816.SW_6FFF_IMPLEMENTATION_ERROR, e2.getMessage());
        }
    }

    protected ConstructedTlvDataObject simplifyAlgorithmIdentifier(ConstructedTlvDataObject constructedTlvDataObject) {
        return StandardizedDomainParameters.simplifyAlgorithmIdentifier(constructedTlvDataObject);
    }

    protected void storeCurrentSessionContext() {
        int currentSessionContextId = getCurrentSessionContextId();
        if (currentSessionContextId < 0) {
            BasicLogger.log(this, "currently active session will NOT be stored", LogLevel.TRACE);
        } else {
            BasicLogger.log(this, "currently active session (" + currentSessionContextId + ") will be stored", LogLevel.TRACE);
            this.processingData.addUpdatePropagation(this, "Inform the SecStatus to store the session context", new SecStatusStoreUpdatePropagation(SecurityEvent.STORE_SESSION_CONTEXT, currentSessionContextId));
        }
    }
}
