package de.persosim.simulator.securemessaging;

import de.persosim.simulator.apdu.CommandApdu;
import de.persosim.simulator.apdu.IsoSecureMessagingCommandApdu;
import de.persosim.simulator.apdu.ResponseApdu;
import de.persosim.simulator.crypto.CryptoSupport;
import de.persosim.simulator.crypto.CryptoUtil;
import de.persosim.simulator.platform.Iso7816;
import de.persosim.simulator.platform.Layer;
import de.persosim.simulator.processing.UpdatePropagation;
import de.persosim.simulator.secstatus.SecStatus;
import de.persosim.simulator.secstatus.SecStatusEventUpdatePropagation;
import de.persosim.simulator.secstatus.SecStatusMechanismUpdatePropagation;
import de.persosim.simulator.secstatus.SecurityEvent;
import de.persosim.simulator.tlv.PrimitiveTlvDataObject;
import de.persosim.simulator.tlv.TlvConstants;
import de.persosim.simulator.tlv.TlvDataObject;
import de.persosim.simulator.tlv.TlvDataObjectContainer;
import de.persosim.simulator.tlv.TlvValue;
import de.persosim.simulator.utils.HexString;
import de.persosim.simulator.utils.Utils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.Iterator;
import org.globaltester.logging.BasicLogger;
import org.globaltester.logging.tags.LogLevel;
import org.globaltester.simulator.event.DecodedCommandApduEvent;
import org.globaltester.simulator.event.DecodedResponseApduEvent;

/* loaded from: classes6.dex */
public class SecureMessaging extends Layer implements TlvConstants {
    public static final String SECUREMESSAGING = "SecureMessaging";
    protected SmDataProvider dataProvider = null;

    private void discardSecureMessagingSession() {
        if (this.dataProvider != null) {
            BasicLogger.log(this, "discard key material", LogLevel.DEBUG);
            this.dataProvider = null;
        } else {
            BasicLogger.log(this, "no data provider present, nothing to discard", LogLevel.TRACE);
        }
        if (this.processingData != null) {
            this.processingData.addUpdatePropagation(this, "Inform the SecStatus about the ended secure messaging session", new SecStatusEventUpdatePropagation(SecurityEvent.SECURE_MESSAGING_SESSION_ENDED));
        }
    }

    private void setDataProvider(SmDataProvider smDataProvider) {
        BasicLogger.log(this, "still active SM data provider is:\n" + this.dataProvider, LogLevel.TRACE);
        smDataProvider.init(this.dataProvider);
        this.dataProvider = smDataProvider;
        BasicLogger.log(this, "updated SM data provider", LogLevel.TRACE);
        BasicLogger.log(this, "new active SM data provider is:\n" + this.dataProvider, LogLevel.TRACE);
    }

    public static byte[] unpadData(byte[] bArr, int i) {
        if (bArr == null) {
            throw new NullPointerException("padded data must not be null");
        }
        if (i < 1) {
            throw new IllegalArgumentException("block size must be > 0");
        }
        if (bArr.length < 1) {
            throw new IllegalArgumentException("padded data is too short");
        }
        int length = bArr.length - 1;
        for (int i2 = 0; i2 < i; i2++) {
            byte b = bArr[length];
            if (b != 0) {
                if (b != Byte.MIN_VALUE) {
                    throw new IllegalArgumentException("invalid padding");
                }
                byte[] bArr2 = new byte[length - 0];
                System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
                return bArr2;
            }
            length--;
        }
        throw new IllegalArgumentException("invalid padding");
    }

    public CommandApdu extractPlainTextAPDU() {
        BasicLogger.log(this, "started extracting SM APDU", LogLevel.TRACE);
        if (this.processingData.getCommandApdu().getIsoCase() != 4) {
            throw new IllegalArgumentException("SM APDU is expected to be ISO case 4");
        }
        if (!(this.processingData.getCommandApdu() instanceof IsoSecureMessagingCommandApdu)) {
            throw new IllegalArgumentException("SM APDU is expected to be an IsoSecureMessagingCommandApdu");
        }
        TlvDataObjectContainer commandDataObjectContainer = this.processingData.getCommandApdu().getCommandDataObjectContainer();
        TlvDataObject tlvDataObject = commandDataObjectContainer.getTlvDataObject(TAG_8E);
        BasicLogger.log(this, "TLV object 8E is: " + tlvDataObject, LogLevel.TRACE);
        if (tlvDataObject == null) {
            this.processingData.updateResponseAPDU(this, "SM APDU is expected to contain tag 8E (mac)", new ResponseApdu(Iso7816.SW_6987_EXPECTED_SM_DATA_OBJECTS_MISSING));
            throw new IllegalArgumentException("SM APDU is expected to contain tag 8E (mac)");
        }
        TlvDataObject tlvDataObject2 = this.processingData.getCommandApdu().getIns() % 2 == 0 ? commandDataObjectContainer.getTlvDataObject(TAG_87) : commandDataObjectContainer.getTlvDataObject(TAG_85);
        TlvDataObject tlvDataObject3 = commandDataObjectContainer.getTlvDataObject(TAG_97);
        char c = tlvDataObject2 == null ? tlvDataObject3 == null ? (char) 1 : (char) 2 : tlvDataObject3 == null ? (char) 3 : (char) 4;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (this.processingData.getCommandApdu().isExtendedLength()) {
            byteArrayOutputStream.write(0);
        }
        if (c > 2) {
            BasicLogger.log(this, "Cryptogram is: " + tlvDataObject2);
            byte[] encryptedDataFromFormattedEncryptedData = getEncryptedDataFromFormattedEncryptedData(tlvDataObject2);
            BasicLogger.log(this, "encrypted data is: " + HexString.encode(encryptedDataFromFormattedEncryptedData));
            BasicLogger.log(this, "used cipher iv is     : " + HexString.encode(this.dataProvider.getCipherIv().getIV()));
            BasicLogger.log(this, "decrypted cipher iv is: " + HexString.encode(CryptoSupport.decryptWithIvZero(this.dataProvider.getCipher(), this.dataProvider.getCipherIv().getIV(), this.dataProvider.getKeyEnc())));
            byte[] decrypt = CryptoSupport.decrypt(this.dataProvider.getCipher(), encryptedDataFromFormattedEncryptedData, this.dataProvider.getKeyEnc(), this.dataProvider.getCipherIv());
            BasicLogger.log(this, "padded data is: " + HexString.encode(decrypt));
            byte[] unpadPlainTextData = unpadPlainTextData(decrypt);
            BasicLogger.log(this, "plain text data is: " + HexString.encode(unpadPlainTextData));
            try {
                if (this.processingData.getCommandApdu().isExtendedLength()) {
                    byteArrayOutputStream.write(Utils.toUnsignedByteArray((short) unpadPlainTextData.length));
                } else {
                    byteArrayOutputStream.write(unpadPlainTextData.length);
                }
                byteArrayOutputStream.write(unpadPlainTextData);
            } catch (IOException e) {
                BasicLogger.logException(this, e);
            }
        }
        if (c == 2 || c == 4) {
            BasicLogger.log(this, "TLV object 97 is: " + tlvDataObject3, LogLevel.TRACE);
            byte[] valueField = tlvDataObject3.getValueField();
            if (this.processingData.getCommandApdu().isExtendedLength() && valueField.length == 1) {
                valueField = new byte[]{0, valueField[0]};
            }
            try {
                byteArrayOutputStream.write(valueField);
            } catch (IOException e2) {
                BasicLogger.logException(this, e2);
            }
        }
        CommandApdu rewrapApdu = ((IsoSecureMessagingCommandApdu) this.processingData.getCommandApdu()).rewrapApdu((byte) 0, byteArrayOutputStream.toByteArray());
        BasicLogger.log(this, "completed extracting SM APDU", LogLevel.TRACE);
        return rewrapApdu;
    }

    public byte[] getEncryptedDataFromFormattedEncryptedData(TlvDataObject tlvDataObject) {
        byte[] valueField = tlvDataObject.getValueField();
        return tlvDataObject.getTlvTag().equals(TAG_87) ? Arrays.copyOfRange(valueField, 1, valueField.length) : Arrays.copyOf(valueField, valueField.length);
    }

    @Override // de.persosim.simulator.platform.Layer
    public String getLayerName() {
        return SECUREMESSAGING;
    }

    public void handleUpdatePropagations() {
        Iterator<UpdatePropagation> it = this.processingData.getUpdatePropagations(SmDataProvider.class).iterator();
        while (it.hasNext()) {
            UpdatePropagation next = it.next();
            if (next != null && (next instanceof SmDataProvider)) {
                setDataProvider((SmDataProvider) next);
            }
        }
    }

    @Override // de.persosim.simulator.platform.Layer
    public void initializeForUse() {
    }

    public boolean isSmWrappingApplicable() {
        CommandApdu commandApdu = this.processingData.getCommandApdu();
        if (!(commandApdu instanceof IsoSecureMessagingCommandApdu)) {
            BasicLogger.log(this, "descending APDU is does not support iso secure messaging", LogLevel.TRACE);
            return false;
        }
        if (((IsoSecureMessagingCommandApdu) commandApdu).wasSecureMessaging() && ((IsoSecureMessagingCommandApdu) commandApdu).getSecureMessaging() != 0) {
            BasicLogger.log(this, "descending APDU was sm secured but not unwrapped properly", LogLevel.TRACE);
            return false;
        }
        if (this.dataProvider != null) {
            return true;
        }
        BasicLogger.log(this, "no secure messaging session is established (no secure messaging data provider is set)", LogLevel.TRACE);
        return false;
    }

    public byte[] padAndMac(TlvDataObjectContainer tlvDataObjectContainer) {
        byte[] padDataForMac = padDataForMac(tlvDataObjectContainer.toByteArray());
        BasicLogger.log(this, "data to be maced is: " + HexString.encode(padDataForMac));
        return CryptoSupport.mac(this.dataProvider.getMac(), this.dataProvider.getMacAuxiliaryData(), this.dataProvider.getCipher(), padDataForMac, this.dataProvider.getKeyMac(), this.dataProvider.getMacLength().intValue());
    }

    protected byte[] padData(byte[] bArr) {
        return CryptoUtil.padData(bArr, this.dataProvider.getCipher().getBlockSize());
    }

    public byte[] padDataForMac(byte[] bArr) {
        return CryptoUtil.padData(bArr, this.dataProvider.getCipher().getBlockSize());
    }

    @Override // de.persosim.simulator.platform.Layer
    public void powerOn() {
        super.powerOn();
        discardSecureMessagingSession();
    }

    @Override // de.persosim.simulator.platform.Layer
    public void processAscending() {
        if (!(this.processingData.getCommandApdu() instanceof IsoSecureMessagingCommandApdu)) {
            BasicLogger.log(this, "don't process non interindustry APDU", LogLevel.TRACE);
        } else {
            if (((IsoSecureMessagingCommandApdu) this.processingData.getCommandApdu()).getSecureMessaging() != 0) {
                if (this.dataProvider == null) {
                    BasicLogger.log(this, "No SmDataProvider available", LogLevel.ERROR);
                    this.processingData.notifySimulatorEventListeners(new DecodedCommandApduEvent(this.processingData.getCommandApdu().toByteArray()));
                    this.processingData.updateResponseAPDU(this, "SecureMessaging not properly initialized", new ResponseApdu(Iso7816.SW_6985_CONDITIONS_OF_USE_NOT_SATISFIED));
                    return;
                }
                if (!processIncomingSmApdu()) {
                    discardSecureMessagingSession();
                    return;
                }
                this.processingData.addUpdatePropagation(this, "init SM", new SecStatusMechanismUpdatePropagation(SecStatus.SecContext.APPLICATION, this.dataProvider.getSmDataProviderGenerator()));
                this.processingData.notifySimulatorEventListeners(new DecodedCommandApduEvent(this.processingData.getCommandApdu().toByteArray()));
                BasicLogger.log(this, "successfully processed ascending secured APDU", LogLevel.TRACE);
                return;
            }
            BasicLogger.log(this, "don't process ascending unsecured APDU", LogLevel.TRACE);
        }
        this.processingData.notifySimulatorEventListeners(new DecodedCommandApduEvent(this.processingData.getCommandApdu().toByteArray()));
        if (this.dataProvider != null) {
            BasicLogger.log(this, "discard key material", LogLevel.DEBUG);
            discardSecureMessagingSession();
        }
    }

    @Override // de.persosim.simulator.platform.Layer
    public void processDescending() {
        this.processingData.notifySimulatorEventListeners(new DecodedResponseApduEvent(this.processingData.getResponseApdu().toByteArray()));
        if (isSmWrappingApplicable()) {
            processOutgoingSmApdu();
        }
        BasicLogger.log(this, "successfully processed descending APDU", LogLevel.TRACE);
        handleUpdatePropagations();
    }

    public boolean processIncomingSmApdu() {
        CommandApdu extractPlainTextAPDU;
        BasicLogger.log(this, "start processing SM APDU", LogLevel.TRACE);
        this.dataProvider.nextIncoming();
        CommandApdu commandApdu = this.processingData.getCommandApdu();
        BasicLogger.log(this, "Incoming SM APDU is: " + commandApdu.toString(), LogLevel.DEBUG);
        BasicLogger.log(this, "Incoming SM APDU is ISO case: " + ((int) commandApdu.getIsoCase()), LogLevel.DEBUG);
        try {
            extractPlainTextAPDU = extractPlainTextAPDU();
            BasicLogger.log(this, "plain text APDU is " + extractPlainTextAPDU, LogLevel.DEBUG);
        } catch (RuntimeException e) {
            BasicLogger.log(this, "failure while processing incoming APDU", LogLevel.ERROR);
            BasicLogger.logException(this, e, LogLevel.ERROR);
            this.processingData.updateResponseAPDU(this, "decoding sm APDU failed", new ResponseApdu(Iso7816.SW_6988_INCORRECT_SM_DATA_OBJECTS));
        }
        if (verifyMac()) {
            BasicLogger.log(this, "verification of mac: correct", LogLevel.DEBUG);
            this.processingData.updateCommandApdu(this, "SM APDU extracted", extractPlainTextAPDU);
            BasicLogger.log(this, "completed processing SM APDU");
            return true;
        }
        BasicLogger.log(this, "verification of mac: failed", LogLevel.ERROR);
        this.processingData.updateResponseAPDU(this, "MAC verification failed", new ResponseApdu(Iso7816.SW_6988_INCORRECT_SM_DATA_OBJECTS));
        BasicLogger.log(this, "completed processing SM APDU with secure messaging failure");
        return false;
    }

    public void processOutgoingSmApdu() {
        BasicLogger.log(this, "START encryption of outgoing SM APDU");
        this.dataProvider.nextOutgoing();
        TlvDataObjectContainer tlvDataObjectContainer = new TlvDataObjectContainer();
        TlvValue data = this.processingData.getResponseApdu().getData();
        if (data == null || data.getLength() <= 0) {
            BasicLogger.log(this, "APDU to be sent contains NO data", LogLevel.DEBUG);
        } else {
            BasicLogger.log(this, "APDU to be sent contains data", LogLevel.TRACE);
            byte[] byteArray = data.toByteArray();
            BasicLogger.log(this, "data to be padded is: " + HexString.encode(byteArray), LogLevel.TRACE);
            byte[] padData = padData(byteArray);
            BasicLogger.log(this, "padded data is: " + HexString.encode(padData), LogLevel.DEBUG);
            BasicLogger.log(this, "block size is: " + this.dataProvider.getCipher().getBlockSize(), LogLevel.DEBUG);
            byte[] encrypt = CryptoSupport.encrypt(this.dataProvider.getCipher(), padData, this.dataProvider.getKeyEnc(), this.dataProvider.getCipherIv());
            BasicLogger.log(this, "encrypted data is: " + HexString.encode(encrypt), LogLevel.DEBUG);
            if (((byte) (this.processingData.getCommandApdu().getIns() & 1)) == 1) {
                tlvDataObjectContainer.addTlvDataObject(new PrimitiveTlvDataObject(TAG_85, encrypt));
            } else {
                byte[] bArr = new byte[padData.length + 1];
                System.arraycopy(encrypt, 0, bArr, 1, encrypt.length);
                bArr[0] = 1;
                tlvDataObjectContainer.addTlvDataObject(new PrimitiveTlvDataObject(TAG_87, bArr));
            }
        }
        tlvDataObjectContainer.addTlvDataObject(new PrimitiveTlvDataObject(TAG_99, Utils.toUnsignedByteArray(this.processingData.getResponseApdu().getStatusWord())));
        tlvDataObjectContainer.addTlvDataObject(new PrimitiveTlvDataObject(TAG_8E, padAndMac(tlvDataObjectContainer)));
        this.processingData.updateResponseAPDU(this, "Encrypted outgoing SM APDU", new ResponseApdu(tlvDataObjectContainer, this.processingData.getResponseApdu().getStatusWord()));
    }

    public byte[] unpadPlainTextData(byte[] bArr) {
        return unpadData(bArr, this.dataProvider.getCipher().getBlockSize());
    }

    public boolean verifyMac() {
        BasicLogger.log(this, "started verifying SM APDU", LogLevel.TRACE);
        byte[] header = this.processingData.getCommandApdu().getHeader();
        if (this.processingData.getCommandApdu().getIsoCase() != 4) {
            throw new IllegalArgumentException("SM APDU is expected to be ISO case 4");
        }
        TlvDataObjectContainer commandDataObjectContainer = this.processingData.getCommandApdu().getCommandDataObjectContainer();
        TlvDataObject tlvDataObject = commandDataObjectContainer.getTlvDataObject(TAG_8E);
        BasicLogger.log(this, "TLV object 8E is: " + tlvDataObject, LogLevel.TRACE);
        if (tlvDataObject == null) {
            throw new IllegalArgumentException("SM APDU is expected to contain tag 8E (mac)");
        }
        TlvDataObject tlvDataObject2 = this.processingData.getCommandApdu().getIns() % 2 == 0 ? commandDataObjectContainer.getTlvDataObject(TAG_87) : commandDataObjectContainer.getTlvDataObject(TAG_85);
        TlvDataObject tlvDataObject3 = commandDataObjectContainer.getTlvDataObject(TAG_97);
        char c = tlvDataObject2 == null ? tlvDataObject3 == null ? (char) 1 : (char) 2 : tlvDataObject3 == null ? (char) 3 : (char) 4;
        if (c == 2 || c == 4) {
            BasicLogger.log(this, "TLV object 97 is: " + tlvDataObject3, LogLevel.TRACE);
        }
        if (c > 2) {
            BasicLogger.log(this, "Cryptogram is: " + tlvDataObject2, LogLevel.TRACE);
        }
        int blockSize = this.dataProvider.getCipher().getBlockSize();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[blockSize - header.length];
        Arrays.fill(bArr, (byte) 0);
        bArr[0] = Byte.MIN_VALUE;
        try {
            byteArrayOutputStream.write(header);
            byteArrayOutputStream.write(bArr);
        } catch (IOException e) {
            BasicLogger.logException(this, e);
        }
        if (c > 2) {
            try {
                byteArrayOutputStream.write(tlvDataObject2.toByteArray());
            } catch (IOException e2) {
                BasicLogger.logException(this, e2);
            }
        }
        if (c == 2 || c == 4) {
            try {
                byteArrayOutputStream.write(tlvDataObject3.toByteArray());
            } catch (IOException e3) {
                BasicLogger.logException(this, e3);
            }
        }
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        if (c > 1) {
            byteArray = padDataForMac(byteArray);
            BasicLogger.log(this, "padding of mac input data is " + HexString.encode(byteArray), LogLevel.TRACE);
        }
        BasicLogger.log(this, "padded mac input is " + HexString.encode(byteArray), LogLevel.TRACE);
        byte[] mac = CryptoSupport.mac(this.dataProvider.getMac(), this.dataProvider.getMacAuxiliaryData(), this.dataProvider.getCipher(), byteArray, this.dataProvider.getKeyMac(), this.dataProvider.getMacLength().intValue());
        BasicLogger.log(this, "expected mac is : " + HexString.encode(mac), LogLevel.DEBUG);
        byte[] valueField = tlvDataObject.getValueField();
        BasicLogger.log(this, "extracted mac is: " + HexString.encode(valueField), LogLevel.DEBUG);
        if (Arrays.equals(mac, valueField)) {
            BasicLogger.log(this, "mac match", LogLevel.DEBUG);
            return true;
        }
        BasicLogger.log(this, "mac mismatch", LogLevel.ERROR);
        return false;
    }
}
