package de.persosim.simulator.protocols.ta;

import de.persosim.simulator.apdu.IsoSecureMessagingCommandApdu;
import de.persosim.simulator.apdu.ResponseApdu;
import de.persosim.simulator.cardobjects.CardObject;
import de.persosim.simulator.cardobjects.CardObjectUtils;
import de.persosim.simulator.cardobjects.DateTimeCardObject;
import de.persosim.simulator.cardobjects.MasterFile;
import de.persosim.simulator.cardobjects.TrustPointCardObject;
import de.persosim.simulator.cardobjects.TrustPointIdentifier;
import de.persosim.simulator.cardobjects.TypeIdentifier;
import de.persosim.simulator.crypto.CryptoUtil;
import de.persosim.simulator.crypto.certificates.CardVerifiableCertificate;
import de.persosim.simulator.crypto.certificates.CertificateExtension;
import de.persosim.simulator.crypto.certificates.ExtensionOid;
import de.persosim.simulator.crypto.certificates.PublicKeyReference;
import de.persosim.simulator.exception.CarParameterInvalidException;
import de.persosim.simulator.exception.CertificateNotParseableException;
import de.persosim.simulator.exception.CertificateUpdateException;
import de.persosim.simulator.exception.ProcessingException;
import de.persosim.simulator.platform.Iso7816;
import de.persosim.simulator.protocols.AbstractProtocolStateMachine;
import de.persosim.simulator.protocols.GenericOid;
import de.persosim.simulator.protocols.Oid;
import de.persosim.simulator.protocols.SecInfoPublicity;
import de.persosim.simulator.secstatus.AuthorizationStore;
import de.persosim.simulator.secstatus.ConfinedAuthorizationMechanism;
import de.persosim.simulator.secstatus.EffectiveAuthorizationMechanism;
import de.persosim.simulator.secstatus.PaceMechanism;
import de.persosim.simulator.secstatus.SecMechanism;
import de.persosim.simulator.secstatus.SecStatus;
import de.persosim.simulator.secstatus.SecStatusMechanismUpdatePropagation;
import de.persosim.simulator.tlv.Asn1;
import de.persosim.simulator.tlv.ConstructedTlvDataObject;
import de.persosim.simulator.tlv.PrimitiveTlvDataObject;
import de.persosim.simulator.tlv.TlvConstants;
import de.persosim.simulator.tlv.TlvDataObject;
import de.persosim.simulator.tlv.TlvDataObjectContainer;
import de.persosim.simulator.tlv.TlvTag;
import de.persosim.simulator.tlv.TlvValuePlain;
import de.persosim.simulator.utils.HexString;
import de.persosim.simulator.utils.Utils;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.ECPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.globaltester.logging.BasicLogger;

/* loaded from: classes6.dex */
public abstract class AbstractTaProtocol extends AbstractProtocolStateMachine implements TlvConstants {
    public static final byte APDU_GET_NONCE = 1;
    public static final byte APDU_MAP_NONCE = 2;
    public static final byte APDU_MUTUAL_AUTHENTICATE = 4;
    public static final byte APDU_PERFORM_KEY_AGREEMENT = 3;
    public static final byte APDU_SET_AT = 0;
    public static final byte COMMAND_EXTERNAL_AUTHENTICATE = 65;
    public static final byte COMMAND_GET_CHALLENGE = 66;
    public static final byte COMMAND_PSO = 67;
    public static final byte COMMAND_SET_DST = 64;
    public static final byte MASK_SFI_BYTE = Byte.MIN_VALUE;
    public static final short P1P2_0000_NO_FURTHER_INFORMATION = 0;
    public static final short P1P2_00BE_VERIFY_CERTIFICATE = 190;
    public static final short P1P2_81B6_SET_DST = -32330;
    public static final short P1P2_C1A4_SET_AT = -15964;
    protected AuthorizationStore authorizationStore;
    private List<AuthenticatedAuxiliaryData> auxiliaryData;
    protected byte[] challenge;
    private byte[] compressedTerminalEphemeralPublicKey;
    private TaOid cryptographicMechanismReference;
    protected CardVerifiableCertificate currentCertificate;
    private byte[] firstSectorPublicKeyHash;
    private CardVerifiableCertificate mostRecentTemporaryCertificate;
    private byte[] secondSectorPublicKeyHash;
    private SecureRandom secureRandom;
    private TerminalType terminalType;
    private TrustPointCardObject trustPoint;

    public AbstractTaProtocol() {
        super("TA");
        this.secureRandom = new SecureRandom();
        this.authorizationStore = null;
    }

    private boolean checkSignature(TaOid taOid, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        BasicLogger.log(this, "Verifying signature:");
        Signature signature = taOid.getSignature();
        if (signature != null) {
            signature.initVerify(publicKey);
            signature.update(bArr);
            BasicLogger.log(this, "Data to verify:\n" + HexString.dump(bArr));
            BasicLogger.log(this, "Unprocessed signature data:\n" + HexString.dump(bArr2));
            if (publicKey instanceof ECPublicKey) {
                bArr2 = CryptoUtil.restoreAsn1SignatureStructure(bArr2).toByteArray();
            }
            BasicLogger.log(this, "Processed signature data  :\n" + HexString.dump(bArr2));
            if (signature.verify(bArr2)) {
                BasicLogger.log(this, "Verification OK");
                return true;
            }
        } else {
            BasicLogger.log(this, "No signature found for OID");
        }
        BasicLogger.log(this, "Verification failed");
        return false;
    }

    protected static boolean checkValidity(CardVerifiableCertificate cardVerifiableCertificate, CardVerifiableCertificate cardVerifiableCertificate2, Date date) {
        if (isCvcaCertificate(cardVerifiableCertificate2)) {
            if (isCvcaCertificate(cardVerifiableCertificate)) {
                return true;
            }
            if (!date.after(cardVerifiableCertificate2.getExpirationDate()) && !date.after(cardVerifiableCertificate.getExpirationDate())) {
                return true;
            }
        } else if (date.before(cardVerifiableCertificate.getExpirationDate()) || date.equals(cardVerifiableCertificate.getExpirationDate())) {
            return true;
        }
        return false;
    }

    private void extractTerminalSector(CardVerifiableCertificate cardVerifiableCertificate) {
        for (CertificateExtension certificateExtension : cardVerifiableCertificate.getCertificateExtensions()) {
            if (certificateExtension.getObjectIdentifier().equals(ExtensionOid.id_Sector)) {
                if (certificateExtension.getDataObjects().containsTlvDataObject(TlvConstants.TAG_80)) {
                    this.firstSectorPublicKeyHash = certificateExtension.getDataObjects().getTlvDataObject(TlvConstants.TAG_80).getValueField();
                }
                if (certificateExtension.getDataObjects().containsTlvDataObject(TlvConstants.TAG_81)) {
                    this.secondSectorPublicKeyHash = certificateExtension.getDataObjects().getTlvDataObject(TlvConstants.TAG_81).getValueField();
                }
            }
        }
    }

    private DateTimeCardObject getCurrentDate() {
        return (DateTimeCardObject) CardObjectUtils.getSpecificChild(this.cardState.getMasterFile(), new TypeIdentifier(DateTimeCardObject.class));
    }

    private void importCertificate(CardVerifiableCertificate cardVerifiableCertificate, CardVerifiableCertificate cardVerifiableCertificate2) throws CertificateUpdateException {
        updateDate(cardVerifiableCertificate, cardVerifiableCertificate2, getCurrentDate());
        if (isCvcaCertificate(cardVerifiableCertificate)) {
            permanentImport(cardVerifiableCertificate);
        } else if (isDvCertificate(cardVerifiableCertificate) || isTerminalCertificate(cardVerifiableCertificate)) {
            temporaryImport(cardVerifiableCertificate);
        }
    }

    protected static boolean isCertificateIssuerValid(CardVerifiableCertificate cardVerifiableCertificate, CardVerifiableCertificate cardVerifiableCertificate2) throws CertificateNotParseableException {
        if ((isCvcaCertificate(cardVerifiableCertificate) || isDvCertificate(cardVerifiableCertificate)) && !isCvcaCertificate(cardVerifiableCertificate2)) {
            return false;
        }
        return !isTerminalCertificate(cardVerifiableCertificate) || isDvCertificate(cardVerifiableCertificate2);
    }

    private static boolean isCvcaCertificate(CardVerifiableCertificate cardVerifiableCertificate) {
        return cardVerifiableCertificate.getCertificateHolderAuthorizationTemplate().getRelativeAuthorization().getRole().equals(CertificateRole.CVCA);
    }

    private static boolean isDomesticDvCertificate(CardVerifiableCertificate cardVerifiableCertificate) {
        return cardVerifiableCertificate.getCertificateHolderAuthorizationTemplate().getRelativeAuthorization().getRole().equals(CertificateRole.DV_TYPE_1);
    }

    private static boolean isDvCertificate(CardVerifiableCertificate cardVerifiableCertificate) {
        return cardVerifiableCertificate.getCertificateHolderAuthorizationTemplate().getRelativeAuthorization().getRole().equals(CertificateRole.DV_TYPE_1) || cardVerifiableCertificate.getCertificateHolderAuthorizationTemplate().getRelativeAuthorization().getRole().equals(CertificateRole.DV_TYPE_2);
    }

    public static boolean isTerminalCertificate(CardVerifiableCertificate cardVerifiableCertificate) {
        return cardVerifiableCertificate.getCertificateHolderAuthorizationTemplate().getRelativeAuthorization().getRole().equals(CertificateRole.TERMINAL);
    }

    private void permanentImport(CardVerifiableCertificate cardVerifiableCertificate) throws CertificateUpdateException {
        if (this.trustPoint != null) {
            this.trustPoint.updateTrustpoint(cardVerifiableCertificate);
        }
    }

    private void temporaryImport(CardVerifiableCertificate cardVerifiableCertificate) {
        this.mostRecentTemporaryCertificate = cardVerifiableCertificate;
        this.currentCertificate = this.mostRecentTemporaryCertificate;
    }

    protected static void updateDate(CardVerifiableCertificate cardVerifiableCertificate, CardVerifiableCertificate cardVerifiableCertificate2, DateTimeCardObject dateTimeCardObject) {
        if (dateTimeCardObject.getDate().before(cardVerifiableCertificate.getEffectiveDate())) {
            if (isCvcaCertificate(cardVerifiableCertificate) || isDomesticDvCertificate(cardVerifiableCertificate) || isDomesticDvCertificate(cardVerifiableCertificate2)) {
                dateTimeCardObject.update(cardVerifiableCertificate.getEffectiveDate());
            }
        }
    }

    protected void assertPublicKeyReferenceDataMatchesCertificate(TlvDataObjectContainer tlvDataObjectContainer, CardVerifiableCertificate cardVerifiableCertificate) {
        TlvDataObject tlvDataObject = tlvDataObjectContainer.getTlvDataObject(TlvConstants.TAG_83);
        if (tlvDataObject == null) {
            throw new ProcessingException(Iso7816.SW_6A80_WRONG_DATA, "The public key reference data is missing");
        }
        try {
            if (cardVerifiableCertificate.getCertificateHolderReference().equals(new PublicKeyReference(tlvDataObject))) {
            } else {
                throw new ProcessingException(Iso7816.SW_6A88_REFERENCE_DATA_NOT_FOUND, "The referenced public key could not be found");
            }
        } catch (CarParameterInvalidException e) {
            throw new ProcessingException(Iso7816.SW_6A80_WRONG_DATA, "The public key reference data is invalid");
        }
    }

    protected boolean checkSecureMessagingApdu() {
        if (!(this.processingData.getCommandApdu() instanceof IsoSecureMessagingCommandApdu)) {
            this.processingData.updateResponseAPDU(this, "This APDU should not have reached this point in processing, check for the correct APDU type processing in the APDU factory", new ResponseApdu(Iso7816.SW_6FFF_IMPLEMENTATION_ERROR));
            return false;
        }
        if (((IsoSecureMessagingCommandApdu) this.processingData.getCommandApdu()).wasSecureMessaging()) {
            return true;
        }
        this.processingData.updateResponseAPDU(this, "TA must be executed in secure messaging", new ResponseApdu(Iso7816.SW_6982_SECURITY_STATUS_NOT_SATISFIED));
        return false;
    }

    protected byte[] extractCompressedEphemeralPublicKeyTerminal(TlvDataObjectContainer tlvDataObjectContainer) {
        TlvDataObject tlvDataObject = tlvDataObjectContainer.getTlvDataObject(TlvConstants.TAG_91);
        if (tlvDataObject != null) {
            return tlvDataObject.getValueField();
        }
        throw new ProcessingException(Iso7816.SW_6A80_WRONG_DATA, "The ephemeral public key reference data is missing");
    }

    protected List<CertificateExtension> extractExtensions(CardVerifiableCertificate cardVerifiableCertificate) {
        return cardVerifiableCertificate.getCertificateExtensions();
    }

    public HashMap<Oid, Authorization> getAuthorizationsFromCertificate(CardVerifiableCertificate cardVerifiableCertificate) {
        HashMap<Oid, Authorization> hashMap = new HashMap<>();
        CertificateHolderAuthorizationTemplate certificateHolderAuthorizationTemplate = cardVerifiableCertificate.getCertificateHolderAuthorizationTemplate();
        hashMap.put(certificateHolderAuthorizationTemplate.getTerminalType().getAsOid(), certificateHolderAuthorizationTemplate.getRelativeAuthorization());
        return hashMap;
    }

    protected TaOid getCryptographicMechanismReference(TlvDataObjectContainer tlvDataObjectContainer) {
        TlvDataObject tlvDataObject = tlvDataObjectContainer.getTlvDataObject(TlvConstants.TAG_80);
        if (tlvDataObject == null) {
            throw new ProcessingException(Iso7816.SW_6A88_REFERENCE_DATA_NOT_FOUND, "The public key reference data is missing");
        }
        try {
            return new TaOid(new PrimitiveTlvDataObject(TlvConstants.TAG_06, tlvDataObject.getValueField()).getValueField());
        } catch (IllegalArgumentException e) {
            throw new ProcessingException(Iso7816.SW_6A80_WRONG_DATA, "The cryptographic mechanism reference encoding is invalid");
        }
    }

    protected byte[] getIdIcc() {
        HashSet hashSet = new HashSet();
        hashSet.add(PaceMechanism.class);
        Collection<SecMechanism> currentMechanisms = this.cardState.getCurrentMechanisms(SecStatus.SecContext.APPLICATION, hashSet);
        if (currentMechanisms.isEmpty()) {
            throw new ProcessingException(Iso7816.SW_6985_CONDITIONS_OF_USE_NOT_SATISFIED, "No protocol providing data for ID_PICC calculation was run");
        }
        return ((PaceMechanism) currentMechanisms.toArray()[0]).getCompressedEphemeralPublicKeyChip();
    }

    protected AuthorizationStore getInitialAuthorizations(CardVerifiableCertificate cardVerifiableCertificate) {
        HashSet hashSet = new HashSet();
        hashSet.add(ConfinedAuthorizationMechanism.class);
        Collection<SecMechanism> currentMechanisms = this.cardState.getCurrentMechanisms(SecStatus.SecContext.APPLICATION, hashSet);
        if (currentMechanisms.size() == 1) {
            return this.authorizationStore == null ? ((ConfinedAuthorizationMechanism) currentMechanisms.iterator().next()).getAuthorizationStore() : this.authorizationStore;
        }
        return null;
    }

    protected byte getProtocolVersion() {
        return (byte) 2;
    }

    @Override // de.persosim.simulator.protocols.AbstractProtocolStateMachine, de.persosim.simulator.protocols.Protocol
    public Collection<TlvDataObject> getSecInfos(SecInfoPublicity secInfoPublicity, MasterFile masterFile) {
        ConstructedTlvDataObject constructedTlvDataObject = new ConstructedTlvDataObject(new TlvTag(Asn1.SEQUENCE));
        PrimitiveTlvDataObject primitiveTlvDataObject = new PrimitiveTlvDataObject(new TlvTag((byte) 6), new TlvValuePlain(TaOid.id_TA.toByteArray()));
        PrimitiveTlvDataObject primitiveTlvDataObject2 = new PrimitiveTlvDataObject(new TlvTag((byte) 2), new TlvValuePlain(new byte[]{getProtocolVersion()}));
        constructedTlvDataObject.addTlvDataObject(primitiveTlvDataObject);
        constructedTlvDataObject.addTlvDataObject(primitiveTlvDataObject2);
        HashSet hashSet = new HashSet();
        hashSet.add(constructedTlvDataObject);
        return hashSet;
    }

    protected TerminalType getTerminalType() {
        HashSet hashSet = new HashSet();
        hashSet.add(PaceMechanism.class);
        Collection<SecMechanism> currentMechanisms = this.cardState.getCurrentMechanisms(SecStatus.SecContext.APPLICATION, hashSet);
        if (currentMechanisms.size() == 1) {
            try {
                return TerminalType.getFromOid(((PaceMechanism) currentMechanisms.iterator().next()).getOidForTa());
            } catch (IllegalArgumentException e) {
                throw new ProcessingException(Iso7816.SW_6982_SECURITY_STATUS_NOT_SATISFIED, "Previous Pace protocol did not provide information about terminal type");
            }
        }
        if (currentMechanisms.isEmpty()) {
            throw new ProcessingException(Iso7816.SW_6982_SECURITY_STATUS_NOT_SATISFIED, "Missing previous execution of PACE protocol");
        }
        throw new ProcessingException(Iso7816.SW_6FFF_IMPLEMENTATION_ERROR, "Previous execution of PACE protocol is ambiguous");
    }

    protected void handleSuccessfulTerminalAuthentication(CardVerifiableCertificate cardVerifiableCertificate) {
        List<CertificateExtension> extractExtensions = extractExtensions(this.currentCertificate);
        extractTerminalSector(cardVerifiableCertificate);
        this.processingData.addUpdatePropagation(this, "Updated security status with terminal authentication information", new SecStatusMechanismUpdatePropagation(SecStatus.SecContext.APPLICATION, new TerminalAuthenticationMechanism(this.compressedTerminalEphemeralPublicKey, this.terminalType, this.auxiliaryData, this.firstSectorPublicKeyHash, this.secondSectorPublicKeyHash, this.cryptographicMechanismReference.getHashAlgorithmName(), extractExtensions)));
        this.processingData.addUpdatePropagation(this, "Updated security status with terminal authentication information", new SecStatusMechanismUpdatePropagation(SecStatus.SecContext.APPLICATION, new EffectiveAuthorizationMechanism(this.authorizationStore)));
        this.processingData.updateResponseAPDU(this, "Command External Authenticate successfully processed", new ResponseApdu(Iso7816.SW_9000_NO_ERROR));
    }

    protected void handleSuccessfulVerification(CardVerifiableCertificate cardVerifiableCertificate) {
        updateAuthorizations(cardVerifiableCertificate);
    }

    protected boolean isTaAllowed() {
        HashSet hashSet = new HashSet();
        hashSet.add(TerminalAuthenticationMechanism.class);
        return this.cardState.getCurrentMechanisms(SecStatus.SecContext.APPLICATION, hashSet).isEmpty();
    }

    protected List<AuthenticatedAuxiliaryData> parseAuxiliaryData(TlvDataObjectContainer tlvDataObjectContainer) {
        ArrayList arrayList = new ArrayList();
        TlvDataObject tlvDataObject = tlvDataObjectContainer.getTlvDataObject(TlvConstants.TAG_67);
        if (tlvDataObject != null) {
            if (!(tlvDataObject instanceof ConstructedTlvDataObject)) {
                throw new ProcessingException(Iso7816.SW_6A80_WRONG_DATA, "Invalid encoding of the auxiliary data, authentication object is not constructed TLV");
            }
            Iterator<TlvDataObject> it = ((ConstructedTlvDataObject) tlvDataObject).getTlvDataObjectContainer().iterator();
            while (it.hasNext()) {
                TlvDataObject next = it.next();
                if (!(next instanceof ConstructedTlvDataObject) || !next.getTlvTag().equals(TlvConstants.TAG_73)) {
                    throw new ProcessingException(Iso7816.SW_6A80_WRONG_DATA, "Invalid encoding of the auxiliary data");
                }
                ConstructedTlvDataObject constructedTlvDataObject = (ConstructedTlvDataObject) next;
                try {
                    arrayList.add(new AuthenticatedAuxiliaryData(new GenericOid(constructedTlvDataObject.getTlvDataObject(TlvConstants.TAG_06).getValueField()), constructedTlvDataObject.getTlvDataObject(TlvConstants.TAG_53).getValueField()));
                } catch (IllegalArgumentException e) {
                    throw new ProcessingException(Iso7816.SW_6A80_WRONG_DATA, "Invalid encoding of the auxiliary data, object identifier not parseable");
                }
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:33:0x00d0 -> B:28:0x0026). Please report as a decompilation issue!!! */
    public void processCommandExternalAuthenticate() {
        try {
            if ((this.processingData.getCommandApdu() instanceof IsoSecureMessagingCommandApdu) && !((IsoSecureMessagingCommandApdu) this.processingData.getCommandApdu()).wasSecureMessaging()) {
                this.processingData.updateResponseAPDU(this, "TA must be executed in secure messaging", new ResponseApdu(Iso7816.SW_6982_SECURITY_STATUS_NOT_SATISFIED));
                return;
            }
            if (this.challenge == null) {
                this.processingData.updateResponseAPDU(this, "No challenge was generated, please call GetChallenge first", new ResponseApdu(Iso7816.SW_6985_CONDITIONS_OF_USE_NOT_SATISFIED));
                return;
            }
            if (!isTaAllowed()) {
                this.processingData.updateResponseAPDU(this, "execution of terminal authentication is not allowed", new ResponseApdu(Iso7816.SW_6982_SECURITY_STATUS_NOT_SATISFIED));
                return;
            }
            byte[] byteArray = this.processingData.getCommandApdu().getCommandData().toByteArray();
            byte[] concatByteArrays = Utils.concatByteArrays(getIdIcc(), this.challenge, this.compressedTerminalEphemeralPublicKey);
            if (this.auxiliaryData != null && !this.auxiliaryData.isEmpty()) {
                ConstructedTlvDataObject constructedTlvDataObject = new ConstructedTlvDataObject(TlvConstants.TAG_67);
                Iterator<AuthenticatedAuxiliaryData> it = this.auxiliaryData.iterator();
                while (it.hasNext()) {
                    constructedTlvDataObject.addTlvDataObject(it.next().getEncoded());
                }
                concatByteArrays = Utils.concatByteArrays(concatByteArrays, constructedTlvDataObject.toByteArray());
            }
            try {
                if (checkSignature(this.cryptographicMechanismReference, this.currentCertificate.getPublicKey(), concatByteArrays, byteArray)) {
                    handleSuccessfulTerminalAuthentication(this.currentCertificate);
                } else {
                    this.processingData.updateResponseAPDU(this, "The signature could not be verified", new ResponseApdu(Iso7816.SW_6300_AUTHENTICATION_FAILED));
                }
            } catch (InvalidKeyException e) {
                this.processingData.updateResponseAPDU(this, "The signature could not be verified", new ResponseApdu(Iso7816.SW_6FFF_IMPLEMENTATION_ERROR));
            } catch (NoSuchAlgorithmException e2) {
                this.processingData.updateResponseAPDU(this, "The signature could not be verified", new ResponseApdu(Iso7816.SW_6FFF_IMPLEMENTATION_ERROR));
            } catch (NoSuchProviderException e3) {
                this.processingData.updateResponseAPDU(this, "The signature could not be verified", new ResponseApdu(Iso7816.SW_6FFF_IMPLEMENTATION_ERROR));
            } catch (SignatureException e4) {
                this.processingData.updateResponseAPDU(this, "The signature could not be verified", new ResponseApdu(Iso7816.SW_6FFF_IMPLEMENTATION_ERROR));
            }
        } catch (ProcessingException e5) {
            this.processingData.updateResponseAPDU(this, e5.getMessage(), new ResponseApdu(e5.getStatusWord()));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processCommandGetChallenge() {
        if (checkSecureMessagingApdu()) {
            this.challenge = new byte[8];
            this.secureRandom.nextBytes(this.challenge);
            this.processingData.updateResponseAPDU(this, "Command GetChallenge successfully processed", new ResponseApdu(new TlvValuePlain(this.challenge), Iso7816.SW_9000_NO_ERROR));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processCommandPsoVerifyCertificate() {
        if (checkSecureMessagingApdu()) {
            TlvDataObjectContainer commandDataObjectContainer = this.processingData.getCommandApdu().getCommandDataObjectContainer();
            ConstructedTlvDataObject constructedTlvDataObject = (ConstructedTlvDataObject) commandDataObjectContainer.getTlvDataObject(TlvConstants.TAG_7F4E);
            PrimitiveTlvDataObject primitiveTlvDataObject = (PrimitiveTlvDataObject) commandDataObjectContainer.getTlvDataObject(TlvConstants.TAG_5F37);
            try {
                ConstructedTlvDataObject constructedTlvDataObject2 = new ConstructedTlvDataObject(TlvConstants.TAG_7F21);
                constructedTlvDataObject2.addTlvDataObject(constructedTlvDataObject, primitiveTlvDataObject);
                CardVerifiableCertificate cardVerifiableCertificate = new CardVerifiableCertificate(constructedTlvDataObject2);
                cardVerifiableCertificate.getPublicKey().updateKey(this.currentCertificate.getPublicKey());
                if (!cardVerifiableCertificate.getCertificationAuthorityReference().equals(this.currentCertificate.getCertificateHolderReference())) {
                    this.processingData.updateResponseAPDU(this, "Could not find fitting certificate (CAR invalid)", new ResponseApdu(Iso7816.SW_6A88_REFERENCE_DATA_NOT_FOUND));
                } else if (!isCertificateIssuerValid(cardVerifiableCertificate, this.currentCertificate)) {
                    this.processingData.updateResponseAPDU(this, "The certificate was issued by an invalid instance", new ResponseApdu(Iso7816.SW_6984_REFERENCE_DATA_NOT_USABLE));
                } else if (!checkSignature((TaOid) this.currentCertificate.getBody().getPublicKey().getCvOid(), this.currentCertificate.getPublicKey(), constructedTlvDataObject.toByteArray(), primitiveTlvDataObject.getValueField())) {
                    this.processingData.updateResponseAPDU(this, "Could not verify the certificate's signature", new ResponseApdu(Iso7816.SW_6984_REFERENCE_DATA_NOT_USABLE));
                } else if (checkValidity(cardVerifiableCertificate, this.currentCertificate, getCurrentDate().getDate())) {
                    try {
                        importCertificate(cardVerifiableCertificate, this.currentCertificate);
                        handleSuccessfulVerification(this.currentCertificate);
                        this.processingData.updateResponseAPDU(this, "Command PSO Verify Certificate successfully processed", new ResponseApdu(Iso7816.SW_9000_NO_ERROR));
                    } catch (CertificateUpdateException e) {
                        this.processingData.updateResponseAPDU(this, "Could not import the certificate", new ResponseApdu(Iso7816.SW_6984_REFERENCE_DATA_NOT_USABLE));
                    }
                } else {
                    this.processingData.updateResponseAPDU(this, "The certificate has an invalid date", new ResponseApdu(Iso7816.SW_6984_REFERENCE_DATA_NOT_USABLE));
                }
            } catch (CertificateNotParseableException e2) {
                this.processingData.updateResponseAPDU(this, "Could not verify the certificate", new ResponseApdu(Iso7816.SW_6984_REFERENCE_DATA_NOT_USABLE));
            } catch (InvalidKeyException e3) {
                this.processingData.updateResponseAPDU(this, "Could not verify the certificate", new ResponseApdu(Iso7816.SW_6984_REFERENCE_DATA_NOT_USABLE));
            } catch (NoSuchAlgorithmException e4) {
                this.processingData.updateResponseAPDU(this, "Could not verify the certificate", new ResponseApdu(Iso7816.SW_6984_REFERENCE_DATA_NOT_USABLE));
            } catch (NoSuchProviderException e5) {
                this.processingData.updateResponseAPDU(this, "Could not verify the certificate", new ResponseApdu(Iso7816.SW_6984_REFERENCE_DATA_NOT_USABLE));
            } catch (SignatureException e6) {
                this.processingData.updateResponseAPDU(this, "Could not verify the certificate", new ResponseApdu(Iso7816.SW_6984_REFERENCE_DATA_NOT_USABLE));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processCommandSetAt() {
        try {
            if (checkSecureMessagingApdu()) {
                TlvDataObjectContainer commandDataObjectContainer = this.processingData.getCommandApdu().getCommandDataObjectContainer();
                assertPublicKeyReferenceDataMatchesCertificate(commandDataObjectContainer, this.currentCertificate);
                this.cryptographicMechanismReference = getCryptographicMechanismReference(commandDataObjectContainer);
                this.auxiliaryData = parseAuxiliaryData(commandDataObjectContainer);
                this.compressedTerminalEphemeralPublicKey = extractCompressedEphemeralPublicKeyTerminal(commandDataObjectContainer);
                this.processingData.updateResponseAPDU(this, "Command SetAT successfully processed", new ResponseApdu(Iso7816.SW_9000_NO_ERROR));
            }
        } catch (ProcessingException e) {
            this.processingData.updateResponseAPDU(this, e.getMessage(), new ResponseApdu(e.getStatusWord()));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processCommandSetDst() {
        try {
            if (checkSecureMessagingApdu()) {
                TlvDataObject tlvDataObject = this.processingData.getCommandApdu().getCommandDataObjectContainer().getTlvDataObject(TlvConstants.TAG_83);
                if (tlvDataObject == null) {
                    this.processingData.updateResponseAPDU(this, "no public key reference found", new ResponseApdu(Iso7816.SW_6A88_REFERENCE_DATA_NOT_FOUND));
                    return;
                }
                byte[] valueField = tlvDataObject.getValueField();
                this.terminalType = getTerminalType();
                this.currentCertificate = null;
                if (this.mostRecentTemporaryCertificate != null && this.mostRecentTemporaryCertificate.getCertificateHolderReference() != null && Arrays.equals(valueField, this.mostRecentTemporaryCertificate.getCertificateHolderReference().getBytes())) {
                    this.currentCertificate = this.mostRecentTemporaryCertificate;
                }
                if (this.currentCertificate != null) {
                    this.processingData.updateResponseAPDU(this, "Command SetDST successfully processed, public key found in temporary imported certificate", new ResponseApdu(Iso7816.SW_9000_NO_ERROR));
                    return;
                }
                String str = "";
                CardObject specificChild = CardObjectUtils.getSpecificChild(this.cardState.getMasterFile(), new TrustPointIdentifier(this.terminalType));
                if (specificChild instanceof TrustPointCardObject) {
                    this.trustPoint = (TrustPointCardObject) specificChild;
                    if (this.trustPoint.getCurrentCertificate().getCertificateHolderReference() != null && Arrays.equals(this.trustPoint.getCurrentCertificate().getCertificateHolderReference().getBytes(), valueField)) {
                        this.currentCertificate = this.trustPoint.getCurrentCertificate();
                        str = "first";
                    } else if (this.trustPoint.getPreviousCertificate().getCertificateHolderReference() != null && Arrays.equals(this.trustPoint.getPreviousCertificate().getCertificateHolderReference().getBytes(), valueField)) {
                        this.currentCertificate = this.trustPoint.getPreviousCertificate();
                        str = "second";
                    }
                    if (this.currentCertificate != null) {
                        this.authorizationStore = getInitialAuthorizations(this.currentCertificate);
                        if ((this.authorizationStore != null ? this.authorizationStore.getAuthorization(this.terminalType.getAsOid()) : null) == null) {
                            this.processingData.updateResponseAPDU(this, "Previous protocol did not provide authorization information from chat", new ResponseApdu(Iso7816.SW_6982_SECURITY_STATUS_NOT_SATISFIED));
                            return;
                        }
                    }
                }
                if (this.currentCertificate == null) {
                    this.processingData.updateResponseAPDU(this, "The identified public key could not be found in a trust point or temporarily imported certificate", new ResponseApdu(Iso7816.SW_6A88_REFERENCE_DATA_NOT_FOUND));
                } else {
                    updateAuthorizations(this.currentCertificate);
                    this.processingData.updateResponseAPDU(this, "Command SetDST successfully processed, public key found in " + str + " trust anchor", new ResponseApdu(Iso7816.SW_9000_NO_ERROR));
                }
            }
        } catch (ProcessingException e) {
            this.processingData.updateResponseAPDU(this, e.getMessage(), new ResponseApdu(e.getStatusWord()));
        }
    }

    @Override // de.persosim.simulator.statemachine.AbstractStateMachine, de.persosim.simulator.statemachine.StateMachine
    public void reset() {
        super.reset();
        this.authorizationStore = null;
        this.currentCertificate = null;
        this.mostRecentTemporaryCertificate = null;
        this.auxiliaryData = null;
        this.challenge = null;
    }

    public void updateAuthorizations(CardVerifiableCertificate cardVerifiableCertificate) {
        this.authorizationStore.updateAuthorization(getAuthorizationsFromCertificate(cardVerifiableCertificate));
    }
}
