package com.idemia.mdw.h.a;

import com.idemia.mdw.exception.CredentialValueException;
import com.idemia.mdw.exception.FailedCredentialException;
import com.idemia.mdw.exception.FailedSecureMessagingException;
import com.idemia.mdw.exception.GenericServiceException;
import com.idemia.mdw.exception.SecureMessagingException;
import com.idemia.mdw.h.a.b;
import com.idemia.mdw.h.l;
import com.idemia.mdw.icc.a.a;
import com.idemia.mdw.icc.asn1.type.ConstructedSequence;
import com.idemia.mdw.icc.asn1.type.ImplicitConstructedSequence;
import com.idemia.mdw.icc.iso7816.type.DynamicAuthenticationTemplate;
import com.idemia.mdw.icc.iso7816.type.dynauth.Challenge;
import com.idemia.mdw.icc.iso7816.type.dynauth.Response;
import com.idemia.mdw.icc.iso7816.type.sm.CryptogramOfUnstructuredData;
import com.idemia.mdw.icc.iso7816.type.sm.CryptographicChecksum;
import com.idemia.mdw.icc.iso7816.type.sm.PlainValue;
import com.idemia.mdw.icc.iso7816.type.sm.ProcessingStatus;
import com.idemia.mdw.icc.iso7816.type.sm.UnsecuredNe;
import com.idemia.mdw.k.o;
import com.idemia.mdw.smartcardio.CardException;
import com.idemia.mdw.smartcardio.CommandAPDU;
import com.idemia.mdw.smartcardio.ResponseAPDU;
import com.idemia.mdw.smartcardio.stack.ISecureMessaging;
import com.idemia.mdw.smartcardio.stack.ISecureProtocol;
import com.mobilesecuritycard.openmobileapi.util.ISO7816;
import idemia.bioserver.metadata.android.core.Configuration;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECFieldFp;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class g implements ISecureMessaging {

    /* renamed from: a, reason: collision with root package name */
    private static final Logger f710a = LoggerFactory.getLogger((Class<?>) g.class);
    private com.idemia.mdw.h.a.a d;
    private com.idemia.mdw.j.c.c i;
    private boolean b = false;
    private boolean c = false;
    private com.idemia.mdw.k.c g = null;
    private com.idemia.mdw.k.c h = null;
    private com.idemia.mdw.icc.a.a e = null;
    private com.idemia.mdw.icc.a.a f = null;
    private int j = 1;

    /* loaded from: classes2.dex */
    class a implements ISecureProtocol {
        private a() {
        }

        /* synthetic */ a(g gVar, byte b) {
            this();
        }

        private static byte[] a(byte[] bArr) {
            if (bArr == null) {
                g.f710a.error("Buffer Null");
                return new byte[0];
            }
            if (bArr.length < 64) {
                g.f710a.error("Invalid length. Must be at least 64 bits instead of (" + bArr.length + ")");
                return new byte[0];
            }
            try {
                com.idemia.mdw.icc.asn1.type.c a2 = new com.idemia.mdw.icc.asn1.type.g().a(bArr, 0, bArr.length);
                if (!(a2 instanceof ImplicitConstructedSequence)) {
                    g.f710a.error("Invalid TLV parsing");
                    return new byte[0];
                }
                ImplicitConstructedSequence implicitConstructedSequence = (ImplicitConstructedSequence) a2;
                List<com.idemia.mdw.icc.asn1.type.c> elementList = implicitConstructedSequence.getElementList();
                if (implicitConstructedSequence.getTag().a() != DynamicAuthenticationTemplate.f983a.a()) {
                    g.f710a.error("Invalid Tag. Must be 0x7C instead of (0x" + Integer.toHexString(implicitConstructedSequence.getTag().a()) + ")");
                    return new byte[0];
                }
                if (elementList.size() != 1) {
                    g.f710a.error("Invalid data structure. Must be 1 instead of (" + elementList.size() + ")");
                    return new byte[0];
                }
                if (elementList.get(0).getTag().a() == Response.f1014a.a()) {
                    return elementList.get(0).getBerValue();
                }
                g.f710a.error("Invalid tag . Must be 0x82 instead of (0x" + Integer.toHexString(elementList.get(0).getTag().a()) + ")");
                return new byte[0];
            } catch (Exception e) {
                g.f710a.error("Invalid TLV encoding", (Throwable) e);
                return new byte[0];
            }
        }

        @Override // com.idemia.mdw.smartcardio.stack.ISecureProtocol
        public final Map<String, SecretKey> open(Key key) throws InvalidKeySpecException, InvalidAlgorithmParameterException, InvalidKeyException, NoSuchAlgorithmException {
            ECPrivateKey eCPrivateKey;
            ECPublicKey eCPublicKey;
            boolean z;
            String str;
            ECPublicKey eCPublicKey2;
            String str2;
            ECPublicKeySpec eCPublicKeySpec;
            PublicKey generatePublic;
            HashMap hashMap = new HashMap();
            byte[] bArr = com.idemia.mdw.h.f.v;
            byte[] bArr2 = com.idemia.mdw.h.f.u;
            g.f710a.debug("OPACITY - Encryption parameters");
            g.f710a.debug("Cipher Suite: " + g.this.d.a().b());
            g.f710a.debug("PRIME : " + ((ECFieldFp) g.this.d.a().e().getCurve().getField()).getP().toString(16));
            g.f710a.debug("CURVE_PARAMETER_A : " + g.this.d.a().e().getCurve().getA().toString(16));
            g.f710a.debug("CURVE_PARAMETER_B : " + g.this.d.a().e().getCurve().getB().toString(16));
            do {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
                keyPairGenerator.initialize(g.this.d.a().e(), new SecureRandom());
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                eCPrivateKey = (ECPrivateKey) generateKeyPair.getPrivate();
                eCPublicKey = (ECPublicKey) generateKeyPair.getPublic();
                if (!ECPoint.POINT_INFINITY.equals(eCPublicKey.getW())) {
                    BigInteger affineX = eCPublicKey.getW().getAffineX();
                    BigInteger affineY = eCPublicKey.getW().getAffineY();
                    BigInteger p = ((ECFieldFp) g.this.d.a().e().getCurve().getField()).getP();
                    if (affineX.compareTo(BigInteger.ZERO) >= 0 && affineX.compareTo(p) < 0 && affineY.compareTo(BigInteger.ZERO) >= 0 && affineY.compareTo(p) < 0) {
                        z = affineY.modPow(BigInteger.valueOf(2L), p).equals(affineX.modPow(BigInteger.valueOf(3L), p).add(g.this.d.a().e().getCurve().getA().multiply(affineX)).add(g.this.d.a().e().getCurve().getB()).mod(p)) && affineX.toString(16).length() == (g.this.d.a().a() >> 1) && affineY.toString(16).length() == (g.this.d.a().a() >> 1);
                    }
                }
            } while (!z);
            g.f710a.debug("Host Pu Key: X " + eCPublicKey.getW().getAffineX().toString(16) + " - Y " + eCPublicKey.getW().getAffineY().toString(16));
            f fVar = new f();
            byte[] a2 = o.a(eCPublicKey.getW(), eCPublicKey.getParams().getCurve());
            com.idemia.mdw.smartcardio.apdu.d a3 = com.idemia.mdw.smartcardio.apdu.d.c().a(true);
            a3.d(l.SECURE_MESSAGING.keyId);
            a3.c(g.this.d.a().c());
            try {
                ResponseAPDU a4 = g.this.i.c().a(a3.a(new DynamicAuthenticationTemplate(null, new Challenge(com.idemia.mdw.c.a.d.a(bArr2, bArr, a2)), new Response(new byte[0]), null, null, null, null).getBerElement()).a(0).a());
                if (((short) a4.getSW()) != -28672) {
                    g.f710a.error(" - General Authenticate failed : response is 0x" + Integer.toHexString(a4.getSW()));
                    return new HashMap();
                }
                if (a4.getData().length == 0) {
                    g.f710a.error(" - General Authenticate failed : response data is not null but empty");
                    return new HashMap();
                }
                byte[] a5 = a(a4.getData());
                if (a5.length == 0) {
                    g.f710a.error("Parsing GENERAL AUTHENTICATE Response Data: Failed");
                    return new HashMap();
                }
                HashMap hashMap2 = new HashMap();
                int g = g.this.d.a().g();
                if (a5 == null) {
                    g.f710a.error("Buffer Null");
                    hashMap2 = new HashMap();
                    str = Configuration.AES;
                    str2 = ")";
                    eCPublicKey2 = eCPublicKey;
                } else {
                    str = Configuration.AES;
                    eCPublicKey2 = eCPublicKey;
                    int i = g + 17;
                    if (a5.length < i) {
                        g.f710a.error("Invalid length. Must be at least" + i + " bits instead of (" + a5.length + ")");
                        hashMap2 = new HashMap();
                        str2 = ")";
                    } else {
                        str2 = ")";
                        hashMap2.put("cbicc", com.idemia.mdw.c.a.d.a(a5, 0, 1));
                        hashMap2.put("nicc", com.idemia.mdw.c.a.d.a(a5, 1, g));
                        int i2 = g + 1;
                        hashMap2.put("authcryptogramicc", com.idemia.mdw.c.a.d.a(a5, i2, 16));
                        int i3 = i2 + 16;
                        hashMap2.put("cicc", com.idemia.mdw.c.a.d.a(a5, i3, a5.length - i3));
                    }
                }
                if (hashMap2.isEmpty()) {
                    g.f710a.error("Splitting GENERAL AUTHENTICATE Response Data: Failed");
                    return new HashMap();
                }
                byte[] bArr3 = (byte[]) hashMap2.get("cbicc");
                byte[] bArr4 = (byte[]) hashMap2.get("nicc");
                byte[] bArr5 = (byte[]) hashMap2.get("authcryptogramicc");
                if (!fVar.a((byte[]) hashMap2.get("cicc"))) {
                    g.f710a.error("Parsing Card Verifiable Certificate: KO");
                    return new HashMap();
                }
                g.f710a.info("Parsing Card Verifiable Certificate: OK");
                if (bArr3.length != 1 || bArr3[0] != 0) {
                    g.f710a.error("Protocol Control byte returned by smartcard must be 0 instead of (" + ((int) bArr3[0]) + str2);
                    return new HashMap();
                }
                com.idemia.mdw.data.nist.o oVar = new com.idemia.mdw.data.nist.o();
                try {
                    ResponseAPDU a6 = g.this.i.c().a(com.idemia.mdw.smartcardio.apdu.g.c().a(true).a(com.idemia.mdw.a.a.c.a((byte) 92, l.SECURE_MESSAGING.tag.d())).a(0).a());
                    if (!a6.isOk() || a6.getData().length == 0) {
                        g.f710a.error("GET DATA failed : response is 0x" + Integer.toHexString(a6.getSW()));
                        return new HashMap();
                    }
                    try {
                        oVar.b(a6.getData());
                        if (oVar.a() == null) {
                            g.f710a.error("Parsing Secure Messaging Certificate: Failed");
                            return new HashMap();
                        }
                        g.f710a.info("Parsing Secure Messaging Certificate: OK");
                        try {
                            oVar.a().checkValidity();
                            if (oVar.b() == null) {
                                if (com.idemia.mdw.c.a.d.a(fVar.a(), 0, com.idemia.mdw.a.a.c.b(com.idemia.mdw.a.a.c.b(oVar.a().getExtensionValue("2.5.29.14"))), 0, 8) != 0) {
                                    g.f710a.debug("Secure Messaging Certificate: Invalid Subject Key Identifier");
                                }
                                generatePublic = oVar.a().getPublicKey();
                            } else {
                                f b = oVar.b();
                                if (!b.j()) {
                                    g.f710a.error("Checking Intermediate CVC: KO - Role ID is " + (b.i() ? "ok" : " wrong"));
                                    return new HashMap();
                                }
                                if (!MessageDigest.isEqual(b.b(), fVar.a())) {
                                    g.f710a.error("Checking Intermediate CVC: KO - Certificate Chain is broken");
                                    return new HashMap();
                                }
                                if (com.idemia.mdw.c.a.d.a(b.a(), 0, com.idemia.mdw.a.a.c.b(com.idemia.mdw.a.a.c.b(oVar.a().getExtensionValue("2.5.29.14"))), 0, 8) == 0) {
                                    g.f710a.info("Checking Intermediate CVC: OK");
                                    try {
                                        if (g.this.d.a(b, oVar.a().getPublicKey())) {
                                            g.f710a.info("Checking Intermediate CVC Digital Signature: OK");
                                        } else {
                                            g.f710a.error("Checking Intermediate CVC Digital Signature: KO");
                                        }
                                    } catch (InvalidKeyException | SignatureException e) {
                                        g.f710a.error("Checking Intermediate CVC Digital Signature: Failed", e);
                                    }
                                    eCPublicKeySpec = new ECPublicKeySpec(oVar.b().d(), g.this.d.a().e());
                                } else {
                                    g.f710a.debug("Checking Intermediate CVC: Invalid Subject Key Identifier");
                                    eCPublicKeySpec = new ECPublicKeySpec(oVar.b().d(), g.this.d.a().e());
                                }
                                generatePublic = KeyFactory.getInstance("EC").generatePublic(eCPublicKeySpec);
                            }
                            if (g.this.d.a(fVar)) {
                                g.f710a.info("Checking CVC Public Key Domain Parameters: OK");
                            } else {
                                g.f710a.error("Checking CVC Public Key Domain Parameters: KO - Version " + fVar.f().toString() + " not supported");
                            }
                            if (g.this.d.b(fVar)) {
                                g.f710a.info("Checking CVC Signature Algorithm: OK");
                            } else {
                                g.f710a.error("Checking CVC Signature Algorithm: KO - Version " + fVar.e().toString() + " not supported");
                            }
                            if (generatePublic != null) {
                                try {
                                    if (g.this.d.a(fVar, generatePublic)) {
                                        g.f710a.info("Checking CVC Digital Signature: OK");
                                    } else {
                                        g.f710a.error("Checking CVC Digital Signature: KO");
                                    }
                                } catch (InvalidKeyException | SignatureException e2) {
                                    g.f710a.error("Checking CVC Digital Signature: failed", e2);
                                }
                            } else {
                                g.f710a.debug("Checking CVC Digital Signature: Not Done");
                            }
                            byte[] a7 = com.idemia.mdw.c.a.d.a(MessageDigest.getInstance("SHA-256").digest(fVar.g()), 0, 8);
                            ECPublicKey eCPublicKey3 = (ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(fVar.d(), g.this.d.a().e()));
                            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
                            keyAgreement.init(eCPrivateKey);
                            keyAgreement.doPhase(eCPublicKey3, true);
                            byte[] generateSecret = keyAgreement.generateSecret();
                            byte[] a8 = g.this.d.a(bArr, bArr2, eCPublicKey2, a7, bArr4, bArr3);
                            if (a8.length == 0) {
                                g.f710a.error("Building OtherInfo: Failed");
                                return new HashMap();
                            }
                            byte[] a9 = g.this.d.a(generateSecret, g.this.d.a().h(), a8);
                            if (a9 == null) {
                                g.f710a.error("Key Derivation Function : Failed");
                                return new HashMap();
                            }
                            try {
                                List<ByteBuffer> a10 = com.idemia.mdw.c.a.d.a(a9, g.this.d.a().h() >> 5);
                                byte[] array = a10.get(0).array();
                                String str3 = str;
                                hashMap.put("cmac", new SecretKeySpec(a10.get(1).array(), str3));
                                hashMap.put("enc", new SecretKeySpec(a10.get(2).array(), str3));
                                hashMap.put("rmac", new SecretKeySpec(a10.get(3).array(), str3));
                                Arrays.fill(generateSecret, (byte) 0);
                                byte[] copyOfRange = Arrays.copyOfRange(eCPublicKey2.getEncoded(), eCPublicKey2.getEncoded().length - (g.this.d.a().a() >> 1), eCPublicKey2.getEncoded().length);
                                if (com.idemia.mdw.k.c.a(array, com.idemia.mdw.c.a.d.a(com.idemia.mdw.k.g.b("4B435F315F56"), a7, bArr, copyOfRange), bArr5)) {
                                    g.f710a.info("Checking Auth Cryptogram ICC: OK");
                                    Arrays.fill(array, (byte) 0);
                                    return hashMap;
                                }
                                g.f710a.error("Checking Auth Cryptogram ICC: KO");
                                g.f710a.error("Encoded Host Public Key: " + com.idemia.mdw.k.g.a(copyOfRange));
                                return new HashMap();
                            } catch (IOException e3) {
                                g.f710a.error("Parsing KDF Keying Material: Failed", (Throwable) e3);
                                return new HashMap();
                            }
                        } catch (CertificateExpiredException e4) {
                            g.f710a.error("Secure Messaging Certificate: Expired", (Throwable) e4);
                            return new HashMap();
                        } catch (CertificateNotYetValidException e5) {
                            g.f710a.error("Secure Messaging Certificate: Not yet valid", (Throwable) e5);
                            return new HashMap();
                        }
                    } catch (IOException e6) {
                        g.f710a.error("An exception occurred", (Throwable) e6);
                        return new HashMap();
                    }
                } catch (CardException e7) {
                    g.f710a.error("An exception occurred", (Throwable) e7);
                    return new HashMap();
                }
            } catch (CardException e8) {
                g.f710a.error("An exception occurred", (Throwable) e8);
                return new HashMap();
            }
        }
    }

    private g(com.idemia.mdw.j.c.c cVar, com.idemia.mdw.h.a.a aVar) {
        this.d = aVar;
        this.i = cVar;
    }

    public static ISecureMessaging a(com.idemia.mdw.j.c.c cVar) {
        if (!cVar.r().containsKey(l.SECURE_MESSAGING.certAlias) || cVar.r().get(l.SECURE_MESSAGING.certAlias).a()) {
            f710a.error("Cannot initialize PIV Secure Messaging : " + l.SECURE_MESSAGING.certAlias + " data object is missing.");
            return new com.idemia.mdw.smartcardio.stack.c();
        }
        if (cVar.q().a().equals(b.a.CS2)) {
            return new g(cVar, new com.idemia.mdw.h.a.a(new c()));
        }
        if (cVar.q().a().equals(b.a.CS7)) {
            return new g(cVar, new com.idemia.mdw.h.a.a(new d()));
        }
        f710a.error("Cannot initialize PIV Secure Messaging : Unsupported Cipher Suite");
        return new com.idemia.mdw.smartcardio.stack.c();
    }

    private static Map<String, byte[]> a(byte[] bArr) {
        HashMap hashMap = new HashMap();
        if (bArr == null) {
            f710a.error("Buffer Null");
            return new HashMap();
        }
        if (bArr.length < 14) {
            f710a.error("Invalid length. Must be at least 14 bits instead of (" + bArr.length + ")");
            return new HashMap();
        }
        byte[] a2 = com.idemia.mdw.a.a.c.a((byte) ConstructedSequence.f930a.a(), bArr);
        try {
            com.idemia.mdw.icc.asn1.type.c a3 = new com.idemia.mdw.icc.asn1.type.g().a(a2, 0, a2.length);
            if (!(a3 instanceof ImplicitConstructedSequence)) {
                f710a.error("Invalid TLV parsing");
                return new HashMap();
            }
            List<com.idemia.mdw.icc.asn1.type.c> elementList = ((ImplicitConstructedSequence) a3).getElementList();
            if (elementList.size() == 3) {
                if (elementList.get(0).getBerValueLength() <= 0 || elementList.get(0).getBerValueLength() % 16 != 1) {
                    f710a.warn("Encoded Encrypted PIV Data is NULL or is not padded");
                }
                if (elementList.get(1).getTag().a() != ProcessingStatus.f1063a.a() || elementList.get(1).getBerValueLength() != 2) {
                    f710a.error("Invalid element for Processing Status (" + com.idemia.mdw.k.g.a(elementList.get(1).getBerElement()) + ")");
                    return new HashMap();
                }
                if (elementList.get(2).getTag().a() != CryptographicChecksum.f1053a.a() || elementList.get(2).getBerValueLength() != 8) {
                    f710a.error("Invalid element for Encoded Rmac (0x" + com.idemia.mdw.k.g.a(elementList.get(2).getBerElement()) + ")");
                    return new HashMap();
                }
                hashMap.put("data", elementList.get(0).getBerValue());
                hashMap.put("status", elementList.get(1).getBerValue());
                hashMap.put("mac", elementList.get(2).getBerValue());
            } else {
                if (elementList.size() != 2) {
                    f710a.error("Invalid data structure. Must have 2 elements  instead of (" + elementList.size() + ")");
                    return new HashMap();
                }
                if (elementList.get(0).getTag().a() != ProcessingStatus.f1063a.a() || elementList.get(0).getBerValueLength() != 2) {
                    f710a.error("Invalid element for Processing Status (" + com.idemia.mdw.k.g.a(elementList.get(0).getBerElement()) + ")");
                    return new HashMap();
                }
                if (elementList.get(1).getTag().a() != CryptographicChecksum.f1053a.a() || elementList.get(1).getBerValueLength() != 8) {
                    f710a.error("Invalid element for Encoded Rmac (0x" + com.idemia.mdw.k.g.a(elementList.get(1).getBerElement()) + ")");
                    return new HashMap();
                }
                hashMap.put("status", elementList.get(0).getBerValue());
                hashMap.put("mac", elementList.get(1).getBerValue());
            }
            return hashMap;
        } catch (Exception e) {
            f710a.error("Invalid TLV encoding", (Throwable) e);
            return new HashMap();
        }
    }

    @Override // com.idemia.mdw.smartcardio.stack.ISecureMessaging
    public ResponseAPDU decrypt(ResponseAPDU responseAPDU) throws SecureMessagingException {
        byte[] bArr = new byte[0];
        if (!this.b || responseAPDU == null) {
            return null;
        }
        if (!this.c || responseAPDU.getSW1() == 97) {
            return responseAPDU;
        }
        if (!responseAPDU.isOk()) {
            f710a.error("Error in secure messaging: Destroying Session Keys ...");
            this.e = null;
            this.f = null;
            this.h = null;
            this.g = null;
            this.b = false;
            this.c = false;
            throw new FailedSecureMessagingException("Reset Secure Messaging");
        }
        Map<String, byte[]> a2 = a(responseAPDU.getData());
        if (a2.isEmpty()) {
            f710a.warn("Failed to parse Response APDU");
            return responseAPDU;
        }
        if (a2.get("status") == null) {
            f710a.error("Problem with command status word");
            return responseAPDU;
        }
        if (this.g.a(com.idemia.mdw.c.a.d.a(responseAPDU.getData(), 0, responseAPDU.getData().length - 10), a2.get("mac"))) {
            if (a2.get("data") != null) {
                bArr = this.f.b(this.e.a(com.idemia.mdw.k.g.b(com.idemia.mdw.k.l.b(String.format("80 %030X", Integer.valueOf(this.j))))), Arrays.copyOfRange(a2.get("data"), 1, a2.get("data").length));
            }
            ResponseAPDU responseAPDU2 = new ResponseAPDU(com.idemia.mdw.c.a.d.a(bArr, a2.get("status")));
            this.j++;
            Logger logger = f710a;
            logger.debug("Response wrapped   -> " + responseAPDU.toString());
            logger.debug("Response unwrapped -> " + responseAPDU2.toString());
            return responseAPDU2;
        }
        Logger logger2 = f710a;
        logger2.error("Cannot authenticate Response MAC");
        logger2.error("Error in secure messaging: Destroying Session Keys ...");
        this.e = null;
        this.f = null;
        this.h = null;
        this.g = null;
        this.b = false;
        this.c = false;
        throw new FailedSecureMessagingException("Reset Secure Messaging");
    }

    @Override // com.idemia.mdw.smartcardio.stack.ISecureMessaging
    public CommandAPDU encrypt(CommandAPDU commandAPDU) {
        boolean z;
        if (!this.b || commandAPDU == null) {
            return null;
        }
        byte[] bArr = {ISO7816.INS_SELECT, ISO7816.INS_GET_RESPONSE, ISO7816.INS_RESET_RETRY_CTR};
        int i = 0;
        while (true) {
            if (i >= 3) {
                z = false;
                break;
            }
            if (bArr[i] == ((byte) commandAPDU.getINS())) {
                z = true;
                break;
            }
            i++;
        }
        if (z) {
            this.c = false;
            return commandAPDU;
        }
        byte[] a2 = this.e.a(com.idemia.mdw.k.g.b(String.format("%032X", Integer.valueOf(this.j))));
        byte[] berElement = new CryptogramOfUnstructuredData(true, 1, this.f.a(a2, commandAPDU.getData())).getBerElement();
        Logger logger = f710a;
        logger.debug("ENC Counter: " + String.format("%032X", Integer.valueOf(this.j)));
        logger.debug("IV: " + com.idemia.mdw.c.a.d.b(a2));
        logger.debug("Encrypted message: " + com.idemia.mdw.c.a.d.b(berElement));
        byte[] bArr2 = {ISO7816.INS_ERASE_RECORD, (byte) commandAPDU.getINS(), (byte) commandAPDU.getP1(), (byte) commandAPDU.getP2()};
        byte[] bArr3 = {(byte) PlainValue.f1062a.a(), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
        byte[] berElement2 = commandAPDU.getNe() == -1 ? new byte[0] : new UnsecuredNe(true, 0).getBerElement();
        byte[] a3 = this.h.a(com.idemia.mdw.c.a.d.a(bArr2, bArr3, berElement, berElement2));
        logger.debug("Encrypted message CMAC and MCV: " + com.idemia.mdw.c.a.d.b(a3));
        byte[] a4 = com.idemia.mdw.c.a.d.a(berElement, berElement2, new CryptographicChecksum(Arrays.copyOfRange(a3, 0, 8)).getBerElement());
        logger.debug("Full message length: " + a4.length);
        CommandAPDU commandAPDU2 = new CommandAPDU(12, commandAPDU.getINS(), commandAPDU.getP1(), commandAPDU.getP2(), a4, 65536);
        this.c = true;
        logger.debug("Command to wrap -> " + commandAPDU.toString());
        logger.debug("Command wrapped -> " + commandAPDU2.toString());
        return commandAPDU2;
    }

    @Override // com.idemia.mdw.smartcardio.stack.ISecureMessaging
    public boolean init(Key key) throws SecureMessagingException, NoSuchAlgorithmException {
        synchronized (g.class) {
            if (!this.b) {
                Map<String, SecretKey> hashMap = new HashMap<>();
                f710a.info("Open Tunnel -- Start");
                try {
                    hashMap = new a(this, (byte) 0).open(null);
                } catch (InvalidAlgorithmParameterException | InvalidKeyException | InvalidKeySpecException e) {
                    f710a.error("An exception occurred", e);
                }
                if (hashMap.containsKey("enc") && hashMap.containsKey("cmac") && hashMap.containsKey("rmac")) {
                    this.e = new com.idemia.mdw.icc.a.a(a.EnumC0032a.ECB_NO_PAD, hashMap.get("enc").getEncoded());
                    this.f = new com.idemia.mdw.icc.a.a(a.EnumC0032a.CBC_ISO9797_M2, hashMap.get("enc").getEncoded());
                    this.h = new com.idemia.mdw.k.c(hashMap.get("cmac").getEncoded());
                    this.g = new com.idemia.mdw.k.c(hashMap.get("rmac").getEncoded());
                    hashMap.clear();
                    this.j = 1;
                    this.b = true;
                    this.c = false;
                    f710a.info("Open Tunnel -- End");
                }
                Logger logger = f710a;
                logger.error("Failed to open OPACITY Tunnel");
                logger.info("Open Secure Messaging -- End");
                return false;
            }
            if (this.b && key.getFormat().equals(this.i.f())) {
                this.i.c().a(this);
                try {
                    this.i.a(key);
                } catch (CredentialValueException e2) {
                    throw new FailedCredentialException(e2);
                } catch (GenericServiceException e3) {
                    f710a.error("An exception occurred", (Throwable) e3);
                }
            }
            return this.b;
        }
    }

    @Override // com.idemia.mdw.smartcardio.stack.ISecureMessaging
    public boolean isInitialized() {
        return this.b;
    }
}
