package com.idemia.mdw.d;

import com.idemia.mdw.c.a.d;
import com.idemia.mdw.exception.FailedSecureMessagingException;
import com.idemia.mdw.exception.GenericServiceException;
import com.idemia.mdw.exception.MrzParseException;
import com.idemia.mdw.exception.MrzParsingException;
import com.idemia.mdw.exception.SecureMessagingException;
import com.idemia.mdw.exception.TransmitException;
import com.idemia.mdw.icc.a.a;
import com.idemia.mdw.icc.a.f;
import com.idemia.mdw.icc.a.g;
import com.idemia.mdw.icc.asn1.type.ConstructedSequence;
import com.idemia.mdw.icc.asn1.type.ImplicitConstructedSequence;
import com.idemia.mdw.icc.asn1.type.c;
import com.idemia.mdw.icc.asn1.type.g;
import com.idemia.mdw.icc.iso7816.type.sm.CryptogramOfBerTlv;
import com.idemia.mdw.icc.iso7816.type.sm.CryptogramOfUnstructuredData;
import com.idemia.mdw.icc.iso7816.type.sm.CryptographicChecksum;
import com.idemia.mdw.icc.iso7816.type.sm.ProcessingStatus;
import com.idemia.mdw.icc.iso7816.type.sm.SecuredSw;
import com.idemia.mdw.icc.iso7816.type.sm.UnsecuredNe;
import com.idemia.mdw.k.j;
import com.idemia.mdw.k.l;
import com.idemia.mdw.smartcardio.CommandAPDU;
import com.idemia.mdw.smartcardio.ResponseAPDU;
import com.idemia.mdw.smartcardio.stack.ISecureMessaging;
import com.idemia.mdw.smartcardio.stack.ISecureProtocol;
import idemia.bioserver.metadata.android.core.Configuration;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class a implements ISecureMessaging {

    /* renamed from: a, reason: collision with root package name */
    private static final Logger f669a = LoggerFactory.getLogger((Class<?>) a.class);
    private ISecureProtocol e;
    private f f;
    private f g;
    private Mac h;
    private boolean b = false;
    private boolean c = false;
    private boolean d = false;
    private BigInteger i = BigInteger.ZERO;

    public a(ISecureProtocol iSecureProtocol) {
        this.e = iSecureProtocol;
        com.idemia.mdw.k.a.a();
    }

    private static Map<String, c> a(byte[] bArr) {
        int i;
        HashMap hashMap = new HashMap();
        if (bArr == null) {
            f669a.error("Buffer Null");
            return new HashMap();
        }
        if (bArr.length < 14) {
            f669a.error("Invalid length. Must be at least 14 bytes instead of (" + bArr.length + ")");
            return new HashMap();
        }
        byte[] a2 = com.idemia.mdw.a.a.c.a((byte) ConstructedSequence.f930a.a(), bArr);
        try {
            c a3 = new g().a(a2, 0, a2.length);
            if (!(a3 instanceof ImplicitConstructedSequence)) {
                f669a.error("Invalid TLV parsing");
                return new HashMap();
            }
            List<c> elementList = ((ImplicitConstructedSequence) a3).getElementList();
            if (elementList.size() != 2 && elementList.size() != 3) {
                f669a.error("Invalid data structure. Must have 2 or 3 elements instead of (" + elementList.size() + ")");
                return new HashMap();
            }
            if (elementList.size() == 3) {
                if (elementList.get(0).getBerValueLength() <= 0) {
                    f669a.warn("Encrypted data is null");
                }
                hashMap.put("data", ((byte) elementList.get(0).getTag().a()) == -121 ? new CryptogramOfUnstructuredData(true, 1, d.a(elementList.get(0).getBerValue(), 1, elementList.get(0).getBerValueLength() - 1)) : new CryptogramOfBerTlv(true, elementList.get(0).getBerValue()));
                i = 1;
            } else {
                i = 0;
            }
            if (elementList.get(i).getTag().a() != ProcessingStatus.f1063a.a() || elementList.get(i).getBerValueLength() != 2) {
                f669a.error("Invalid element for Status Word (" + com.idemia.mdw.k.g.a(elementList.get(i).getBerElement()) + ")");
                return new HashMap();
            }
            hashMap.put("status", new SecuredSw(new com.idemia.mdw.icc.asn1.type.b(153), elementList.get(i).getBerValue(), 0, 2));
            int i2 = i + 1;
            if (elementList.get(i2).getTag().a() == CryptographicChecksum.f1053a.a() && elementList.get(i2).getBerValueLength() == 8) {
                hashMap.put("mac", new CryptographicChecksum(elementList.get(i2).getBerValue()));
                return hashMap;
            }
            f669a.error("Invalid element for Encoded Rmac (0x" + com.idemia.mdw.k.g.a(elementList.get(i2).getBerElement()) + ")");
            return new HashMap();
        } catch (Exception e) {
            f669a.error("Invalid TLV encoding: " + e.getMessage());
            return new HashMap();
        }
    }

    private void a() throws FailedSecureMessagingException {
        f669a.error("Destroying Session Keys ...");
        this.f = null;
        this.g = null;
        this.h = null;
        this.c = false;
        this.d = false;
        throw new FailedSecureMessagingException("Reset Secure Messaging");
    }

    @Override // com.idemia.mdw.smartcardio.stack.ISecureMessaging
    public ResponseAPDU decrypt(ResponseAPDU responseAPDU) throws SecureMessagingException {
        byte[] b;
        byte[] bArr;
        boolean z;
        byte[] bArr2 = new byte[0];
        if (!this.c || responseAPDU == null) {
            return null;
        }
        this.i = this.i.add(BigInteger.ONE);
        if (responseAPDU.getData() == null || responseAPDU.getData().length == 0 || !((responseAPDU.getData()[0] == -121 || responseAPDU.getData()[0] == -123 || responseAPDU.getData()[0] == -103) && this.d && responseAPDU.getSW1() != 97)) {
            return responseAPDU;
        }
        if (!responseAPDU.isOk()) {
            if (responseAPDU.getSW() == 25088 || ((25217 <= responseAPDU.getSW() && responseAPDU.getSW() <= 25344) || ((25473 <= responseAPDU.getSW() && responseAPDU.getSW() <= 25503) || (responseAPDU.getSW() & 65520) == 25536))) {
                z = true;
            } else {
                ArrayList arrayList = new ArrayList();
                arrayList.add((short) 26368);
                arrayList.add((short) 26756);
                arrayList.add((short) 27010);
                arrayList.add((short) 27011);
                arrayList.add((short) 27264);
                arrayList.add((short) 27266);
                arrayList.add((short) 27272);
                z = arrayList.contains(Short.valueOf((short) responseAPDU.getSW()));
            }
            if (!z) {
                f669a.error("Error in Secure Messaging");
                a();
            }
        }
        Map<String, c> a2 = a(responseAPDU.getData());
        if (a2.isEmpty()) {
            f669a.warn("Failed to parse Response APDU");
            return responseAPDU;
        }
        if (a2.get("status") == null) {
            f669a.error("Problem with command status word");
            return responseAPDU;
        }
        int i = 16;
        if (this.b) {
            b = com.idemia.mdw.k.g.b(l.a(this.i.toString(16), 32));
            bArr = this.f.a(b);
        } else {
            b = com.idemia.mdw.k.g.b(l.a(this.i.toString(16), 16));
            bArr = new byte[8];
            Arrays.fill(bArr, (byte) 0);
            i = 8;
        }
        if (!MessageDigest.isEqual(a2.get("mac").getBerValue(), d.a(this.h.doFinal(j.a(a2.get("data") != null ? d.a(b, a2.get("data").getBerElement(), a2.get("status").getBerElement()) : d.a(b, a2.get("status").getBerElement()), i)), 0, 8))) {
            f669a.error("Cannot authenticate Response MAC");
            a();
        }
        if (a2.get("data") != null) {
            bArr2 = a2.get("data") instanceof CryptogramOfUnstructuredData ? this.g.b(bArr, ((CryptogramOfUnstructuredData) a2.get("data")).getCipherText()) : this.g.b(bArr, a2.get("data").getBerValue());
        }
        ResponseAPDU responseAPDU2 = new ResponseAPDU(d.a(bArr2, a2.get("status").getBerValue()));
        Logger logger = f669a;
        logger.debug("Response wrapped   -> " + responseAPDU.toString());
        logger.debug("Response unwrapped -> " + responseAPDU2.toString());
        return responseAPDU2;
    }

    @Override // com.idemia.mdw.smartcardio.stack.ISecureMessaging
    public CommandAPDU encrypt(CommandAPDU commandAPDU) {
        byte[] b;
        byte[] bArr;
        UnsecuredNe unsecuredNe;
        byte[] bArr2 = new byte[0];
        byte[] bArr3 = new byte[0];
        if (!this.c || commandAPDU == null) {
            return null;
        }
        BigInteger add = this.i.add(BigInteger.ONE);
        this.i = add;
        boolean z = this.b;
        int i = 16;
        String bigInteger = add.toString(16);
        if (z) {
            b = com.idemia.mdw.k.g.b(l.a(bigInteger, 32));
            bArr = this.f.a(b);
        } else {
            b = com.idemia.mdw.k.g.b(l.a(bigInteger, 16));
            bArr = new byte[8];
            Arrays.fill(bArr, (byte) 0);
            i = 8;
        }
        if (commandAPDU.getNc() > 0) {
            byte[] a2 = this.g.a(bArr, commandAPDU.getData());
            bArr2 = (commandAPDU.getINS() & 1) == 0 ? new CryptogramOfUnstructuredData(true, 1, a2).getBerElement() : new CryptogramOfBerTlv(true, a2).getBerElement();
        }
        if (!commandAPDU.getCase().equals(CommandAPDU.a.CASE3S) && !commandAPDU.getCase().equals(CommandAPDU.a.CASE3E)) {
            if (commandAPDU.getNe() == 65536) {
                bArr3 = com.idemia.mdw.a.a.c.a((byte) UnsecuredNe.b.a(), new byte[]{0, 0});
            } else {
                if (commandAPDU.getNe() == -1 && commandAPDU.getNc() == 0) {
                    unsecuredNe = new UnsecuredNe(true, 0);
                } else if (commandAPDU.getNe() != -1) {
                    unsecuredNe = new UnsecuredNe(true, Integer.valueOf(commandAPDU.getNe()));
                }
                bArr3 = unsecuredNe.getBerElement();
            }
        }
        byte[] a3 = d.a(bArr2, bArr3, new CryptographicChecksum(Arrays.copyOfRange(this.h.doFinal(j.a(d.a(b, j.a(new byte[]{(byte) (commandAPDU.getCLA() | 12), (byte) commandAPDU.getINS(), (byte) commandAPDU.getP1(), (byte) commandAPDU.getP2()}, i), bArr2, bArr3), i)), 0, 8)).getBerElement());
        CommandAPDU commandAPDU2 = new CommandAPDU(commandAPDU.getCLA() | 12, commandAPDU.getINS(), commandAPDU.getP1(), commandAPDU.getP2(), a3, (255 < a3.length || 256 < commandAPDU.getNe()) ? 65536 : 256);
        this.d = true;
        Logger logger = f669a;
        logger.debug("Command to wrap -> " + commandAPDU.toString());
        logger.debug("Command wrapped -> " + commandAPDU2.toString());
        return commandAPDU2;
    }

    @Override // com.idemia.mdw.smartcardio.stack.ISecureMessaging
    public boolean init(Key key) throws SecureMessagingException, NoSuchAlgorithmException {
        Map<String, SecretKey> open;
        synchronized (a.class) {
            if (!this.c) {
                Logger logger = f669a;
                logger.info("== Initialize secure messaging: Start ==");
                try {
                    try {
                        open = this.e.open(key);
                    } catch (TransmitException e) {
                        throw new SecureMessagingException(e);
                    } catch (GenericServiceException e2) {
                        e = e2;
                        f669a.error("An exception occurred", e);
                        f669a.info("== Initialize secure messaging: End ==");
                        return this.c;
                    } catch (InvalidAlgorithmParameterException e3) {
                        e = e3;
                        f669a.error("An exception occurred", e);
                        f669a.info("== Initialize secure messaging: End ==");
                        return this.c;
                    }
                } catch (MrzParseException e4) {
                    throw new MrzParsingException(e4);
                } catch (InvalidKeyException e5) {
                    e = e5;
                    f669a.error("An exception occurred", e);
                    f669a.info("== Initialize secure messaging: End ==");
                    return this.c;
                } catch (NoSuchProviderException e6) {
                    e = e6;
                    f669a.error("An exception occurred", e);
                    f669a.info("== Initialize secure messaging: End ==");
                    return this.c;
                } catch (InvalidKeySpecException e7) {
                    e = e7;
                    f669a.error("An exception occurred", e);
                    f669a.info("== Initialize secure messaging: End ==");
                    return this.c;
                }
                if (open.containsKey("enc") && open.containsKey("mac") && open.containsKey("ssc")) {
                    boolean contains = open.get("enc").getAlgorithm().contains(Configuration.AES);
                    this.b = contains;
                    if (contains) {
                        this.g = new com.idemia.mdw.icc.a.a(a.EnumC0032a.CBC_ISO9797_M2, open.get("enc").getEncoded());
                        this.f = new com.idemia.mdw.icc.a.a(a.EnumC0032a.CBC_NO_PAD, open.get("enc").getEncoded());
                    } else {
                        this.g = new com.idemia.mdw.icc.a.g(g.a.CBC_ISO9797_M2, open.get("enc").getEncoded());
                    }
                    Mac mac = Mac.getInstance(open.get("mac").getAlgorithm(), BouncyCastleProvider.PROVIDER_NAME);
                    this.h = mac;
                    if (this.b) {
                        mac.init(open.get("mac"));
                    } else {
                        mac.init(open.get("mac"), new IvParameterSpec(new byte[8]));
                    }
                    this.i = new BigInteger(com.idemia.mdw.k.g.a(open.get("ssc").getEncoded()), 16);
                    open.clear();
                    com.idemia.mdw.smartcardio.d.a.a().a(key);
                    this.c = true;
                    f669a.info("== Initialize secure messaging: End ==");
                }
                logger.error("Failed to open protocol");
                logger.info("== Initialize secure messaging: End ==");
                return false;
            }
            return this.c;
        }
    }

    @Override // com.idemia.mdw.smartcardio.stack.ISecureMessaging
    public boolean isInitialized() {
        return this.c;
    }
}
