package com.sncf.nfc.ticketing.security.hsm;

import com.sncf.nfc.apdu.data.CommandAPDU;
import com.sncf.nfc.apdu.data.ResponseAPDU;
import com.sncf.nfc.apdu.dto.PoContextDto;
import com.sncf.nfc.apdu.enums.KeyTypeEnum;
import com.sncf.nfc.apdu.enums.PsoVerifySignatureResponseEnum;
import com.sncf.nfc.apdu.exception.ApduException;
import com.sncf.nfc.apdu.utils.ApduCaseUtils;
import com.sncf.nfc.apdu.utils.CsmApduUtils;
import com.sncf.nfc.apdu.utils.PoApduUtils;
import com.sncf.nfc.ticketing.security.CsmSecurityManager;
import com.sncf.nfc.ticketing.security.exceptions.CsmException;
import com.sncf.nfc.ticketing.security.exceptions.CsmTimeoutException;
import com.sncf.nfc.ticketing.security.exceptions.SessionNotAuthenticateException;
import com.sncf.nfc.ticketing.security.exceptions.TicketingSecurityException;
import com.sncf.nfc.ticketing.security.hsm.dto.HsmChannelDto;
import com.sncf.nfc.ticketing.security.hsm.dto.PoCommandDto;
import com.sncf.nfc.ticketing.security.hsm.dto.PoDigestInputDto;
import com.sncf.nfc.transverse.util.Assert;
import com.sncf.nfc.transverse.util.ReflectionUtils;
import fr.devnied.bitlib.BytesUtils;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes4.dex */
public final class HsmSecurityManager extends CsmSecurityManager {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) HsmSecurityManager.class);
    private HsmChannelDto channel;
    private final IHsmProxy hsmProxy;

    public HsmSecurityManager(IHsmSecurityConfig iHsmSecurityConfig) {
        super(iHsmSecurityConfig);
        Assert.getInstance().notNull(iHsmSecurityConfig.getHsmProxy());
        this.hsmProxy = iHsmSecurityConfig.getHsmProxy();
        this.channel = null;
    }

    public HsmSecurityManager(IHsmSecurityConfig iHsmSecurityConfig, HsmChannelDto hsmChannelDto) throws CsmException {
        this(iHsmSecurityConfig);
        Assert.getInstance().notNull(hsmChannelDto).notNull(hsmChannelDto.getChannelOpenDate()).notNull(hsmChannelDto.getLastCommandExchangeDate());
        this.channel = hsmChannelDto;
        this.hsmProxy.refreshChannelInfos(hsmChannelDto.getChannelId());
    }

    private CommandAPDU buildPoCloseSecureSession(byte[] bArr, PoDigestInputDto poDigestInputDto) throws ApduException {
        PoContextDto poContext = poDigestInputDto.getPoContext();
        return PoApduUtils.closeSecureSession(poContext, (this.isValidator && poContext.isContactLess()) ? false : true, bArr);
    }

    private CommandAPDU buildPoOpenSecureSession(byte[] bArr, KeyTypeEnum keyTypeEnum, int i2, PoContextDto poContextDto) throws ApduException {
        return PoApduUtils.openSecureSession(poContextDto, keyTypeEnum.getKeyNumber(), bArr, i2);
    }

    private CommandAPDU buildPoRatifySecureSession(PoDigestInputDto poDigestInputDto) throws ApduException {
        PoContextDto poContext = poDigestInputDto.getPoContext();
        if (poContext.isContactLess() && this.isValidator) {
            return PoApduUtils.ratifySecureSession(poContext);
        }
        return null;
    }

    private void checkChannel() {
        if (this.channel == null) {
            throw new IllegalStateException("HSM Channel is not initialized.");
        }
    }

    private void checkCsmTimeout() throws CsmException {
        DateTime now = DateTime.now();
        if (now.isAfter(this.channel.getLastCommandExchangeDate().getTime() + (this.hsmProxy.getChannelLastExchangeTimeoutInSeconds() * 1000))) {
            throw new CsmTimeoutException("CSM_TIMEOUT_CHANNEL_LAST_EXCHANGE");
        }
        if (now.isAfter(this.channel.getChannelOpenDate().getTime() + (this.hsmProxy.getChannelMaxOpenTimeInSeconds() * 1000))) {
            throw new CsmTimeoutException("CSM_TIMEOUT_CHANNEL_MAX_OPEN_TIME");
        }
        this.channel.setLastCommandExchangeDate(now.toDate());
    }

    private byte[] csmDigestClose(PoDigestInputDto poDigestInputDto) throws ApduException, CsmException {
        return super.csmDigestClose(poDigestInputDto.getPoContext());
    }

    private void csmDigestInit(PoDigestInputDto poDigestInputDto) throws ApduException, CsmException, TicketingSecurityException {
        List<String> poResponses = poDigestInputDto.getPoResponses();
        PoContextDto poContext = poDigestInputDto.getPoContext();
        super.csmDigestInit(PoApduUtils.getOpenSecureSessionResponse(poContext, new ResponseAPDU(BytesUtils.fromString(poResponses.get(0)))), poContext, poDigestInputDto.getAid(), poDigestInputDto.getNetworkId().intValue(), poDigestInputDto.getKeyType());
    }

    private void csmDigestUpdate(PoDigestInputDto poDigestInputDto) throws ApduException, CsmException {
        List<String> poCommands = poDigestInputDto.getPoCommands();
        List<String> poResponses = poDigestInputDto.getPoResponses();
        ArrayList arrayList = new ArrayList();
        for (int i2 = 1; i2 < poCommands.size(); i2++) {
            byte[] fromString = BytesUtils.fromString(poCommands.get(i2));
            if (ApduCaseUtils.getApduCase(fromString) == ApduCaseUtils.ApduCaseEnum.CASE_4_LE) {
                fromString = Arrays.copyOfRange(fromString, 0, fromString.length - 1);
            }
            arrayList.add(fromString);
            arrayList.add(BytesUtils.fromString(poResponses.get(i2)));
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            CsmApduUtils.checkDigestUpdateResponse(this.csmContext, executeCsmCommand(CsmApduUtils.digestUpdate(this.csmContext, (byte[]) it.next(), false)));
        }
    }

    @Override // com.sncf.nfc.ticketing.security.CsmSecurityManager
    public byte[] cipher(int i2, int i3, byte[] bArr) throws ApduException, CsmException, TicketingSecurityException {
        checkChannel();
        return super.cipher(i2, i3, bArr);
    }

    public void closeChannelSilently() {
        if (this.channel == null) {
            return;
        }
        Logger logger = log;
        if (logger.isDebugEnabled()) {
            logger.debug("[CSM] Close channel : channel id = " + this.channel.getChannelId());
        }
        try {
            try {
                checkCsmTimeout();
                this.hsmProxy.closeChannel(this.channel.getChannelId());
            } catch (Exception e2) {
                Logger logger2 = log;
                if (logger2.isTraceEnabled()) {
                    logger2.error(ReflectionUtils.getCurrentMethodeName(), (Throwable) e2);
                } else {
                    logger2.error(ReflectionUtils.getCurrentMethodeName());
                }
            }
        } finally {
            this.channel = null;
        }
    }

    @Override // com.sncf.nfc.ticketing.security.CsmSecurityManager
    public String computeAblIdfEnvAuthenticator(String str) throws ApduException, CsmException, TicketingSecurityException {
        checkChannel();
        return super.computeAblIdfEnvAuthenticator(str);
    }

    @Override // com.sncf.nfc.ticketing.security.CsmSecurityManager
    protected ResponseAPDU executeCsmCommand(CommandAPDU commandAPDU) throws CsmException {
        checkCsmTimeout();
        ResponseAPDU responseAPDU = new ResponseAPDU(this.hsmProxy.sendApdu(this.channel.getChannelId(), commandAPDU.toBytes()));
        Logger logger = log;
        if (logger.isDebugEnabled()) {
            logger.debug("[CSM] APDU exchange : C-APDU [" + BytesUtils.bytesToStringNoSpace(commandAPDU.toBytes()) + "], R-APDU [" + BytesUtils.bytesToStringNoSpace(responseAPDU.getDataWithResponseCode()) + "]");
        }
        return responseAPDU;
    }

    public PoCommandDto openChannel(int i2, KeyTypeEnum keyTypeEnum, String str, PoContextDto poContextDto) throws CsmException, ApduException {
        return openChannel(i2, keyTypeEnum, str, poContextDto, 0);
    }

    public PoCommandDto openChannel(int i2, KeyTypeEnum keyTypeEnum, String str, PoContextDto poContextDto, int i3) throws CsmException, ApduException {
        Assert.getInstance().notNull(keyTypeEnum).notEmpty(str).notNull(poContextDto);
        openChannel(i2);
        try {
            csmSelectDiversifier(StringUtils.leftPad(str, 16, '0'));
            return PoCommandDto.builder().poCommand(BytesUtils.bytesToStringNoSpace(buildPoOpenSecureSession(csmGetChallenge(), keyTypeEnum, i3, poContextDto).toBytes())).hsmChannel(this.channel).build();
        } catch (Exception e2) {
            closeChannelSilently();
            throw e2;
        }
    }

    public void openChannel(int i2) throws CsmException {
        Date date = new Date();
        int openChannel = this.hsmProxy.openChannel(i2);
        Logger logger = log;
        if (logger.isDebugEnabled()) {
            logger.debug("[CSM] Open channel (key group = " + i2 + ") : channel id = " + openChannel);
        }
        this.channel = HsmChannelDto.builder().channelId(openChannel).channelOpenDate(date).lastCommandExchangeDate(date).build();
    }

    public void openChannel(int i2, String str) throws CsmException, ApduException {
        Assert.getInstance().notEmpty(str);
        openChannel(i2);
        try {
            csmSelectDiversifier(StringUtils.leftPad(str, 16, '0'));
        } catch (Exception e2) {
            closeChannelSilently();
            throw e2;
        }
    }

    public void processDigestAuthenticate(String str, PoContextDto poContextDto) throws ApduException, CsmException, TicketingSecurityException {
        Assert.getInstance().notEmpty(str).notNull(poContextDto);
        checkChannel();
        if (!csmDigestAuthenticate(PoApduUtils.getCloseSecureSessionResponseSignatureLo(poContextDto, new ResponseAPDU(BytesUtils.fromString(str))))) {
            throw new SessionNotAuthenticateException();
        }
    }

    public PoCommandDto processDigestSession(PoDigestInputDto poDigestInputDto) throws ApduException, CsmException, TicketingSecurityException {
        Assert.getInstance().notNull(poDigestInputDto).notEmpty(poDigestInputDto.getAid()).notEmpty(poDigestInputDto.getPoCommands()).notEmpty(poDigestInputDto.getPoResponses()).notNull(poDigestInputDto.getKeyType()).notNull(poDigestInputDto.getPoContext()).notNull(poDigestInputDto.getNetworkId());
        if (poDigestInputDto.getPoCommands().size() != poDigestInputDto.getPoResponses().size()) {
            throw new IllegalArgumentException("PoCommands & PoResponses have not the same size.");
        }
        if (poDigestInputDto.getPoCommands().size() <= 1) {
            throw new IllegalStateException("No command to digest.");
        }
        checkChannel();
        csmDigestInit(poDigestInputDto);
        csmDigestUpdate(poDigestInputDto);
        CommandAPDU buildPoCloseSecureSession = buildPoCloseSecureSession(csmDigestClose(poDigestInputDto), poDigestInputDto);
        CommandAPDU buildPoRatifySecureSession = buildPoRatifySecureSession(poDigestInputDto);
        return PoCommandDto.builder().poCommand(BytesUtils.bytesToStringNoSpace(buildPoCloseSecureSession.toBytes())).poRatificationCommand(buildPoRatifySecureSession != null ? BytesUtils.bytesToStringNoSpace(buildPoRatifySecureSession.toBytes()) : null).hsmChannel(this.channel).build();
    }

    @Override // com.sncf.nfc.ticketing.security.CsmSecurityManager
    public byte[] signT2Contract(byte[] bArr, String str, int i2) throws ApduException, CsmException {
        checkChannel();
        return super.signT2Contract(bArr, str, i2);
    }

    @Override // com.sncf.nfc.ticketing.security.CsmSecurityManager
    public byte[] signT2Environment(byte[] bArr, String str) throws ApduException, CsmException {
        checkChannel();
        return super.signT2Environment(bArr, str);
    }

    @Override // com.sncf.nfc.ticketing.security.CsmSecurityManager
    public byte[] signT2Name(byte[] bArr, String str, int i2, String str2) throws ApduException, CsmException {
        checkChannel();
        return super.signT2Name(bArr, str, i2, str2);
    }

    @Override // com.sncf.nfc.ticketing.security.CsmSecurityManager
    public byte[] signT2PictureAttributes(byte[] bArr, String str) throws ApduException, CsmException {
        checkChannel();
        return super.signT2PictureAttributes(bArr, str);
    }

    @Override // com.sncf.nfc.ticketing.security.CsmSecurityManager
    public byte[] signT2Usage(byte[] bArr, String str, int i2, String str2) throws ApduException, CsmException {
        checkChannel();
        return super.signT2Usage(bArr, str, i2, str2);
    }

    @Override // com.sncf.nfc.ticketing.security.CsmSecurityManager
    public boolean verifyAblIdfEnvAuthenticator(String str, String str2) throws ApduException, CsmException, TicketingSecurityException {
        checkChannel();
        return super.verifyAblIdfEnvAuthenticator(str, str2);
    }

    @Override // com.sncf.nfc.ticketing.security.CsmSecurityManager
    public PsoVerifySignatureResponseEnum verifyT2ContractSignature(byte[] bArr, String str, int i2) throws ApduException, CsmException {
        checkChannel();
        return super.verifyT2ContractSignature(bArr, str, i2);
    }

    @Override // com.sncf.nfc.ticketing.security.CsmSecurityManager
    public PsoVerifySignatureResponseEnum verifyT2EnvironmentSignature(byte[] bArr, String str) throws ApduException, CsmException {
        checkChannel();
        return super.verifyT2EnvironmentSignature(bArr, str);
    }

    @Override // com.sncf.nfc.ticketing.security.CsmSecurityManager
    public PsoVerifySignatureResponseEnum verifyT2UsageSignature(byte[] bArr, String str, int i2, String str2) throws ApduException, CsmException {
        checkChannel();
        return super.verifyT2UsageSignature(bArr, str, i2, str2);
    }
}
