package com.sncf.nfc.ticketing.security;

import com.sncf.nfc.apdu.data.CommandAPDU;
import com.sncf.nfc.apdu.data.ResponseAPDU;
import com.sncf.nfc.apdu.dto.CsmContextDto;
import com.sncf.nfc.apdu.dto.PoContextDto;
import com.sncf.nfc.apdu.enums.CAADEnum;
import com.sncf.nfc.apdu.enums.DataCipherModeEnum;
import com.sncf.nfc.apdu.enums.KeyTypeEnum;
import com.sncf.nfc.apdu.enums.Navigo2013KeyEnum;
import com.sncf.nfc.apdu.enums.PsoOperatingModeEnum;
import com.sncf.nfc.apdu.enums.PsoVerifySignatureResponseEnum;
import com.sncf.nfc.apdu.exception.ApduException;
import com.sncf.nfc.apdu.utils.CsmApduUtils;
import com.sncf.nfc.apdu.utils.PoApduUtils;
import com.sncf.nfc.ticketing.security.exceptions.CipheringNotPossibleException;
import com.sncf.nfc.ticketing.security.exceptions.CsmException;
import com.sncf.nfc.ticketing.security.exceptions.KifNotFoundException;
import com.sncf.nfc.ticketing.security.exceptions.KvcNotAuthorizedException;
import com.sncf.nfc.ticketing.security.exceptions.KvcNotFoundException;
import com.sncf.nfc.ticketing.security.exceptions.SigningKeyNotFoundException;
import com.sncf.nfc.ticketing.security.exceptions.TicketingSecurityException;
import com.sncf.nfc.transverse.util.Assert;
import fr.devnied.bitlib.BitUtils;
import fr.devnied.bitlib.BytesUtils;
import java.util.Arrays;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes4.dex */
public abstract class CsmSecurityManager {
    private static final int PSO_COMPUTE_KIF = 42;
    private static final int PSO_COMPUTE_KVC = 14;
    private static final int PSO_VERIFY_KIF = 43;
    private final ICsmSecurityConfig config;
    protected final CsmContextDto csmContext;
    protected final boolean isValidator;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.sncf.nfc.ticketing.security.CsmSecurityManager$1, reason: invalid class name */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$sncf$nfc$apdu$enums$CAADEnum;

        static {
            int[] iArr = new int[CAADEnum.values().length];
            $SwitchMap$com$sncf$nfc$apdu$enums$CAADEnum = iArr;
            try {
                iArr[CAADEnum.ENVIRONEMENT.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$sncf$nfc$apdu$enums$CAADEnum[CAADEnum.CONTRACT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$sncf$nfc$apdu$enums$CAADEnum[CAADEnum.USAGE.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$com$sncf$nfc$apdu$enums$CAADEnum[CAADEnum.NAME.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$com$sncf$nfc$apdu$enums$CAADEnum[CAADEnum.PICTURE_ATTRIBUTE.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CsmSecurityManager(ICsmSecurityConfig iCsmSecurityConfig) {
        Assert.getInstance().notNull(iCsmSecurityConfig).notNull(iCsmSecurityConfig.getCsmContext());
        this.config = iCsmSecurityConfig;
        this.csmContext = iCsmSecurityConfig.getCsmContext();
        this.isValidator = iCsmSecurityConfig.isValidator();
    }

    private byte[] buildPsoMessageInForT2(byte[] bArr, CAADEnum cAADEnum, String str, int i2, String str2) {
        StringBuilder sb = new StringBuilder();
        sb.append(BytesUtils.bytesToStringNoSpace(cAADEnum.getMarker()));
        sb.append(StringUtils.leftPad(str, 16, '0'));
        if (!cAADEnum.equals(CAADEnum.ENVIRONEMENT) && !cAADEnum.equals(CAADEnum.PICTURE_ATTRIBUTE)) {
            sb.append(StringUtils.leftPad(Integer.toHexString(i2).toUpperCase(), 2, '0'));
        }
        if (cAADEnum == CAADEnum.USAGE || cAADEnum == CAADEnum.NAME) {
            sb.append(str2);
        }
        sb.append(BytesUtils.bytesToStringNoSpace(formatPsoFileDataForT2(bArr, cAADEnum)));
        return BytesUtils.fromString(sb.toString());
    }

    private byte[] buildSignedFileForT2(byte[] bArr, CAADEnum cAADEnum, byte[] bArr2) {
        if (cAADEnum != CAADEnum.USAGE && cAADEnum != CAADEnum.NAME) {
            bArr2 = Arrays.copyOfRange(bArr2, bArr2.length - 12, bArr2.length);
        }
        System.arraycopy(bArr2, 0, bArr, bArr.length - bArr2.length, bArr2.length);
        return bArr;
    }

    private byte[] formatPsoFileDataForT2(byte[] bArr, CAADEnum cAADEnum) {
        BitUtils bitUtils = new BitUtils(bArr);
        int i2 = AnonymousClass1.$SwitchMap$com$sncf$nfc$apdu$enums$CAADEnum[cAADEnum.ordinal()];
        if (i2 == 1) {
            return removeT2AuthenticatorValue(bitUtils, 32);
        }
        if (i2 == 2) {
            formatT2UnsignedData(bitUtils, 56, false, 64);
            return removeT2AuthenticatorValue(bitUtils, 64);
        }
        if (i2 == 3) {
            formatT2UnsignedData(bitUtils, 32, false, 48);
            return removeT2AuthenticatorValue(bitUtils, 48);
        }
        if (i2 == 4) {
            formatT2UnsignedData(bitUtils, 24, true, 64);
            return removeT2AuthenticatorValue(bitUtils, 64);
        }
        if (i2 != 5) {
            return null;
        }
        return removeT2AuthenticatorValue(bitUtils, 64);
    }

    private void formatT2UnsignedData(BitUtils bitUtils, int i2, boolean z2, int i3) {
        bitUtils.setCurrentBitIndex(i2);
        int nextInteger = bitUtils.getNextInteger(8);
        if (nextInteger != 0) {
            if (z2) {
                bitUtils.setCurrentBitIndex((((i3 - 4) - 1) - nextInteger) * 8);
            }
            bitUtils.resetNextBits(nextInteger * 8);
        }
        bitUtils.reset();
    }

    private byte[] getKifKvc(byte b2, String str, int i2, KeyTypeEnum keyTypeEnum) throws TicketingSecurityException {
        byte[] bArr = new byte[2];
        Byte kif = this.config.getKif(str, i2, keyTypeEnum, b2);
        if (kif == null) {
            throw new KifNotFoundException(str, i2, keyTypeEnum, b2);
        }
        bArr[0] = kif.byteValue();
        bArr[1] = b2;
        return bArr;
    }

    private byte[] getKifKvc(String str, int i2, KeyTypeEnum keyTypeEnum) throws TicketingSecurityException {
        Byte kvc = this.config.getKvc(str, i2);
        if (kvc != null) {
            return getKifKvc(kvc.byteValue(), str, i2, keyTypeEnum);
        }
        throw new KvcNotFoundException(str, i2);
    }

    private byte[] getKifKvc(byte[] bArr, PoContextDto poContextDto, String str, int i2, KeyTypeEnum keyTypeEnum) throws ApduException, TicketingSecurityException {
        byte[] bArr2 = new byte[2];
        byte[] kifKvc = PoApduUtils.getKifKvc(poContextDto, bArr);
        return (kifKvc.length != 2 || kifKvc[0] == -1) ? (kifKvc.length == 2 && kifKvc[0] == -1) ? getKifKvc(kifKvc[1], str, i2, keyTypeEnum) : kifKvc.length == 1 ? getKifKvc(kifKvc[0], str, i2, keyTypeEnum) : kifKvc.length == 0 ? getKifKvc(str, i2, keyTypeEnum) : bArr2 : kifKvc;
    }

    private byte[] removeT2AuthenticatorValue(BitUtils bitUtils, int i2) {
        return bitUtils.getNextByte((i2 * 8) - 32);
    }

    private byte[] signT2File(byte[] bArr, CAADEnum cAADEnum, String str, int i2, String str2) throws ApduException, CsmException {
        PsoOperatingModeEnum psoOperatingModeEnum;
        int i3;
        if (cAADEnum.getOffest() != null) {
            psoOperatingModeEnum = PsoOperatingModeEnum.SAM_TRACEABILITY_4_BYTE;
            i3 = Integer.valueOf(BytesUtils.bytesToStringNoSpace(cAADEnum.getOffest()), 16).intValue();
        } else {
            psoOperatingModeEnum = PsoOperatingModeEnum.NORMAL;
            i3 = 0;
        }
        return buildSignedFileForT2(bArr, cAADEnum, psoComputeSignature(42, 14, psoOperatingModeEnum, 4, i3, buildPsoMessageInForT2(bArr, cAADEnum, str, i2, str2)));
    }

    private PsoVerifySignatureResponseEnum verifyT2FileSignature(byte[] bArr, CAADEnum cAADEnum, String str, int i2, String str2) throws ApduException, CsmException {
        PsoOperatingModeEnum psoOperatingModeEnum;
        int i3;
        if (cAADEnum.getOffest() != null) {
            psoOperatingModeEnum = PsoOperatingModeEnum.SAM_TRACEABILITY_4_BYTE;
            i3 = Integer.valueOf(BytesUtils.bytesToStringNoSpace(cAADEnum.getOffest()), 16).intValue();
        } else {
            psoOperatingModeEnum = PsoOperatingModeEnum.NORMAL;
            i3 = 0;
        }
        return psoVerifySignature(43, bArr[(bArr.length - 4) - 1], psoOperatingModeEnum, 4, i3, buildPsoMessageInForT2(bArr, cAADEnum, str, i2, str2), Arrays.copyOfRange(bArr, bArr.length - 4, bArr.length));
    }

    public byte[] cipher(int i2, int i3, byte[] bArr) throws ApduException, CsmException, TicketingSecurityException {
        Assert.getInstance().notEmpty(bArr);
        return csmDataCipher(i2, i3, bArr);
    }

    public String computeAblIdfEnvAuthenticator(String str) throws ApduException, CsmException, TicketingSecurityException {
        Assert.getInstance().notEmpty(str);
        byte[] fromString = BytesUtils.fromString(StringUtils.leftPad(str, 16, '0'));
        Navigo2013KeyEnum navigo2013KeyEnum = Navigo2013KeyEnum.UKD_TRAC1_X;
        byte[] csmDataCipher = csmDataCipher(navigo2013KeyEnum.getKif() & 255, navigo2013KeyEnum.getKvc() & 255, fromString);
        Navigo2013KeyEnum navigo2013KeyEnum2 = Navigo2013KeyEnum.UKD_TRAC2_X;
        byte[] csmDataCipher2 = csmDataCipher(navigo2013KeyEnum2.getKif() & 255, navigo2013KeyEnum2.getKvc() & 255, fromString);
        return BytesUtils.bytesToStringNoSpace(new byte[]{csmDataCipher[csmDataCipher.length - 1], csmDataCipher2[csmDataCipher2.length - 1]});
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void csmAbortDigestSession() throws ApduException, CsmException {
        CsmApduUtils.checkAbortDigestSessionResponse(this.csmContext, executeCsmCommand(CsmApduUtils.abortDigestSession(this.csmContext)));
    }

    protected byte[] csmDataCipher(int i2, int i3, byte[] bArr) throws ApduException, CsmException, TicketingSecurityException {
        byte[] dataCipherResponse = CsmApduUtils.getDataCipherResponse(this.csmContext, executeCsmCommand(CsmApduUtils.dataCipher(this.csmContext, DataCipherModeEnum.CIPHER, i2, i3, bArr)));
        if (dataCipherResponse == null || dataCipherResponse.length == 0) {
            throw new CipheringNotPossibleException();
        }
        return dataCipherResponse;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean csmDigestAuthenticate(byte[] bArr) throws ApduException, CsmException {
        return CsmApduUtils.isDigestAuthenticateResponseSignatureCorrect(this.csmContext, executeCsmCommand(CsmApduUtils.digestAuthenticate(this.csmContext, bArr)));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] csmDigestClose(PoContextDto poContextDto) throws ApduException, CsmException {
        return CsmApduUtils.getDigestCloseResponse(this.csmContext, poContextDto, executeCsmCommand(CsmApduUtils.digestClose(this.csmContext, poContextDto)));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void csmDigestInit(byte[] bArr, PoContextDto poContextDto, String str, int i2, KeyTypeEnum keyTypeEnum) throws ApduException, CsmException, TicketingSecurityException {
        byte[] kifKvc = getKifKvc(bArr, poContextDto, str, i2, keyTypeEnum);
        if (!this.config.isKvcAuthorized(str, i2, kifKvc[1])) {
            throw new KvcNotAuthorizedException("0x" + BytesUtils.bytesToStringNoSpace(kifKvc[1]), str, i2);
        }
        if (CsmApduUtils.isDigestInitResponseSigningKeyFound(this.csmContext, poContextDto, executeCsmCommand(CsmApduUtils.digestInit(this.csmContext, poContextDto, kifKvc, bArr, false)))) {
            return;
        }
        throw new SigningKeyNotFoundException("0x" + BytesUtils.bytesToStringNoSpace(kifKvc));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] csmGetChallenge() throws ApduException, CsmException {
        return CsmApduUtils.getChallengeResponse(this.csmContext, executeCsmCommand(CsmApduUtils.getChallenge(this.csmContext, true)));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void csmSelectDiversifier(String str) throws ApduException, CsmException {
        CsmApduUtils.checkSelectDiversifierResponse(this.csmContext, executeCsmCommand(CsmApduUtils.selectDiversifier(this.csmContext, BytesUtils.fromString(str))));
    }

    protected abstract ResponseAPDU executeCsmCommand(CommandAPDU commandAPDU) throws CsmException;

    protected byte[] psoComputeSignature(int i2, int i3, PsoOperatingModeEnum psoOperatingModeEnum, int i4, int i5, byte[] bArr) throws ApduException, CsmException {
        return CsmApduUtils.getPsoComputeSignatureResponse(this.csmContext, executeCsmCommand(CsmApduUtils.psoComputeSignature(this.csmContext, i2, i3, psoOperatingModeEnum, true, i4, i5, bArr)));
    }

    protected PsoVerifySignatureResponseEnum psoVerifySignature(int i2, int i3, PsoOperatingModeEnum psoOperatingModeEnum, int i4, int i5, byte[] bArr, byte[] bArr2) throws ApduException, CsmException {
        return CsmApduUtils.getPsoVerifySignatureResponse(this.csmContext, executeCsmCommand(CsmApduUtils.psoVerifySignature(this.csmContext, i2, i3, psoOperatingModeEnum, true, i4, i5, bArr, bArr2)));
    }

    public byte[] signT2Contract(byte[] bArr, String str, int i2) throws ApduException, CsmException {
        Assert.getInstance().notEmpty(bArr).notEmpty(str);
        return signT2File(bArr, CAADEnum.CONTRACT, str, i2, null);
    }

    public byte[] signT2Environment(byte[] bArr, String str) throws ApduException, CsmException {
        Assert.getInstance().notEmpty(bArr).notEmpty(str);
        return signT2File(bArr, CAADEnum.ENVIRONEMENT, str, 1, null);
    }

    public byte[] signT2Name(byte[] bArr, String str, int i2, String str2) throws ApduException, CsmException {
        Assert.getInstance().notEmpty(bArr).notEmpty(str).notEmpty(str2);
        return signT2File(bArr, CAADEnum.NAME, str, i2, str2);
    }

    public byte[] signT2PictureAttributes(byte[] bArr, String str) throws ApduException, CsmException {
        Assert.getInstance().notEmpty(bArr).notEmpty(str);
        return signT2File(bArr, CAADEnum.PICTURE_ATTRIBUTE, str, 1, null);
    }

    public byte[] signT2Usage(byte[] bArr, String str, int i2, String str2) throws ApduException, CsmException {
        Assert.getInstance().notEmpty(bArr).notEmpty(str).notEmpty(str2);
        return signT2File(bArr, CAADEnum.USAGE, str, i2, str2);
    }

    public boolean verifyAblIdfEnvAuthenticator(String str, String str2) throws ApduException, CsmException, TicketingSecurityException {
        Assert.getInstance().notEmpty(str).notEmpty(str2);
        return str.equals(computeAblIdfEnvAuthenticator(str2));
    }

    public PsoVerifySignatureResponseEnum verifyT2ContractSignature(byte[] bArr, String str, int i2) throws ApduException, CsmException {
        Assert.getInstance().notEmpty(bArr).notEmpty(str);
        return verifyT2FileSignature(bArr, CAADEnum.CONTRACT, str, i2, null);
    }

    public PsoVerifySignatureResponseEnum verifyT2EnvironmentSignature(byte[] bArr, String str) throws ApduException, CsmException {
        Assert.getInstance().notEmpty(bArr).notEmpty(str);
        return verifyT2FileSignature(bArr, CAADEnum.ENVIRONEMENT, str, 1, null);
    }

    public PsoVerifySignatureResponseEnum verifyT2UsageSignature(byte[] bArr, String str, int i2, String str2) throws ApduException, CsmException {
        Assert.getInstance().notEmpty(bArr).notEmpty(str).notEmpty(str2);
        return verifyT2FileSignature(bArr, CAADEnum.USAGE, str, i2, str2);
    }
}
