package de.link4health.egk.card;

import de.link4health.egk.BCProviderKt;
import de.link4health.egk.Bytes;
import de.link4health.egk.command.CommandApdu;
import de.link4health.egk.command.ResponseApdu;
import de.link4health.egk.tagobjects.DataObject;
import de.link4health.egk.tagobjects.LengthObject;
import de.link4health.egk.tagobjects.MacObject;
import de.link4health.egk.tagobjects.StatusObject;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.Metadata;
import kotlin.UByte;
import kotlin.collections.ArraysKt;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.asn1.DERTaggedObject;

/* compiled from: SecureMessaging.kt */
@Metadata(d1 = {"\u0000P\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0004\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\t\n\u0002\u0010\b\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\b\n\u0002\u0018\u0002\n\u0002\b\u0003\u0018\u00002\u00020\u0001B\u0017\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0004\b\u0006\u0010\u0007J\b\u0010\t\u001a\u00020\nH\u0002J\u000e\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\fJ\u0010\u0010\u000e\u001a\u00020\n2\u0006\u0010\u000f\u001a\u00020\u0005H\u0002J\u001d\u0010\u0010\u001a\n \u0011*\u0004\u0018\u00010\u00050\u00052\u0006\u0010\u0012\u001a\u00020\u0005H\u0002¢\u0006\u0002\u0010\u0013J(\u0010\u0014\u001a\u00020\f2\u0006\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u000f\u001a\u00020\u0005H\u0002J\u000e\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u001cJ\u0018\u0010\u001e\u001a\u00020\n2\u0006\u0010\u001f\u001a\u00020\u00052\u0006\u0010 \u001a\u00020\u0005H\u0002J\"\u0010!\u001a\u0004\u0018\u00010\"2\u0006\u0010#\u001a\u00020\u00052\u0006\u0010$\u001a\u00020\u00052\u0006\u0010%\u001a\u00020\u0005H\u0002J\u001a\u0010&\u001a\u00020\u001c2\u0006\u0010#\u001a\u00020\u00052\b\u0010'\u001a\u0004\u0018\u00010\"H\u0002J\u0010\u0010(\u001a\u00020\u00052\u0006\u0010)\u001a\u00020\u0005H\u0002J\u0010\u0010*\u001a\u00020+2\u0006\u0010,\u001a\u00020\u0016H\u0002J\b\u0010-\u001a\u00020\u0005H\u0002R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006."}, d2 = {"Lde/link4health/egk/card/SecureMessaging;", "", "paceKey", "Lde/link4health/egk/card/PaceKey;", "ecbIv", "", "<init>", "(Lde/link4health/egk/card/PaceKey;[B)V", "secureMessagingSSC", "incrementSSC", "", "encrypt", "Lde/link4health/egk/command/CommandApdu;", "commandApdu", "setSecureMessagingCommand", "header", "encryptData", "kotlin.jvm.PlatformType", "paddedData", "([B)[B", "createEncryptedCommand", "le", "", "data", "Ljava/io/ByteArrayOutputStream;", "do8E", "Lorg/bouncycastle/asn1/DERTaggedObject;", "decrypt", "Lde/link4health/egk/command/ResponseApdu;", "responseApdu", "checkMac", "mac", "macObject", "getResponseObjects", "Lde/link4health/egk/tagobjects/DataObject;", "statusBytes", "macBytes", "apduResponseBytes", "createDecryptedResponse", "dataObject", "removePaddingIndicator", "dataBytes", "getCipher", "Ljavax/crypto/Cipher;", "mode", "createCipherIV", "egk_release"}, k = 1, mv = {2, 0, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class SecureMessaging {
    private final byte[] ecbIv;
    private final PaceKey paceKey;
    private final byte[] secureMessagingSSC;

    public SecureMessaging(PaceKey paceKey, byte[] ecbIv) {
        Intrinsics.checkNotNullParameter(paceKey, "paceKey");
        Intrinsics.checkNotNullParameter(ecbIv, "ecbIv");
        this.paceKey = paceKey;
        this.ecbIv = ecbIv;
        this.secureMessagingSSC = new byte[16];
    }

    private final void checkMac(byte[] mac, byte[] macObject) {
        if (!Arrays.equals(mac, macObject)) {
            throw new IllegalArgumentException("Secure Messaging MAC verification failed".toString());
        }
    }

    private final byte[] createCipherIV() {
        Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding", BCProviderKt.getBCProvider());
        cipher.init(1, new SecretKeySpec(this.paceKey.getEnc(), "AES"), new IvParameterSpec(this.ecbIv));
        byte[] doFinal = cipher.doFinal(this.secureMessagingSSC);
        Intrinsics.checkNotNullExpressionValue(doFinal, "let(...)");
        return doFinal;
    }

    private final ResponseApdu createDecryptedResponse(byte[] statusBytes, DataObject dataObject) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (dataObject != null) {
            if (dataObject.getTag() == -121) {
                byte[] doFinal = getCipher(2).doFinal(removePaddingIndicator(dataObject.getData()));
                Bytes bytes = Bytes.INSTANCE;
                Intrinsics.checkNotNull(doFinal);
                byteArrayOutputStream.write(bytes.unPadData(doFinal));
            } else {
                byteArrayOutputStream.write(dataObject.getData());
            }
        }
        byteArrayOutputStream.write(statusBytes);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        Intrinsics.checkNotNullExpressionValue(byteArray, "toByteArray(...)");
        return new ResponseApdu(byteArray);
    }

    private final CommandApdu createEncryptedCommand(int le, ByteArrayOutputStream data, DERTaggedObject do8E, byte[] header) {
        do8E.encodeTo(data);
        int i = 256;
        if ((data.size() >= 1 || le != -1) && ((data.size() < 1 && le > -1) || data.size() <= 0 || le >= 0 || data.size() > 255)) {
            i = 65536;
        }
        return CommandApdu.INSTANCE.ofOptions(header[0] & UByte.MAX_VALUE, header[1] & UByte.MAX_VALUE, header[2] & UByte.MAX_VALUE, header[3] & UByte.MAX_VALUE, data.toByteArray(), Integer.valueOf(i));
    }

    private final byte[] encryptData(byte[] paddedData) {
        return getCipher(1).doFinal(paddedData);
    }

    private final Cipher getCipher(int mode) {
        Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding", BCProviderKt.getBCProvider());
        cipher.init(mode, new SecretKeySpec(this.paceKey.getEnc(), "AES"), new IvParameterSpec(createCipherIV()));
        Intrinsics.checkNotNullExpressionValue(cipher, "apply(...)");
        return cipher;
    }

    private final DataObject getResponseObjects(byte[] statusBytes, byte[] macBytes, byte[] apduResponseBytes) {
        byte[] bArr;
        byte b;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(apduResponseBytes);
        byte read = (byte) byteArrayInputStream.read();
        if (read == -127 || read == -121) {
            int read2 = byteArrayInputStream.read();
            if (read2 > 128) {
                int i = read2 & 15;
                byte[] bArr2 = new byte[i];
                SecureMessagingKt.readAndCheckExpectedLength(byteArrayInputStream, bArr2, i);
                read2 = new BigInteger(1, bArr2).intValue();
            }
            bArr = new byte[read2];
            SecureMessagingKt.readAndCheckExpectedLength(byteArrayInputStream, bArr, read2);
            b = read;
            read = (byte) byteArrayInputStream.read();
        } else {
            b = 0;
            bArr = null;
        }
        if (read != -103) {
            throw new IllegalArgumentException("Malformed Secure Messaging APDU".toString());
        }
        if (byteArrayInputStream.read() == 2) {
            SecureMessagingKt.readAndCheckExpectedLength(byteArrayInputStream, statusBytes, 2);
            read = (byte) byteArrayInputStream.read();
        }
        if (!(read == -114)) {
            throw new IllegalArgumentException("Malformed Secure Messaging APDU".toString());
        }
        if (byteArrayInputStream.read() == 8) {
            SecureMessagingKt.readAndCheckExpectedLength(byteArrayInputStream, macBytes, 8);
        }
        if (!(byteArrayInputStream.available() == 2)) {
            throw new IllegalArgumentException("Malformed Secure Messaging APDU".toString());
        }
        if (bArr != null) {
            return new DataObject(bArr, b);
        }
        return null;
    }

    private final void incrementSSC() {
        int length = this.secureMessagingSSC.length - 1;
        if (length < 0) {
            return;
        }
        while (true) {
            int i = length - 1;
            byte[] bArr = this.secureMessagingSSC;
            byte b = (byte) (bArr[length] + 1);
            bArr[length] = b;
            if (b != 0 || i < 0) {
                return;
            } else {
                length = i;
            }
        }
    }

    private final byte[] removePaddingIndicator(byte[] dataBytes) {
        return ArraysKt.copyOfRange(dataBytes, 1, dataBytes.length);
    }

    private final void setSecureMessagingCommand(byte[] header) {
        byte b = header[0];
        if (b == ((byte) (b | 12))) {
            throw new IllegalArgumentException("Malformed Secure Messaging APDU".toString());
        }
        header[0] = (byte) (b | 12);
    }

    public final ResponseApdu decrypt(ResponseApdu responseApdu) {
        DERTaggedObject taggedObject;
        Intrinsics.checkNotNullParameter(responseApdu, "responseApdu");
        byte[] bytes = responseApdu.getBytes();
        byte[] bArr = new byte[2];
        byte[] bArr2 = new byte[8];
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (bytes.length < 12) {
            throw new IllegalArgumentException("Malformed Secure Messaging APDU".toString());
        }
        incrementSSC();
        DataObject responseObjects = getResponseObjects(bArr, bArr2, bytes);
        if (responseObjects != null && (taggedObject = responseObjects.getTaggedObject()) != null) {
            taggedObject.encodeTo(byteArrayOutputStream);
        }
        new StatusObject(bArr).getTaggedObject().encodeTo(byteArrayOutputStream);
        checkMac(new MacObject(null, byteArrayOutputStream, this.paceKey.getMac(), this.secureMessagingSSC, 1, null).getMac(), bArr2);
        return createDecryptedResponse(bArr, responseObjects);
    }

    public final CommandApdu encrypt(CommandApdu commandApdu) {
        int i;
        byte[] bArr;
        Intrinsics.checkNotNullParameter(commandApdu, "commandApdu");
        byte[] bytes = commandApdu.getBytes();
        incrementSSC();
        if (bytes.length < 4) {
            throw new IllegalArgumentException("APDU must be at least 4 bytes long".toString());
        }
        byte[] copyOfRange = ArraysKt.copyOfRange(bytes, 0, 4);
        setSecureMessagingCommand(copyOfRange);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] copyOfRange2 = ArraysKt.copyOfRange(bytes, commandApdu.getDataOffset(), commandApdu.getDataOffset() + commandApdu.getRawNc());
        if (!(!(copyOfRange2.length == 0))) {
            copyOfRange2 = null;
        }
        if (copyOfRange2 != null) {
            byte[] encryptData = encryptData(Bytes.INSTANCE.padData(copyOfRange2, 16));
            bArr = SecureMessagingKt.PADDING_INDICATOR;
            new DataObject(ArraysKt.plus(bArr, encryptData), (byte) 0, 2, null).getTaggedObject().encodeTo(byteArrayOutputStream);
        }
        Integer rawNe = commandApdu.getRawNe();
        if (rawNe != null) {
            Integer num = rawNe;
            new LengthObject(num.intValue()).getTaggedObject().encodeTo(byteArrayOutputStream);
            i = num.intValue();
        } else {
            i = -1;
        }
        return createEncryptedCommand(i, byteArrayOutputStream, new MacObject(copyOfRange, byteArrayOutputStream, this.paceKey.getMac(), this.secureMessagingSSC).getTaggedObject(), copyOfRange);
    }
}
