package es.gob.jmulticard.card.pace;

import es.gob.jmulticard.CryptoHelper;
import es.gob.jmulticard.HexUtils;
import es.gob.jmulticard.apdu.ResponseApdu;
import es.gob.jmulticard.apdu.connection.ApduConnection;
import es.gob.jmulticard.apdu.connection.ApduConnectionException;
import es.gob.jmulticard.apdu.iso7816four.GeneralAuthenticateApduCommand;
import es.gob.jmulticard.apdu.iso7816four.pace.MseSetPaceAlgorithmApduCommand;
import es.gob.jmulticard.asn1.Tlv;
import es.gob.jmulticard.asn1.TlvException;
import es.gob.jmulticard.de.tsenger.androsmex.crypto.AmAESCrypto;
import es.gob.jmulticard.de.tsenger.androsmex.iso7816.SecureMessaging;
import java.io.IOException;
import java.math.BigInteger;
import java.util.Random;
import java.util.logging.Logger;
import org.spongycastle.asn1.teletrust.TeleTrusTNamedCurves;
import org.spongycastle.asn1.x9.X9ECParameters;
import org.spongycastle.math.ec.ECCurve;
import org.spongycastle.math.ec.ECFieldElement;
import org.spongycastle.math.ec.ECPoint;
import org.spongycastle.math.ec.Tnaf;
import org.spongycastle.util.Arrays;

/* loaded from: classes.dex */
public final class PaceChannelHelper {
    private static final byte TAG_DYNAMIC_AUTHENTICATION_DATA = 124;
    private static final byte TAG_GEN_AUTH_2 = -127;
    private static final byte TAG_GEN_AUTH_3 = -125;
    private static final byte TAG_GEN_AUTH_4 = -123;
    private static final Logger LOGGER = Logger.getLogger("es.gob.jmulticard");
    private static final byte[] CAN_MRZ_PADDING = {0, 0, 0, 3};
    private static final byte[] KENC_PADDING = {0, 0, 0, 1};
    private static final byte[] KMAC_PADDING = {0, 0, 0, 2};
    private static final byte[] MAC_PADDING = {Byte.MAX_VALUE, 73, 79, 6};
    private static final byte[] MAC2_PADDING = {-122, 65, 4};

    private PaceChannelHelper() {
    }

    private static byte[] bigIntToByteArray(BigInteger bigInteger) {
        byte[] byteArray = bigInteger.toByteArray();
        if (byteArray[0] != 0) {
            return byteArray;
        }
        byte[] bArr = new byte[byteArray.length - 1];
        System.arraycopy(byteArray, 1, bArr, 0, bArr.length);
        return bArr;
    }

    private static ECPoint byteArrayToECPoint(byte[] bArr, ECCurve.Fp fp) throws IllegalArgumentException {
        byte[] bArr2 = new byte[(bArr.length - 1) / 2];
        byte[] bArr3 = new byte[(bArr.length - 1) / 2];
        if (bArr[0] != 4) {
            throw new IllegalArgumentException("No se ha encontrado un punto no comprimido");
        }
        System.arraycopy(bArr, 1, bArr2, 0, (bArr.length - 1) / 2);
        System.arraycopy(bArr, ((bArr.length - 1) / 2) + 1, bArr3, 0, (bArr.length - 1) / 2);
        return fp.createPoint(((ECFieldElement.Fp) fp.fromBigInteger(new BigInteger(1, bArr2))).toBigInteger(), ((ECFieldElement.Fp) fp.fromBigInteger(new BigInteger(1, bArr3))).toBigInteger());
    }

    public static SecureMessaging openPaceChannel(byte b, PaceInitializer paceInitializer, ApduConnection apduConnection, CryptoHelper cryptoHelper) throws ApduConnectionException, PaceException {
        if (apduConnection == null) {
            throw new IllegalArgumentException("El canal de conexion no puede ser nulo");
        }
        if (paceInitializer == null) {
            throw new IllegalArgumentException("Es necesario proporcionar un inicializador para abrir canal PACE");
        }
        if (cryptoHelper == null) {
            throw new IllegalArgumentException("El CryptoHelper no puede ser nulo");
        }
        if (!apduConnection.isOpen()) {
            apduConnection.open();
        }
        MseSetPaceAlgorithmApduCommand mseSetPaceAlgorithmApduCommand = new MseSetPaceAlgorithmApduCommand(b, MseSetPaceAlgorithmApduCommand.PaceAlgorithmOid.PACE_ECDH_GM_AES_CBC_CMAC_128, paceInitializer.getPasswordType(), MseSetPaceAlgorithmApduCommand.PaceAlgorithmParam.BRAINPOOL_256_R1);
        ResponseApdu transmit = apduConnection.transmit(mseSetPaceAlgorithmApduCommand);
        if (!transmit.isOk()) {
            throw new PaceException(transmit.getStatusWord(), mseSetPaceAlgorithmApduCommand, "Error estableciendo el algoritmo del protocolo PACE (fallo en el MSE Set)");
        }
        GeneralAuthenticateApduCommand generalAuthenticateApduCommand = new GeneralAuthenticateApduCommand(Tnaf.POW_2_WIDTH, new byte[]{TAG_DYNAMIC_AUTHENTICATION_DATA, 0});
        ResponseApdu transmit2 = apduConnection.transmit(generalAuthenticateApduCommand);
        if (!transmit2.isOk()) {
            throw new PaceException(transmit2.getStatusWord(), generalAuthenticateApduCommand, "Error solicitando el aleatorio de calculo PACE (Nonce)");
        }
        try {
            byte[] value = new Tlv(new Tlv(transmit2.getData()).getValue()).getValue();
            byte[] bArr = new byte[16];
            try {
                System.arraycopy(cryptoHelper.digest(CryptoHelper.DigestAlgorithm.SHA1, HexUtils.concatenateByteArrays(paceInitializer.getBytes(), CAN_MRZ_PADDING)), 0, bArr, 0, 16);
                try {
                    byte[] aesDecrypt = cryptoHelper.aesDecrypt(value, new byte[0], bArr);
                    X9ECParameters byName = TeleTrusTNamedCurves.getByName("brainpoolp256r1");
                    ECPoint g = byName.getG();
                    ECCurve.Fp fp = (ECCurve.Fp) byName.getCurve();
                    Random random = new Random();
                    random.setSeed(random.nextLong());
                    byte[] bArr2 = new byte[fp.getFieldSize() / 8];
                    random.nextBytes(bArr2);
                    BigInteger bigInteger = new BigInteger(1, bArr2);
                    GeneralAuthenticateApduCommand generalAuthenticateApduCommand2 = new GeneralAuthenticateApduCommand(Tnaf.POW_2_WIDTH, new Tlv(TAG_DYNAMIC_AUTHENTICATION_DATA, new Tlv(TAG_GEN_AUTH_2, g.multiply(bigInteger).getEncoded(false)).getBytes()).getBytes());
                    ResponseApdu transmit3 = apduConnection.transmit(generalAuthenticateApduCommand2);
                    if (!transmit3.isOk()) {
                        throw new PaceException(transmit3.getStatusWord(), generalAuthenticateApduCommand2, "Error mapeando el aleatorio de calculo PACE (Nonce)");
                    }
                    try {
                        ECPoint add = g.multiply(new BigInteger(1, aesDecrypt)).add(byteArrayToECPoint(unwrapEcKey(transmit3.getData()), fp).multiply(bigInteger));
                        byte[] bArr3 = new byte[fp.getFieldSize() / 8];
                        random.setSeed(random.nextLong());
                        random.nextBytes(bArr3);
                        BigInteger bigInteger2 = new BigInteger(1, bArr3);
                        try {
                            byte[] unwrapEcKey = unwrapEcKey(apduConnection.transmit(new GeneralAuthenticateApduCommand(Tnaf.POW_2_WIDTH, new Tlv(TAG_DYNAMIC_AUTHENTICATION_DATA, new Tlv(TAG_GEN_AUTH_3, add.multiply(bigInteger2).getEncoded(false)).getBytes()).getBytes())).getData());
                            byte[] bigIntToByteArray = bigIntToByteArray(((ECPoint.Fp) byteArrayToECPoint(unwrapEcKey, fp).multiply(bigInteger2)).normalize().getXCoord().toBigInteger());
                            byte[] bArr4 = new byte[16];
                            try {
                                System.arraycopy(cryptoHelper.digest(CryptoHelper.DigestAlgorithm.SHA1, HexUtils.concatenateByteArrays(bigIntToByteArray, KENC_PADDING)), 0, bArr4, 0, 16);
                                byte[] bArr5 = new byte[16];
                                try {
                                    System.arraycopy(cryptoHelper.digest(CryptoHelper.DigestAlgorithm.SHA1, HexUtils.concatenateByteArrays(bigIntToByteArray, KMAC_PADDING)), 0, bArr5, 0, 16);
                                    byte[] bArr6 = new byte[unwrapEcKey.length - 1];
                                    System.arraycopy(unwrapEcKey, 1, bArr6, 0, unwrapEcKey.length - 1);
                                    try {
                                        GeneralAuthenticateApduCommand generalAuthenticateApduCommand3 = new GeneralAuthenticateApduCommand((byte) 0, new Tlv(TAG_DYNAMIC_AUTHENTICATION_DATA, new Tlv(TAG_GEN_AUTH_4, cryptoHelper.doAesCmac(HexUtils.concatenateByteArrays(MAC_PADDING, HexUtils.concatenateByteArrays(MseSetPaceAlgorithmApduCommand.PaceAlgorithmOid.PACE_ECDH_GM_AES_CBC_CMAC_128.getBytes(), HexUtils.concatenateByteArrays(MAC2_PADDING, bArr6))), bArr5)).getBytes()).getBytes());
                                        ResponseApdu transmit4 = apduConnection.transmit(generalAuthenticateApduCommand3);
                                        if (!transmit4.isOk()) {
                                            throw new InvalidCanOrMrzException(transmit4.getStatusWord(), generalAuthenticateApduCommand3, "Error estableciendo el algoritmo del protocolo PACE (fallo en el General Authenticate)");
                                        }
                                        byte[] bArr7 = new byte[16];
                                        Arrays.fill(bArr7, (byte) 0);
                                        LOGGER.info("Canal Pace abierto");
                                        LOGGER.info("\nKenc: " + HexUtils.hexify(bArr4, true) + "Kmac: " + HexUtils.hexify(bArr5, true) + "Ssc: " + HexUtils.hexify(bArr7, true));
                                        AmAESCrypto amAESCrypto = new AmAESCrypto();
                                        return new SecureMessaging(amAESCrypto, bArr4, bArr5, new byte[amAESCrypto.getBlockSize()]);
                                    } catch (Exception e) {
                                        throw new PaceException("Error descifrando el 'nonce': " + e, e);
                                    }
                                } catch (IOException e2) {
                                    throw new PaceException("Error obteniendo el 'kmac' a partir del CAN: " + e2, e2);
                                }
                            } catch (IOException e3) {
                                throw new PaceException("Error obteniendo el 'kenc' a partir del CAN/MRZ: " + e3, e3);
                            }
                        } catch (Exception e4) {
                            throw new PaceException("Error obteniendo la clave efimera EC publica de la tarjeta: " + e4, e4);
                        }
                    } catch (Exception e5) {
                        throw new PaceException("Error obteniendo la clave efimera EC publica de la tarjeta: " + e5, e5);
                    }
                } catch (Exception e6) {
                    throw new PaceException("Error descifranco el 'nonce': " + e6, e6);
                }
            } catch (IOException e7) {
                throw new PaceException("Error obteniendo el 'sk' a partir del CAN/MRZ: " + e7, e7);
            }
        } catch (TlvException e8) {
            throw new PaceException("El aleatorio de calculo PACE (Nonce) obtenido (" + HexUtils.hexify(transmit2.getData(), true) + ") no sigue el formato esperado: " + e8, e8);
        }
    }

    private static byte[] unwrapEcKey(byte[] bArr) throws TlvException {
        return new Tlv(new Tlv(bArr).getValue()).getValue();
    }
}
