package pro.javacard.gp;

import apdu4j.HexUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.EnumSet;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.smartcardio.CommandAPDU;
import javax.smartcardio.ResponseAPDU;
import pro.javacard.gp.GPKey;
import pro.javacard.gp.GPSessionKeyProvider;
import pro.javacard.gp.GlobalPlatform;

/* loaded from: input_file:pro/javacard/gp/SCP03Wrapper.class */
class SCP03Wrapper extends SecureChannelWrapper {
    byte[] chaining_value = new byte[16];
    byte[] encryption_counter = new byte[16];

    /* JADX INFO: Access modifiers changed from: package-private */
    public SCP03Wrapper(GPSessionKeyProvider gPSessionKeyProvider, int i, EnumSet<GlobalPlatform.APDUMode> enumSet, byte[] bArr, byte[] bArr2, int i2) {
        this.sessionKeys = gPSessionKeyProvider;
        this.blockSize = i2;
        System.arraycopy(GPCrypto.null_bytes_16, 0, this.chaining_value, 0, GPCrypto.null_bytes_16.length);
        System.arraycopy(GPCrypto.null_bytes_16, 0, this.encryption_counter, 0, GPCrypto.null_bytes_16.length);
        setSecurityLevel(enumSet);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // pro.javacard.gp.SecureChannelWrapper
    public CommandAPDU wrap(CommandAPDU commandAPDU) throws GPException {
        byte[] bArr = null;
        try {
            int cla = commandAPDU.getCLA();
            int nc = commandAPDU.getNc();
            byte[] data = commandAPDU.getData();
            if (this.enc) {
                cla = 132;
                GPCrypto.buffer_increment(this.encryption_counter);
                if (commandAPDU.getData().length > 0) {
                    byte[] pad80 = GPCrypto.pad80(commandAPDU.getData(), 16);
                    Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
                    cipher.init(1, this.sessionKeys.getKeyFor(GPSessionKeyProvider.KeyPurpose.ENC).getKeyAs(GPKey.Type.AES), GPCrypto.iv_null_16);
                    cipher.init(1, this.sessionKeys.getKeyFor(GPSessionKeyProvider.KeyPurpose.ENC).getKeyAs(GPKey.Type.AES), new IvParameterSpec(cipher.doFinal(this.encryption_counter)));
                    data = cipher.doFinal(pad80);
                    nc = data.length;
                }
            }
            if (this.mac) {
                cla = 132;
                nc += 8;
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                byteArrayOutputStream.write(this.chaining_value);
                byteArrayOutputStream.write(132);
                byteArrayOutputStream.write(commandAPDU.getINS());
                byteArrayOutputStream.write(commandAPDU.getP1());
                byteArrayOutputStream.write(commandAPDU.getP2());
                byteArrayOutputStream.write(nc);
                byteArrayOutputStream.write(data);
                byte[] scp03_mac = GPCrypto.scp03_mac(this.sessionKeys.getKeyFor(GPSessionKeyProvider.KeyPurpose.MAC), byteArrayOutputStream.toByteArray(), 128);
                System.arraycopy(scp03_mac, 0, this.chaining_value, 0, this.chaining_value.length);
                bArr = Arrays.copyOf(scp03_mac, 8);
            }
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            byteArrayOutputStream2.write(cla);
            byteArrayOutputStream2.write(commandAPDU.getINS());
            byteArrayOutputStream2.write(commandAPDU.getP1());
            byteArrayOutputStream2.write(commandAPDU.getP2());
            byteArrayOutputStream2.write(nc);
            byteArrayOutputStream2.write(data);
            if (this.mac) {
                byteArrayOutputStream2.write(bArr);
            }
            if (commandAPDU.getNe() > 0) {
                byteArrayOutputStream2.write(commandAPDU.getNe());
            }
            return new CommandAPDU(byteArrayOutputStream2.toByteArray());
        } catch (IOException e) {
            throw new RuntimeException("APDU wrapping failed", e);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e2) {
            throw new IllegalStateException("APDU wrapping failed", e2);
        } catch (GeneralSecurityException e3) {
            throw new GPException("APDU wrapping failed", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // pro.javacard.gp.SecureChannelWrapper
    public ResponseAPDU unwrap(ResponseAPDU responseAPDU) throws GPException {
        try {
            if (this.rmac) {
                if (responseAPDU.getData().length < 8) {
                    throw new RuntimeException("Wrong response length (too short).");
                }
                int length = responseAPDU.getData().length - 8;
                byte[] bArr = new byte[8];
                System.arraycopy(responseAPDU.getData(), length, bArr, 0, 8);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                byteArrayOutputStream.write(this.chaining_value);
                byteArrayOutputStream.write(responseAPDU.getData(), 0, length);
                byteArrayOutputStream.write(responseAPDU.getSW1());
                byteArrayOutputStream.write(responseAPDU.getSW2());
                byte[] copyOf = Arrays.copyOf(GPCrypto.scp03_mac(this.sessionKeys.getKeyFor(GPSessionKeyProvider.KeyPurpose.RMAC), byteArrayOutputStream.toByteArray(), 128), 8);
                if (!Arrays.equals(copyOf, bArr)) {
                    throw new GPException("RMAC invalid: " + HexUtils.bin2hex(bArr) + " vs " + HexUtils.bin2hex(copyOf));
                }
                ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                byteArrayOutputStream2.write(responseAPDU.getBytes(), 0, length);
                byteArrayOutputStream2.write(responseAPDU.getSW1());
                byteArrayOutputStream2.write(responseAPDU.getSW2());
                responseAPDU = new ResponseAPDU(byteArrayOutputStream2.toByteArray());
            }
            if (this.renc) {
                byte[] copyOf2 = Arrays.copyOf(this.encryption_counter, this.encryption_counter.length);
                copyOf2[0] = Byte.MIN_VALUE;
                Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
                cipher.init(1, this.sessionKeys.getKeyFor(GPSessionKeyProvider.KeyPurpose.ENC).getKeyAs(GPKey.Type.AES), GPCrypto.iv_null_16);
                cipher.init(2, this.sessionKeys.getKeyFor(GPSessionKeyProvider.KeyPurpose.ENC).getKeyAs(GPKey.Type.AES), new IvParameterSpec(cipher.doFinal(copyOf2)));
                byte[] doFinal = cipher.doFinal(responseAPDU.getData());
                ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
                byteArrayOutputStream3.write(GPCrypto.unpad80(doFinal));
                byteArrayOutputStream3.write(responseAPDU.getSW1());
                byteArrayOutputStream3.write(responseAPDU.getSW2());
                responseAPDU = new ResponseAPDU(byteArrayOutputStream3.toByteArray());
            }
            return responseAPDU;
        } catch (IOException e) {
            throw new RuntimeException("APDU unwrapping failed", e);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e2) {
            throw new IllegalStateException("APDU unwrapping failed", e2);
        } catch (GeneralSecurityException e3) {
            throw new GPException("APDU unwrapping failed", e3);
        }
    }
}
