package im.status.keycard.applet;

import com.oblador.keychain.cipherStorage.CipherStorageKeystoreAESCBC;
import im.status.keycard.io.APDUCommand;
import im.status.keycard.io.APDUException;
import im.status.keycard.io.APDUResponse;
import im.status.keycard.io.CardChannel;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.interfaces.ECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;

/* loaded from: classes.dex */
public class SecureChannelSession {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    public static final byte INS_MUTUALLY_AUTHENTICATE = 17;
    public static final byte INS_OPEN_SECURE_CHANNEL = 16;
    public static final byte INS_PAIR = 18;
    public static final byte INS_UNPAIR = 19;
    static final byte PAIRING_MAX_CLIENT_COUNT = 5;
    public static final byte PAIR_P1_FIRST_STEP = 0;
    public static final byte PAIR_P1_LAST_STEP = 1;
    public static final int PAYLOAD_MAX_SIZE = 223;
    public static final short SC_BLOCK_SIZE = 16;
    public static final short SC_SECRET_LENGTH = 32;
    private byte[] iv;
    private Pairing pairing;
    private byte[] publicKey;
    private byte[] secret;
    private Cipher sessionCipher;
    private SecretKeySpec sessionEncKey;
    private CBCBlockCipherMac sessionMac;
    private KeyParameter sessionMacKey;
    private SecureRandom random = new SecureRandom();
    private boolean open = false;

    private byte[] decryptAPDU(byte[] bArr) {
        try {
            this.sessionCipher.init(2, this.sessionEncKey, new IvParameterSpec(this.iv));
            return this.sessionCipher.doFinal(bArr);
        } catch (Exception e) {
            throw new RuntimeException("Is BouncyCastle in the classpath?", e);
        }
    }

    private byte[] encryptAPDU(byte[] bArr) {
        try {
            this.sessionCipher.init(1, this.sessionEncKey, new IvParameterSpec(this.iv));
            return this.sessionCipher.doFinal(bArr);
        } catch (Exception e) {
            throw new RuntimeException("Is BouncyCastle in the classpath?", e);
        }
    }

    private void updateIV(byte[] bArr, byte[] bArr2) {
        try {
            this.sessionMac.init(this.sessionMacKey);
            this.sessionMac.update(bArr, 0, bArr.length);
            this.sessionMac.update(bArr2, 0, bArr2.length);
            this.sessionMac.doFinal(this.iv, 0);
        } catch (Exception e) {
            throw new RuntimeException("Is BouncyCastle in the classpath?", e);
        }
    }

    public void autoOpenSecureChannel(CardChannel cardChannel) throws IOException, APDUException {
        APDUResponse openSecureChannel = openSecureChannel(cardChannel, this.pairing.getPairingIndex(), this.publicKey);
        openSecureChannel.checkOK("OPEN SECURE CHANNEL failed");
        processOpenSecureChannelResponse(openSecureChannel);
        APDUResponse mutuallyAuthenticate = mutuallyAuthenticate(cardChannel);
        mutuallyAuthenticate.checkOK("MUTUALLY AUTHENTICATE failed");
        verifyMutuallyAuthenticateResponse(mutuallyAuthenticate);
    }

    public void autoPair(CardChannel cardChannel, byte[] bArr) throws IOException, APDUException {
        byte[] bArr2 = new byte[32];
        this.random.nextBytes(bArr2);
        byte[] data = pair(cardChannel, (byte) 0, bArr2).checkOK("Pairing failed on step 1").getData();
        byte[] copyOf = Arrays.copyOf(data, 32);
        byte[] copyOfRange = Arrays.copyOfRange(data, 32, data.length);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA256", BouncyCastleProvider.PROVIDER_NAME);
            messageDigest.update(bArr);
            if (!Arrays.equals(messageDigest.digest(bArr2), copyOf)) {
                throw new APDUException("Invalid card cryptogram");
            }
            messageDigest.update(bArr);
            byte[] data2 = pair(cardChannel, (byte) 1, messageDigest.digest(copyOfRange)).checkOK("Pairing failed on step 2").getData();
            messageDigest.update(bArr);
            this.pairing = new Pairing(messageDigest.digest(Arrays.copyOfRange(data2, 1, data2.length)), data2[0]);
        } catch (Exception e) {
            throw new RuntimeException("Is BouncyCastle in the classpath?", e);
        }
    }

    public void autoUnpair(CardChannel cardChannel) throws IOException, APDUException {
        unpair(cardChannel, this.pairing.getPairingIndex()).checkOK("Unpairing failed");
    }

    public void generateSecret(byte[] bArr) {
        try {
            ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("secp256k1");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME);
            keyPairGenerator.initialize(parameterSpec, this.random);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            this.publicKey = ((ECPublicKey) generateKeyPair.getPublic()).getQ().getEncoded(false);
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME);
            keyAgreement.init(generateKeyPair.getPrivate());
            keyAgreement.doPhase((ECPublicKey) KeyFactory.getInstance("ECDSA", BouncyCastleProvider.PROVIDER_NAME).generatePublic(new ECPublicKeySpec(parameterSpec.getCurve().decodePoint(bArr), parameterSpec)), true);
            this.secret = keyAgreement.generateSecret();
        } catch (Exception e) {
            throw new RuntimeException("Is BouncyCastle in the classpath?", e);
        }
    }

    public Pairing getPairing() {
        return this.pairing;
    }

    public byte[] getPublicKey() {
        return this.publicKey;
    }

    public APDUResponse mutuallyAuthenticate(CardChannel cardChannel) throws IOException {
        byte[] bArr = new byte[32];
        this.random.nextBytes(bArr);
        return mutuallyAuthenticate(cardChannel, bArr);
    }

    public APDUResponse mutuallyAuthenticate(CardChannel cardChannel, byte[] bArr) throws IOException {
        return transmit(cardChannel, protectedCommand(128, 17, 0, 0, bArr));
    }

    public byte[] oneShotEncrypt(byte[] bArr) {
        try {
            this.iv = new byte[16];
            this.random.nextBytes(this.iv);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(this.iv);
            this.sessionEncKey = new SecretKeySpec(this.secret, CipherStorageKeystoreAESCBC.ENCRYPTION_ALGORITHM);
            this.sessionCipher = Cipher.getInstance("AES/CBC/ISO7816-4Padding", BouncyCastleProvider.PROVIDER_NAME);
            this.sessionCipher.init(1, this.sessionEncKey, ivParameterSpec);
            byte[] doFinal = this.sessionCipher.doFinal(bArr);
            byte[] bArr2 = new byte[this.publicKey.length + 1 + this.iv.length + doFinal.length];
            bArr2[0] = (byte) this.publicKey.length;
            System.arraycopy(this.publicKey, 0, bArr2, 1, this.publicKey.length);
            System.arraycopy(this.iv, 0, bArr2, this.publicKey.length + 1, this.iv.length);
            System.arraycopy(doFinal, 0, bArr2, this.publicKey.length + 1 + this.iv.length, doFinal.length);
            return bArr2;
        } catch (Exception e) {
            throw new RuntimeException("Is BouncyCastle in the classpath?", e);
        }
    }

    public APDUResponse openSecureChannel(CardChannel cardChannel, byte b, byte[] bArr) throws IOException {
        this.open = false;
        return cardChannel.send(new APDUCommand(128, 16, b, 0, bArr));
    }

    public APDUResponse pair(CardChannel cardChannel, byte b, byte[] bArr) throws IOException {
        return transmit(cardChannel, new APDUCommand(128, 18, b, 0, bArr));
    }

    public void processOpenSecureChannelResponse(APDUResponse aPDUResponse) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA512");
            messageDigest.update(this.secret);
            messageDigest.update(this.pairing.getPairingKey());
            byte[] data = aPDUResponse.getData();
            byte[] digest = messageDigest.digest(Arrays.copyOf(data, 32));
            this.iv = Arrays.copyOfRange(data, 32, data.length);
            this.sessionEncKey = new SecretKeySpec(Arrays.copyOf(digest, 32), CipherStorageKeystoreAESCBC.ENCRYPTION_ALGORITHM);
            this.sessionMacKey = new KeyParameter(digest, 32, 32);
            this.sessionCipher = Cipher.getInstance("AES/CBC/ISO7816-4Padding", BouncyCastleProvider.PROVIDER_NAME);
            this.sessionMac = new CBCBlockCipherMac(new AESEngine(), 128, null);
            this.open = true;
        } catch (Exception e) {
            throw new RuntimeException("Is BouncyCastle in the classpath?", e);
        }
    }

    public APDUCommand protectedCommand(int i, int i2, int i3, int i4, byte[] bArr) {
        byte[] bArr2;
        if (this.open) {
            byte[] encryptAPDU = encryptAPDU(bArr);
            updateIV(new byte[]{(byte) i, (byte) i2, (byte) i3, (byte) i4, (byte) (encryptAPDU.length + 16), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, encryptAPDU);
            byte[] bArr3 = this.iv;
            byte[] copyOf = Arrays.copyOf(bArr3, bArr3.length + encryptAPDU.length);
            System.arraycopy(encryptAPDU, 0, copyOf, this.iv.length, encryptAPDU.length);
            bArr2 = copyOf;
        } else {
            bArr2 = bArr;
        }
        return new APDUCommand(i, i2, i3, i4, bArr2);
    }

    public void reset() {
        this.open = false;
    }

    protected void setOpen() {
        this.open = true;
    }

    public void setPairing(Pairing pairing) {
        this.pairing = pairing;
    }

    public APDUResponse transmit(CardChannel cardChannel, APDUCommand aPDUCommand) throws IOException {
        APDUResponse send = cardChannel.send(aPDUCommand);
        if (send.getSw() == 27010) {
            this.open = false;
        }
        if (!this.open) {
            return send;
        }
        byte[] data = send.getData();
        byte[] bArr = {(byte) data.length, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
        byte[] copyOf = Arrays.copyOf(data, this.iv.length);
        byte[] copyOfRange = Arrays.copyOfRange(data, this.iv.length, data.length);
        byte[] decryptAPDU = decryptAPDU(copyOfRange);
        updateIV(bArr, copyOfRange);
        if (Arrays.equals(this.iv, copyOf)) {
            return new APDUResponse(decryptAPDU);
        }
        throw new IOException("Invalid MAC");
    }

    public APDUResponse unpair(CardChannel cardChannel, byte b) throws IOException {
        return transmit(cardChannel, protectedCommand(128, 19, b, 0, new byte[0]));
    }

    public void unpairOthers(CardChannel cardChannel) throws IOException, APDUException {
        for (int i = 0; i < 5; i++) {
            if (i != this.pairing.getPairingIndex()) {
                transmit(cardChannel, protectedCommand(128, 19, i, 0, new byte[0])).checkOK();
            }
        }
    }

    public void verifyMutuallyAuthenticateResponse(APDUResponse aPDUResponse) throws APDUException {
        if (aPDUResponse.getData().length != 32) {
            throw new APDUException("Invalid authentication data from the card");
        }
    }
}
