package es.gob.jmulticard.crypto;

import es.gob.jmulticard.CryptoHelper;
import es.gob.jmulticard.DigestAlgorithm;
import es.gob.jmulticard.HexUtils;
import es.gob.jmulticard.JmcLogger;
import es.gob.jmulticard.apdu.ResponseApdu;
import es.gob.jmulticard.apdu.iso7816four.pace.GeneralAuthenticateApduCommand;
import es.gob.jmulticard.apdu.iso7816four.pace.MseSetPaceAlgorithmApduCommand;
import es.gob.jmulticard.apdu.iso7816four.pace.PaceChat;
import es.gob.jmulticard.asn1.Tlv;
import es.gob.jmulticard.asn1.TlvException;
import es.gob.jmulticard.asn1.icao.CardAccess;
import es.gob.jmulticard.card.icao.IcaoException;
import es.gob.jmulticard.card.icao.InvalidCanOrMrzException;
import es.gob.jmulticard.card.icao.WirelessInitializer;
import es.gob.jmulticard.connection.ApduConnection;
import es.gob.jmulticard.connection.ApduConnectionException;
import es.gob.jmulticard.connection.pace.PaceException;
import es.gob.jmulticard.connection.pace.SecureMessaging;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.math.ec.ECCurve;
import org.bouncycastle.math.ec.ECFieldElement;
import org.bouncycastle.math.ec.ECPoint;

/* loaded from: classes.dex */
public class BcPaceChannelHelper extends CryptoHelper.PaceChannelHelper {
    private final CardAccess cardAccess;
    private final PaceChat paceChat;

    public BcPaceChannelHelper(CryptoHelper cryptoHelper, CardAccess cardAccess, PaceChat paceChat) {
        super(cryptoHelper);
        this.cardAccess = cardAccess;
        this.paceChat = paceChat;
    }

    public static ECPoint byteArrayToECPoint(byte[] bArr, ECCurve.Fp fp) {
        byte[] bArr2 = new byte[(bArr.length - 1) / 2];
        byte[] bArr3 = new byte[(bArr.length - 1) / 2];
        if (bArr[0] != 4) {
            throw new IllegalArgumentException("No se ha encontrado un punto no comprimido");
        }
        System.arraycopy(bArr, 1, bArr2, 0, (bArr.length - 1) / 2);
        System.arraycopy(bArr, ((bArr.length - 1) / 2) + 1, bArr3, 0, (bArr.length - 1) / 2);
        return fp.createPoint(((ECFieldElement.Fp) fp.fromBigInteger(new BigInteger(1, bArr2))).toBigInteger(), ((ECFieldElement.Fp) fp.fromBigInteger(new BigInteger(1, bArr3))).toBigInteger());
    }

    public byte[] getSecretNonce(WirelessInitializer wirelessInitializer, byte[] bArr, int i10, DigestAlgorithm digestAlgorithm) throws PaceException {
        try {
            try {
                return this.cryptoHelper.aesDecrypt(bArr, new byte[0], padAndDigest(wirelessInitializer.getBytes(), CryptoHelper.PaceChannelHelper.CAN_MRZ_PADDING, digestAlgorithm, i10), CryptoHelper.BlockMode.CBC, CryptoHelper.Padding.NOPADDING);
            } catch (IOException e10) {
                throw new PaceException("Error descifrando el 'nonce'", e10);
            }
        } catch (IOException e11) {
            throw new PaceException("Error obteniendo el 'sk' a partir del " + wirelessInitializer.getPasswordType(), e11);
        }
    }

    @Override // es.gob.jmulticard.CryptoHelper.PaceChannelHelper
    public SecureMessaging openPaceChannel(byte b10, WirelessInitializer wirelessInitializer, ApduConnection apduConnection) throws ApduConnectionException, IcaoException {
        if (apduConnection == null) {
            throw new IllegalArgumentException("El canal de conexion no puede ser nulo");
        }
        if (wirelessInitializer == null) {
            throw new IllegalArgumentException("Es necesario proporcionar un inicializador para abrir canal PACE");
        }
        if (this.cryptoHelper == null) {
            throw new IllegalArgumentException("El CryptoHelper no puede ser nulo");
        }
        if (!apduConnection.isOpen()) {
            apduConnection.open();
        }
        CardAccess.PaceAlgorithm paceAlgorithm = this.cardAccess.getPaceAlgorithm();
        CardAccess.PaceAlgorithmParam paceAlgorithmParam = this.cardAccess.getPaceAlgorithmParam();
        MseSetPaceAlgorithmApduCommand mseSetPaceAlgorithmApduCommand = new MseSetPaceAlgorithmApduCommand(b10, paceAlgorithm, wirelessInitializer.getPasswordType(), this.paceChat, paceAlgorithmParam);
        ResponseApdu transmit = apduConnection.transmit(mseSetPaceAlgorithmApduCommand);
        if (!transmit.isOk()) {
            throw new PaceException(transmit.getStatusWord(), mseSetPaceAlgorithmApduCommand, "Error estableciendo el algoritmo del protocolo PACE (fallo en el MSE Set)");
        }
        JmcLogger.info(BcPaceChannelHelper.class.getName(), "openPaceChannel", "Establecido el algoritmo para PACE con el comando MSE Set");
        GeneralAuthenticateApduCommand generalAuthenticateApduCommand = new GeneralAuthenticateApduCommand((byte) 16, new GeneralAuthenticateApduCommand.DataEncryptedNonce());
        ResponseApdu transmit2 = apduConnection.transmit(generalAuthenticateApduCommand);
        if (!transmit2.isOk()) {
            throw new PaceException(transmit2.getStatusWord(), generalAuthenticateApduCommand, "Error solicitando el aleatorio de calculo PACE (nonce)");
        }
        JmcLogger.info(BcPaceChannelHelper.class.getName(), "openPaceChannel", "Solicitado el aleatorio de calculo PACE (Nonce) con el primer comando General Autenticate");
        try {
            byte[] value = new Tlv(new Tlv(transmit2.getData()).getValue()).getValue();
            X9ECParameters byName = TeleTrusTNamedCurves.getByName(paceAlgorithmParam.getCurveName());
            ECPoint g10 = byName.getG();
            ECCurve.Fp fp = (ECCurve.Fp) byName.getCurve();
            SecureRandom secureRandom = new SecureRandom();
            byte[] bArr = new byte[fp.getFieldSize() / 8];
            secureRandom.nextBytes(bArr);
            BigInteger bigInteger = new BigInteger(1, bArr);
            GeneralAuthenticateApduCommand generalAuthenticateApduCommand2 = new GeneralAuthenticateApduCommand((byte) 16, new GeneralAuthenticateApduCommand.DataMapNonce(g10.multiply(bigInteger).getEncoded(false)));
            ResponseApdu transmit3 = apduConnection.transmit(generalAuthenticateApduCommand2);
            if (!transmit3.isOk()) {
                throw new PaceException(transmit3.getStatusWord(), generalAuthenticateApduCommand2, "Error mapeando el aleatorio de calculo PACE (nonce)");
            }
            JmcLogger.info(BcPaceChannelHelper.class.getName(), "openPaceChannel", "Mapeado el aleatorio de calculo PACE (Nonce) con el segundo comando General Autenticate");
            try {
                ECPoint add = g10.multiply(new BigInteger(1, getSecretNonce(wirelessInitializer, value, paceAlgorithm.getKeyLength(), this.cardAccess.getPaceDigestAlgorithm()))).add(byteArrayToECPoint(CryptoHelper.PaceChannelHelper.unwrapEcKey(transmit3.getData()), fp).multiply(bigInteger));
                byte[] bArr2 = new byte[fp.getFieldSize() / 8];
                secureRandom.setSeed(secureRandom.nextLong());
                secureRandom.nextBytes(bArr2);
                BigInteger bigInteger2 = new BigInteger(1, bArr2);
                GeneralAuthenticateApduCommand generalAuthenticateApduCommand3 = new GeneralAuthenticateApduCommand((byte) 16, new GeneralAuthenticateApduCommand.DataPerformKeyAgreement(add.multiply(bigInteger2).getEncoded(false)));
                ResponseApdu transmit4 = apduConnection.transmit(generalAuthenticateApduCommand3);
                if (!transmit4.isOk()) {
                    throw new PaceException(transmit4.getStatusWord(), generalAuthenticateApduCommand3, "Error en el tercer comando General Authenticate");
                }
                try {
                    byte[] unwrapEcKey = CryptoHelper.PaceChannelHelper.unwrapEcKey(transmit4.getData());
                    byte[] bigIntToByteArray = CryptoHelper.PaceChannelHelper.bigIntToByteArray(((ECPoint.Fp) byteArrayToECPoint(unwrapEcKey, fp).multiply(bigInteger2)).normalize().getXCoord().toBigInteger());
                    JmcLogger.info(BcPaceChannelHelper.class.getName(), "openPaceChannel", "Acordadas claves de canal con el tercer comando General Authenticate");
                    try {
                        byte[] padAndDigest = padAndDigest(bigIntToByteArray, CryptoHelper.PaceChannelHelper.KENC_PADDING, this.cardAccess.getPaceDigestAlgorithm(), paceAlgorithm.getKeyLength());
                        try {
                            byte[] padAndDigest2 = padAndDigest(bigIntToByteArray, CryptoHelper.PaceChannelHelper.KMAC_PADDING, this.cardAccess.getPaceDigestAlgorithm(), paceAlgorithm.getKeyLength());
                            byte[] bArr3 = new byte[unwrapEcKey.length - 1];
                            System.arraycopy(unwrapEcKey, 1, bArr3, 0, unwrapEcKey.length - 1);
                            try {
                                GeneralAuthenticateApduCommand generalAuthenticateApduCommand4 = new GeneralAuthenticateApduCommand((byte) 0, new GeneralAuthenticateApduCommand.DataMutualAuthentication(this.cryptoHelper.doAesCmac(HexUtils.concatenateByteArrays(CryptoHelper.PaceChannelHelper.MAC_PADDING_PRE, HexUtils.concatenateByteArrays(paceAlgorithm.getBytes(), HexUtils.concatenateByteArrays(CryptoHelper.PaceChannelHelper.MAC2_PADDING_POST, bArr3))), padAndDigest2)));
                                ResponseApdu transmit5 = apduConnection.transmit(generalAuthenticateApduCommand4);
                                if (!transmit5.isOk()) {
                                    throw new InvalidCanOrMrzException(transmit5.getStatusWord(), generalAuthenticateApduCommand4, "Error estableciendo el algoritmo del protocolo PACE (fallo en el General Authenticate)");
                                }
                                byte[] bArr4 = new byte[paceAlgorithm.getKeyLength() / 8];
                                Arrays.fill(bArr4, (byte) 0);
                                JmcLogger.info(BcPaceChannelHelper.class.getName(), "openPaceChannel", "Canal Pace abierto");
                                JmcLogger.debug(BcPaceChannelHelper.class.getName(), "openPaceChannel", "Claves de canal Pace:\n  Kenc: " + HexUtils.hexify(padAndDigest, true) + "\n  Kmac: " + HexUtils.hexify(padAndDigest2, true) + "\n  Ssc: " + HexUtils.hexify(bArr4, true));
                                return new SecureMessaging(padAndDigest, padAndDigest2, new byte[paceAlgorithm.getKeyLength() / 8], this.cryptoHelper);
                            } catch (InvalidKeyException | NoSuchAlgorithmException e10) {
                                throw new PaceException("Error descifrando el 'nonce'", e10);
                            }
                        } catch (IOException e11) {
                            throw new PaceException("Error obteniendo el 'kmac' a partir del CAN/MRZ/PIN", e11);
                        }
                    } catch (IOException e12) {
                        throw new PaceException("Error obteniendo el 'kenc' a partir del CAN/MRZ/PIN", e12);
                    }
                } catch (TlvException e13) {
                    throw new PaceException("Error obteniendo la clave efimera EC publica de la tarjeta", e13);
                }
            } catch (TlvException e14) {
                throw new PaceException("Error obteniendo la clave efimera EC publica de la tarjeta", e14);
            }
        } catch (TlvException e15) {
            throw new PaceException("El aleatorio de calculo PACE (Nonce) obtenido (" + HexUtils.hexify(transmit2.getData(), true) + ") no sigue el formato esperado", e15);
        }
    }

    public byte[] padAndDigest(byte[] bArr, byte[] bArr2, DigestAlgorithm digestAlgorithm, int i10) throws IOException {
        int i11 = i10 / 8;
        byte[] bArr3 = new byte[i11];
        System.arraycopy(this.cryptoHelper.digest(digestAlgorithm, HexUtils.concatenateByteArrays(bArr, bArr2)), 0, bArr3, 0, i11);
        return bArr3;
    }
}
