package de.gematik.ti.cardreader.provider.nfc.entities;

import com.google.common.primitives.SignedBytes;
import de.gematik.ti.cardreader.provider.api.card.CardException;
import de.gematik.ti.cardreader.provider.api.card.ICard;
import de.gematik.ti.cardreader.provider.api.card.ICardChannel;
import de.gematik.ti.cardreader.provider.api.command.CommandApdu;
import de.gematik.ti.cardreader.provider.api.command.ICommandApdu;
import de.gematik.ti.cardreader.provider.api.command.IResponseApdu;
import de.gematik.ti.cardreader.provider.api.command.ResponseApdu;
import de.gematik.ti.cardreader.provider.nfc.security.SecureMessaging;
import de.gematik.ti.utils.codec.Hex;
import java.io.IOException;
import java.security.GeneralSecurityException;
import org.objectweb.asm.Opcodes;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes5.dex */
public class NfcCardChannel implements ICardChannel {
    private static final int LOW_CHANNEL_NUMBER_VALUE = 4;
    private static final int MAX_CHANNEL_NO_VALUE = 20;
    private static final int RESPONSE_SUCCESS = 36864;
    private boolean channelClosed;
    private final int channelNo;
    private boolean isTrustedChannelEstablished;
    private final NfcCard nfcCard;
    private SecureMessaging secureMessaging;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) NfcCard.class);
    private static final CommandApdu MANAGE_CHANNEL_COMMAND_CLOSE = new CommandApdu(0, Opcodes.IREM, 128, 0);

    /* JADX INFO: Access modifiers changed from: package-private */
    public NfcCardChannel(NfcCard nfcCard) {
        this(nfcCard, 0);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public NfcCardChannel(NfcCard nfcCard, int i) {
        this.isTrustedChannelEstablished = false;
        this.channelClosed = false;
        this.nfcCard = nfcCard;
        this.channelNo = i;
    }

    private void checkChannelClosed() throws CardException {
        if (this.channelClosed) {
            throw new CardException("Logical Channel " + this.channelNo + " is already closed");
        }
    }

    @Override // de.gematik.ti.cardreader.provider.api.card.ICardChannel
    public void close() throws CardException {
        if (this.channelNo == 0) {
            throw new CardException("Basic channel cannot be closed.");
        }
        checkChannelClosed();
        this.nfcCard.checkCardOpen();
        try {
            if (transmit(modifyCommandForLogicalChannel(MANAGE_CHANNEL_COMMAND_CLOSE)).getSW() == RESPONSE_SUCCESS) {
                return;
            }
            throw new CardException("closing logical channel " + this.channelNo + " failed.");
        } finally {
            this.channelClosed = true;
        }
    }

    @Override // de.gematik.ti.cardreader.provider.api.card.ICardChannel
    public ICard getCard() {
        return this.nfcCard;
    }

    @Override // de.gematik.ti.cardreader.provider.api.card.ICardChannel
    public int getChannelNumber() {
        return this.channelNo;
    }

    @Override // de.gematik.ti.cardreader.provider.api.card.ICardChannel
    public int getMaxMessageLength() {
        return 261;
    }

    @Override // de.gematik.ti.cardreader.provider.api.card.ICardChannel
    public int getMaxResponseLength() {
        return 261;
    }

    @Override // de.gematik.ti.cardreader.provider.api.card.ICardChannel
    public boolean isExtendedLengthSupported() {
        boolean z = getMaxMessageLength() > 255 && getMaxResponseLength() > 255;
        LOG.debug("isExtendedLengthSupported: " + z);
        return z;
    }

    CommandApdu modifyCommandForLogicalChannel(ICommandApdu iCommandApdu) throws CardException {
        byte b;
        byte cla = (byte) iCommandApdu.getCla();
        int i = this.channelNo;
        if (i < 4) {
            b = (byte) (cla & 252);
        } else {
            if (i >= 20) {
                throw new CardException("Channel number: " + this.channelNo + " not allowed");
            }
            b = (byte) (cla | SignedBytes.MAX_POWER_OF_TWO);
            i -= 4;
        }
        return new CommandApdu((byte) (b | i), iCommandApdu.getIns(), iCommandApdu.getP1(), iCommandApdu.getP2(), iCommandApdu.getData());
    }

    public void setTrustedChannelEstablished(boolean z) {
        this.isTrustedChannelEstablished = z;
    }

    @Override // de.gematik.ti.cardreader.provider.api.card.ICardChannel
    public IResponseApdu transmit(ICommandApdu iCommandApdu) throws CardException {
        Logger logger = LOG;
        logger.debug("Command: " + Hex.encodeHexString(iCommandApdu.getBytes()));
        checkChannelClosed();
        this.nfcCard.checkCardOpen();
        if (this.channelNo > 0) {
            iCommandApdu = modifyCommandForLogicalChannel(iCommandApdu);
        }
        if (this.isTrustedChannelEstablished && this.secureMessaging == null) {
            this.secureMessaging = new SecureMessaging(this.nfcCard.getPaceKey());
            logger.debug("KEnc: " + Hex.encodeHexString(this.nfcCard.getPaceKey().getEnc()));
            logger.debug("KMac: " + Hex.encodeHexString(this.nfcCard.getPaceKey().getMac()));
            logger.debug("Trusted Channel is established.");
        }
        SecureMessaging secureMessaging = this.secureMessaging;
        if (secureMessaging == null) {
            return this.nfcCard.transceive(iCommandApdu);
        }
        try {
            CommandApdu encrypt = secureMessaging.encrypt(iCommandApdu);
            logger.debug("encrypted command: " + Hex.encodeHexString(encrypt.getBytes()));
            ResponseApdu transceive = this.nfcCard.transceive(encrypt);
            logger.debug("encrypted response: " + Hex.encodeHexString(transceive.getBytes()));
            try {
                transceive = this.secureMessaging.decrypt(transceive);
            } catch (IOException e) {
                LOG.error("decrypting response failed" + e);
            } catch (GeneralSecurityException e2) {
                LOG.error("decrypting response failed" + e2);
            }
            LOG.debug("plain response: " + Hex.encodeHexString(transceive.getBytes()));
            return transceive;
        } catch (IOException e3) {
            LOG.error("encrypting command failed" + e3);
            throw new CardException("encrypting command failed", e3);
        }
    }
}
