package de.cotech.hw.openpgp.internal.securemessaging;

import de.cotech.hw.internal.iso7816.CommandApdu;
import de.cotech.hw.internal.iso7816.Iso7816TLV;
import de.cotech.hw.internal.iso7816.ResponseApdu;
import de.cotech.hw.openpgp.internal.OpenPgpAppletConnection;
import de.cotech.hw.openpgp.internal.OpenPgpCardUtils;
import de.cotech.hw.openpgp.internal.OpenPgpCommandApduFactory;
import de.cotech.hw.openpgp.internal.openpgp.EcKeyFormat;
import de.cotech.hw.openpgp.internal.openpgp.KeyFormat;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.util.ArrayList;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.nist.NISTNamedCurves;
import org.bouncycastle.asn1.x9.ECNamedCurveTable;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.util.Arrays;

/* loaded from: classes.dex */
public class Scp11bSecureMessaging implements SecureMessaging {
    private static CertificateFactory certFactory;
    private static KeyFactory ecdhFactory;
    private static SecureRandom srand;
    private short mEncryptionCounter;
    private byte[] mMacChaining;
    private SecretKey mSEnc;
    private SecretKey mSMac;
    private SecretKey mSRMac;

    private Scp11bSecureMessaging() {
    }

    public static SecureMessaging establish(OpenPgpAppletConnection openPgpAppletConnection, OpenPgpCommandApduFactory openPgpCommandApduFactory, KeyStore keyStore) throws SecureMessagingException, IOException {
        ECPublicKey newECDHPublicKey;
        int i;
        EcKeyFormat ecKeyFormat;
        openPgpAppletConnection.clearSecureMessaging();
        ResponseApdu communicate = openPgpAppletConnection.communicate(openPgpCommandApduFactory.createGetDataCommand(0, -44));
        if (!communicate.isSuccess()) {
            throw new SecureMessagingException("no secure messaging key attributes available");
        }
        Iso7816TLV[] readList = Iso7816TLV.readList(communicate.getData(), true);
        if (readList == null || readList.length != 1 || ((byte) readList[0].mT) != -44) {
            throw new SecureMessagingException("unsupported secure messaging key attributes format");
        }
        KeyFormat fromBytes = KeyFormat.fromBytes(readList[0].mV);
        if (!(fromBytes instanceof EcKeyFormat)) {
            throw new SecureMessagingException("unsupported secure messaging key format");
        }
        EcKeyFormat ecKeyFormat2 = (EcKeyFormat) fromBytes;
        if (ecKeyFormat2.curveOid() == null) {
            throw new SecureMessagingException("unsupported secure messaging curve");
        }
        try {
            if (keyStore == null) {
                ResponseApdu communicate2 = openPgpAppletConnection.communicate(openPgpCommandApduFactory.createRetrieveSecureMessagingPublicKeyCommand());
                if (!communicate2.isSuccess()) {
                    throw new SecureMessagingException("no secure messaging public key available");
                }
                Iso7816TLV[] readList2 = Iso7816TLV.readList(communicate2.getData(), true);
                if (readList2 == null || readList2.length != 1 || ((short) readList2[0].mT) != 32585) {
                    throw new SecureMessagingException("invalid format of secure messaging key");
                }
                Iso7816TLV[] readList3 = Iso7816TLV.readList(readList2[0].mV, true);
                if (readList3 == null || readList3.length != 1 || ((byte) readList3[0].mT) != -122) {
                    throw new SecureMessagingException("invalid format of secure messaging key");
                }
                newECDHPublicKey = newECDHPublicKey(ecKeyFormat2, readList3[0].mV);
            } else {
                if (!openPgpAppletConnection.communicate(openPgpCommandApduFactory.createSelectSecureMessagingCertificateCommand()).isSuccess()) {
                    throw new SecureMessagingException("no secure messaging certificate selected");
                }
                ResponseApdu communicate3 = openPgpAppletConnection.communicate(openPgpCommandApduFactory.createGetDataCardHolderCertCommand());
                if (!communicate3.isSuccess()) {
                    throw new SecureMessagingException("no secure messaging certificate available");
                }
                newECDHPublicKey = verifyCertificate(keyStore, ecKeyFormat2, communicate3.getData());
            }
            if (newECDHPublicKey == null) {
                throw new SecureMessagingException("no key for secure messaging available");
            }
            int i2 = newECDHPublicKey.getParams().getCurve().getField().getFieldSize() < 512 ? 16 : 32;
            KeyPair generateECDHKeyPair = generateECDHKeyPair(ecKeyFormat2);
            ECPublicKey eCPublicKey = (ECPublicKey) generateECDHKeyPair.getPublic();
            ECPrivateKey eCPrivateKey = (ECPrivateKey) generateECDHKeyPair.getPrivate();
            byte b = (byte) i2;
            byte[] bArr = {-90, 13, -112, 2, 17, 0, -107, 1, 60, Byte.MIN_VALUE, 1, -120, -127, 1, b, 95, 73};
            EcKeyFormat ecKeyFormat3 = ecKeyFormat2;
            double fieldSize = eCPublicKey.getParams().getCurve().getField().getFieldSize();
            Double.isNaN(fieldSize);
            int ceil = (int) Math.ceil(fieldSize / 8.0d);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            byteArrayOutputStream.write(4);
            OpenPgpCardUtils.writeBits(byteArrayOutputStream, eCPublicKey.getW().getAffineX(), ceil);
            OpenPgpCardUtils.writeBits(byteArrayOutputStream, eCPublicKey.getW().getAffineY(), ceil);
            byteArrayOutputStream2.write(bArr);
            byteArrayOutputStream2.write(OpenPgpCardUtils.encodeLength(byteArrayOutputStream.size()));
            byteArrayOutputStream.writeTo(byteArrayOutputStream2);
            ResponseApdu communicate4 = openPgpAppletConnection.communicate(openPgpCommandApduFactory.createInternalAuthForSecureMessagingCommand(byteArrayOutputStream2.toByteArray()));
            if (!communicate4.isSuccess()) {
                throw new SecureMessagingException("failed to initiate internal authenticate");
            }
            Iso7816TLV[] readList4 = Iso7816TLV.readList(communicate4.getData(), true);
            if (readList4 == null || readList4.length != 2 || readList4[0].mT == readList4[1].mT) {
                throw new SecureMessagingException("invalid internal authenticate response");
            }
            ECPublicKey eCPublicKey2 = null;
            byte[] bArr2 = null;
            int i3 = 0;
            while (i3 < readList4.length) {
                int i4 = readList4[i3].mT;
                if (i4 == 134) {
                    ecKeyFormat = ecKeyFormat3;
                    if (readList4[i3].mL != 16) {
                        throw new SecureMessagingException("invalid size for receipt");
                    }
                    bArr2 = readList4[i3].mV;
                } else {
                    if (i4 != 24393) {
                        throw new SecureMessagingException("unexpected data in internal authenticate response");
                    }
                    ecKeyFormat = ecKeyFormat3;
                    eCPublicKey2 = newECDHPublicKey(ecKeyFormat, readList4[i3].mV);
                }
                i3++;
                ecKeyFormat3 = ecKeyFormat;
            }
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME);
            ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
            keyAgreement.init(eCPrivateKey);
            keyAgreement.doPhase(eCPublicKey2, true);
            byteArrayOutputStream3.write(keyAgreement.generateSecret());
            keyAgreement.init(eCPrivateKey);
            keyAgreement.doPhase(newECDHPublicKey, true);
            byteArrayOutputStream3.write(keyAgreement.generateSecret());
            int size = byteArrayOutputStream3.size() + 3;
            byteArrayOutputStream3.write(new byte[]{0, 0, 0, 0, bArr[8], bArr[11], b});
            byte[] byteArray = byteArrayOutputStream3.toByteArray();
            MessageDigest messageDigest = MessageDigest.getInstance("SHA256", BouncyCastleProvider.PROVIDER_NAME);
            ByteArrayOutputStream byteArrayOutputStream4 = new ByteArrayOutputStream();
            while (true) {
                i = i2 * 4;
                if (byteArrayOutputStream4.size() >= i) {
                    break;
                }
                byteArray[size] = (byte) (byteArray[size] + 1);
                byteArrayOutputStream4.write(messageDigest.digest(byteArray));
            }
            byte[] byteArray2 = byteArrayOutputStream4.toByteArray();
            byte[] copyOfRange = Arrays.copyOfRange(byteArray2, 0, i2);
            int i5 = i2 * 2;
            byte[] copyOfRange2 = Arrays.copyOfRange(byteArray2, i2, i5);
            int i6 = i2 * 3;
            byte[] copyOfRange3 = Arrays.copyOfRange(byteArray2, i5, i6);
            byte[] copyOfRange4 = Arrays.copyOfRange(byteArray2, i6, i);
            Mac mac = Mac.getInstance("AESCMAC", BouncyCastleProvider.PROVIDER_NAME);
            mac.init(new SecretKeySpec(copyOfRange, "AES"));
            byte[] data = communicate4.getData();
            mac.update(byteArrayOutputStream2.toByteArray());
            mac.update(data, 0, (data.length - 2) - 16);
            byte[] doFinal = mac.doFinal();
            for (int i7 = 0; i7 < 16; i7++) {
                if (doFinal[i7] != bArr2[i7]) {
                    throw new SecureMessagingException("corrupted receipt!");
                }
            }
            Scp11bSecureMessaging scp11bSecureMessaging = new Scp11bSecureMessaging();
            scp11bSecureMessaging.setKeys(copyOfRange2, copyOfRange3, copyOfRange4, bArr2);
            return scp11bSecureMessaging;
        } catch (IllegalArgumentException e) {
            throw new SecureMessagingException("illegal argument (" + e.getMessage() + ")");
        } catch (InvalidAlgorithmParameterException e2) {
            throw new SecureMessagingException("invalid algorithm parameters : " + e2.getMessage());
        } catch (InvalidKeyException e3) {
            throw new SecureMessagingException("invalid key : " + e3.getMessage());
        } catch (NoSuchAlgorithmException e4) {
            throw new SecureMessagingException("unknown EC key algorithm : " + e4.getMessage());
        } catch (NoSuchProviderException unused) {
            throw new SecureMessagingException("unknown provider BC");
        } catch (InvalidKeySpecException e5) {
            throw new SecureMessagingException("invalid key specification : " + e5.getMessage());
        } catch (InvalidParameterSpecException e6) {
            throw new SecureMessagingException("invalid ECDH parameters : " + e6.getMessage());
        }
    }

    private static KeyPair generateECDHKeyPair(EcKeyFormat ecKeyFormat) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidParameterSpecException, InvalidAlgorithmParameterException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
        if (srand == null) {
            srand = new SecureRandom();
        }
        keyPairGenerator.initialize(getAlgorithmParameterSpec(ecKeyFormat), srand);
        return keyPairGenerator.generateKeyPair();
    }

    private static ECParameterSpec getAlgorithmParameterSpec(EcKeyFormat ecKeyFormat) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidParameterSpecException {
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
        algorithmParameters.init(new ECGenParameterSpec(ECNamedCurveTable.getName(ecKeyFormat.curveOid())));
        return (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class);
    }

    private static ECPublicKey newECDHPublicKey(EcKeyFormat ecKeyFormat, byte[] bArr) throws InvalidKeySpecException, NoSuchAlgorithmException, InvalidParameterSpecException, NoSuchProviderException {
        if (ecdhFactory == null) {
            ecdhFactory = KeyFactory.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME);
        }
        X9ECParameters byOID = NISTNamedCurves.getByOID(ecKeyFormat.curveOid());
        if (byOID == null) {
            throw new InvalidParameterSpecException("unsupported curve");
        }
        ECPoint decodePoint = byOID.getCurve().decodePoint(bArr);
        if (!decodePoint.isValid()) {
            throw new InvalidKeySpecException("invalid EC point");
        }
        return (ECPublicKey) ecdhFactory.generatePublic(new ECPublicKeySpec(new java.security.spec.ECPoint(decodePoint.getAffineXCoord().toBigInteger(), decodePoint.getAffineYCoord().toBigInteger()), getAlgorithmParameterSpec(ecKeyFormat)));
    }

    private void setKeys(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws SecureMessagingException {
        if (bArr.length != bArr2.length || bArr.length != bArr3.length || bArr4.length != 16) {
            throw new SecureMessagingException("incoherent SCP11b key set");
        }
        this.mSEnc = new SecretKeySpec(bArr, "AES");
        this.mSMac = new SecretKeySpec(bArr2, "AES");
        this.mSRMac = new SecretKeySpec(bArr3, "AES");
        this.mEncryptionCounter = (short) 0;
        this.mMacChaining = bArr4;
    }

    private static ECPublicKey verifyCertificate(KeyStore keyStore, EcKeyFormat ecKeyFormat, byte[] bArr) throws IOException {
        try {
            if (certFactory == null) {
                certFactory = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
            }
            ECParameterSpec algorithmParameterSpec = getAlgorithmParameterSpec(ecKeyFormat);
            Certificate generateCertificate = certFactory.generateCertificate(new ByteArrayInputStream(bArr));
            if (!(generateCertificate instanceof X509Certificate)) {
                throw new IOException("invalid card certificate");
            }
            X509Certificate x509Certificate = (X509Certificate) generateCertificate;
            PublicKey publicKey = x509Certificate.getPublicKey();
            if (!(publicKey instanceof ECPublicKey)) {
                throw new IOException("invalid card public key");
            }
            ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
            if (!algorithmParameterSpec.getCurve().equals(eCPublicKey.getParams().getCurve())) {
                throw new IOException("incoherent card certificate/public key format");
            }
            if (keyStore == null) {
                throw new KeyStoreException("no keystore found");
            }
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate(x509Certificate);
            ArrayList arrayList = new ArrayList();
            arrayList.add(x509Certificate);
            CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), BouncyCastleProvider.PROVIDER_NAME);
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, x509CertSelector);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.addCertStore(certStore);
            return eCPublicKey;
        } catch (IllegalArgumentException e) {
            e.printStackTrace();
            throw new IOException("illegal argument (" + e.getMessage() + ")");
        } catch (InvalidAlgorithmParameterException e2) {
            throw new IOException("invalid algorithm parameter (" + e2.getMessage() + ")");
        } catch (KeyStoreException e3) {
            throw new IOException("failed to build keystore (" + e3.getMessage() + ")");
        } catch (NoSuchAlgorithmException e4) {
            throw new IOException("unknown algorithm (" + e4.getMessage() + ")");
        } catch (NoSuchProviderException e5) {
            throw new IOException("unavailable crypto (" + e5.getMessage() + ")");
        } catch (CertPathBuilderException e6) {
            throw new IOException("invalid certificate path (" + e6.getMessage() + ")");
        } catch (CertificateException e7) {
            throw new IOException("invalid card certificate (" + e7.getMessage() + ")");
        } catch (InvalidParameterSpecException e8) {
            throw new IOException("invalid card key parameters (" + e8.getMessage() + ")");
        }
    }

    @Override // de.cotech.hw.openpgp.internal.securemessaging.SecureMessaging
    public void clearSession() {
        this.mSEnc = null;
        this.mSMac = null;
        this.mSRMac = null;
        this.mEncryptionCounter = (short) 0;
        this.mMacChaining = null;
    }

    @Override // de.cotech.hw.openpgp.internal.securemessaging.SecureMessaging
    public CommandApdu encryptAndSign(CommandApdu commandApdu) throws SecureMessagingException {
        if (!isEstablished()) {
            throw new SecureMessagingException("not established");
        }
        short s = (short) (this.mEncryptionCounter + 1);
        this.mEncryptionCounter = s;
        if (s <= 0) {
            throw new SecureMessagingException("exhausted encryption counter");
        }
        try {
            byte[] data = commandApdu.getData();
            if (data.length > 0) {
                Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
                byte[] bArr = new byte[16];
                Arrays.fill(bArr, (byte) 0);
                cipher.init(1, this.mSEnc, new IvParameterSpec(bArr));
                bArr[14] = (byte) ((this.mEncryptionCounter >> 8) & 255);
                bArr[15] = (byte) (this.mEncryptionCounter & 255);
                byte[] doFinal = cipher.doFinal(bArr);
                cipher.init(1, this.mSEnc, new IvParameterSpec(doFinal));
                byte[] bArr2 = new byte[(data.length + 16) - (data.length % 16)];
                System.arraycopy(data, 0, bArr2, 0, data.length);
                bArr2[data.length] = Byte.MIN_VALUE;
                Arrays.fill(data, (byte) 0);
                data = cipher.doFinal(bArr2);
                Arrays.fill(bArr2, (byte) 0);
                Arrays.fill(doFinal, (byte) 0);
            }
            int length = data.length + 8;
            byte[] bArr3 = new byte[length + 7 + 3];
            int i = 4;
            bArr3[0] = (byte) (((byte) commandApdu.getCLA()) | 4);
            bArr3[1] = (byte) commandApdu.getINS();
            bArr3[2] = (byte) commandApdu.getP1();
            bArr3[3] = (byte) commandApdu.getP2();
            if (length > 255) {
                bArr3[4] = 0;
                i = 6;
                bArr3[5] = (byte) ((length >> 8) & 255);
            }
            int i2 = i + 1;
            bArr3[i] = (byte) (length & 255);
            System.arraycopy(data, 0, bArr3, i2, data.length);
            int length2 = i2 + data.length;
            Arrays.fill(data, (byte) 0);
            Mac mac = Mac.getInstance("AESCMAC", BouncyCastleProvider.PROVIDER_NAME);
            mac.init(this.mSMac);
            mac.update(this.mMacChaining);
            mac.update(bArr3, 0, length2);
            byte[] doFinal2 = mac.doFinal();
            this.mMacChaining = doFinal2;
            System.arraycopy(doFinal2, 0, bArr3, length2, 8);
            int i3 = length2 + 8;
            if (length > 255) {
                bArr3[i3] = 0;
                i3++;
            }
            int i4 = i3 + 1;
            bArr3[i3] = 0;
            try {
                CommandApdu fromBytes = CommandApdu.fromBytes(bArr3, 0, i4);
                Arrays.fill(bArr3, (byte) 0);
                return fromBytes;
            } catch (IOException e) {
                throw new SecureMessagingException("Failed to parsing APDU: " + e.getMessage());
            }
        } catch (InvalidAlgorithmParameterException e2) {
            throw new SecureMessagingException("invalid IV : " + e2.getMessage());
        } catch (InvalidKeyException e3) {
            throw new SecureMessagingException("invalid key : " + e3.getMessage());
        } catch (NoSuchAlgorithmException e4) {
            throw new SecureMessagingException("unavailable algorithm : " + e4.getMessage());
        } catch (NoSuchProviderException e5) {
            throw new SecureMessagingException("unavailable provider : " + e5.getMessage());
        } catch (BadPaddingException e6) {
            throw new SecureMessagingException("invalid IV : " + e6.getMessage());
        } catch (IllegalBlockSizeException e7) {
            throw new SecureMessagingException("invalid block size : " + e7.getMessage());
        } catch (NoSuchPaddingException e8) {
            throw new SecureMessagingException("unavailable padding algorithm : " + e8.getMessage());
        }
    }

    @Override // de.cotech.hw.openpgp.internal.securemessaging.SecureMessaging
    public boolean isEstablished() {
        return (this.mSEnc == null || this.mSMac == null || this.mSRMac == null || this.mMacChaining == null) ? false : true;
    }

    @Override // de.cotech.hw.openpgp.internal.securemessaging.SecureMessaging
    public ResponseApdu verifyAndDecrypt(ResponseApdu responseApdu) throws SecureMessagingException {
        byte[] bArr;
        if (!isEstablished()) {
            throw new SecureMessagingException("not established");
        }
        byte[] data = responseApdu.getData();
        if (data.length == 0 && !responseApdu.isSuccess() && responseApdu.getSw1() != 98 && responseApdu.getSw1() != 99) {
            return responseApdu;
        }
        if (data.length < 8) {
            throw new SecureMessagingException("missing or incomplete MAC in response");
        }
        try {
            Mac mac = Mac.getInstance("AESCMAC", BouncyCastleProvider.PROVIDER_NAME);
            mac.init(this.mSRMac);
            mac.update(this.mMacChaining);
            if (data.length - 8 > 0) {
                mac.update(data, 0, data.length - 8);
            }
            mac.update((byte) responseApdu.getSw1());
            mac.update((byte) responseApdu.getSw2());
            byte[] doFinal = mac.doFinal();
            for (int i = 0; i < 8; i++) {
                if (i >= doFinal.length || doFinal[i] != data[(data.length - 8) + i]) {
                    throw new SecureMessagingException("corrupted integrity");
                }
            }
            if ((data.length - 8) % 16 != 0) {
                throw new SecureMessagingException("invalid encrypted data size");
            }
            if (data.length > 8) {
                Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
                byte[] bArr2 = new byte[16];
                Arrays.fill(bArr2, (byte) 0);
                cipher.init(1, this.mSEnc, new IvParameterSpec(bArr2));
                bArr2[0] = Byte.MIN_VALUE;
                bArr2[14] = (byte) ((this.mEncryptionCounter >> 8) & 255);
                bArr2[15] = (byte) (this.mEncryptionCounter & 255);
                cipher.init(2, this.mSEnc, new IvParameterSpec(cipher.doFinal(bArr2)));
                byte[] doFinal2 = cipher.doFinal(data, 0, data.length - 8);
                int length = doFinal2.length - 1;
                while (length > 0 && doFinal2[length] == 0) {
                    length--;
                }
                if (length <= 0 || doFinal2[length] != Byte.MIN_VALUE) {
                    throw new SecureMessagingException("invalid data padding after decryption");
                }
                int i2 = length + 2;
                bArr = new byte[i2];
                System.arraycopy(doFinal2, 0, bArr, 0, length);
                bArr[i2 - 2] = (byte) responseApdu.getSw1();
                bArr[i2 - 1] = (byte) responseApdu.getSw2();
                Arrays.fill(doFinal2, (byte) 0);
            } else {
                bArr = new byte[]{(byte) responseApdu.getSw1(), (byte) responseApdu.getSw2()};
            }
            try {
                return ResponseApdu.fromBytes(bArr);
            } catch (IOException e) {
                throw new SecureMessagingException("Failed to parsing APDU: " + e.getMessage());
            }
        } catch (InvalidAlgorithmParameterException e2) {
            throw new SecureMessagingException("invalid IV : " + e2.getMessage());
        } catch (InvalidKeyException e3) {
            throw new SecureMessagingException("invalid key : " + e3.getMessage());
        } catch (NoSuchAlgorithmException e4) {
            throw new SecureMessagingException("unavailable algorithm : " + e4.getMessage());
        } catch (NoSuchProviderException e5) {
            throw new SecureMessagingException("unknown provider : " + e5.getMessage());
        } catch (BadPaddingException e6) {
            throw new SecureMessagingException("invalid IV : " + e6.getMessage());
        } catch (IllegalBlockSizeException e7) {
            throw new SecureMessagingException("invalid block size : " + e7.getMessage());
        } catch (NoSuchPaddingException e8) {
            throw new SecureMessagingException("unavailable padding algorithm : " + e8.getMessage());
        }
    }
}
