package com.ftsafe.skapi.piv;

import com.ftsafe.skapi.communication.TransportAPDU;
import com.ftsafe.skapi.communication.apdu.Apdu;
import com.ftsafe.skapi.communication.apdu.ApduResponse;
import com.ftsafe.skapi.communication.apdu.RandomUtils;
import com.ftsafe.skapi.communication.apdu.Tlv;
import com.ftsafe.skapi.utils.Def;
import com.ftsafe.skapi.utils.SKError;
import com.ftsafe.skapi.utils.SKException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class PivModule {
    public static final byte ALGO_3DES = 3;
    public static final byte INS_ATTEST = -7;
    public static final byte INS_AUTHENTICATE = -121;
    public static final byte INS_CHANGE_REFERENCE = 36;
    public static final byte INS_GENERATE_ASYMMETRIC = 71;
    public static final byte INS_GET_DATA = -53;
    public static final byte INS_GET_METADATA = -9;
    public static final byte INS_GET_SERIAL = -8;
    public static final byte INS_GET_VERSION = -3;
    public static final byte INS_IMPORT_KEY = -29;
    public static final byte INS_PUT_DATA = -37;
    public static final byte INS_RESET = -4;
    public static final byte INS_RESET_RETRY = 44;
    public static final byte INS_SET_MGMKEY = -49;
    public static final byte INS_SET_PIN_RETRIES = -6;
    public static final byte INS_VERIFY = 32;
    public static final int PIN_LEN = 8;
    public static final byte PIN_P2 = Byte.MIN_VALUE;
    public static final byte PUK_P2 = -127;
    public static final int SLOT_CARD_MANAGEMENT = 155;
    public static final byte TAG_AUTH_CHALLENGE = -127;
    public static final byte TAG_AUTH_EXPONENTIATION = -123;
    public static final byte TAG_AUTH_RESPONSE = -126;
    public static final byte TAG_AUTH_WITNESS = Byte.MIN_VALUE;
    public static final byte TAG_CERTIFICATE = 112;
    public static final byte TAG_CERT_INFO = 113;
    public static final byte TAG_DYN_AUTH = 124;
    public static final byte TAG_GEN_ALGORITHM = Byte.MIN_VALUE;
    public static final byte TAG_LRC = -2;
    public static final int TAG_METADATA_ALGO = 1;
    public static final int TAG_METADATA_IS_DEFAULT = 5;
    public static final int TAG_METADATA_ORIGIN = 3;
    public static final int TAG_METADATA_POLICY = 2;
    public static final int TAG_METADATA_PUBLIC_KEY = 4;
    public static final int TAG_METADATA_RETRIES = 6;
    public static final byte TAG_OBJ_DATA = 83;
    public static final byte TAG_OBJ_ID = 92;
    public static final byte TAG_PIN_POLICY = -86;
    public static final byte TAG_TOUCH_POLICY = -85;

    public static void authenticate(String str, byte[] bArr) throws SKException {
        if (str == null || str.length() > 8 || str.length() < 6) {
            throw new SKException(SKError.ERR_PIV_PIN_LENGTH);
        }
        if (bArr == null || bArr.length != 24) {
            throw new SKException(SKError.ERR_PIV_MEK_LENGTH);
        }
        ApduResponse SendApduToCOS = TransportAPDU.getInstance().SendApduToCOS(new Apdu(0, 32, 0, -128, pinBytes(str.toCharArray())));
        if (!SendApduToCOS.hasStatusCode(Def.SUCCESS_CODE)) {
            throw new SKException(SendApduToCOS.statusCode());
        }
        try {
            ApduResponse SendApduToCOS2 = TransportAPDU.getInstance().SendApduToCOS(new Apdu(0, -121, 3, SLOT_CARD_MANAGEMENT, new Tlv(124, new Tlv(-128, (byte[]) null).getBytes()).getBytes()));
            if (!SendApduToCOS2.hasStatusCode(Def.SUCCESS_CODE)) {
                throw new SKException(SendApduToCOS2.statusCode());
            }
            byte[] bArr2 = new byte[8];
            System.arraycopy(SendApduToCOS2.getData(), 4, bArr2, 0, 8);
            Cipher cipher = Cipher.getInstance("DESede/ECB/NoPadding");
            cipher.init(2, new SecretKeySpec(bArr, "DESede"));
            byte[] doFinal = cipher.doFinal(bArr2);
            byte[] randomBytes = RandomUtils.getRandomBytes(8);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(-128);
            byteArrayOutputStream.write(8);
            byteArrayOutputStream.write(doFinal);
            byteArrayOutputStream.write(-127);
            byteArrayOutputStream.write(8);
            byteArrayOutputStream.write(randomBytes);
            ApduResponse SendApduToCOS3 = TransportAPDU.getInstance().SendApduToCOS(new Apdu(0, -121, 3, SLOT_CARD_MANAGEMENT, new Tlv(124, byteArrayOutputStream.toByteArray()).getBytes()));
            if (!SendApduToCOS3.hasStatusCode(Def.SUCCESS_CODE)) {
                throw new SKException(SKError.ERR_PIV_AUTHENTICATION);
            }
            Cipher cipher2 = Cipher.getInstance("DESede/ECB/NoPadding");
            cipher2.init(1, new SecretKeySpec(bArr, "DESede"));
            byte[] doFinal2 = cipher2.doFinal(randomBytes);
            byte[] bArr3 = new byte[8];
            System.arraycopy(SendApduToCOS3.getData(), 4, bArr3, 0, 8);
            if (!Arrays.equals(doFinal2, bArr3)) {
                throw new SKException(SKError.ERR_PIV_AUTHENTICATION);
            }
        } catch (Exception unused) {
            throw new SKException(SKError.ERR_PIV_UNKNOWN);
        }
    }

    public static byte[] pinBytes(char[] cArr) throws SKException {
        ByteBuffer encode = StandardCharsets.UTF_8.encode(CharBuffer.wrap(cArr));
        try {
            int limit = encode.limit() - encode.position();
            if (limit > 8) {
                throw new SKException(SKError.ERR_PIV_PUK_LENGTH);
            }
            byte[] copyOf = Arrays.copyOf(encode.array(), 8);
            Arrays.fill(copyOf, limit, 8, (byte) -1);
            return copyOf;
        } finally {
            Arrays.fill(encode.array(), (byte) 0);
        }
    }

    public static byte[] pinBytes(char[] cArr, char[] cArr2) throws SKException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] pinBytes = pinBytes(cArr);
        byte[] pinBytes2 = pinBytes(cArr2);
        try {
            try {
                byteArrayOutputStream.write(pinBytes);
                byteArrayOutputStream.write(pinBytes2);
                return byteArrayOutputStream.toByteArray();
            } catch (IOException unused) {
                throw new SKException(SKError.ERR_PIV_UNKNOWN);
            }
        } finally {
            Arrays.fill(pinBytes, (byte) 0);
            Arrays.fill(pinBytes2, (byte) 0);
        }
    }
}
