package com.mysmartlogon.gidsApplet;

import javacard.framework.APDU;
import javacard.framework.ISO7816;
import javacard.framework.ISOException;
import javacard.framework.JCSystem;
import javacard.framework.Util;
import javacard.security.DESKey;
import javacard.security.KeyBuilder;
import javacard.security.RandomData;
import javacardx.crypto.Cipher;

/* loaded from: classes.dex */
public class GidsPINManager {
    private static final byte ADMIN_NOT_AUTHENTICATED = 0;
    private static final byte EXTERNAL_AUTHENTICATED = 3;
    private static final byte EXTERNAL_CHALLENGE = 1;
    private static final byte MUTUAL_AUTHENTICATED = 4;
    private static final byte MUTUAL_CHALLENGE = 2;
    private static final byte PIN_MAX_LENGTH = 16;
    private static final byte PIN_MAX_TRIES = 3;
    private static final byte PIN_MIN_LENGTH = 4;
    private byte[] CardChallenge;
    private byte[] ExternalChallenge;
    private Object[] KeyReference;
    private byte[] buffer;
    private boolean isInInitializationMode = true;
    private GidsPIN pin_pin;
    private byte[] sharedKey;
    private byte[] status;

    public GidsPINManager() {
        this.pin_pin = null;
        this.ExternalChallenge = null;
        this.CardChallenge = null;
        this.KeyReference = null;
        this.buffer = null;
        this.sharedKey = null;
        this.status = null;
        this.pin_pin = new GidsPIN((byte) 3, (byte) 16, (byte) 4);
        this.ExternalChallenge = JCSystem.makeTransientByteArray((short) 16, (byte) 2);
        this.CardChallenge = JCSystem.makeTransientByteArray((short) 16, (byte) 2);
        this.KeyReference = JCSystem.makeTransientObjectArray((short) 1, (byte) 2);
        this.buffer = JCSystem.makeTransientByteArray((short) 40, (byte) 2);
        this.sharedKey = JCSystem.makeTransientByteArray((short) 40, (byte) 2);
        this.status = JCSystem.makeTransientByteArray((short) 1, (byte) 2);
    }

    private boolean CheckExternalOrMutualAuthentication() {
        return this.isInInitializationMode || this.status[0] == 3 || this.status[0] == 4;
    }

    private boolean CheckForChallengeResponse(APDU apdu, byte[] bArr, short s, short s2) {
        short s3 = 0;
        short s4 = 0;
        try {
            s3 = UtilTLV.findTag(bArr, s, s2, ISO7816.INS_EXTERNAL_AUTHENTICATE);
            s4 = UtilTLV.decodeLengthField(bArr, (short) (s3 + 1));
        } catch (InvalidArgumentsException e) {
            ISOException.throwIt(ISO7816.SW_DATA_INVALID);
        } catch (NotFoundException e2) {
            return false;
        }
        short lengthFieldLength = (short) (UtilTLV.getLengthFieldLength(bArr, (short) (s3 + 1)) + 1 + s3);
        if (s4 > 40) {
            ISOException.throwIt(ISO7816.SW_DATA_INVALID);
        }
        if (this.status[0] == 2) {
            Cipher cipher = Cipher.getInstance((byte) 1, false);
            DESKey dESKey = (DESKey) KeyBuilder.buildKey((byte) 3, (short) 192, false);
            dESKey.setKey(((CRTKeyFile) this.KeyReference[0]).GetSymmectricKey(), (short) 0);
            cipher.init(dESKey, (byte) 1);
            cipher.doFinal(bArr, lengthFieldLength, s4, this.buffer, (short) 0);
            if (Util.arrayCompare(this.buffer, (short) 0, this.CardChallenge, (short) 0, (short) 16) != 0) {
                ClearChallengeData();
                ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
            }
            if (Util.arrayCompare(this.buffer, (short) 16, this.ExternalChallenge, (short) 0, (short) 16) != 0) {
                ClearChallengeData();
                ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
            }
            Util.arrayCopy(this.buffer, (short) 32, this.sharedKey, (short) 0, (short) (s4 - 32));
            RandomData.getInstance((byte) 2).generateData(this.sharedKey, (short) (s4 - 32), (short) (s4 - 32));
            Util.arrayCopy(this.buffer, (short) 32, this.sharedKey, (short) (s4 - 32), (short) (s4 - 32));
            cipher.init(dESKey, (byte) 2);
            cipher.doFinal(this.buffer, (short) 0, s4, bArr, (short) 0);
            ClearChallengeData();
            this.status[0] = 4;
            apdu.setOutgoing();
            apdu.setOutgoingLength(s4);
            apdu.sendBytes((short) 0, s4);
        } else if (this.status[0] == 1) {
            Cipher cipher2 = Cipher.getInstance((byte) 1, false);
            DESKey dESKey2 = (DESKey) KeyBuilder.buildKey((byte) 3, (short) 192, false);
            dESKey2.setKey(((CRTKeyFile) this.KeyReference[0]).GetSymmectricKey(), (short) 0);
            cipher2.init(dESKey2, (byte) 1);
            cipher2.doFinal(bArr, lengthFieldLength, s4, this.buffer, (short) 0);
            if (Util.arrayCompare(this.buffer, (short) 0, this.CardChallenge, (short) 0, (short) 8) != 0) {
                ClearChallengeData();
                ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
            }
            ClearChallengeData();
            this.status[0] = 3;
        } else {
            ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
        }
        return true;
    }

    private boolean CheckForExternalChallenge(APDU apdu, byte[] bArr, short s, short s2) {
        short s3 = 0;
        short s4 = 0;
        try {
            s3 = UtilTLV.findTag(bArr, s, s2, (byte) -127);
            s4 = bArr[(short) (s3 + 1)] == 0 ? (short) 0 : UtilTLV.decodeLengthField(bArr, (short) (s3 + 1));
        } catch (InvalidArgumentsException e) {
            ISOException.throwIt(ISO7816.SW_DATA_INVALID);
        } catch (NotFoundException e2) {
            return false;
        }
        ClearChallengeData();
        short lengthFieldLength = (short) (UtilTLV.getLengthFieldLength(bArr, (short) (s3 + 1)) + 1 + s3);
        if (s4 == 16) {
            Util.arrayCopyNonAtomic(bArr, lengthFieldLength, this.ExternalChallenge, (short) 0, s4);
            this.status[0] = 2;
        } else if (s4 == 0) {
            s4 = 8;
            this.status[0] = 1;
        } else {
            ISOException.throwIt(ISO7816.SW_DATA_INVALID);
        }
        RandomData.getInstance((byte) 2).generateData(this.CardChallenge, (short) 0, s4);
        short s5 = (short) 1;
        bArr[0] = 124;
        short s6 = (short) (s5 + 1);
        bArr[s5] = (byte) (s4 + 2);
        short s7 = (short) (s6 + 1);
        bArr[s6] = -127;
        bArr[s7] = (byte) s4;
        Util.arrayCopyNonAtomic(this.CardChallenge, (short) 0, bArr, (short) (s7 + 1), s4);
        apdu.setOutgoingAndSend((short) 0, (short) (s4 + 4));
        return true;
    }

    private boolean CheckUserAuthentication() {
        return this.isInInitializationMode || this.pin_pin.isValidated();
    }

    private void ClearChallengeData() {
        Util.arrayFillNonAtomic(this.ExternalChallenge, (short) 0, (short) this.ExternalChallenge.length, (byte) 0);
        Util.arrayFillNonAtomic(this.CardChallenge, (short) 0, (short) this.CardChallenge.length, (byte) 0);
        Util.arrayFillNonAtomic(this.buffer, (short) 0, (short) this.buffer.length, (byte) 0);
        Util.arrayFillNonAtomic(this.status, (short) 0, (short) this.status.length, (byte) 0);
    }

    private GidsPIN GetPINByReference(byte b) throws NotFoundException {
        switch (b) {
            case Byte.MIN_VALUE:
            case 0:
                return this.pin_pin;
            default:
                throw NotFoundException.getInstance();
        }
    }

    public void CheckACL(byte b) {
        if (b == 0) {
            return;
        }
        if (b == -1) {
            ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
        }
        byte b2 = (byte) (b & 15);
        if (b2 > 0) {
            byte protocol = (byte) (APDU.getProtocol() & (-16));
            if (b2 == 1) {
                if (protocol != -96 && protocol != 0) {
                    ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
                }
            } else if (b2 == 2 && protocol != Byte.MIN_VALUE && protocol != -112) {
                ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
            }
        }
        byte b3 = (byte) (b & (-16));
        if (b3 == -112) {
            if (CheckUserAuthentication()) {
                return;
            } else {
                ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
            }
        }
        if (((byte) (b3 & APDU.PROTOCOL_MEDIA_CONTACTLESS_TYPE_B)) == 16 && CheckUserAuthentication()) {
            return;
        }
        if (b3 == -96) {
            if (CheckExternalOrMutualAuthentication()) {
                return;
            } else {
                ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
            }
        }
        if ((b3 & APDU.PROTOCOL_MEDIA_USB) == 32 && CheckExternalOrMutualAuthentication()) {
            return;
        }
        ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
    }

    public void DeauthenticateAllPin() {
        this.pin_pin.reset();
        this.status[0] = 0;
        ClearChallengeData();
        Util.arrayFillNonAtomic(this.sharedKey, (short) 0, (short) this.sharedKey.length, (byte) 0);
        this.KeyReference[0] = null;
    }

    public void SetInitializationMode(boolean z) {
        this.isInInitializationMode = z;
        if (z) {
            return;
        }
        DeauthenticateAllPin();
    }

    public void SetKeyReference(CRTKeyFile cRTKeyFile) {
        this.KeyReference[0] = cRTKeyFile;
    }

    public void processChangeReferenceData(APDU apdu) throws ISOException {
        byte[] buffer = apdu.getBuffer();
        byte b = buffer[2];
        byte b2 = buffer[3];
        GidsPIN gidsPIN = null;
        short incomingAndReceive = apdu.setIncomingAndReceive();
        if (b == 1) {
            try {
                gidsPIN = GetPINByReference(b2);
            } catch (NotFoundException e) {
                ISOException.throwIt(ErrorCode.SW_REFERENCE_DATA_NOT_FOUND);
            }
            gidsPIN.CheckLength((byte) incomingAndReceive);
            if (!this.isInInitializationMode && !gidsPIN.isValidated()) {
                ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
            }
            gidsPIN.update(buffer, (short) 5, (byte) incomingAndReceive);
            if (this.isInInitializationMode) {
                gidsPIN.resetAndUnblock();
                return;
            }
            return;
        }
        if (b != 0) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
            return;
        }
        try {
            gidsPIN = GetPINByReference(buffer[3]);
        } catch (NotFoundException e2) {
            ISOException.throwIt(ErrorCode.SW_REFERENCE_DATA_NOT_FOUND);
        }
        if (incomingAndReceive > ((short) (gidsPIN.GetMaxPINSize() * 2)) || incomingAndReceive < ((short) (gidsPIN.GetMinPINSize() * 2))) {
            ISOException.throwIt((short) (gidsPIN.getTriesRemaining() | 25536));
        }
        byte GetCurrentPINLen = gidsPIN.GetCurrentPINLen();
        if (incomingAndReceive < GetCurrentPINLen) {
            GetCurrentPINLen = (byte) incomingAndReceive;
        }
        if (gidsPIN.getTriesRemaining() == 0) {
            ISOException.throwIt(ISO7816.SW_FILE_INVALID);
        }
        if (!gidsPIN.check(buffer, (short) 5, GetCurrentPINLen)) {
            ISOException.throwIt((short) (gidsPIN.getTriesRemaining() | 25536));
        }
        if (incomingAndReceive > ((short) (gidsPIN.GetMaxPINSize() + GetCurrentPINLen)) || incomingAndReceive < ((short) (gidsPIN.GetMinPINSize() + GetCurrentPINLen))) {
            ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
        }
        gidsPIN.update(buffer, (short) (GetCurrentPINLen + 5), (byte) (incomingAndReceive - GetCurrentPINLen));
        gidsPIN.setAsAuthenticated();
    }

    public void processGeneralAuthenticate(APDU apdu) {
        byte[] buffer = apdu.getBuffer();
        byte b = buffer[2];
        byte b2 = buffer[3];
        if (this.isInInitializationMode) {
            ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED);
        }
        if (b != 0 || b2 != 0) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
        }
        apdu.setIncomingAndReceive();
        short s = 0;
        short s2 = 0;
        if (buffer[5] != 124) {
            ISOException.throwIt(ISO7816.SW_DATA_INVALID);
        }
        try {
            s2 = UtilTLV.decodeLengthField(buffer, (short) 6);
            s = (short) (UtilTLV.getLengthFieldLength(buffer, (short) 6) + 6);
        } catch (InvalidArgumentsException e) {
            ISOException.throwIt(ISO7816.SW_DATA_INVALID);
        }
        if (CheckForExternalChallenge(apdu, buffer, s, s2) || CheckForChallengeResponse(apdu, buffer, s, s2)) {
            return;
        }
        ISOException.throwIt(ISO7816.SW_DATA_INVALID);
    }

    public void processResetRetryCounter(APDU apdu) throws ISOException {
        byte[] buffer = apdu.getBuffer();
        byte b = buffer[2];
        byte b2 = buffer[3];
        GidsPIN gidsPIN = null;
        if (this.isInInitializationMode) {
            ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED);
        }
        if (b != 2) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
            return;
        }
        short incomingAndReceive = apdu.setIncomingAndReceive();
        if (b2 != Byte.MIN_VALUE) {
            ISOException.throwIt(ErrorCode.SW_REFERENCE_DATA_NOT_FOUND);
        }
        try {
            gidsPIN = GetPINByReference(b2);
        } catch (NotFoundException e) {
            ISOException.throwIt(ErrorCode.SW_REFERENCE_DATA_NOT_FOUND);
        }
        if (!CheckExternalOrMutualAuthentication()) {
            ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
        }
        gidsPIN.CheckLength((byte) incomingAndReceive);
        gidsPIN.update(buffer, (short) 5, (byte) incomingAndReceive);
        gidsPIN.resetAndUnblock();
        DeauthenticateAllPin();
    }

    public void processVerify(APDU apdu) throws ISOException {
        byte[] buffer = apdu.getBuffer();
        GidsPIN gidsPIN = null;
        if (buffer[2] != 0) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
        }
        if (buffer[3] == -126) {
            DeauthenticateAllPin();
            return;
        }
        try {
            gidsPIN = GetPINByReference(buffer[3]);
        } catch (NotFoundException e) {
            ISOException.throwIt(ErrorCode.SW_REFERENCE_DATA_NOT_FOUND);
        }
        short incomingAndReceive = apdu.setIncomingAndReceive();
        if (gidsPIN.getTriesRemaining() == 0) {
            ISOException.throwIt(ISO7816.SW_FILE_INVALID);
        }
        if ((incomingAndReceive > 0 && incomingAndReceive < gidsPIN.GetMinPINSize()) || incomingAndReceive > gidsPIN.GetMaxPINSize()) {
            ISOException.throwIt((short) (gidsPIN.getTriesRemaining() | 25536));
        }
        if (incomingAndReceive == 0) {
            if (this.isInInitializationMode) {
                ISOException.throwIt(ISO7816.SW_NO_ERROR);
            } else {
                ISOException.throwIt((short) (gidsPIN.getTriesRemaining() | 25536));
            }
        }
        if (gidsPIN.check(buffer, (short) 5, (byte) incomingAndReceive)) {
            return;
        }
        ISOException.throwIt((short) (gidsPIN.getTriesRemaining() | 25536));
    }

    public void returnPINStatus(APDU apdu, short s) {
        byte[] buffer = apdu.getBuffer();
        GidsPIN gidsPIN = null;
        switch (s) {
            case 32625:
            case 32626:
                gidsPIN = this.pin_pin;
                break;
            default:
                ISOException.throwIt(ErrorCode.SW_REFERENCE_DATA_NOT_FOUND);
                break;
        }
        Util.setShort(buffer, (short) 0, s);
        buffer[2] = 6;
        buffer[3] = -105;
        buffer[4] = 1;
        buffer[5] = gidsPIN.getTriesRemaining();
        buffer[6] = -109;
        buffer[7] = 1;
        buffer[8] = gidsPIN.getTryLimit();
        apdu.setOutgoing();
        apdu.setOutgoingLength((short) 9);
        apdu.sendBytes((short) 0, (short) 9);
    }
}
