package de.cotech.hw.openpgp.internal;

import android.os.SystemClock;
import de.cotech.hw.SecurityKeyException;
import de.cotech.hw.exceptions.AppletFileNotFoundException;
import de.cotech.hw.exceptions.ClaNotSupportedException;
import de.cotech.hw.exceptions.ConditionsNotSatisfiedException;
import de.cotech.hw.exceptions.FileInTerminationStateException;
import de.cotech.hw.exceptions.InsNotSupportedException;
import de.cotech.hw.exceptions.SelectAppletException;
import de.cotech.hw.internal.iso7816.CommandApdu;
import de.cotech.hw.internal.iso7816.ResponseApdu;
import de.cotech.hw.internal.transport.SecurityKeyInfo;
import de.cotech.hw.internal.transport.Transport;
import de.cotech.hw.openpgp.CardCapabilities;
import de.cotech.hw.openpgp.OpenPgpCapabilities;
import de.cotech.hw.openpgp.exceptions.OpenPgpLockedException;
import de.cotech.hw.openpgp.exceptions.OpenPgpPinTooShortException;
import de.cotech.hw.openpgp.exceptions.OpenPgpWrongPinException;
import de.cotech.hw.openpgp.exceptions.SecurityKeyTerminatedException;
import de.cotech.hw.openpgp.internal.openpgp.KdfCalculator;
import de.cotech.hw.openpgp.internal.openpgp.KdfParameters;
import de.cotech.hw.openpgp.internal.openpgp.KeyType;
import de.cotech.hw.openpgp.internal.securemessaging.Scp11bSecureMessaging;
import de.cotech.hw.openpgp.internal.securemessaging.SecureMessaging;
import de.cotech.hw.openpgp.internal.securemessaging.SecureMessagingException;
import de.cotech.hw.secrets.ByteSecret;
import de.cotech.hw.util.HwTimber;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes.dex */
public class OpenPgpAppletConnection {
    private final List<byte[]> aidPrefixes;
    private CardCapabilities cardCapabilities;
    private final OpenPgpCommandApduFactory commandFactory;
    private boolean isOpenPgpAppletConnected;
    private boolean isPw1ValidatedForOther;
    private boolean isPw3Validated;
    private KdfParameters kdfParameters;
    private OpenPgpCapabilities openPgpCapabilities;
    private SecureMessaging secureMessaging;
    private SecurityKeyInfo.SecurityKeyType securityKeyType;
    private final KeyStore smKeyStore;
    private final Transport transport;

    private OpenPgpAppletConnection(Transport transport, List<byte[]> list, KeyStore keyStore, OpenPgpCommandApduFactory openPgpCommandApduFactory) {
        this.transport = transport;
        this.aidPrefixes = list;
        this.smKeyStore = keyStore;
        this.commandFactory = openPgpCommandApduFactory;
    }

    private boolean attemptReactivate(byte[] bArr) throws IOException {
        HwTimber.d("Attempting to reactivate from unsuccessful reset", new Object[0]);
        if (!communicate(this.commandFactory.createReactivateCommand()).isSuccess()) {
            throw new SecurityKeyTerminatedException("Applet terminated, and inline reactivation failed!");
        }
        HwTimber.d("Reactivation successful", new Object[0]);
        return communicate(this.commandFactory.createSelectFileCommand(bArr)).isSuccess();
    }

    private byte[] calculateKdfIfNecessary(byte[] bArr, KdfParameters.PasswordType passwordType) throws IOException {
        if (!this.openPgpCapabilities.isHasKdf()) {
            HwTimber.d("KDF not supported, using normal PIN", new Object[0]);
            return bArr;
        }
        KdfParameters retrieveKdfDo = retrieveKdfDo();
        if (retrieveKdfDo == null || !retrieveKdfDo.isHasUsesKdf()) {
            HwTimber.d("KDF supported, but not used, using normal PIN", new Object[0]);
            return bArr;
        }
        HwTimber.d("KDF supported and retrieved: %s", retrieveKdfDo);
        return KdfCalculator.calculateKdf(retrieveKdfDo.forType(passwordType), bArr);
    }

    private void connectToDevice() throws IOException {
        try {
            this.cardCapabilities = new CardCapabilities();
            determineSecurityKeyType();
            byte[] selectFilesFromPrefixOrFail = selectFilesFromPrefixOrFail();
            try {
                refreshConnectionCapabilities();
            } catch (ConditionsNotSatisfiedException unused) {
                HwTimber.d("Got conditions of use not satisfied while establishing connection", new Object[0]);
                attemptReactivate(selectFilesFromPrefixOrFail);
                HwTimber.d("Retrying failed connection", new Object[0]);
                selectFilesFromPrefixOrFail();
                refreshConnectionCapabilities();
            }
            logAidInformation();
            this.isOpenPgpAppletConnected = true;
            resetPwState();
            smEstablishIfAvailable(this.smKeyStore);
        } catch (IOException e) {
            this.transport.release();
            throw e;
        }
    }

    public static OpenPgpAppletConnection getInstanceForTransport(Transport transport, List<byte[]> list) {
        return new OpenPgpAppletConnection(transport, list, null, new OpenPgpCommandApduFactory());
    }

    private void logAidInformation() {
    }

    private ResponseApdu readChainedResponseIfAvailable(ResponseApdu responseApdu) throws IOException {
        if (responseApdu.getSw1() != 97) {
            return responseApdu;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(responseApdu.getData());
        do {
            responseApdu = this.transport.transceive(this.commandFactory.createGetResponseCommand(responseApdu.getSw2()));
            byteArrayOutputStream.write(responseApdu.getData());
        } while (responseApdu.getSw1() == 97);
        byteArrayOutputStream.write(responseApdu.getSw1());
        byteArrayOutputStream.write(responseApdu.getSw2());
        return ResponseApdu.fromBytes(byteArrayOutputStream.toByteArray());
    }

    private byte[] readData(CommandApdu commandApdu) throws IOException {
        return communicateOrThrow(commandApdu).getData();
    }

    private KdfParameters retrieveKdfDo() throws IOException {
        KdfParameters kdfParameters = this.kdfParameters;
        if (kdfParameters != null) {
            return kdfParameters;
        }
        byte[] data = communicateOrThrow(this.commandFactory.createGetDataKdf()).getData();
        if (data.length == 0) {
            return null;
        }
        KdfParameters fromKdfDo = KdfParameters.fromKdfDo(data);
        this.kdfParameters = fromKdfDo;
        return fromKdfDo;
    }

    private byte[] selectFileOrReactivateOrFail(byte[] bArr) throws IOException {
        try {
            communicateOrThrow(this.commandFactory.createSelectFileCommand(bArr));
            return bArr;
        } catch (AppletFileNotFoundException unused) {
            return null;
        } catch (FileInTerminationStateException unused2) {
            if (attemptReactivate(bArr)) {
                return bArr;
            }
            return null;
        }
    }

    private byte[] selectFilesFromPrefixOrFail() throws IOException {
        Iterator<byte[]> it = this.aidPrefixes.iterator();
        while (it.hasNext()) {
            byte[] selectFileOrReactivateOrFail = selectFileOrReactivateOrFail(it.next());
            if (selectFileOrReactivateOrFail != null) {
                return selectFileOrReactivateOrFail;
            }
        }
        throw new SelectAppletException(this.aidPrefixes, "OpenPGP");
    }

    private void setConnectionCapabilities(OpenPgpCapabilities openPgpCapabilities) throws IOException {
        this.openPgpCapabilities = openPgpCapabilities;
        this.cardCapabilities = new CardCapabilities(openPgpCapabilities.getHistoricalBytes());
    }

    private ResponseApdu smDecryptIfAvailable(ResponseApdu responseApdu) throws IOException {
        SecureMessaging secureMessaging = this.secureMessaging;
        if (secureMessaging == null || !secureMessaging.isEstablished()) {
            return responseApdu;
        }
        try {
            return this.secureMessaging.verifyAndDecrypt(responseApdu);
        } catch (SecureMessagingException e) {
            clearSecureMessaging();
            throw new IOException("secure messaging verify/decrypt failure : " + e.getMessage());
        }
    }

    private CommandApdu smEncryptIfAvailable(CommandApdu commandApdu) throws IOException {
        SecureMessaging secureMessaging = this.secureMessaging;
        if (secureMessaging == null || !secureMessaging.isEstablished()) {
            return commandApdu;
        }
        try {
            return this.secureMessaging.encryptAndSign(commandApdu);
        } catch (SecureMessagingException e) {
            clearSecureMessaging();
            throw new IOException("secure messaging encrypt/sign failure : " + e.getMessage());
        }
    }

    private void smEstablishIfAvailable(KeyStore keyStore) throws IOException {
        if (this.openPgpCapabilities.isHasScp11bSm()) {
            try {
                long elapsedRealtime = SystemClock.elapsedRealtime();
                this.secureMessaging = Scp11bSecureMessaging.establish(this, this.commandFactory, keyStore);
                HwTimber.d("Established secure messaging in %d ms", Long.valueOf(SystemClock.elapsedRealtime() - elapsedRealtime));
            } catch (SecureMessagingException e) {
                this.secureMessaging = null;
                HwTimber.w("Secure messaging has not been established: %s", e.getMessage());
            }
        }
    }

    private ResponseApdu transceiveWithChaining(CommandApdu commandApdu) throws IOException {
        if (this.cardCapabilities.hasExtended()) {
            return this.transport.transceive(commandApdu);
        }
        if (this.commandFactory.isSuitableForShortApdu(commandApdu)) {
            return this.transport.transceive(this.commandFactory.createShortApdu(commandApdu));
        }
        if (!this.cardCapabilities.hasChaining()) {
            throw new IOException("Command too long, and chaining unavailable");
        }
        ResponseApdu responseApdu = null;
        List<CommandApdu> createChainedApdus = this.commandFactory.createChainedApdus(commandApdu);
        int size = createChainedApdus.size();
        int i = 0;
        while (i < size) {
            responseApdu = this.transport.transceive(createChainedApdus.get(i));
            int i2 = size - 1;
            if (!(i == i2) && !responseApdu.isSuccess()) {
                throw new IOException("Failed to chain apdu (" + i + "/" + i2 + ", last SW: " + Integer.toHexString(responseApdu.getSw()) + ")");
            }
            i++;
        }
        if (responseApdu != null) {
            return responseApdu;
        }
        throw new IllegalStateException();
    }

    public void clearSecureMessaging() {
        SecureMessaging secureMessaging = this.secureMessaging;
        if (secureMessaging != null) {
            secureMessaging.clearSession();
        }
        this.secureMessaging = null;
    }

    public ResponseApdu communicate(CommandApdu commandApdu) throws IOException {
        CommandApdu smEncryptIfAvailable = smEncryptIfAvailable(commandApdu);
        ResponseApdu transceiveWithChaining = transceiveWithChaining(smEncryptIfAvailable);
        if (transceiveWithChaining.getSw1() == 108 && transceiveWithChaining.getSw2() != 0) {
            transceiveWithChaining = transceiveWithChaining(smEncryptIfAvailable.withNe(transceiveWithChaining.getSw2()));
        }
        return smDecryptIfAvailable(readChainedResponseIfAvailable(transceiveWithChaining));
    }

    public ResponseApdu communicateOrThrow(CommandApdu commandApdu) throws IOException {
        ResponseApdu communicate = communicate(commandApdu);
        if (communicate.isSuccess()) {
            return communicate;
        }
        int sw = communicate.getSw();
        if (sw == 25221) {
            throw new FileInTerminationStateException();
        }
        if (sw != 26368) {
            if (sw == 27013) {
                throw new ConditionsNotSatisfiedException();
            }
            if (sw != 27264) {
                if (sw == 27266) {
                    throw new AppletFileNotFoundException();
                }
                if (sw == 27904) {
                    throw new InsNotSupportedException();
                }
                if (sw == 28160) {
                    throw new ClaNotSupportedException();
                }
                if (sw != 27010) {
                    if (sw != 27011) {
                        switch (sw) {
                            case 25536:
                                break;
                            case 25537:
                            case 25538:
                                break;
                            default:
                                throw new SecurityKeyException("UNKNOWN", communicate.getSw());
                        }
                    }
                    throw new OpenPgpLockedException();
                }
                refreshConnectionCapabilities();
                throw new OpenPgpWrongPinException(getOpenPgpCapabilities().getPw1TriesLeft(), getOpenPgpCapabilities().getPw3TriesLeft());
            }
        }
        throw new OpenPgpPinTooShortException();
    }

    public void connectIfNecessary() throws IOException {
        if (this.isOpenPgpAppletConnected) {
            refreshConnectionCapabilities();
        } else {
            connectToDevice();
        }
    }

    void determineSecurityKeyType() throws IOException {
        SecurityKeyInfo.SecurityKeyType securityKeyTypeIfAvailable = this.transport.getSecurityKeyTypeIfAvailable();
        this.securityKeyType = securityKeyTypeIfAvailable;
        if (securityKeyTypeIfAvailable != null) {
            return;
        }
        this.securityKeyType = SecurityKeyInfo.SecurityKeyType.UNKNOWN;
    }

    public OpenPgpCommandApduFactory getCommandFactory() {
        return this.commandFactory;
    }

    public OpenPgpCapabilities getOpenPgpCapabilities() {
        return this.openPgpCapabilities;
    }

    public void invalidatePw3() {
        this.isPw3Validated = false;
    }

    public void putData(int i, byte[] bArr) throws IOException {
        communicateOrThrow(this.commandFactory.createPutDataCommand(i, bArr));
    }

    public void refreshConnectionCapabilities() throws IOException {
        setConnectionCapabilities(OpenPgpCapabilities.fromBytes(readData(this.commandFactory.createGetDataApplicationRelatedData())));
    }

    public void resetPwState() {
        this.isPw1ValidatedForOther = false;
        this.isPw3Validated = false;
    }

    public byte[] retrievePublicKey(int i) throws IOException {
        return communicateOrThrow(this.commandFactory.createRetrievePublicKey(i)).getData();
    }

    public void setKeyMetadata(KeyType keyType, Date date, byte[] bArr) throws IOException {
        byte[] array = ByteBuffer.allocate(4).putInt((int) (date.getTime() / 1000)).array();
        putData(keyType.getFingerprintObjectId(), bArr);
        putData(keyType.getTimestampObjectId(), array);
    }

    public void verifyPinForOther(ByteSecret byteSecret) throws IOException {
        if (this.isPw1ValidatedForOther) {
            return;
        }
        byte[] unsafeGetByteCopy = byteSecret.unsafeGetByteCopy();
        byte[] calculateKdfIfNecessary = calculateKdfIfNecessary(unsafeGetByteCopy, KdfParameters.PasswordType.PW1);
        CommandApdu createVerifyPw1ForOtherCommand = this.commandFactory.createVerifyPw1ForOtherCommand(calculateKdfIfNecessary);
        Arrays.fill(unsafeGetByteCopy, (byte) 0);
        Arrays.fill(calculateKdfIfNecessary, (byte) 0);
        communicateOrThrow(createVerifyPw1ForOtherCommand);
        this.isPw1ValidatedForOther = true;
    }

    public void verifyPuk(ByteSecret byteSecret) throws IOException {
        if (this.isPw3Validated) {
            return;
        }
        byte[] unsafeGetByteCopy = byteSecret.unsafeGetByteCopy();
        byte[] calculateKdfIfNecessary = calculateKdfIfNecessary(unsafeGetByteCopy, KdfParameters.PasswordType.PW3);
        CommandApdu createVerifyPw3Command = this.commandFactory.createVerifyPw3Command(calculateKdfIfNecessary);
        Arrays.fill(unsafeGetByteCopy, (byte) 0);
        Arrays.fill(calculateKdfIfNecessary, (byte) 0);
        communicateOrThrow(createVerifyPw3Command);
        this.isPw3Validated = true;
    }
}
