package com.nxp.taginfo.util;

import android.nfc.tech.IsoDep;
import android.util.Log;
import com.nxp.nfclib.desfire.IMIFAREPrimeConstant;
import com.nxp.taginfo.tagtypes.icode.Cmd;
import com.nxp.taginfo.tagutil.Manufacturer;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.ArrayUtils;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.macs.CMac;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;

/* loaded from: classes.dex */
public class AuthState {
    public static final byte MODE_FULL = 3;
    public static final byte MODE_MAC = 1;
    public static final byte MODE_PLAIN = 0;
    public static final byte RESP_ADDITIONAL_FRAME = -81;
    public static final byte RESP_VERSION_SW_1_OK = -111;
    public static final byte RESP_VERSION_SW_1_OK2 = -112;
    private static final String TAG = "AuthState";
    public static final byte[] zeroInitVector = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
    public byte[] SSMKSesAuthENC;
    public byte[] SSMKSesAuthMAC;
    public boolean authenticated;
    private boolean connected;
    private IsoDep i;
    private byte[] key;
    private byte keyNo;
    private SecureRandom prng;
    public byte[] rndA;
    public short ssm_cmd_ctr;
    public byte[] ssm_ti;
    public byte[] sv1;
    public byte[] sv2;

    /* loaded from: classes.dex */
    public class ISOAuthenticationRequiredException extends Exception {
        public ISOAuthenticationRequiredException() {
        }
    }

    public AuthState(byte[] bArr, byte b, IsoDep isoDep) {
        this(bArr, b, isoDep, new SecureRandom());
    }

    public AuthState(byte[] bArr, byte b, IsoDep isoDep, SecureRandom secureRandom) {
        this.connected = false;
        this.authenticated = false;
        this.rndA = new byte[16];
        this.ssm_ti = new byte[]{0, 0, 0, 0};
        this.ssm_cmd_ctr = (short) 0;
        this.sv1 = new byte[32];
        this.sv2 = new byte[32];
        this.SSMKSesAuthENC = new byte[16];
        this.SSMKSesAuthMAC = new byte[16];
        this.key = bArr;
        this.keyNo = b;
        this.i = isoDep;
        this.prng = secureRandom;
    }

    public static byte[] cryptAes(byte[] bArr, int i, byte[] bArr2, byte[] bArr3) throws GeneralSecurityException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "AES");
        Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
        cipher.init(i, secretKeySpec, new IvParameterSpec(bArr3));
        return cipher.doFinal(bArr);
    }

    public static byte[] cryptAesPadded(byte[] bArr, int i, byte[] bArr2, byte[] bArr3) throws InvalidCipherTextException {
        if (bArr == null || bArr2 == null || bArr3 == null) {
            return null;
        }
        PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), new ISO7816d4Padding());
        paddedBufferedBlockCipher.init(i == 1, new ParametersWithIV(new KeyParameter(bArr2), bArr3));
        int blockSize = paddedBufferedBlockCipher.getBlockSize();
        byte[][] arraySplit = Utilities.arraySplit(bArr, paddedBufferedBlockCipher.getBlockSize());
        int length = arraySplit.length * blockSize;
        if (arraySplit[arraySplit.length - 1].length == blockSize && i == 1) {
            length += blockSize * 2;
        }
        int i2 = length;
        byte[] bArr4 = new byte[i2];
        Log.d(TAG, String.format("Input size %d, output size %d with %d input blocks", Integer.valueOf(bArr.length), Integer.valueOf(i2), Integer.valueOf(arraySplit.length)));
        for (int i3 = 0; i3 < arraySplit.length; i3++) {
            paddedBufferedBlockCipher.processBytes(arraySplit[i3], 0, blockSize, bArr4, i3 * blockSize);
        }
        paddedBufferedBlockCipher.doFinal(bArr4, arraySplit.length * blockSize);
        return ArrayUtils.subarray(bArr4, blockSize, i2);
    }

    private byte[] do_cmac(byte[] bArr, byte[] bArr2, boolean z) {
        CMac cMac = new CMac(new AESEngine());
        cMac.init(new KeyParameter(bArr));
        byte[] bArr3 = new byte[16];
        cMac.update(bArr2, 0, bArr2.length);
        cMac.doFinal(bArr3, 0);
        return z ? new byte[]{bArr3[1], bArr3[3], bArr3[5], bArr3[7], bArr3[9], bArr3[11], bArr3[13], bArr3[15]} : bArr3;
    }

    private byte[] wrap_tx(byte[] bArr) throws IOException {
        if (!this.connected) {
            connect();
        }
        Log.d(TAG, "=Sending: " + Utilities.dumpBytes(bArr));
        try {
            byte[] transceive = this.i.transceive(bArr);
            Log.d(TAG, "=Received: " + Utilities.dumpBytes(transceive));
            return transceive;
        } catch (Exception e) {
            Log.e(TAG, "=Error receiving data", e);
            throw e;
        }
    }

    public boolean authenticate() {
        byte[] wrap_tx;
        int length;
        this.authenticated = false;
        this.prng.nextBytes(this.rndA);
        try {
            wrap_tx = wrap_tx(new byte[]{-112, IMIFAREPrimeConstant.LRP_AUTH_FIRST, 0, 0, 2, (byte) (this.keyNo & Manufacturer.ID_AMS), 0, 0});
            length = wrap_tx.length;
        } catch (Exception e) {
            Log.e(TAG, "Error during AES auth", e);
        }
        if (wrap_tx[length - 2] != -111) {
            Log.e(TAG, "Response ISO header missing: " + Utilities.dumpBytes(wrap_tx));
            return false;
        }
        if (wrap_tx[length - 1] != -81) {
            Log.e(TAG, "Response ISO error: " + Utilities.dumpBytes(wrap_tx));
            return false;
        }
        if (length != 18) {
            Log.e(TAG, "Response length invalid: " + Utilities.dumpBytes(wrap_tx));
            return false;
        }
        byte[] cryptAes = cryptAes(Arrays.copyOfRange(wrap_tx, 0, 16), 2, this.key, zeroInitVector);
        byte[] cryptAes2 = cryptAes(ArrayUtils.addAll(this.rndA, Utilities.arrayShiftLeft(cryptAes)), 1, this.key, zeroInitVector);
        byte[] bArr = new byte[38];
        System.arraycopy(new byte[]{-112, -81, 0, 0, 32}, 0, bArr, 0, 5);
        System.arraycopy(cryptAes2, 0, bArr, 5, 32);
        bArr[37] = 0;
        byte[] wrap_tx2 = wrap_tx(bArr);
        if (wrap_tx2.length != 34) {
            Log.e(TAG, "Response length invalid: " + Utilities.dumpBytes(wrap_tx2));
            return false;
        }
        byte[] cryptAes3 = cryptAes(Arrays.copyOfRange(wrap_tx2, 0, 32), 2, this.key, zeroInitVector);
        Log.d(TAG, "Decrypted capabilities: " + Utilities.dumpBytes(cryptAes3));
        System.arraycopy(cryptAes3, 0, this.ssm_ti, 0, 4);
        if (!Arrays.equals(Arrays.copyOfRange(cryptAes3, 4, 20), Utilities.arrayShiftLeft(this.rndA))) {
            Log.e(TAG, "rndA' returned by PICC does not match local rndA'!");
            return false;
        }
        byte[] arrayReverse = Utilities.arrayReverse(this.rndA);
        byte[] arrayReverse2 = Utilities.arrayReverse(cryptAes);
        byte[] bArr2 = {Cmd.ICODE_CMD_EAS_ALARM, com.nxp.taginfo.tagtypes.desfire.Cmd.SELECT_APP, 0, 1, 0, Byte.MIN_VALUE, arrayReverse[15], arrayReverse[14], (byte) (arrayReverse[13] ^ arrayReverse2[15]), (byte) (arrayReverse[12] ^ arrayReverse2[14]), (byte) (arrayReverse[11] ^ arrayReverse2[13]), (byte) (arrayReverse[10] ^ arrayReverse2[12]), (byte) (arrayReverse[9] ^ arrayReverse2[11]), (byte) (arrayReverse[8] ^ arrayReverse2[10]), arrayReverse2[9], arrayReverse2[8], arrayReverse2[7], arrayReverse2[6], arrayReverse2[5], arrayReverse2[4], arrayReverse2[3], arrayReverse2[2], arrayReverse2[1], arrayReverse2[0], arrayReverse[7], arrayReverse[6], arrayReverse[5], arrayReverse[4], arrayReverse[3], arrayReverse[2], arrayReverse[1], arrayReverse[0]};
        this.sv1 = bArr2;
        this.sv2 = new byte[]{com.nxp.taginfo.tagtypes.desfire.Cmd.SELECT_APP, Cmd.ICODE_CMD_EAS_ALARM, 0, 1, 0, Byte.MIN_VALUE, arrayReverse[15], arrayReverse[14], (byte) (arrayReverse[13] ^ arrayReverse2[15]), (byte) (arrayReverse[12] ^ arrayReverse2[14]), (byte) (arrayReverse[11] ^ arrayReverse2[13]), (byte) (arrayReverse[10] ^ arrayReverse2[12]), (byte) (arrayReverse2[11] ^ arrayReverse[9]), (byte) (arrayReverse[8] ^ arrayReverse2[10]), arrayReverse2[9], arrayReverse2[8], arrayReverse2[7], arrayReverse2[6], arrayReverse2[5], arrayReverse2[4], arrayReverse2[3], arrayReverse2[2], arrayReverse2[1], arrayReverse2[0], arrayReverse[7], arrayReverse[6], arrayReverse[5], arrayReverse[4], arrayReverse[3], arrayReverse[2], arrayReverse[1], arrayReverse[0]};
        this.SSMKSesAuthENC = do_cmac(this.key, bArr2, false);
        this.SSMKSesAuthMAC = do_cmac(this.key, this.sv2, false);
        this.authenticated = true;
        this.ssm_cmd_ctr = (short) 0;
        Log.d(TAG, "Auth succeeded");
        return this.authenticated;
    }

    public void connect() throws IOException {
        try {
            this.i.connect();
            this.connected = true;
        } catch (Exception e) {
            Log.e(TAG, "Error during connect", e);
            throw new IOException("IsoDep connect failed");
        }
    }

    public void disconnect() {
        Utilities.closeLazy(this.i);
        this.connected = false;
        this.authenticated = false;
    }

    public byte[] mac_unwrap(byte[] bArr) {
        int length = bArr.length;
        byte[] subarray = length > 10 ? ArrayUtils.subarray(bArr, 0, length - 10) : null;
        int i = length - 10;
        int i2 = length - 2;
        byte[] subarray2 = ArrayUtils.subarray(bArr, i, i2);
        byte[] subarray3 = ArrayUtils.subarray(bArr, i2, length);
        byte[] bArr2 = new byte[i + 7];
        bArr2[0] = subarray3[1];
        short s = this.ssm_cmd_ctr;
        bArr2[1] = (byte) (s & 255);
        bArr2[2] = (byte) ((s >> 8) & 255);
        System.arraycopy(this.ssm_ti, 0, bArr2, 3, 4);
        if (i > 0) {
            System.arraycopy(subarray, 0, bArr2, 7, subarray.length);
        }
        byte[] do_cmac = do_cmac(this.SSMKSesAuthMAC, bArr2, true);
        Log.d(TAG, String.format("Comparing MAC on reply, have `%s` want `%s`", Utilities.dumpBytes(subarray2), Utilities.dumpBytes(do_cmac)));
        if (Arrays.equals(subarray2, do_cmac)) {
            return ArrayUtils.addAll(subarray, subarray3);
        }
        return null;
    }

    public byte[] mac_wrap(byte[] bArr) {
        byte[] subarray = ArrayUtils.subarray(bArr, 0, 5);
        int i = bArr[4];
        byte[] subarray2 = i != 0 ? ArrayUtils.subarray(bArr, 5, i + 5) : null;
        byte[] bArr2 = new byte[i + 7];
        bArr2[0] = bArr[1];
        short s = this.ssm_cmd_ctr;
        bArr2[1] = (byte) (s & 255);
        bArr2[2] = (byte) ((s >> 8) & 255);
        System.arraycopy(this.ssm_ti, 0, bArr2, 3, 4);
        if (i > 0) {
            System.arraycopy(subarray2, 0, bArr2, 7, i);
        }
        Log.d(TAG, "Calculating MAC over data: " + Utilities.dumpBytes(bArr2));
        byte[] do_cmac = do_cmac(this.SSMKSesAuthMAC, bArr2, true);
        int length = subarray.length + i + do_cmac.length + 1;
        byte[] bArr3 = new byte[length];
        System.arraycopy(subarray, 0, bArr3, 0, subarray.length);
        if (i > 0) {
            System.arraycopy(subarray2, 0, bArr3, subarray.length, i);
        }
        System.arraycopy(do_cmac, 0, bArr3, subarray.length + i, do_cmac.length);
        bArr3[length - 1] = 0;
        bArr3[4] = (byte) (i + do_cmac.length);
        return bArr3;
    }

    public void selectApp(byte[] bArr) throws IOException {
        byte[] bArr2;
        try {
            bArr2 = transceive(new byte[]{0, -92, 0, 0, 2, bArr[0], bArr[1]}, (byte) 0);
        } catch (ISOAuthenticationRequiredException e) {
            Log.e(TAG, "This should be unreachable", e);
            bArr2 = null;
        }
        if (bArr2 != null && bArr2.length == 2 && bArr2[0] == -112 && bArr2[1] == 0) {
            this.authenticated = false;
            return;
        }
        Log.e("ntag4xx", "ISOSelectFile reply for app selection failed with: " + Utilities.dumpBytes(bArr2));
        disconnect();
        throw new IOException("SelectApp failed");
    }

    public byte[] transceive(byte[] bArr, byte b) throws IOException, ISOAuthenticationRequiredException {
        if (this.authenticated && this.ssm_cmd_ctr == -1) {
            throw new ISOAuthenticationRequiredException();
        }
        if (b == 0) {
            byte[] wrap_tx = wrap_tx(bArr);
            if (this.authenticated) {
                this.ssm_cmd_ctr = (short) (this.ssm_cmd_ctr + 1);
            }
            return wrap_tx;
        }
        if (!this.authenticated) {
            throw new ISOAuthenticationRequiredException();
        }
        byte[] wrap_tx2 = wrap_tx(mac_wrap(bArr));
        int length = wrap_tx2 != null ? wrap_tx2.length : -1;
        if (length < 2 || wrap_tx2[length - 1] != 0) {
            Log.e(TAG, "Error transmitting data, resetting authentication: " + Utilities.dumpBytes(wrap_tx2));
            this.authenticated = false;
            throw new IOException("Authentication error");
        }
        this.ssm_cmd_ctr = (short) (this.ssm_cmd_ctr + 1);
        byte[] mac_unwrap = mac_unwrap(wrap_tx2);
        if (mac_unwrap != null) {
            return mac_unwrap;
        }
        this.authenticated = false;
        throw new IOException("MAC error");
    }
}
