package com.hengbao.javacard.system;

import android.util.Log;
import com.hengbao.javacardx.crypto.CipherCBC;
import com.hengbao.javacardx.crypto.CipherDES;
import com.hengbao.javacardx.crypto.CipherECB;
import com.hengbao.javacardx.crypto.GDESKey;
import com.hengbao.javacardx.crypto.SignatureDES;
import javacard.framework.AID;
import javacard.framework.APDU;
import javacard.framework.CardRuntimeException;
import javacard.framework.ISO7816;
import javacard.framework.ISOException;
import javacard.framework.Util;
import javacard.security.KeyBuilder;
import javacard.security.Signature;
import javacardx.crypto.Cipher;
import org.globalplatform.SecureChannel;
import visa.openplatform.OPSystem;
import visa.openplatform.ProviderSecurityDomain;

/* loaded from: classes.dex */
public class Session implements ProviderSecurityDomain, SecureChannel {
    private static final short AID_LENGTH = 2;
    private static final byte CHANNEL_ERROR = 8;
    public static final byte CHANNEL_NB = 1;
    private static final byte CLEAR_SECURE_MESSAGING = -5;
    private static final short CRYPTOGRAM_LENGTH = 8;
    private static final short DIVERSIFICATION_CPLC_DATA = 10;
    private static final short ENC = 2;
    public static final short EXTERNAL_DONE = 32;
    public static final short INIT_UPDATE_DONE = 16;
    private static final short INVALID_SECURITY = 2;
    static final short KEY_LENGTH = 16;
    private static final byte LENGTH_EXPECTED = 28;
    static final short MAC = 1;
    private static final short MAC_ENC = 3;
    private static final short MAC_LENGTH = 8;
    public static final short MASK_LOGICAL_CHANNEL = -4;
    private static final short MAX_DATA_SECURE_CHANNEL = 248;
    private static final short OFFSET_COPY_AID = 33;
    private static final short OFFSET_CPLC_DATA = 7;
    private static final short OFFSET_CR = 17;
    private static final short OFFSET_CRYPTOGRAM = 25;
    private static final short OFFSET_DIVERSIFICATION = 5;
    private static final short OFFSET_HR_CARD_CRYPTO = 9;
    private static final short OFFSET_KEK = 240;
    private static final short OFFSET_RANDOM_ICV = 224;
    private static final short OFFSET_RANDOM_SESSION_KEY = 33;
    private static final short OFFSET_STAG = 15;
    private static final byte PADDING = 8;
    private static final byte PAD_START = Byte.MIN_VALUE;
    public static final byte SCP_VALUE_01 = 1;
    public static final byte SCP_VALUE_02 = 2;
    public static final short SECURE_MESSAGING = 4;
    private static final short SIZE_CPLC_DATA = 8;
    private static final short SIZE_RANDOM = 8;
    private static final short STAG_SIZE = 2;
    private static final short VALID_EXTERNAL_AUTH = 252;
    public byte bSessionReset;
    public CoreDES oKEK;
    public OPApplet oSD;
    public short sSecureLevel;
    public static SignatureDES oMac = (SignatureDES) Signature.getInstance((byte) 6, true);
    public static CipherECB oDerivation = (CipherECB) Cipher.getInstance((byte) 5, true);
    public static CipherCBC oCipher = (CipherCBC) Cipher.getInstance((byte) 1, true);
    public static GDESKey oKeyVerify = (GDESKey) KeyBuilder.buildKey((byte) 1, 192, false);
    public static GDESKey oKeyMac = (GDESKey) KeyBuilder.buildKey((byte) 1, 128, false);
    public static GDESKey oKeyAuthEnc = (GDESKey) KeyBuilder.buildKey((byte) 1, 128, false);
    public static GDESKey oKeyKek = (GDESKey) KeyBuilder.buildKey((byte) 1, 128, false);
    public static SignatureDES oMac_scp2 = (SignatureDES) Signature.getInstance((byte) 20, true);

    public static CipherDES getCipher(CoreDES coreDES, byte b) {
        CipherDES cipherDES = oDerivation;
        if (coreDES.sAlgo == -126) {
            cipherDES = oCipher;
        }
        cipherDES.init(coreDES, b);
        return cipherDES;
    }

    public static CipherDES getCipher_SCP2(CoreDES coreDES, byte b) {
        CipherCBC cipherCBC = oCipher;
        cipherCBC.init(coreDES, b);
        return cipherCBC;
    }

    public static short getUserID() {
        return (short) 0;
    }

    public static CoreDES setSessionKey(CoreDES coreDES, GDESKey gDESKey, byte[] bArr) {
        getCipher(coreDES, (byte) 2).doFinal(bArr, (short) 33, (short) 16, bArr, OFFSET_KEK);
        gDESKey.setKey(bArr, OFFSET_KEK);
        return (CoreDES) coreDES.oNext;
    }

    public static CoreDES setSessionKey_SCP2(CoreDES coreDES, GDESKey gDESKey, byte[] bArr) {
        getCipher_SCP2(coreDES, (byte) 2).doFinal(bArr, (short) 33, (short) 16, bArr, OFFSET_KEK);
        gDESKey.setKey(bArr, OFFSET_KEK);
        return (CoreDES) coreDES.oNext;
    }

    public static void setUserID() {
        CMContext cMContext = OPApplet.oCMContext;
        short s = cMContext.sUserID;
        short userID = getUserID();
        if (s != userID && s != 0) {
            GSystem.throwISOExceptionConditionOfUse();
        }
        cMContext.sUserID = userID;
    }

    public void checkSecurityDomainState() {
        Log.e("hjs", "dd");
    }

    public synchronized void closeSecureChannel() throws CardRuntimeException {
        if (OPApplet.oCMContext.sUserID == getUserID() && (this.sSecureLevel & 48) != 0) {
            oKeyMac.clearKey();
            oKeyAuthEnc.clearKey();
            oKeyKek.clearKey();
            oKeyVerify.clearKey();
            CMContext cMContext = OPApplet.oCMContext;
            this.sSecureLevel = (short) 0;
            cMContext.sUserID = (short) 0;
        }
    }

    @Override // visa.openplatform.ProviderSecurityDomain
    public synchronized void closeSecureChannel(byte b) throws CardRuntimeException {
        isOpen(b, (short) 48);
        oKeyMac.clearKey();
        oKeyAuthEnc.clearKey();
        CMContext cMContext = OPApplet.oCMContext;
        this.sSecureLevel = (short) 0;
        cMContext.sUserID = (short) 0;
        this.bSessionReset = (byte) 1;
    }

    @Override // org.globalplatform.SecureChannel
    public synchronized short decryptData(byte[] bArr, short s, short s2) {
        CipherDES cipher;
        if (!GSystem.isJcreEntryPoint(bArr)) {
            ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
        }
        checkSecurityDomainState();
        if ((this.sSecureLevel & 32) == 0) {
            ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
        }
        if (s2 % 8 != 0) {
            ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
        }
        cipher = getCipher(this.oKEK, (byte) 1);
        if (getSCP() == 2) {
            cipher.key = oKeyKek;
        }
        return cipher.doFinal(bArr, s, s2, bArr, s);
    }

    @Override // visa.openplatform.ProviderSecurityDomain
    public boolean decryptVerifyKey(byte b, APDU apdu, short s) throws CardRuntimeException {
        byte b2;
        byte[] buffer = apdu.getBuffer();
        isOpen(b, (short) 32);
        CipherDES cipher = getCipher(this.oKEK, (byte) 1);
        if (getSCP() == 2) {
            cipher.key = oKeyKek;
        }
        try {
            b = buffer[(short) (s + 1)];
            b2 = buffer[s];
            s = (short) (s + 2);
            cipher.doFinal(buffer, s, b, buffer, s);
        } catch (Throwable th) {
            GSystem.throwISOExceptionWrongData();
        }
        if (b2 == Byte.MIN_VALUE) {
            return true;
        }
        oKeyVerify.setKeyAsTriple(buffer, s, b);
        short s2 = (short) (s + b);
        if (buffer[s2] != 3) {
            GSystem.throwISOExceptionWrongData();
        }
        oCipher.init(oKeyVerify, (byte) 2);
        return oCipher.doFinalICV(buffer, (short) (s2 + 1), (short) 3) == 0;
    }

    @Override // org.globalplatform.SecureChannel
    public synchronized short encryptData(byte[] bArr, short s, short s2) {
        CipherDES cipher;
        checkSecurityDomainState();
        if ((this.sSecureLevel & 32) == 0) {
            ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
        }
        cipher = getCipher(this.oKEK, (byte) 2);
        if (getSCP() == 2) {
            cipher.key = oKeyKek;
        }
        return cipher.doFinal(bArr, s, s2, bArr, s);
    }

    public byte getSCP() {
        return this.oSD.bSCP;
    }

    @Override // org.globalplatform.SecureChannel
    public byte getSecurityLevel() {
        byte b = (this.sSecureLevel & 2) != 0 ? (byte) 2 : (byte) 0;
        if ((this.sSecureLevel & 1) != 0) {
            b = (byte) (b | 1);
        }
        return (this.sSecureLevel & 32) != 0 ? (byte) (b | Byte.MIN_VALUE) : b;
    }

    /* JADX WARN: Code restructure failed: missing block: B:15:0x0011, code lost:
    
        if ((r2.sSecureLevel & r4) != 0) goto L10;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized void isOpen(short r3, short r4) {
        /*
            r2 = this;
            monitor-enter(r2)
            r0 = 1
            if (r3 != r0) goto L13
            com.hengbao.javacard.system.CMContext r0 = com.hengbao.javacard.system.OPApplet.oCMContext     // Catch: java.lang.Throwable -> L18
            short r0 = r0.sUserID     // Catch: java.lang.Throwable -> L18
            short r1 = getUserID()     // Catch: java.lang.Throwable -> L18
            if (r0 != r1) goto L13
            short r0 = r2.sSecureLevel     // Catch: java.lang.Throwable -> L18
            r0 = r0 & r4
            if (r0 != 0) goto L16
        L13:
            com.hengbao.javacard.system.GSystem.throwISOExceptionConditionOfUse()     // Catch: java.lang.Throwable -> L18
        L16:
            monitor-exit(r2)
            return
        L18:
            r0 = move-exception
            monitor-exit(r2)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.hengbao.javacard.system.Session.isOpen(short, short):void");
    }

    @Override // visa.openplatform.ProviderSecurityDomain
    public synchronized short openSecureChannel(APDU apdu) throws CardRuntimeException {
        short s;
        byte[] buffer = apdu.getBuffer();
        OPApplet oPApplet = this.oSD;
        KeySet keySet = oPApplet.oKeyRoot;
        SignatureDES.des_8bytekey = (byte) 0;
        byte[] bArr = new byte[256];
        this.oSD.bSCP = (byte) 2;
        if (getSCP() == 2) {
            s = openSecureChannel_SCP02(apdu);
        } else {
            short s2 = oPApplet.sTryCounter;
            if (((byte) s2) < 1 || ((byte) s2) != ((short) (-(s2 >> 8)))) {
                GSystem.throwISOExceptionCryptoNotVerified();
            }
            byte b = buffer[2];
            if (b < 0) {
                GSystem.throwISOExceptionIncorrectP1P2();
            }
            if (buffer[4] != 8) {
                GSystem.throwISOExceptionWrongLength();
            }
            setUserID();
            OPApplet.processRandom(buffer, OFFSET_CR, (short) 8);
            try {
                try {
                    if (b != 0) {
                        keySet = keySet.getElement(b);
                    } else {
                        while (keySet.oNext != null) {
                            keySet = keySet.oNext;
                        }
                    }
                    CoreKey coreKey = keySet.oRoot;
                    for (short s3 = 1; s3 <= ((short) (buffer[3] - 1)); s3 = (short) (s3 + 1)) {
                        if (coreKey == null) {
                            GSystem.throwISOExceptionIncorrectP1P2();
                        }
                        coreKey = coreKey.getNext();
                    }
                    System.arraycopy(buffer, 0, bArr, 0, buffer.length);
                    CoreDES sessionKey = setSessionKey(setSessionKey((CoreDES) keySet.oRoot, oKeyAuthEnc, bArr), oKeyMac, bArr);
                    this.oKEK = sessionKey;
                    if (sessionKey.sAlgo == 0) {
                        s = 0;
                    }
                } catch (NullPointerException e) {
                    GSystem.throwISOExceptionDataNotFound();
                }
            } catch (ClassCastException e2) {
                GSystem.throwISOExceptionConditionOfUse();
            }
            System.arraycopy(bArr, 0, buffer, 0, buffer.length);
            OPApplet.copyAPDUToAPDU((short) 5, (short) 9, (short) 8, APDU.apdu);
            OPApplet.copyAPDUToAPDU((short) 9, OFFSET_RANDOM_ICV, (short) 16, APDU.apdu);
            oMac.init(oKeyAuthEnc, (byte) 1);
            oMac.sign(buffer, (short) 9, (short) 16, buffer, OFFSET_CRYPTOGRAM);
            buffer[15] = (byte) keySet.sID;
            buffer[16] = 1;
            if (this.oSD.baTag00CF != null) {
                Util.arrayCopyNonAtomic(this.oSD.baTag00CF, (short) 3, buffer, (short) 5, (short) 10);
            } else {
                OPSystem.getCPLCData(apdu, (short) 7, (short) 10, (short) 8);
                Util.arrayCopyNonAtomic(AID.Aid.getAid(), (short) (r6.length - 2), buffer, (short) 5, (short) 2);
            }
            buffer[4] = 28;
            oPApplet.setTryCounter((byte) (((byte) oPApplet.sTryCounter) - 1));
            this.sSecureLevel = (short) 16;
            oCipher.init(oKeyAuthEnc, (byte) 1);
            oMac.setICV(buffer, OFFSET_RANDOM_ICV);
            oCipher.setICV(buffer, (short) 232);
            s = 1;
        }
        return s;
    }

    /* JADX WARN: Removed duplicated region for block: B:30:0x0128 A[Catch: all -> 0x019f, TryCatch #3 {, blocks: (B:3:0x0001, B:5:0x0015, B:7:0x001f, B:9:0x0026, B:10:0x0029, B:12:0x002e, B:13:0x0031, B:15:0x0036, B:16:0x0039, B:18:0x0040, B:19:0x0043, B:22:0x004c, B:40:0x0052, B:26:0x006c, B:28:0x00fa, B:30:0x0128, B:31:0x0146, B:37:0x01a8, B:44:0x017c, B:24:0x0182, B:49:0x0175, B:51:0x0173, B:57:0x019a, B:55:0x01a3, B:58:0x001c), top: B:2:0x0001, inners: #0, #2 }] */
    /* JADX WARN: Removed duplicated region for block: B:37:0x01a8 A[Catch: all -> 0x019f, TRY_LEAVE, TryCatch #3 {, blocks: (B:3:0x0001, B:5:0x0015, B:7:0x001f, B:9:0x0026, B:10:0x0029, B:12:0x002e, B:13:0x0031, B:15:0x0036, B:16:0x0039, B:18:0x0040, B:19:0x0043, B:22:0x004c, B:40:0x0052, B:26:0x006c, B:28:0x00fa, B:30:0x0128, B:31:0x0146, B:37:0x01a8, B:44:0x017c, B:24:0x0182, B:49:0x0175, B:51:0x0173, B:57:0x019a, B:55:0x01a3, B:58:0x001c), top: B:2:0x0001, inners: #0, #2 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized short openSecureChannel_SCP02(javacard.framework.APDU r17) throws javacard.framework.CardRuntimeException {
        /*
            Method dump skipped, instructions count: 452
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.hengbao.javacard.system.Session.openSecureChannel_SCP02(javacard.framework.APDU):short");
    }

    @Override // org.globalplatform.SecureChannel
    public short processSecurity(APDU apdu) throws ISOException {
        byte[] buffer = apdu.getBuffer();
        byte b = (byte) (buffer[0] & 252);
        if (b != -124 && b != Byte.MIN_VALUE) {
            ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
        }
        switch (buffer[1]) {
            case -126:
                if ((buffer[0] & 4) != 4) {
                    ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
                }
                apdu.setIncomingAndReceive();
                if (OPSystem.getCardManagerState() > 7 && (buffer[2] & 1) == 0) {
                    GSystem.throwISOExceptionConditionOfUse();
                }
                verifyExternalAuthenticate((byte) 1, apdu);
                return (short) 1;
            case 80:
                apdu.setIncomingAndReceive();
                openSecureChannel(apdu);
                return buffer[4];
            default:
                ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
                return (short) 1;
        }
    }

    @Override // org.globalplatform.SecureChannel
    public void resetSecurity() {
        try {
            closeSecureChannel();
        } catch (Exception e) {
        }
    }

    @Override // org.globalplatform.SecureChannel
    public short unwrap(byte[] bArr, short s, short s2) throws ISOException {
        if (unwrap_check(bArr, (byte) 1) == 0) {
        }
        unwrap_final((byte) 1, GSystem.oAPDU);
        return (short) (bArr[4] + 5);
    }

    @Override // visa.openplatform.ProviderSecurityDomain
    public void unwrap(byte b, APDU apdu) throws CardRuntimeException {
        SignatureDES.des_8bytekey = (byte) 0;
        if (unwrap_check(apdu.getBuffer(), b) != 0) {
            unwrap_final(b, apdu);
        }
    }

    public short unwrap_check(byte[] bArr, byte b) throws ISOException {
        try {
            byte securityLevel = getSecurityLevel();
            if (securityLevel != 0 || this.sSecureLevel == 16) {
                if ((bArr[0] & 4) != 0) {
                    if (securityLevel == Byte.MIN_VALUE) {
                        ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
                    }
                    if (b != 1) {
                        ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
                    }
                } else {
                    if (securityLevel == Byte.MIN_VALUE) {
                        return (short) 0;
                    }
                    ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
                }
            } else {
                if ((bArr[0] & 4) == 0) {
                    return (short) 0;
                }
                if (this.sSecureLevel != 0) {
                    ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
                }
                if (this.bSessionReset == 0) {
                    return (short) 0;
                }
            }
            return (short) 1;
        } catch (ISOException e) {
            closeSecureChannel((byte) 1);
            throw e;
        }
    }

    public void unwrap_final(byte b, APDU apdu) throws CardRuntimeException {
        try {
            isOpen(b, (short) 32);
            if (this.sSecureLevel == 32) {
                return;
            }
            byte[] buffer = apdu.getBuffer();
            short s = (short) (buffer[4] & 255);
            if (s < 8) {
                b = 8;
            }
            short s2 = (short) (s - 8);
            if (s2 > 248) {
                b = 8;
            }
            if ((this.sSecureLevel & 2) != 0 && s2 % 8 != 0) {
                b = 8;
            }
            if (b == 8) {
                ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
            }
            if (s2 != 0 && (this.sSecureLevel & 2) != 0) {
                oCipher.init(oKeyAuthEnc, (byte) 1);
                oCipher.doFinal(buffer, (short) 5, s2, buffer, 2 != getSCP() ? (short) 4 : (short) 5);
                if (2 == getSCP()) {
                    short s3 = 0;
                    while (Byte.MIN_VALUE != buffer[(short) (s2 + 4)] && s3 != 7) {
                        s3 = (short) (s3 + 1);
                        s2 = (short) (s2 - 1);
                    }
                    buffer[4] = (byte) (s2 - 1);
                }
                s2 = (short) (buffer[4] & 255);
                OPApplet.copyAPDUToAPDU((short) (s2 + 5), (short) (s2 + 5), (short) 8, APDU.apdu);
                buffer[4] = (byte) (s2 + 8);
            }
            if (2 == getSCP()) {
                oMac_scp2.verifyAndKeepICV(buffer, (short) (s2 + 5));
                oMac_scp2.init(oKeyMac, (byte) 2);
                oMac_scp2.update(buffer, (short) (s2 + 5), (short) 8);
            } else {
                oMac.verifyAndKeepICV(buffer, (short) (s2 + 5));
            }
            buffer[0] = (byte) (buffer[0] & CLEAR_SECURE_MESSAGING);
            buffer[4] = (byte) s2;
        } catch (CardRuntimeException e) {
            closeSecureChannel((byte) 1);
            throw e;
        }
    }

    @Override // visa.openplatform.ProviderSecurityDomain
    public void verifyExternalAuthenticate(byte b, APDU apdu) throws CardRuntimeException {
        SignatureDES.des_8bytekey = (byte) 0;
        try {
            isOpen(b, (short) 16);
            byte[] buffer = apdu.getBuffer();
            byte b2 = buffer[2];
            if (((short) (b2 & 252)) != 0 || b2 == 2 || buffer[3] != 0) {
                GSystem.throwISOExceptionIncorrectP1P2();
            }
            if (buffer[4] != 16) {
                GSystem.throwISOExceptionWrongLength();
            }
            buffer[0] = (byte) (buffer[0] & (-4));
            oCipher.getICV(buffer, (short) 232);
            SignatureDES signatureDES = oMac;
            signatureDES.getICV(buffer, OFFSET_RANDOM_ICV);
            signatureDES.sign(buffer, OFFSET_RANDOM_ICV, (short) 16, buffer, OFFSET_RANDOM_ICV);
            this.oSD.bSCP = (byte) 2;
            if (2 == getSCP()) {
                signatureDES = oMac_scp2;
            }
            signatureDES.init(oKeyMac, (byte) 2);
            if (Util.arrayCompare(buffer, OFFSET_RANDOM_ICV, buffer, (short) 5, (short) 8) != 0) {
                GSystem.throwISOExceptionCryptoNotVerified();
            }
            signatureDES.verifyAndKeepICV(buffer, (short) 13);
            if (2 == getSCP()) {
                this.oKEK.incCounter();
                signatureDES.init(oKeyMac, (byte) 2);
                signatureDES.update(buffer, (short) 0, (short) 13);
            }
            this.oSD.setTryCounter(this.oSD.bTryLimit);
            this.sSecureLevel = (short) (b2 | 32);
        } catch (CardRuntimeException e) {
            closeSecureChannel((byte) 1);
            throw e;
        }
    }

    @Override // org.globalplatform.SecureChannel
    public short wrap(byte[] bArr, short s, short s2) throws ArrayIndexOutOfBoundsException, ISOException {
        return s2;
    }
}
