package com.assaabloy.seos.access.commands;

import ch.qos.logback.core.CoreConstants;
import com.assaabloy.mobilekeys.common.tools.ArrayUtils;
import com.assaabloy.mobilekeys.common.tools.HexUtils;
import com.assaabloy.seos.access.apdu.ApduCommand;
import com.assaabloy.seos.access.apdu.SeosApduFactory;
import com.assaabloy.seos.access.auth.AuthenticationKeyset;
import com.assaabloy.seos.access.crypto.SeosCipher;
import com.assaabloy.seos.access.domain.SelectionResult;
import com.assaabloy.seos.access.internal.crypto.AuthenticationResult;
import com.assaabloy.seos.access.internal.crypto.CryptoFactory;
import com.assaabloy.seos.access.internal.crypto.CryptoUtils;
import com.assaabloy.seos.access.internal.crypto.SessionCrypto;
import com.assaabloy.seos.access.internal.util.FluentOutputStream;
import com.assaabloy.seos.access.util.SeosException;
import java.security.SecureRandom;
import java.util.Arrays;

/* loaded from: classes2.dex */
class MutualAuthentication implements Command<SessionCrypto> {
    private static final int KEY_MATERIAL_LENGTH = 16;
    private static final int RANDOM_LENGTH = 8;
    private static final byte[] TEST_VECTOR_KEY_IFD = HexUtils.toBytes("81828384858687888990919293949596");
    private static final byte[] TEST_VECTOR_RANDOM_IFD = HexUtils.toBytes("8181818181818181");
    private SeosCipher authenticationCrypto;
    private final AuthenticationKeyset authenticationKeyset;
    private byte[] keyIfd;
    private final byte[] randomIcc;
    private byte[] randomIfd;
    private SelectionResult selectionResult;
    private boolean useTestVectors;

    /* JADX INFO: Access modifiers changed from: package-private */
    public MutualAuthentication(AuthenticationKeyset authenticationKeyset, byte[] bArr, SelectionResult selectionResult, boolean z) {
        if (authenticationKeyset == null) {
            throw new SeosException("Mutual authentication requires an authentication key");
        }
        if (bArr == null || bArr.length == 0) {
            throw new SeosException("Random ICC must be initialized");
        }
        if (selectionResult == null) {
            throw new SeosException("Mutual authentication requires a selectionResult");
        }
        this.randomIcc = Arrays.copyOf(bArr, bArr.length);
        this.authenticationKeyset = authenticationKeyset;
        this.selectionResult = selectionResult;
        this.useTestVectors = z;
        this.authenticationCrypto = authenticationKeyset.authenticationCrypto(selectionResult, new byte[selectionResult.encryptionAlgorithm().blockSize()]);
    }

    private byte[] generateRandom(boolean z) {
        if (z) {
            return ArrayUtils.copy(TEST_VECTOR_RANDOM_IFD);
        }
        byte[] bArr = new byte[8];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private byte[] generateRandomKeyMaterial(boolean z) {
        if (z) {
            return ArrayUtils.copy(TEST_VECTOR_KEY_IFD);
        }
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private void verifyArrayEquals(byte[] bArr, byte[] bArr2, String str) {
        if (!Arrays.equals(bArr, bArr2)) {
            throw new SeosException("Cryptogram data validation failed: " + str);
        }
    }

    @Override // com.assaabloy.seos.access.commands.Command
    public ApduCommand createCommand(SelectionResult selectionResult) {
        this.keyIfd = generateRandomKeyMaterial(this.useTestVectors);
        this.randomIfd = generateRandom(this.useTestVectors);
        byte[] encrypt = this.authenticationCrypto.encrypt(new FluentOutputStream().write(this.randomIfd).write(this.randomIcc).write(this.keyIfd).toByteArray());
        return SeosApduFactory.mutualAuthenticationCommand(this.authenticationKeyset.keyReference(), new AuthenticationTemplate((byte) -126, new FluentOutputStream().write(encrypt).write(CryptoUtils.trimMacToSeosSize(this.authenticationCrypto.calculateMac(encrypt))).toByteArray()).toByteArray());
    }

    byte[] getKeyIfd() {
        return Arrays.copyOf(this.keyIfd, this.keyIfd.length);
    }

    byte[] getRandomIfd() {
        return Arrays.copyOf(this.randomIfd, this.randomIfd.length);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.assaabloy.seos.access.commands.Command
    public SessionCrypto parseResponse(byte[] bArr) {
        AuthenticationTemplate parse = AuthenticationTemplate.parse(bArr);
        if (parse.dataObjectType() != -126) {
            throw new SeosException("Invalid response, expected response tag in the auth template (7cLL82...)");
        }
        byte[] content = parse.getContent();
        CryptoUtils.validateMac(CryptoUtils.trimMacToSeosSize(this.authenticationCrypto.calculateMac(Arrays.copyOf(content, content.length - 8))), Arrays.copyOfRange(content, content.length - 8, content.length));
        byte[] decrypt = this.authenticationCrypto.decrypt(Arrays.copyOf(content, content.length - 8));
        verifyArrayEquals(Arrays.copyOfRange(decrypt, 0, 8), this.randomIcc, "R.ICC");
        verifyArrayEquals(Arrays.copyOfRange(decrypt, 8, 16), this.randomIfd, "R.IFD");
        return CryptoFactory.sessionCrypto(this.authenticationKeyset.isGlobalKeyReference(), this.selectionResult.encryptionAlgorithm(), this.selectionResult.hashAlgorithm(), new AuthenticationResult(this.randomIfd, this.randomIcc, this.keyIfd, Arrays.copyOfRange(decrypt, 16, decrypt.length)));
    }

    @Override // com.assaabloy.seos.access.commands.Command
    public boolean supportsSecureMessaging() {
        return false;
    }

    public String toString() {
        return "Mutual Authentication {authenticationKeyset=" + HexUtils.toHex(this.authenticationKeyset.keyReference()) + CoreConstants.CURLY_RIGHT;
    }
}
