package es.gob.jmulticard.card.pace;

import es.gob.jmulticard.CryptoHelper;
import es.gob.jmulticard.HexUtils;
import es.gob.jmulticard.apdu.ResponseApdu;
import es.gob.jmulticard.apdu.connection.ApduConnection;
import es.gob.jmulticard.apdu.iso7816four.GeneralAuthenticateApduCommand;
import es.gob.jmulticard.apdu.iso7816four.pace.MseSetPaceAlgorithmApduCommand;
import es.gob.jmulticard.asn1.Tlv;
import es.gob.jmulticard.asn1.TlvException;
import es.gob.jmulticard.asn1.der.x509.SubjectPublicKeyInfo;
import java.io.IOException;
import java.security.KeyPair;

/* loaded from: input_file:es/gob/jmulticard/card/pace/PaceChannelHelper.class */
public final class PaceChannelHelper {
    private static final byte[] a = {0, 0, 0, 3};

    private PaceChannelHelper() {
    }

    /* JADX WARN: Type inference failed for: r2v20, types: [byte[], byte[][]] */
    public static void openPaceChannel(byte b, String str, ApduConnection apduConnection, CryptoHelper cryptoHelper) {
        if (apduConnection == null) {
            throw new IllegalArgumentException("El canal de conexion no puede ser nulo");
        }
        if (str == null || "".equals(str)) {
            throw new IllegalArgumentException("Es necesario proporcionar el CAN para abrir canal PACE");
        }
        if (cryptoHelper == null) {
            throw new IllegalArgumentException("El CryptoHelper no puede ser nulo");
        }
        if (!apduConnection.isOpen()) {
            apduConnection.open();
        }
        System.out.println("Establecimiento algoritmo PACE");
        MseSetPaceAlgorithmApduCommand mseSetPaceAlgorithmApduCommand = new MseSetPaceAlgorithmApduCommand(b, MseSetPaceAlgorithmApduCommand.PaceAlgorithmOid.PACE_ECDH_GM_AES_CBC_CMAC128, MseSetPaceAlgorithmApduCommand.PacePasswordType.CAN, MseSetPaceAlgorithmApduCommand.PaceAlgorithmParam.BRAINPOOL_256_R1);
        ResponseApdu transmit = apduConnection.transmit(mseSetPaceAlgorithmApduCommand);
        if (!transmit.isOk()) {
            throw new PaceException(transmit.getStatusWord(), mseSetPaceAlgorithmApduCommand, "Error estableciendo el algoritmo del protocolo PACE.");
        }
        System.out.println("Primer comando General Autenticate - Get Nonce");
        GeneralAuthenticateApduCommand generalAuthenticateApduCommand = new GeneralAuthenticateApduCommand((byte) 16, new byte[]{124, 0});
        ResponseApdu transmit2 = apduConnection.transmit(generalAuthenticateApduCommand);
        if (!transmit2.isOk()) {
            throw new PaceException(transmit2.getStatusWord(), generalAuthenticateApduCommand, "Error solicitando el aleatorio de calculo PACE (Nonce)");
        }
        try {
            byte[] value = new Tlv(new Tlv(transmit2.getData()).getValue()).getValue();
            System.out.println("'nonce' obtenido: " + HexUtils.hexify(value, false));
            byte[] bArr = new byte[16];
            try {
                System.arraycopy(cryptoHelper.digest(CryptoHelper.DigestAlgorithm.SHA1, HexUtils.concatenateByteArrays(new byte[]{str.getBytes(), a})), 0, bArr, 0, 16);
                System.out.println("'sk' obtenido: " + HexUtils.hexify(bArr, false));
                try {
                    System.out.println("'secret' obtenido: " + HexUtils.hexify(cryptoHelper.aesDecrypt(value, new byte[0], bArr), false));
                    System.out.println("Segundo comando General Autenticate - Map Nonce");
                    try {
                        KeyPair generateEcKeyPair = cryptoHelper.generateEcKeyPair(CryptoHelper.EcCurve.BRAINPOOL_P256_R1);
                        SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo();
                        try {
                            subjectPublicKeyInfo.setDerValue(generateEcKeyPair.getPublic().getEncoded());
                            GeneralAuthenticateApduCommand generalAuthenticateApduCommand2 = new GeneralAuthenticateApduCommand((byte) 16, new Tlv((byte) 124, new Tlv((byte) -127, subjectPublicKeyInfo.getSubjectPublicKey()).getBytes()).getBytes());
                            ResponseApdu transmit3 = apduConnection.transmit(generalAuthenticateApduCommand2);
                            if (!transmit3.isOk()) {
                                throw new PaceException(transmit3.getStatusWord(), generalAuthenticateApduCommand2, "Error mapeando el aleatorio de calculo PACE (Nonce)");
                            }
                            System.out.println("Clave privada del terminal (PKCS#8, " + generateEcKeyPair.getPrivate().getEncoded().length + "):  " + HexUtils.hexify(generateEcKeyPair.getPrivate().getEncoded(), false));
                            try {
                                byte[] a2 = a(transmit3.getData());
                                System.out.println("Clave publica de la tarjeta (sin TLV, " + a2.length + "): " + HexUtils.hexify(a2, false));
                                try {
                                    System.out.println("h de ECDH: " + HexUtils.hexify(cryptoHelper.doEcDh(generateEcKeyPair.getPrivate(), a2, CryptoHelper.EcCurve.BRAINPOOL_P256_R1), false));
                                } catch (Exception e) {
                                    throw new PaceException("Error calculando el EC-DH: " + e, e);
                                }
                            } catch (Exception e2) {
                                throw new PaceException("Error obteniendo la clave efimera EC publica de la tarjeta: " + e2, e2);
                            }
                        } catch (Exception e3) {
                            throw new PaceException("La clave publica EC no esta en el formato esperado: " + e3, e3);
                        }
                    } catch (Exception e4) {
                        throw new PaceException("Error creando el par de claves EC: " + e4, e4);
                    }
                } catch (Exception e5) {
                    throw new PaceException("Error descifranco el 'nonce': " + e5, e5);
                }
            } catch (IOException e6) {
                throw new PaceException("Error obteniendo el 'sk' a partir del CAN: " + e6, e6);
            }
        } catch (TlvException e7) {
            throw new PaceException("El aleatorio de calculo PACE (Nonce) obtenido (" + HexUtils.hexify(transmit2.getData(), true) + ") no sigue el formato esperado: " + e7, e7);
        }
    }

    private static byte[] a(byte[] bArr) {
        return new Tlv(new Tlv(bArr).getValue()).getValue();
    }
}
