package de.authada.eid.card.pace.steps;

import de.authada.eid.card.api.ByteArray;
import de.authada.eid.card.api.CardProcessingException;
import de.authada.eid.card.api.security.PACEObjectIdentifiers;
import de.authada.eid.card.asn1.pace.AuthenticationToken;
import de.authada.eid.card.asn1.pace.PACEInfo;
import de.authada.eid.card.crypto.keygeneration.SMKeyGenerator3DES;
import de.authada.eid.card.crypto.keygeneration.SMKeyGeneratorAES;
import de.authada.eid.card.pace.PACEException;
import de.authada.eid.card.pace.PACEResult;
import de.authada.eid.card.pace.apdus.GeneralAuthenticateMutualAuthenticationBuilder;
import de.authada.eid.card.pace.apdus.InvalidSecretException;
import de.authada.eid.card.pace.apdus.MutualAuthenticationResult;
import de.authada.eid.card.pace.crypto.AuthenticationTokenGenerator;
import de.authada.eid.card.pace.steps.KeyAgreementPACEStep;
import de.authada.eid.card.sm.SMKeys;
import de.authada.eid.core.support.Optional;
import de.authada.org.bouncycastle.crypto.params.ECPublicKeyParameters;
import java.io.IOException;
import java.util.Objects;
import km.b;
import km.d;

/* loaded from: classes2.dex */
public class MutualAuthenticationPACEStep {
    private static final b LOGGER = d.b(MutualAuthenticationPACEStep.class);
    private AuthenticationTokenGenerator authenticationTokenGenerator;

    /* loaded from: classes2.dex */
    public static final class MutualAuthenticationPACEContext extends PACEContextDelegate {
        private MutualAuthenticationPACEContext(KeyAgreementPACEStep.KeyAgreementPACEContext keyAgreementPACEContext) {
            super(keyAgreementPACEContext.getPACEContext());
        }

        public /* synthetic */ MutualAuthenticationPACEContext(KeyAgreementPACEStep.KeyAgreementPACEContext keyAgreementPACEContext, int i10) {
            this(keyAgreementPACEContext);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void newCAR(Optional<ByteArray> optional) {
            getPACEContext().getBuilder().newCAR(optional);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void oldCAR(Optional<ByteArray> optional) {
            getPACEContext().getBuilder().oldCAR(optional);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void smKeys(SMKeys sMKeys) {
            getPACEContext().getBuilder().sMKeys(sMKeys);
        }

        public PACEResult result() {
            return getPACEContext().getBuilder().build();
        }
    }

    private void checkAuthentication(KeyAgreementPACEStep.KeyAgreementPACEContext keyAgreementPACEContext, MutualAuthenticationResult mutualAuthenticationResult) {
        b bVar = LOGGER;
        bVar.s("Calculate Card Authentication Token");
        AuthenticationToken generate = this.authenticationTokenGenerator.generate(keyAgreementPACEContext.getPACEInfo().getProtocolOid(), (ECPublicKeyParameters) keyAgreementPACEContext.getTerminalKeyPair().getPublic());
        bVar.s("Compare Authentication Tokens");
        if (!Objects.equals(generate, mutualAuthenticationResult.getAuthenticationToken())) {
            throw new PACEException("Invalid Authentication Token from card");
        }
    }

    private boolean isAES(PACEInfo pACEInfo) {
        return !Objects.equals(pACEInfo.getProtocolOid(), PACEObjectIdentifiers.ID_PACE_ECDH_GM_3DES_CBC_CBC);
    }

    public MutualAuthenticationPACEContext processStep(KeyAgreementPACEStep.KeyAgreementPACEContext keyAgreementPACEContext) {
        MutualAuthenticationPACEContext mutualAuthenticationPACEContext = new MutualAuthenticationPACEContext(keyAgreementPACEContext, 0);
        b bVar = LOGGER;
        bVar.s("Generate K_ENC and K_MAC");
        boolean isAES = isAES(keyAgreementPACEContext.getPACEInfo());
        SMKeys generate = (isAES ? new SMKeyGeneratorAES(keyAgreementPACEContext.getTerminalKeyPair().getPrivate(), keyAgreementPACEContext.getCardPublicKey()) : new SMKeyGenerator3DES(keyAgreementPACEContext.getTerminalKeyPair().getPrivate(), keyAgreementPACEContext.getCardPublicKey())).generate();
        mutualAuthenticationPACEContext.smKeys(generate);
        try {
            bVar.s("Generate Authentication Token");
            this.authenticationTokenGenerator = new AuthenticationTokenGenerator(generate.getKMAC(), isAES);
            bVar.s("Transceive Authentication Token");
            MutualAuthenticationResult mutualAuthenticationResult = (MutualAuthenticationResult) keyAgreementPACEContext.getCard().transceive(new GeneralAuthenticateMutualAuthenticationBuilder().authenticationToken(this.authenticationTokenGenerator.generate(keyAgreementPACEContext.getPACEInfo().getProtocolOid(), keyAgreementPACEContext.getCardPublicKey())).build());
            checkAuthentication(keyAgreementPACEContext, mutualAuthenticationResult);
            mutualAuthenticationPACEContext.newCAR(mutualAuthenticationResult.getFirstReference());
            mutualAuthenticationPACEContext.oldCAR(mutualAuthenticationResult.getSecondReference());
            return mutualAuthenticationPACEContext;
        } catch (InvalidSecretException e10) {
            throw e10;
        } catch (CardProcessingException e11) {
            e = e11;
            throw new PACEException("Error during mutual authentication", e);
        } catch (IOException e12) {
            e = e12;
            throw new PACEException("Error during mutual authentication", e);
        }
    }
}
