package com.kbstar.caq.kbsign.usim;

import com.atoncorp.secure.constants.MobileSafeBoxConstants;
import com.kbstar.caq.kbsign.usim.KBSignUsim;
import com.kbstar.caq.kbsign.usim.comm.IUsimCommHandler;
import com.kbstar.caq.kbsign.usim.comm.IUsimCompleteListener;
import com.kbstar.kbbank.implementation.common.constant.KBSignConstant;
import java.util.HashMap;
import java.util.Map;
import java.util.Random;

/* loaded from: classes3.dex */
public class KBSignSecureChannelExternal {
    private IUsimCommHandler mClient;
    private KeyType mkeyType;
    private Random random;
    private byte[] S_ENC = new byte[16];
    private byte[] S_MAC = new byte[16];
    private byte[] S_KEK = new byte[16];
    private byte[] mKeyDiversificationData = null;
    private byte[] mRecentMac = null;
    private byte[] mHostRandom = new byte[8];
    private int keyVersion = 0;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.kbstar.caq.kbsign.usim.KBSignSecureChannelExternal$4, reason: invalid class name */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class AnonymousClass4 {
        static final /* synthetic */ int[] $SwitchMap$com$kbstar$caq$kbsign$usim$KBSignSecureChannelExternal$KeyType;

        static {
            int[] iArr = new int[KeyType.values().length];
            $SwitchMap$com$kbstar$caq$kbsign$usim$KBSignSecureChannelExternal$KeyType = iArr;
            try {
                iArr[KeyType.INITIAL_KBSD_KEY.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$kbstar$caq$kbsign$usim$KBSignSecureChannelExternal$KeyType[KeyType.KBSD_KEY.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$kbstar$caq$kbsign$usim$KBSignSecureChannelExternal$KeyType[KeyType.APPLET_KEY.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public interface GetEncryptedNonceCompleteListener {
        void onFaile(String str, UsimException usimException);

        void onSuccess(byte[] bArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public enum KeyType {
        INITIAL_KBSD_KEY,
        KBSD_KEY,
        APPLET_KEY
    }

    public KBSignSecureChannelExternal(KeyType keyType, IUsimCommHandler iUsimCommHandler) throws UsimException {
        Random random = new Random();
        this.random = random;
        this.mClient = iUsimCommHandler;
        this.mkeyType = keyType;
        random.nextBytes(this.mHostRandom);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void checkResponse(IUsimCompleteListener.ResultCode resultCode, String str, int i) throws UsimException {
        if (resultCode != IUsimCompleteListener.ResultCode.SUCCESS) {
            throw new UsimException(i, str);
        }
    }

    public static void getEncryptedNonce(byte[] bArr, byte[] bArr2, IUsimCommHandler iUsimCommHandler, final GetEncryptedNonceCompleteListener getEncryptedNonceCompleteListener) throws UsimException {
        HashMap hashMap = new HashMap();
        hashMap.put("nonce", KBSignUtil.hexEncode(bArr));
        hashMap.put("authData", KBSignUtil.hexEncode(bArr2));
        iUsimCommHandler.sendRequest(0, IUsimCommHandler.RequestCmd.ENCRYPT_NONCE, hashMap, new IUsimCompleteListener() { // from class: com.kbstar.caq.kbsign.usim.KBSignSecureChannelExternal.3
            @Override // com.kbstar.caq.kbsign.usim.comm.IUsimCompleteListener
            public void onComplete(IUsimCompleteListener.ResultCode resultCode, Map<String, String> map, String str) {
                try {
                    KBSignSecureChannelExternal.checkResponse(resultCode, str, KBSignErrorCode.ENCRYPT_NONCE_RESPONSE_ERROR);
                    String str2 = map.get("encryptedNonce");
                    if (str2 == null) {
                        throw new UsimException(KBSignErrorCode.INVALID_ENCRYPT_NONCE_RESPONSE, "invalid requestEncryptNonce response");
                    }
                    GetEncryptedNonceCompleteListener.this.onSuccess(KBSignUtil.hexDecode(str2));
                } catch (UsimException e) {
                    e.printStackTrace();
                    GetEncryptedNonceCompleteListener.this.onFaile(e.getMessage(), e);
                }
            }
        });
    }

    private String getKeyTypeString(KeyType keyType) {
        int i = AnonymousClass4.$SwitchMap$com$kbstar$caq$kbsign$usim$KBSignSecureChannelExternal$KeyType[keyType.ordinal()];
        if (i == 1) {
            return "1";
        }
        if (i == 2) {
            return "2";
        }
        if (i != 3) {
            return null;
        }
        return "3";
    }

    public void clear() {
        KBSignUtil.memset(this.S_ENC);
        KBSignUtil.memset(this.S_MAC);
        KBSignUtil.memset(this.S_KEK);
    }

    public void getEncryptedNonce(byte[] bArr, byte[] bArr2, GetEncryptedNonceCompleteListener getEncryptedNonceCompleteListener) throws UsimException {
        getEncryptedNonce(bArr, bArr2, this.mClient, getEncryptedNonceCompleteListener);
    }

    public void getExternalAuthentication(byte[] bArr, final KBSignUsim.ExternalAuthenticationListener externalAuthenticationListener) throws UsimException {
        if (bArr == null || bArr.length != 28) {
            throw new UsimException(KBSignErrorCode.INVALID_INPUT, "Invalid input");
        }
        this.keyVersion = bArr[10];
        HashMap hashMap = new HashMap();
        hashMap.put(MobileSafeBoxConstants.BUNDLE_EXTRA_KEYTYPE, getKeyTypeString(this.mkeyType));
        hashMap.put("commandAPDU", "8482030010");
        hashMap.put("authData", KBSignUtil.hexEncode(bArr));
        hashMap.put("hostChallenge", KBSignUtil.hexEncode(this.mHostRandom));
        this.mClient.sendRequest(0, IUsimCommHandler.RequestCmd.AUTHENTICATE, hashMap, new IUsimCompleteListener() { // from class: com.kbstar.caq.kbsign.usim.KBSignSecureChannelExternal.1
            @Override // com.kbstar.caq.kbsign.usim.comm.IUsimCompleteListener
            public void onComplete(IUsimCompleteListener.ResultCode resultCode, Map<String, String> map, String str) {
                try {
                    KBSignSecureChannelExternal.checkResponse(resultCode, str, KBSignErrorCode.AUTHENTICATE_RESPONSE_ERROR);
                    String str2 = map.get("hostCryptogram");
                    String str3 = map.get(KBSignConstant.KBSignBiometricsTypeValue.MAC);
                    String str4 = map.get("keyDiversificationData");
                    String str5 = map.get("sEnc");
                    String str6 = map.get("sMac");
                    String str7 = map.get("sKek");
                    if (str2 == null || str3 == null || str4 == null || str5 == null || str6 == null || str7 == null) {
                        throw new UsimException(KBSignErrorCode.EXT_AUTH_FAIL, "invalid requestAuthenticate response");
                    }
                    byte[] hexDecode = KBSignUtil.hexDecode(str2);
                    byte[] hexDecode2 = KBSignUtil.hexDecode(str3);
                    KBSignSecureChannelExternal.this.S_ENC = KBSignUtil.hexDecode(str5);
                    KBSignSecureChannelExternal.this.S_MAC = KBSignUtil.hexDecode(str6);
                    KBSignSecureChannelExternal.this.S_KEK = KBSignUtil.hexDecode(str7);
                    KBSignSecureChannelExternal.this.mKeyDiversificationData = KBSignUtil.hexDecode(str4);
                    KBSignSecureChannelExternal.this.mRecentMac = KBSignUtil.hexDecode(str3);
                    byte[] bArr2 = new byte[hexDecode.length + hexDecode2.length];
                    System.arraycopy(hexDecode, 0, bArr2, 0, hexDecode.length);
                    System.arraycopy(hexDecode2, 0, bArr2, hexDecode.length, hexDecode2.length);
                    externalAuthenticationListener.onSuccess(bArr2);
                } catch (UsimException e) {
                    externalAuthenticationListener.onFail(e.getMessage(), e);
                } catch (NullPointerException e2) {
                    UsimException usimException = new UsimException(e2);
                    externalAuthenticationListener.onFail(usimException.getMessage(), usimException);
                }
            }
        });
    }

    public byte[] getHostRandom() {
        return this.mHostRandom;
    }

    public byte[] getInitializeUpdateRequest(int i) throws UsimException {
        byte[] bArr = this.mHostRandom;
        byte[] bArr2 = new byte[bArr.length + 5];
        bArr2[0] = Byte.MIN_VALUE;
        bArr2[1] = 80;
        bArr2[2] = (byte) i;
        bArr2[3] = 0;
        bArr2[4] = (byte) bArr.length;
        System.arraycopy(bArr, 0, bArr2, 5, bArr.length);
        int length = this.mHostRandom.length;
        return bArr2;
    }

    public int getKeyVersion() {
        return this.keyVersion;
    }

    public void getPutKey(KeyType keyType, final KBSignUsim.GetPutKeyCompleteListener getPutKeyCompleteListener) throws UsimException {
        HashMap hashMap = new HashMap();
        hashMap.put(MobileSafeBoxConstants.BUNDLE_EXTRA_KEYTYPE, getKeyTypeString(keyType));
        hashMap.put(KBSignConstant.KBSignBiometricsTypeValue.MAC, KBSignUtil.hexEncode(this.mRecentMac));
        hashMap.put("keyDiversificationData", KBSignUtil.hexEncode(this.mKeyDiversificationData));
        hashMap.put("sEnc", KBSignUtil.hexEncode(this.S_ENC));
        hashMap.put("sMac", KBSignUtil.hexEncode(this.S_MAC));
        hashMap.put("sKek", KBSignUtil.hexEncode(this.S_KEK));
        this.mClient.sendRequest(0, IUsimCommHandler.RequestCmd.PUTKEY_DATA, hashMap, new IUsimCompleteListener() { // from class: com.kbstar.caq.kbsign.usim.KBSignSecureChannelExternal.2
            @Override // com.kbstar.caq.kbsign.usim.comm.IUsimCompleteListener
            public void onComplete(IUsimCompleteListener.ResultCode resultCode, Map<String, String> map, String str) {
                try {
                    KBSignSecureChannelExternal.checkResponse(resultCode, str, KBSignErrorCode.PUTKEY_DATA_RESPONSE_ERROR);
                    String str2 = map.get("putKeyData");
                    if (str2 == null) {
                        throw new UsimException(KBSignErrorCode.EXT_AUTH_FAIL, "invalid requestPutKeyData response");
                    }
                    getPutKeyCompleteListener.onSuccess(KBSignUtil.hexDecode(str2));
                } catch (UsimException e) {
                    e.printStackTrace();
                    getPutKeyCompleteListener.onFail(e.getMessage(), e);
                }
            }
        });
    }
}
