package im.status.keycard.applet;

import im.status.keycard.io.APDUCommand;
import im.status.keycard.io.APDUException;
import im.status.keycard.io.APDUResponse;
import im.status.keycard.io.CardChannel;
import java.io.IOException;
import java.security.KeyPair;
import java.util.Arrays;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.bouncycastle.jce.interfaces.ECPrivateKey;
import org.bouncycastle.jce.interfaces.ECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes.dex */
public class KeycardCommandSet {
    public static final byte CHANGE_PIN_P1_PAIRING_SECRET = 2;
    public static final byte CHANGE_PIN_P1_PUK = 1;
    public static final byte CHANGE_PIN_P1_USER_PIN = 0;
    public static final byte DERIVE_P1_SOURCE_CURRENT = Byte.MIN_VALUE;
    public static final byte DERIVE_P1_SOURCE_MASTER = 0;
    public static final byte DERIVE_P1_SOURCE_PARENT = 64;
    static final byte DUPLICATE_KEY_P1_ADD_ENTROPY = 1;
    static final byte DUPLICATE_KEY_P1_EXPORT = 2;
    static final byte DUPLICATE_KEY_P1_IMPORT = 3;
    static final byte DUPLICATE_KEY_P1_START = 0;
    static final byte EXPORT_KEY_P1_CURRENT = 0;
    static final byte EXPORT_KEY_P1_DERIVE = 1;
    static final byte EXPORT_KEY_P1_DERIVE_AND_MAKE_CURRENT = 2;
    static final byte EXPORT_KEY_P2_PRIVATE_AND_PUBLIC = 0;
    static final byte EXPORT_KEY_P2_PUBLIC_ONLY = 1;
    public static final int GENERATE_MNEMONIC_12_WORDS = 4;
    public static final int GENERATE_MNEMONIC_15_WORDS = 5;
    public static final int GENERATE_MNEMONIC_18_WORDS = 6;
    public static final int GENERATE_MNEMONIC_21_WORDS = 7;
    public static final int GENERATE_MNEMONIC_24_WORDS = 8;
    public static final byte GET_STATUS_P1_APPLICATION = 0;
    public static final byte GET_STATUS_P1_KEY_PATH = 1;
    static final byte INS_CHANGE_PIN = 33;
    static final byte INS_DERIVE_KEY = -47;
    static final byte INS_EXPORT_KEY = -62;
    static final byte INS_GENERATE_KEY = -44;
    static final byte INS_GENERATE_MNEMONIC = -46;
    static final byte INS_GET_DATA = -54;
    static final byte INS_GET_STATUS = -14;
    static final byte INS_INIT = -2;
    static final byte INS_LOAD_KEY = -48;
    static final byte INS_REMOVE_KEY = -45;
    static final byte INS_SET_NDEF = -13;
    static final byte INS_SET_PINLESS_PATH = -63;
    static final byte INS_SIGN = -64;
    static final byte INS_STORE_DATA = -30;
    static final byte INS_UNBLOCK_PIN = 34;
    static final byte INS_VERIFY_PIN = 32;
    public static final byte LOAD_KEY_P1_EC = 1;
    public static final byte LOAD_KEY_P1_EXT_EC = 2;
    public static final byte LOAD_KEY_P1_SEED = 3;
    static final byte SIGN_P1_CURRENT_KEY = 0;
    static final byte SIGN_P1_DERIVE = 1;
    static final byte SIGN_P1_DERIVE_AND_MAKE_CURRENT = 2;
    static final byte SIGN_P1_PINLESS = 3;
    public static final byte STORE_DATA_P1_CASH = 2;
    public static final byte STORE_DATA_P1_NDEF = 1;
    public static final byte STORE_DATA_P1_PUBLIC = 0;
    static final byte TLV_APPLICATION_INFO_TEMPLATE = -92;
    private final CardChannel apduChannel;
    private ApplicationInfo info;
    private SecureChannelSession secureChannel = new SecureChannelSession();

    public KeycardCommandSet(CardChannel cardChannel) {
        this.apduChannel = cardChannel;
    }

    public void autoOpenSecureChannel() throws IOException, APDUException {
        this.secureChannel.autoOpenSecureChannel(this.apduChannel);
    }

    public void autoPair(String str) throws IOException, APDUException {
        this.secureChannel.autoPair(this.apduChannel, pairingPasswordToSecret(str));
    }

    public void autoPair(byte[] bArr) throws IOException, APDUException {
        this.secureChannel.autoPair(this.apduChannel, bArr);
    }

    public void autoUnpair() throws IOException, APDUException {
        this.secureChannel.autoUnpair(this.apduChannel);
    }

    public APDUResponse changePIN(int i, String str) throws IOException {
        return changePIN(i, str.getBytes());
    }

    public APDUResponse changePIN(int i, byte[] bArr) throws IOException {
        return this.secureChannel.transmit(this.apduChannel, this.secureChannel.protectedCommand(128, 33, i, 0, bArr));
    }

    public APDUResponse changePIN(String str) throws IOException {
        return changePIN(0, str.getBytes());
    }

    public APDUResponse changePUK(String str) throws IOException {
        return changePIN(1, str.getBytes());
    }

    public APDUResponse changePairingPassword(String str) throws IOException {
        return changePIN(2, pairingPasswordToSecret(str));
    }

    public APDUResponse deriveKey(String str) throws IOException {
        KeyPath keyPath = new KeyPath(str);
        return deriveKey(keyPath.getData(), keyPath.getSource());
    }

    public APDUResponse deriveKey(byte[] bArr) throws IOException {
        return deriveKey(bArr, 0);
    }

    public APDUResponse deriveKey(byte[] bArr, int i) throws IOException {
        return this.secureChannel.transmit(this.apduChannel, this.secureChannel.protectedCommand(128, -47, i, 0, bArr));
    }

    public APDUResponse exportCurrentKey(boolean z) throws IOException {
        return exportKey(0, z, new byte[0]);
    }

    public APDUResponse exportKey(int i, boolean z, byte[] bArr) throws IOException {
        return this.secureChannel.transmit(this.apduChannel, this.secureChannel.protectedCommand(128, -62, i, z ? 1 : 0, bArr));
    }

    public APDUResponse exportKey(String str, boolean z, boolean z2) throws IOException {
        KeyPath keyPath = new KeyPath(str);
        return exportKey(keyPath.getData(), keyPath.getSource(), z, z2);
    }

    public APDUResponse exportKey(byte[] bArr, int i, boolean z, boolean z2) throws IOException {
        return exportKey(i | (z ? 2 : 1), z2, bArr);
    }

    public APDUResponse generateKey() throws IOException {
        return this.secureChannel.transmit(this.apduChannel, this.secureChannel.protectedCommand(128, -44, 0, 0, new byte[0]));
    }

    public APDUResponse generateMnemonic(int i) throws IOException {
        return this.secureChannel.transmit(this.apduChannel, this.secureChannel.protectedCommand(128, -46, i, 0, new byte[0]));
    }

    public ApplicationInfo getApplicationInfo() {
        return this.info;
    }

    public APDUResponse getData(byte b) throws IOException {
        return this.secureChannel.transmit(this.apduChannel, this.secureChannel.protectedCommand(128, -54, b, 0, new byte[0]));
    }

    public Pairing getPairing() {
        return this.secureChannel.getPairing();
    }

    public APDUResponse getStatus(byte b) throws IOException {
        return this.secureChannel.transmit(this.apduChannel, this.secureChannel.protectedCommand(128, -14, b, 0, new byte[0]));
    }

    public APDUResponse init(String str, String str2, String str3) throws IOException {
        return init(str, str2, pairingPasswordToSecret(str3));
    }

    public APDUResponse init(String str, String str2, byte[] bArr) throws IOException {
        byte[] copyOf = Arrays.copyOf(str.getBytes(), str.length() + str2.length() + bArr.length);
        System.arraycopy(str2.getBytes(), 0, copyOf, str.length(), str2.length());
        System.arraycopy(bArr, 0, copyOf, str.length() + str2.length(), bArr.length);
        return this.apduChannel.send(new APDUCommand(128, -2, 0, 0, this.secureChannel.oneShotEncrypt(copyOf)));
    }

    public APDUResponse loadKey(BIP32KeyPair bIP32KeyPair) throws IOException {
        return loadKey(bIP32KeyPair, false);
    }

    public APDUResponse loadKey(BIP32KeyPair bIP32KeyPair, boolean z) throws IOException {
        return loadKey(bIP32KeyPair.toTLV(!z), bIP32KeyPair.isExtended() ? (byte) 2 : (byte) 1);
    }

    public APDUResponse loadKey(KeyPair keyPair) throws IOException {
        return loadKey(keyPair, false, (byte[]) null);
    }

    public APDUResponse loadKey(KeyPair keyPair, boolean z, byte[] bArr) throws IOException {
        return loadKey(new BIP32KeyPair(((ECPrivateKey) keyPair.getPrivate()).getD().toByteArray(), bArr, ((ECPublicKey) keyPair.getPublic()).getQ().getEncoded(false)), z);
    }

    public APDUResponse loadKey(byte[] bArr) throws IOException {
        return loadKey(bArr, (byte) 3);
    }

    public APDUResponse loadKey(byte[] bArr, byte b) throws IOException {
        return this.secureChannel.transmit(this.apduChannel, this.secureChannel.protectedCommand(128, -48, b, 0, bArr));
    }

    public APDUResponse loadKey(byte[] bArr, byte[] bArr2, byte[] bArr3) throws IOException {
        return loadKey(new BIP32KeyPair(bArr2, bArr3, bArr), bArr == null);
    }

    public APDUResponse mutuallyAuthenticate() throws IOException {
        return this.secureChannel.mutuallyAuthenticate(this.apduChannel);
    }

    public APDUResponse mutuallyAuthenticate(byte[] bArr) throws IOException {
        return this.secureChannel.mutuallyAuthenticate(this.apduChannel, bArr);
    }

    public APDUResponse openSecureChannel(byte b, byte[] bArr) throws IOException {
        return this.secureChannel.openSecureChannel(this.apduChannel, b, bArr);
    }

    public APDUResponse pair(byte b, byte[] bArr) throws IOException {
        return this.secureChannel.pair(this.apduChannel, b, bArr);
    }

    public byte[] pairingPasswordToSecret(String str) {
        try {
            return SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256", BouncyCastleProvider.PROVIDER_NAME).generateSecret(new PBEKeySpec(str.toCharArray(), "Keycard Pairing Password Salt".getBytes(), this.apduChannel.pairingPasswordPBKDF2IterationCount(), 256)).getEncoded();
        } catch (Exception unused) {
            throw new RuntimeException("Is Bouncycastle correctly initialized?");
        }
    }

    public APDUResponse removeKey() throws IOException {
        return this.secureChannel.transmit(this.apduChannel, this.secureChannel.protectedCommand(128, -45, 0, 0, new byte[0]));
    }

    public APDUResponse resetPinlessPath() throws IOException {
        return setPinlessPath(new byte[0]);
    }

    public APDUResponse select() throws IOException {
        return select(1);
    }

    public APDUResponse select(int i) throws IOException {
        APDUResponse send = this.apduChannel.send(new APDUCommand(0, 164, 4, 0, Identifiers.getKeycardInstanceAID(i)));
        if (send.getSw() == 36864) {
            ApplicationInfo applicationInfo = new ApplicationInfo(send.getData());
            this.info = applicationInfo;
            if (applicationInfo.hasSecureChannelCapability()) {
                this.secureChannel.generateSecret(this.info.getSecureChannelPubKey());
                this.secureChannel.reset();
            }
        }
        return send;
    }

    public APDUResponse setNDEF(byte[] bArr) throws IOException {
        if ((this.info.getAppVersion() >> 8) <= 2) {
            return this.secureChannel.transmit(this.apduChannel, this.secureChannel.protectedCommand(128, -13, 0, 0, bArr));
        }
        if (bArr.length - 2 != ((bArr[0] << 8) | bArr[1])) {
            byte[] bArr2 = new byte[bArr.length + 2];
            bArr2[0] = (byte) (bArr.length >> 8);
            bArr2[1] = (byte) (bArr.length & 255);
            System.arraycopy(bArr, 0, bArr2, 2, bArr.length);
            bArr = bArr2;
        }
        return storeData(bArr, (byte) 1);
    }

    public void setPairing(Pairing pairing) {
        this.secureChannel.setPairing(pairing);
    }

    public APDUResponse setPinlessPath(String str) throws IOException {
        KeyPath keyPath = new KeyPath(str);
        if (keyPath.getSource() == 0) {
            return setPinlessPath(keyPath.getData());
        }
        throw new IllegalArgumentException("Only absolute paths can be set as PINLESS path");
    }

    public APDUResponse setPinlessPath(byte[] bArr) throws IOException {
        return this.secureChannel.transmit(this.apduChannel, this.secureChannel.protectedCommand(128, -63, 0, 0, bArr));
    }

    protected void setSecureChannel(SecureChannelSession secureChannelSession) {
        this.secureChannel = secureChannelSession;
    }

    public APDUResponse sign(byte[] bArr) throws IOException {
        return sign(bArr, 0);
    }

    public APDUResponse sign(byte[] bArr, int i) throws IOException {
        return this.secureChannel.transmit(this.apduChannel, this.secureChannel.protectedCommand(128, -64, i, 0, bArr));
    }

    public APDUResponse signPinless(byte[] bArr) throws IOException {
        return sign(bArr, 3);
    }

    public APDUResponse signWithPath(byte[] bArr, String str, boolean z) throws IOException {
        KeyPath keyPath = new KeyPath(str);
        byte[] data = keyPath.getData();
        byte[] copyOf = Arrays.copyOf(bArr, bArr.length + data.length);
        System.arraycopy(data, 0, copyOf, bArr.length, data.length);
        return sign(copyOf, keyPath.getSource() | (z ? 2 : 1));
    }

    public APDUResponse storeData(byte[] bArr, byte b) throws IOException {
        return this.secureChannel.transmit(this.apduChannel, this.secureChannel.protectedCommand(128, -30, b, 0, bArr));
    }

    public APDUResponse unblockPIN(String str, String str2) throws IOException {
        return this.secureChannel.transmit(this.apduChannel, this.secureChannel.protectedCommand(128, 34, 0, 0, (str + str2).getBytes()));
    }

    public APDUResponse unpair(byte b) throws IOException {
        return this.secureChannel.unpair(this.apduChannel, b);
    }

    public void unpairOthers() throws IOException, APDUException {
        this.secureChannel.unpairOthers(this.apduChannel);
    }

    public APDUResponse verifyPIN(String str) throws IOException {
        return this.secureChannel.transmit(this.apduChannel, this.secureChannel.protectedCommand(128, 32, 0, 0, str.getBytes()));
    }
}
