package de.persosim.simulator.protocols.pace;

import de.persosim.simulator.apdu.ResponseApdu;
import de.persosim.simulator.cardobjects.AuthObjectIdentifier;
import de.persosim.simulator.cardobjects.CardObject;
import de.persosim.simulator.cardobjects.CardObjectIdentifier;
import de.persosim.simulator.cardobjects.CardObjectUtils;
import de.persosim.simulator.cardobjects.DomainParameterSetCardObject;
import de.persosim.simulator.cardobjects.DomainParameterSetIdentifier;
import de.persosim.simulator.cardobjects.Iso7816LifeCycleState;
import de.persosim.simulator.cardobjects.MasterFile;
import de.persosim.simulator.cardobjects.OidIdentifier;
import de.persosim.simulator.cardobjects.PasswordAuthObject;
import de.persosim.simulator.cardobjects.PasswordAuthObjectWithRetryCounter;
import de.persosim.simulator.cardobjects.TrustPointCardObject;
import de.persosim.simulator.cardobjects.TrustPointIdentifier;
import de.persosim.simulator.crypto.CryptoSupport;
import de.persosim.simulator.crypto.DomainParameterSet;
import de.persosim.simulator.crypto.KeyDerivationFunction;
import de.persosim.simulator.crypto.certificates.PublicKeyReference;
import de.persosim.simulator.exception.AccessDeniedException;
import de.persosim.simulator.exception.CertificateNotParseableException;
import de.persosim.simulator.exception.CryptoException;
import de.persosim.simulator.exception.ProcessingException;
import de.persosim.simulator.platform.CardStateAccessor;
import de.persosim.simulator.platform.Iso7816;
import de.persosim.simulator.protocols.AbstractProtocolStateMachine;
import de.persosim.simulator.protocols.Oid;
import de.persosim.simulator.protocols.ResponseData;
import de.persosim.simulator.protocols.SecInfoPublicity;
import de.persosim.simulator.protocols.ca.ChipAuthenticationMechanism;
import de.persosim.simulator.protocols.ta.Authorization;
import de.persosim.simulator.protocols.ta.CertificateHolderAuthorizationTemplate;
import de.persosim.simulator.protocols.ta.TerminalType;
import de.persosim.simulator.secstatus.AuthorizationStore;
import de.persosim.simulator.secstatus.PaceMechanism;
import de.persosim.simulator.secstatus.PaceUsedPasswordMechanism;
import de.persosim.simulator.secstatus.SecMechanism;
import de.persosim.simulator.secstatus.SecStatus;
import de.persosim.simulator.secstatus.SecStatusMechanismUpdatePropagation;
import de.persosim.simulator.securemessaging.SmDataProviderTr03110;
import de.persosim.simulator.tlv.ConstructedTlvDataObject;
import de.persosim.simulator.tlv.PrimitiveTlvDataObject;
import de.persosim.simulator.tlv.TlvConstants;
import de.persosim.simulator.tlv.TlvDataObject;
import de.persosim.simulator.tlv.TlvDataObjectContainer;
import de.persosim.simulator.tlv.TlvPath;
import de.persosim.simulator.tlv.TlvTag;
import de.persosim.simulator.tlv.TlvValue;
import de.persosim.simulator.utils.HexString;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import javax.crypto.spec.SecretKeySpec;
import org.globaltester.logging.BasicLogger;
import org.globaltester.logging.tags.LogLevel;

/* loaded from: classes21.dex */
public abstract class AbstractPaceProtocol extends AbstractProtocolStateMachine implements Pace, TlvConstants {
    private static /* synthetic */ int[] $SWITCH_TABLE$de$persosim$simulator$protocols$ta$TerminalType = null;
    public static final byte APDU_GET_NONCE = 1;
    public static final byte APDU_MAP_NONCE = 2;
    public static final byte APDU_MUTUAL_AUTHENTICATE = 4;
    public static final byte APDU_PERFORM_KEY_AGREEMENT = 3;
    public static final byte APDU_SET_AT = 0;
    public static final byte COMMAND_GET_NONCE = 64;
    public static final byte COMMAND_MAP_NONCE = 65;
    public static final byte COMMAND_PERFORM_KEY_AGREEMENT = 66;
    public static final short P1P2_0000_NO_FURTHER_INFORMATION = 0;
    public static final short P1P2_00BE_VERIFY_CERTIFICATE = 190;
    public static final short P1P2_81B6_SET_DST = -32330;
    public static final short P1P2_C1A4_SET_AT = -15964;
    protected AuthorizationStore authorizationStore;
    protected CryptoSupport cryptoSupport;
    protected KeyPair ephemeralKeyPairPicc;
    protected PublicKey ephemeralPublicKeyPcd;
    protected MappingResult mappingResult;
    protected int paceDomainParameterId;
    protected DomainParameterSet paceDomainParametersMapped;
    protected DomainParameterSet paceDomainParametersUnmapped;
    protected PaceOid paceOid;
    protected PasswordAuthObject pacePassword;
    protected byte[] piccsPlainNonceS;
    protected SecretKeySpec secretKeySpecENC;
    protected SecretKeySpec secretKeySpecMAC;
    protected SecretKeySpec secretKeySpecNonce;
    protected SecureRandom secureRandom;
    Oid terminalTypeOid;
    TrustPointCardObject trustPoint;
    CertificateHolderAuthorizationTemplate usedChat;

    static /* synthetic */ int[] $SWITCH_TABLE$de$persosim$simulator$protocols$ta$TerminalType() {
        int[] iArr = $SWITCH_TABLE$de$persosim$simulator$protocols$ta$TerminalType;
        if (iArr == null) {
            iArr = new int[TerminalType.valuesCustom().length];
            try {
                iArr[TerminalType.AT.ordinal()] = 2;
            } catch (NoSuchFieldError e) {
            }
            try {
                iArr[TerminalType.IS.ordinal()] = 1;
            } catch (NoSuchFieldError e2) {
            }
            try {
                iArr[TerminalType.ST.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SWITCH_TABLE$de$persosim$simulator$protocols$ta$TerminalType = iArr;
        }
        return iArr;
    }

    public AbstractPaceProtocol() {
        super("PACE");
        this.secureRandom = new SecureRandom();
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Removed duplicated region for block: B:3:0x0015 A[ORIG_RETURN, RETURN] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static boolean checkPasswordAndAccessRights(de.persosim.simulator.protocols.ta.CertificateHolderAuthorizationTemplate r6, de.persosim.simulator.cardobjects.PasswordAuthObject r7) {
        /*
            r5 = 4
            r4 = 3
            r3 = 2
            r0 = 1
            int[] r1 = $SWITCH_TABLE$de$persosim$simulator$protocols$ta$TerminalType()
            de.persosim.simulator.protocols.ta.TerminalType r2 = r6.getTerminalType()
            int r2 = r2.ordinal()
            r1 = r1[r2]
            switch(r1) {
                case 1: goto L32;
                case 2: goto L17;
                case 3: goto L3f;
                default: goto L15;
            }
        L15:
            r0 = 0
        L16:
            return r0
        L17:
            int r1 = r7.getPasswordIdentifier()
            if (r1 == r4) goto L16
            int r1 = r7.getPasswordIdentifier()
            if (r1 != r3) goto L15
            de.persosim.simulator.protocols.ta.RelativeAuthorization r1 = r6.getRelativeAuthorization()
            de.persosim.simulator.utils.BitField r1 = r1.getAuthorization()
            boolean r1 = r1.getBit(r5)
            if (r1 == 0) goto L15
            goto L16
        L32:
            int r1 = r7.getPasswordIdentifier()
            if (r1 == r3) goto L16
            int r1 = r7.getPasswordIdentifier()
            if (r1 != r0) goto L15
            goto L16
        L3f:
            int r1 = r7.getPasswordIdentifier()
            if (r1 == r3) goto L16
            int r1 = r7.getPasswordIdentifier()
            if (r1 == r5) goto L16
            int r1 = r7.getPasswordIdentifier()
            if (r1 != r4) goto L15
            goto L16
        */
        throw new UnsupportedOperationException("Method not decompiled: de.persosim.simulator.protocols.pace.AbstractPaceProtocol.checkPasswordAndAccessRights(de.persosim.simulator.protocols.ta.CertificateHolderAuthorizationTemplate, de.persosim.simulator.cardobjects.PasswordAuthObject):boolean");
    }

    public static ResponseData getMutualAuthenticatePinManagementResponsePaceFailed(PasswordAuthObjectWithRetryCounter passwordAuthObjectWithRetryCounter) {
        BasicLogger.log((Class<?>) AbstractPaceProtocol.class, "PACE with PIN has failed - PIN retry counter will be decremented, current value is: " + passwordAuthObjectWithRetryCounter.getRetryCounterCurrentValue(), LogLevel.DEBUG);
        passwordAuthObjectWithRetryCounter.decrementRetryCounter();
        int retryCounterCurrentValue = passwordAuthObjectWithRetryCounter.getRetryCounterCurrentValue();
        BasicLogger.log((Class<?>) AbstractPaceProtocol.class, "PACE with PIN has failed - PIN retry counter has been decremented, current value is: " + retryCounterCurrentValue, LogLevel.DEBUG);
        return new ResponseData((short) (((short) (retryCounterCurrentValue & 15)) | Iso7816.SW_63C0_COUNTER_IS_0), "PACE with PIN has failed - PIN retry counter has been decremented, current value is: " + retryCounterCurrentValue);
    }

    public static ResponseData getMutualAuthenticatePinManagementResponsePaceSuccessful(PasswordAuthObject passwordAuthObject, CardStateAccessor cardStateAccessor) {
        short s;
        String str;
        if (passwordAuthObject.getLifeCycleState() == Iso7816LifeCycleState.OPERATIONAL_ACTIVATED) {
            PasswordAuthObjectWithRetryCounter passwordAuthObjectWithRetryCounter = (PasswordAuthObjectWithRetryCounter) passwordAuthObject;
            int retryCounterCurrentValue = passwordAuthObjectWithRetryCounter.getRetryCounterCurrentValue();
            if (retryCounterCurrentValue == passwordAuthObjectWithRetryCounter.getRetryCounterDefaultValue()) {
                s = Iso7816.SW_9000_NO_ERROR;
                str = "MutualAuthenticate processed successfully";
            } else if (retryCounterCurrentValue == 1) {
                if (isPinTemporarilyResumed(cardStateAccessor)) {
                    try {
                        passwordAuthObjectWithRetryCounter.resetRetryCounterToDefault();
                        s = Iso7816.SW_9000_NO_ERROR;
                        str = "MutualAuthenticate processed successfully with password PIN after CAN - PIN retry counter has been reset from: " + retryCounterCurrentValue + " to: " + passwordAuthObjectWithRetryCounter.getRetryCounterCurrentValue();
                    } catch (AccessDeniedException e) {
                        throw new IllegalStateException(e);
                    }
                } else {
                    s = Iso7816.SW_6985_CONDITIONS_OF_USE_NOT_SATISFIED;
                    str = "MutualAuthenticate processed successfully but PIN is suspended";
                }
            } else if (retryCounterCurrentValue == 0) {
                s = Iso7816.SW_6983_FILE_INVALID;
                str = "MutualAuthenticate processed successfully but PIN is blocked";
            } else {
                try {
                    passwordAuthObjectWithRetryCounter.resetRetryCounterToDefault();
                    s = Iso7816.SW_9000_NO_ERROR;
                    str = "MutualAuthenticate processed successfully with password PIN - PIN retry counter has been reset from: " + retryCounterCurrentValue + " to: " + passwordAuthObjectWithRetryCounter.getRetryCounterCurrentValue();
                } catch (AccessDeniedException e2) {
                    throw new IllegalStateException(e2);
                }
            }
        } else {
            s = Iso7816.SW_6984_REFERENCE_DATA_NOT_USABLE;
            str = "MutualAuthenticate processed successfully but PIN is deactivated";
        }
        return new ResponseData(s, str);
    }

    public static String getPasswordName(int i) {
        switch (i) {
            case 1:
                return Pace.PWD_MRZ_STRING;
            case 2:
                return Pace.PWD_CAN_STRING;
            case 3:
                return "PIN";
            case 4:
                return Pace.PWD_PUK_STRING;
            default:
                return "unknown password identifier " + i;
        }
    }

    public static ResponseData isPasswordUsable(PasswordAuthObject passwordAuthObject, CardStateAccessor cardStateAccessor) {
        if (passwordAuthObject instanceof PasswordAuthObjectWithRetryCounter) {
            PasswordAuthObjectWithRetryCounter passwordAuthObjectWithRetryCounter = (PasswordAuthObjectWithRetryCounter) passwordAuthObject;
            int retryCounterCurrentValue = passwordAuthObjectWithRetryCounter.getRetryCounterCurrentValue();
            short retryCounterDefaultValue = (short) passwordAuthObjectWithRetryCounter.getRetryCounterDefaultValue();
            if (!passwordAuthObject.getLifeCycleState().equals(Iso7816LifeCycleState.OPERATIONAL_ACTIVATED)) {
                return new ResponseData(Iso7816.SW_6283_SELECTED_FILE_DEACTIVATED, "PIN is deactivated");
            }
            if (retryCounterCurrentValue != retryCounterDefaultValue) {
                if (retryCounterCurrentValue == 1) {
                    return new ResponseData(Iso7816.SW_63C1_COUNTER_IS_1, isPinTemporarilyResumed(cardStateAccessor) ? "PIN is temporarily resumed due to preceding CAN" : "PIN is suspended, use CAN first for temporary resume or unblock PIN");
                }
                return new ResponseData((short) (((short) (retryCounterCurrentValue & 15)) | Iso7816.SW_63C0_COUNTER_IS_0), "PACE with PIN has previously failed - current retry counter for PIN is " + retryCounterCurrentValue);
            }
        }
        return null;
    }

    public static boolean isPinTemporarilyResumed(CardStateAccessor cardStateAccessor) {
        HashSet hashSet = new HashSet();
        hashSet.add(PaceMechanism.class);
        Collection<SecMechanism> currentMechanisms = cardStateAccessor.getCurrentMechanisms(SecStatus.SecContext.APPLICATION, hashSet);
        if (currentMechanisms.isEmpty()) {
            return false;
        }
        PasswordAuthObject usedPassword = ((PaceMechanism) currentMechanisms.toArray()[0]).getUsedPassword();
        int passwordIdentifier = usedPassword.getPasswordIdentifier();
        BasicLogger.log((Class<?>) AbstractPaceProtocol.class, "last successfull PACE run used " + getPasswordName(passwordIdentifier) + " as password with value " + HexString.encode(usedPassword.getPassword()), LogLevel.DEBUG);
        return passwordIdentifier == 2;
    }

    protected void addCars(ConstructedTlvDataObject constructedTlvDataObject) {
        if (this.trustPoint == null || this.trustPoint.getCurrentCertificate() == null || !(this.trustPoint.getCurrentCertificate().getCertificateHolderReference() instanceof PublicKeyReference)) {
            return;
        }
        constructedTlvDataObject.addTlvDataObject(new PrimitiveTlvDataObject(TAG_87, this.trustPoint.getCurrentCertificate().getCertificateHolderReference().getBytes()));
        if (this.trustPoint.getPreviousCertificate() == null || !(this.trustPoint.getPreviousCertificate().getCertificateHolderReference() instanceof PublicKeyReference)) {
            return;
        }
        constructedTlvDataObject.addTlvDataObject(new PrimitiveTlvDataObject(TAG_88, this.trustPoint.getPreviousCertificate().getCertificateHolderReference().getBytes()));
    }

    protected ConstructedTlvDataObject buildMutualAuthenticateResponse(byte[] bArr) {
        PrimitiveTlvDataObject primitiveTlvDataObject = new PrimitiveTlvDataObject(TAG_86, bArr);
        ConstructedTlvDataObject constructedTlvDataObject = new ConstructedTlvDataObject(TAG_7C);
        constructedTlvDataObject.addTlvDataObject(primitiveTlvDataObject);
        addCars(constructedTlvDataObject);
        return constructedTlvDataObject;
    }

    public TlvValue buildResponseDataForKeyAgreement(DomainParameterSet domainParameterSet, byte[] bArr) {
        PrimitiveTlvDataObject primitiveTlvDataObject = new PrimitiveTlvDataObject(TAG_84, bArr);
        ConstructedTlvDataObject constructedTlvDataObject = new ConstructedTlvDataObject(TAG_7C);
        constructedTlvDataObject.addTlvDataObject(primitiveTlvDataObject);
        return new TlvDataObjectContainer(constructedTlvDataObject);
    }

    protected TlvValue buildResponseDataForMapNonce(byte[] bArr) {
        PrimitiveTlvDataObject primitiveTlvDataObject = new PrimitiveTlvDataObject(TAG_82, bArr);
        ConstructedTlvDataObject constructedTlvDataObject = new ConstructedTlvDataObject(TAG_7C);
        constructedTlvDataObject.addTlvDataObject(primitiveTlvDataObject);
        return new TlvDataObjectContainer(constructedTlvDataObject);
    }

    public void createDomainParameterInfo(HashSet<TlvDataObject> hashSet, OidIdentifier oidIdentifier, Collection<CardObject> collection) {
    }

    protected TlvDataObject domainParameterCardObjectToPaceInfo(CardObject cardObject) {
        Collection<CardObjectIdentifier> allIdentifiers = cardObject.getAllIdentifiers();
        int i = -1;
        Iterator<CardObjectIdentifier> it = allIdentifiers.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            CardObjectIdentifier next = it.next();
            if (next instanceof DomainParameterSetIdentifier) {
                i = ((DomainParameterSetIdentifier) next).getDomainParameterId();
                break;
            }
        }
        if (i == -1) {
            return null;
        }
        for (CardObjectIdentifier cardObjectIdentifier : allIdentifiers) {
            if (cardObjectIdentifier instanceof OidIdentifier) {
                Oid oid = ((OidIdentifier) cardObjectIdentifier).getOid();
                if (oid.startsWithPrefix(id_PACE)) {
                    ConstructedTlvDataObject constructedTlvDataObject = new ConstructedTlvDataObject(TAG_SEQUENCE);
                    constructedTlvDataObject.addTlvDataObject(new PrimitiveTlvDataObject(TAG_OID, getOidBytesForPaceInfo(oid)));
                    constructedTlvDataObject.addTlvDataObject(new PrimitiveTlvDataObject(TAG_INTEGER, new byte[]{2}));
                    constructedTlvDataObject.addTlvDataObject(new PrimitiveTlvDataObject(TAG_INTEGER, new byte[]{(byte) i}));
                    return constructedTlvDataObject;
                }
            }
        }
        return null;
    }

    public HashMap<Oid, Authorization> getAuthorizationsFromCommandData(TlvDataObjectContainer tlvDataObjectContainer) {
        HashMap<Oid, Authorization> hashMap = new HashMap<>();
        TlvDataObject tlvDataObject = tlvDataObjectContainer.getTlvDataObject(TAG_7F4C);
        if (tlvDataObject != null) {
            try {
                CertificateHolderAuthorizationTemplate certificateHolderAuthorizationTemplate = new CertificateHolderAuthorizationTemplate((ConstructedTlvDataObject) tlvDataObject);
                try {
                    hashMap.put(certificateHolderAuthorizationTemplate.getTerminalType().getAsOid(), certificateHolderAuthorizationTemplate.getRelativeAuthorization());
                } catch (CertificateNotParseableException e) {
                    e = e;
                    this.processingData.updateResponseAPDU(this, e.getMessage(), new ResponseApdu(Iso7816.SW_6A88_REFERENCE_DATA_NOT_FOUND));
                    return hashMap;
                }
            } catch (CertificateNotParseableException e2) {
                e = e2;
            }
        }
        return hashMap;
    }

    protected PaceOid getOid(byte[] bArr) {
        return new PaceOid(bArr);
    }

    protected byte[] getOidBytesForPaceInfo(Oid oid) {
        return oid.toByteArray();
    }

    public String getPasswordName() {
        return getPasswordName(this.pacePassword.getPasswordIdentifier());
    }

    @Override // de.persosim.simulator.protocols.AbstractProtocolStateMachine, de.persosim.simulator.protocols.Protocol
    public Collection<TlvDataObject> getSecInfos(SecInfoPublicity secInfoPublicity, MasterFile masterFile) {
        OidIdentifier oidIdentifier = new OidIdentifier(id_PACE);
        Collection<CardObject> findChildren = masterFile.findChildren(new DomainParameterSetIdentifier(), oidIdentifier);
        HashSet<TlvDataObject> hashSet = new HashSet<>();
        Iterator<CardObject> it = findChildren.iterator();
        while (it.hasNext()) {
            TlvDataObject domainParameterCardObjectToPaceInfo = domainParameterCardObjectToPaceInfo(it.next());
            if (domainParameterCardObjectToPaceInfo != null) {
                hashSet.add(domainParameterCardObjectToPaceInfo);
            }
        }
        createDomainParameterInfo(hashSet, oidIdentifier, findChildren);
        return hashSet;
    }

    @Override // de.persosim.simulator.statemachine.StateMachine
    public void initialize() {
    }

    public void processChainingInterrupted() {
        this.processingData.updateResponseAPDU(this, "chaining interrupted", new ResponseApdu(Iso7816.SW_6883_LAST_COMMAND_EXPECTED));
    }

    public void processCommandGetNonce() {
        int symmetricCipherKeyLengthInBytes = this.paceOid.getSymmetricCipherKeyLengthInBytes();
        int blockSize = this.cryptoSupport.getBlockSize();
        int ceil = ((int) Math.ceil(symmetricCipherKeyLengthInBytes / blockSize)) * blockSize;
        BasicLogger.log(this, "key length k in Bytes is " + symmetricCipherKeyLengthInBytes + ", block size in Bytes is " + blockSize + " --> nonce s must be of smallest length l in Bytes, l being a multiple of the block size, such that l<=k", LogLevel.TRACE);
        this.piccsPlainNonceS = new byte[ceil];
        this.secureRandom.nextBytes(this.piccsPlainNonceS);
        BasicLogger.log(this, "new (plain) nonce s of byte length " + this.piccsPlainNonceS.length + " is " + HexString.encode(this.piccsPlainNonceS), LogLevel.TRACE);
        byte[] encryptWithIvZero = this.cryptoSupport.encryptWithIvZero(this.piccsPlainNonceS, this.secretKeySpecNonce);
        BasicLogger.log(this, "(encryted) nonce z = E_KPi(s) is " + HexString.encode(encryptWithIvZero), LogLevel.TRACE);
        PrimitiveTlvDataObject primitiveTlvDataObject = new PrimitiveTlvDataObject(TAG_80, encryptWithIvZero);
        BasicLogger.log(this, "primitive tag 80 is: " + primitiveTlvDataObject, LogLevel.TRACE);
        ConstructedTlvDataObject constructedTlvDataObject = new ConstructedTlvDataObject(TAG_7C);
        constructedTlvDataObject.addTlvDataObject(primitiveTlvDataObject);
        this.processingData.updateResponseAPDU(this, "Command GetNonce successfully processed", new ResponseApdu(new TlvDataObjectContainer(constructedTlvDataObject), Iso7816.SW_9000_NO_ERROR));
    }

    public void processCommandMapNonce() {
        Mapping mapping = this.paceOid.getMapping();
        String keyAgreementAlgorithm = this.paceDomainParametersUnmapped.getKeyAgreementAlgorithm();
        byte[] valueField = this.processingData.getCommandApdu().getCommandDataObjectContainer().getTlvDataObject(new TlvPath(TAG_7C, TAG_81)).getValueField();
        BasicLogger.log(this, "mapping data received from PCD is expected to contain " + mapping.getMeaningOfMappingData(), LogLevel.DEBUG);
        BasicLogger.log(this, "unchecked mapping data content of " + valueField.length + " bytes length is: " + HexString.encode(valueField), LogLevel.DEBUG);
        BasicLogger.log(this, "nonce s generated by PICC during processing of GetNonce command is " + HexString.encode(this.piccsPlainNonceS), LogLevel.TRACE);
        try {
            BasicLogger.log(this, "about to perform " + mapping.getMappingName(), LogLevel.DEBUG);
            this.mappingResult = mapping.performMapping(this.paceDomainParametersUnmapped, this.piccsPlainNonceS, valueField);
            this.ephemeralKeyPairPicc = this.mappingResult.getKeyPairPiccMapped();
            this.paceDomainParametersMapped = this.mappingResult.getMappedDomainParameters();
            byte[] mappingResponse = this.mappingResult.getMappingResponse();
            BasicLogger.log(this, "PICC's ephemeral public  mapped " + keyAgreementAlgorithm + " key is " + new TlvDataObjectContainer(this.ephemeralKeyPairPicc.getPublic().getEncoded()), LogLevel.TRACE);
            BasicLogger.log(this, "PICC's ephemeral private mapped " + keyAgreementAlgorithm + " key is " + new TlvDataObjectContainer(this.ephemeralKeyPairPicc.getPrivate().getEncoded()), LogLevel.TRACE);
            this.processingData.updateResponseAPDU(this, "Command MapNonce successfully processed", new ResponseApdu(buildResponseDataForMapNonce(mappingResponse), Iso7816.SW_9000_NO_ERROR));
        } catch (InvalidAlgorithmParameterException e) {
            e = e;
            this.processingData.updateResponseAPDU(this, "Mapping failed due to " + e.getMessage(), new ResponseApdu(Iso7816.SW_6A80_WRONG_DATA));
            BasicLogger.logException(this, e);
        } catch (NoSuchAlgorithmException e2) {
            e = e2;
            this.processingData.updateResponseAPDU(this, e.getMessage(), new ResponseApdu(Iso7816.SW_6FFF_IMPLEMENTATION_ERROR));
            BasicLogger.logException(this, e);
        } catch (NoSuchProviderException e3) {
            e = e3;
            this.processingData.updateResponseAPDU(this, e.getMessage(), new ResponseApdu(Iso7816.SW_6FFF_IMPLEMENTATION_ERROR));
            BasicLogger.logException(this, e);
        } catch (InvalidKeySpecException e4) {
            e = e4;
            this.processingData.updateResponseAPDU(this, "Mapping failed due to " + e.getMessage(), new ResponseApdu(Iso7816.SW_6A80_WRONG_DATA));
            BasicLogger.logException(this, e);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:13:0x0244 A[Catch: ProcessingException -> 0x033f, TryCatch #0 {ProcessingException -> 0x033f, blocks: (B:2:0x0000, B:4:0x007e, B:5:0x0177, B:7:0x0215, B:9:0x0226, B:13:0x0244, B:15:0x0252, B:17:0x025a, B:18:0x0264, B:20:0x02a9, B:21:0x02b2, B:22:0x0301, B:28:0x039a, B:32:0x0367, B:34:0x037d, B:39:0x0322), top: B:1:0x0000 }] */
    /* JADX WARN: Removed duplicated region for block: B:28:0x039a A[Catch: ProcessingException -> 0x033f, TRY_LEAVE, TryCatch #0 {ProcessingException -> 0x033f, blocks: (B:2:0x0000, B:4:0x007e, B:5:0x0177, B:7:0x0215, B:9:0x0226, B:13:0x0244, B:15:0x0252, B:17:0x025a, B:18:0x0264, B:20:0x02a9, B:21:0x02b2, B:22:0x0301, B:28:0x039a, B:32:0x0367, B:34:0x037d, B:39:0x0322), top: B:1:0x0000 }] */
    /* JADX WARN: Removed duplicated region for block: B:32:0x0367 A[Catch: ProcessingException -> 0x033f, TryCatch #0 {ProcessingException -> 0x033f, blocks: (B:2:0x0000, B:4:0x007e, B:5:0x0177, B:7:0x0215, B:9:0x0226, B:13:0x0244, B:15:0x0252, B:17:0x025a, B:18:0x0264, B:20:0x02a9, B:21:0x02b2, B:22:0x0301, B:28:0x039a, B:32:0x0367, B:34:0x037d, B:39:0x0322), top: B:1:0x0000 }] */
    /* JADX WARN: Removed duplicated region for block: B:7:0x0215 A[Catch: ProcessingException -> 0x033f, TryCatch #0 {ProcessingException -> 0x033f, blocks: (B:2:0x0000, B:4:0x007e, B:5:0x0177, B:7:0x0215, B:9:0x0226, B:13:0x0244, B:15:0x0252, B:17:0x025a, B:18:0x0264, B:20:0x02a9, B:21:0x02b2, B:22:0x0301, B:28:0x039a, B:32:0x0367, B:34:0x037d, B:39:0x0322), top: B:1:0x0000 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void processCommandMutualAuthenticate() {
        /*
            Method dump skipped, instructions count: 941
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: de.persosim.simulator.protocols.pace.AbstractPaceProtocol.processCommandMutualAuthenticate():void");
    }

    public void processCommandPerformKeyAgreement() {
        byte[] valueField = this.processingData.getCommandApdu().getCommandDataObjectContainer().getTlvDataObject(new TlvPath(new TlvTag((byte) 124), new TlvTag((byte) -125))).getValueField();
        BasicLogger.log(this, "PCD's public raw key of " + valueField.length + " bytes length is: " + HexString.encode(valueField), LogLevel.TRACE);
        try {
            this.ephemeralPublicKeyPcd = this.paceDomainParametersMapped.reconstructPublicKey(valueField);
            byte[] encodePublicKey = this.paceDomainParametersMapped.encodePublicKey(this.ephemeralKeyPairPicc.getPublic());
            BasicLogger.log(this, "PCD's  ephemeral public  mapped " + this.paceDomainParametersMapped.getKeyAgreementAlgorithm() + " key is " + new TlvDataObjectContainer(this.ephemeralPublicKeyPcd.getEncoded()), LogLevel.TRACE);
            BasicLogger.log(this, "bare response data of byte length " + encodePublicKey.length + " is " + HexString.encode(encodePublicKey), LogLevel.DEBUG);
            this.processingData.updateResponseAPDU(this, "Command PerformKeyAgreement successfully processed", new ResponseApdu(buildResponseDataForKeyAgreement(this.paceDomainParametersMapped, encodePublicKey), Iso7816.SW_9000_NO_ERROR));
        } catch (IllegalArgumentException e) {
            BasicLogger.logException(this, e, LogLevel.ERROR);
            this.processingData.updateResponseAPDU(this, e.getMessage(), new ResponseApdu(Iso7816.SW_6A80_WRONG_DATA));
        } catch (Exception e2) {
            BasicLogger.logException(this, e2, LogLevel.ERROR);
            this.processingData.updateResponseAPDU(this, e2.getMessage(), new ResponseApdu(Iso7816.SW_6FFF_IMPLEMENTATION_ERROR));
        }
    }

    public void processCommandSetAT() {
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(ChipAuthenticationMechanism.class);
            if (!this.cardState.getCurrentMechanisms(SecStatus.SecContext.APPLICATION, hashSet).isEmpty()) {
                this.processingData.updateResponseAPDU(this, "no fitting authentication object found", new ResponseApdu(Iso7816.SW_6985_CONDITIONS_OF_USE_NOT_SATISFIED));
                return;
            }
            TlvDataObjectContainer commandDataObjectContainer = this.processingData.getCommandApdu().getCommandDataObjectContainer();
            try {
                this.paceOid = getOid(commandDataObjectContainer.getTlvDataObject(TAG_80).getValueField());
                CardObject specificChild = CardObjectUtils.getSpecificChild(this.cardState.getMasterFile(), new AuthObjectIdentifier(commandDataObjectContainer.getTlvDataObject(TAG_83).getValueField()));
                if (!(specificChild instanceof PasswordAuthObject)) {
                    this.processingData.updateResponseAPDU(this, "no fitting authentication object found", new ResponseApdu(Iso7816.SW_6A88_REFERENCE_DATA_NOT_FOUND));
                    return;
                }
                this.pacePassword = (PasswordAuthObject) specificChild;
                BasicLogger.log(this, "selected password is: " + getPasswordName(), LogLevel.DEBUG);
                this.processingData.addUpdatePropagation(this, "PACE started with " + this.pacePassword.getPasswordName(), new SecStatusMechanismUpdatePropagation(SecStatus.SecContext.APPLICATION, new PaceUsedPasswordMechanism(this.pacePassword)));
                TlvDataObject tlvDataObject = commandDataObjectContainer.getTlvDataObject(TAG_84);
                try {
                    CardObject specificChild2 = CardObjectUtils.getSpecificChild(this.cardState.getMasterFile(), tlvDataObject == null ? new DomainParameterSetIdentifier() : new DomainParameterSetIdentifier(tlvDataObject.getValueField()), new OidIdentifier(this.paceOid));
                    if (!(specificChild2 instanceof DomainParameterSetCardObject)) {
                        this.processingData.updateResponseAPDU(this, "invalid key reference", new ResponseApdu(Iso7816.SW_6A88_REFERENCE_DATA_NOT_FOUND));
                        return;
                    }
                    DomainParameterSetCardObject domainParameterSetCardObject = (DomainParameterSetCardObject) specificChild2;
                    this.paceDomainParametersUnmapped = domainParameterSetCardObject.getDomainParameterSet();
                    this.paceDomainParameterId = domainParameterSetCardObject.getPrimaryIdentifier().getInteger();
                    TlvDataObject tlvDataObject2 = commandDataObjectContainer.getTlvDataObject(TAG_7F4C);
                    if (tlvDataObject2 != null) {
                        try {
                            this.usedChat = new CertificateHolderAuthorizationTemplate((ConstructedTlvDataObject) tlvDataObject2);
                            this.authorizationStore = new AuthorizationStore(getAuthorizationsFromCommandData(commandDataObjectContainer));
                            this.terminalTypeOid = this.usedChat.getTerminalType().getAsOid();
                            this.trustPoint = (TrustPointCardObject) CardObjectUtils.getSpecificChild(this.cardState.getMasterFile(), new TrustPointIdentifier(this.usedChat.getTerminalType()));
                            if (!checkPasswordAndAccessRights(this.usedChat, this.pacePassword)) {
                                this.processingData.updateResponseAPDU(this, "The given terminal type and password does not match the access rights", new ResponseApdu(Iso7816.SW_6A80_WRONG_DATA));
                                return;
                            }
                        } catch (Exception e) {
                            this.processingData.updateResponseAPDU(this, e.getMessage(), new ResponseApdu(Iso7816.SW_6A88_REFERENCE_DATA_NOT_FOUND));
                            BasicLogger.logException(this, e);
                            return;
                        }
                    }
                    this.cryptoSupport = this.paceOid.getCryptoSupport();
                    BasicLogger.log(this, "new OID is " + this.paceOid + ", new " + this.pacePassword, LogLevel.DEBUG);
                    KeyDerivationFunction keyDerivationFunction = new KeyDerivationFunction(this.paceOid.getSymmetricCipherKeyLengthInBytes());
                    byte[] password = this.pacePassword.getPassword();
                    BasicLogger.log(this, "common secret is: " + HexString.encode(password), LogLevel.TRACE);
                    byte[] derivePI = keyDerivationFunction.derivePI(password);
                    BasicLogger.log(this, "computed raw key material of byte length " + derivePI.length + " is: " + HexString.encode(derivePI), LogLevel.TRACE);
                    this.secretKeySpecNonce = this.cryptoSupport.generateSecretKeySpecCipher(derivePI);
                    BasicLogger.log(this, "computed " + this.paceOid.getSymmetricCipherAlgorithmName() + " key material: " + HexString.encode(derivePI), LogLevel.DEBUG);
                    ResponseData isPasswordUsable = isPasswordUsable(this.pacePassword, this.cardState);
                    if (isPasswordUsable != null) {
                        this.processingData.updateResponseAPDU(this, isPasswordUsable.getResponse(), new ResponseApdu(isPasswordUsable.getStatusWord()));
                    } else {
                        this.processingData.updateResponseAPDU(this, "Command SetAt successfully processed", new ResponseApdu(Iso7816.SW_9000_NO_ERROR));
                    }
                } catch (IllegalArgumentException e2) {
                    this.processingData.updateResponseAPDU(this, e2.getMessage(), new ResponseApdu(Iso7816.SW_6A88_REFERENCE_DATA_NOT_FOUND));
                }
            } catch (RuntimeException e3) {
                this.processingData.updateResponseAPDU(this, e3.getMessage(), new ResponseApdu(Iso7816.SW_6A80_WRONG_DATA));
                BasicLogger.logException(this, e3);
            }
        } catch (ProcessingException e4) {
            this.processingData.updateResponseAPDU(this, e4.getMessage(), new ResponseApdu(e4.getStatusWord()));
        }
    }

    protected boolean setSmDataProvider() {
        try {
            this.processingData.addUpdatePropagation(this, "init SM after successful PACE", new SmDataProviderTr03110(this.secretKeySpecENC, this.secretKeySpecMAC));
            return true;
        } catch (CryptoException e) {
            BasicLogger.logException(this, e);
            this.processingData.updateResponseAPDU(this, "Unable to initialize new secure messaging", new ResponseApdu(Iso7816.SW_6FFF_IMPLEMENTATION_ERROR));
            return false;
        }
    }
}
