package im.status.keycard.globalplatform;

import im.status.keycard.io.APDUCommand;
import im.status.keycard.io.APDUException;
import im.status.keycard.io.APDUResponse;
import im.status.keycard.io.CardChannel;

/* loaded from: classes.dex */
public class SecureChannel {
    private CardChannel channel;
    private SCP02Wrapper wrapper;
    public static byte[] DERIVATION_PURPOSE_ENC = {1, -126};
    public static byte[] DERIVATION_PURPOSE_MAC = {1, 1};
    public static byte[] DERIVATION_PURPOSE_DEK = {1, -127};

    public SecureChannel(CardChannel cardChannel, SCP02Keys sCP02Keys) {
        this.channel = cardChannel;
        this.wrapper = new SCP02Wrapper(sCP02Keys.getMacKeyData());
    }

    public static Session verifyChallenge(byte[] bArr, SCP02Keys sCP02Keys, APDUResponse aPDUResponse) {
        if (aPDUResponse.getSw() == 27010) {
            throw new APDUException(aPDUResponse.getSw(), "security condition not satisfied");
        }
        if (aPDUResponse.getSw() == 27011) {
            throw new APDUException(aPDUResponse.getSw(), "authentication method blocked");
        }
        byte[] data = aPDUResponse.getData();
        if (data.length != 28) {
            throw new APDUException(aPDUResponse.getSw(), String.format("bad data length, expected 28, got %d", Integer.valueOf(data.length)));
        }
        byte[] bArr2 = new byte[8];
        System.arraycopy(data, 12, bArr2, 0, 8);
        byte[] bArr3 = new byte[8];
        System.arraycopy(data, 20, bArr3, 0, 8);
        byte[] bArr4 = new byte[2];
        System.arraycopy(data, 12, bArr4, 0, 2);
        SCP02Keys sCP02Keys2 = new SCP02Keys(Crypto.deriveSCP02SessionKey(sCP02Keys.getEncKeyData(), bArr4, DERIVATION_PURPOSE_ENC), Crypto.deriveSCP02SessionKey(sCP02Keys.getMacKeyData(), bArr4, DERIVATION_PURPOSE_MAC), Crypto.deriveSCP02SessionKey(sCP02Keys.getDekKeyData(), bArr4, DERIVATION_PURPOSE_DEK));
        if (Crypto.verifyCryptogram(sCP02Keys2.getEncKeyData(), bArr, bArr2, bArr3)) {
            return new Session(sCP02Keys2, bArr2);
        }
        throw new APDUException("error verifying card cryptogram.");
    }

    public APDUResponse send(APDUCommand aPDUCommand) {
        return this.channel.send(this.wrapper.wrap(aPDUCommand));
    }
}
