package com.google.android.libraries.commerce.hce.applet.smarttap.v2;

import android.nfc.NdefRecord;
import android.support.v4.util.Pair;
import com.google.android.libraries.commerce.hce.applet.smarttap.v2.Session;
import com.google.android.libraries.commerce.hce.common.ResponseApdus;
import com.google.android.libraries.commerce.hce.common.SmartTap2Values;
import com.google.android.libraries.commerce.hce.common.SmartTapStatusWord;
import com.google.android.libraries.commerce.hce.common.StatusWords;
import com.google.android.libraries.commerce.hce.crypto.SmartTap2Encryptor;
import com.google.android.libraries.commerce.hce.crypto.SmartTap2MerchantVerifier;
import com.google.android.libraries.commerce.hce.crypto.ValuablesCryptoException;
import com.google.android.libraries.commerce.hce.crypto.Version0EncryptionParameters;
import com.google.android.libraries.commerce.hce.crypto.Version1EncryptionParameters;
import com.google.android.libraries.commerce.hce.iso7816.Aid;
import com.google.android.libraries.commerce.hce.iso7816.Iso7816StatusWord;
import com.google.android.libraries.commerce.hce.iso7816.ResponseApdu;
import com.google.android.libraries.commerce.hce.iso7816.StatusWord;
import com.google.android.libraries.commerce.hce.ndef.Format;
import com.google.android.libraries.commerce.hce.ndef.NdefMessages;
import com.google.android.libraries.commerce.hce.ndef.NdefRecords;
import com.google.android.libraries.commerce.hce.primitives.ByteArrayWrapper;
import com.google.android.libraries.commerce.hce.util.ByteArrays;
import com.google.android.libraries.commerce.hce.util.Compressor;
import com.google.android.libraries.commerce.hce.util.Hex;
import com.google.android.libraries.commerce.hce.util.SmartTapBcdUtil;
import com.google.android.libraries.logging.text.FormattingLogger;
import com.google.android.libraries.logging.text.FormattingLoggers;
import com.google.common.base.Absent;
import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.common.collect.Multimap;
import com.google.common.collect.RegularImmutableSet;
import com.google.common.primitives.Bytes;
import com.google.common.primitives.Shorts;
import java.security.SecureRandom;
import java.security.interfaces.ECPublicKey;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Set;
import javax.inject.Inject;

/* loaded from: classes.dex */
public class SmartTapApplet {
    private static final FormattingLogger LOG = FormattingLoggers.newContextLogger();
    private static final byte[] SELECT_COMMAND = Aid.SMART_TAP_AID_V2_0.getSelectCommand();
    private final Multimap<ByteArrayWrapper, NdefRecord> addedNdefRecords;
    private byte[] encodedCollectorId;
    public final SmartTap2Encryptor encryptor;
    private final GetSmartTapDataCommand getSmartTapDataCommand;
    public Optional<Integer> keyVersionOptional;
    public Optional<MerchantInfo> merchantInfoOptional;
    private byte[] negotiateCommandBytes;
    private final NegotiateSmartTapCommand negotiateSmartTapCommand;
    private final PushSmartTapDataCommand pushSmartTapDataCommand;
    private final SecureRandom random;
    private final Set<ByteArrayWrapper> removedNdefRecords;
    private byte[] signature;
    private final SmartTapCallback smartTapCallback;
    private byte[] terminalEphemeralPublicKeyBytes;
    private byte[] terminalNonce;
    public Optional<Short> versionOptional;
    public byte[] handsetNonce = new byte[32];
    private SmartTap2MerchantVerifier.AuthenticationState authenticationState = SmartTap2MerchantVerifier.AuthenticationState.NOT_AUTHENTICATED;

    @Inject
    public SmartTapApplet(SmartTapCallback smartTapCallback, NegotiateSmartTapCommand negotiateSmartTapCommand, GetSmartTapDataCommand getSmartTapDataCommand, PushSmartTapDataCommand pushSmartTapDataCommand, SecureRandom secureRandom, SmartTap2Encryptor smartTap2Encryptor, Compressor compressor) {
        this.smartTapCallback = smartTapCallback;
        this.addedNdefRecords = smartTapCallback.getAddedNdefRecords();
        this.removedNdefRecords = smartTapCallback.getRemovedNdefRecords();
        this.negotiateSmartTapCommand = negotiateSmartTapCommand;
        this.getSmartTapDataCommand = getSmartTapDataCommand;
        this.pushSmartTapDataCommand = pushSmartTapDataCommand;
        this.random = secureRandom;
        this.encryptor = smartTap2Encryptor;
        reset();
    }

    private final void setOrConfirmMerchant(MerchantInfo merchantInfo) {
        if (!this.merchantInfoOptional.isPresent()) {
            this.merchantInfoOptional = Optional.of(merchantInfo);
            return;
        }
        MerchantInfo merchantInfo2 = this.merchantInfoOptional.get();
        if (merchantInfo2.collectorId == merchantInfo.collectorId) {
            if (merchantInfo2.onlyCollectorIdKnown()) {
                this.merchantInfoOptional = Optional.of(merchantInfo);
                return;
            } else {
                if (merchantInfo.onlyCollectorIdKnown()) {
                    return;
                }
                this.merchantInfoOptional = Optional.of(MerchantInfo.update(merchantInfo2, merchantInfo));
                return;
            }
        }
        Session.Status status = Session.Status.UNKNOWN;
        StatusWord.Code code = StatusWord.Code.TOO_MANY_REQUESTS;
        long j = merchantInfo2.collectorId;
        long j2 = merchantInfo.collectorId;
        StringBuilder sb = new StringBuilder(91);
        sb.append("Provided two different collector IDs. ID 1: ");
        sb.append(j);
        sb.append(" ID 2: ");
        sb.append(j2);
        throw new SmartTapV2Exception(code, sb.toString());
    }

    private final void setOrConfirmVersion(short s) {
        if (this.versionOptional.isPresent()) {
            Short sh = this.versionOptional.get();
            Short valueOf = Short.valueOf(s);
            if (sh.equals(valueOf)) {
                return;
            }
            Session.Status status = Session.Status.UNKNOWN;
            throw new SmartTapV2Exception(StatusWord.Code.VERSION_NOT_SUPPORTED, String.format("Provided two different protocol versions. Version 1: %s Version 2: %s.", this.versionOptional.get(), valueOf));
        }
        byte[] minVersion = this.smartTapCallback.getMinVersion();
        byte[] maxVersion = this.smartTapCallback.getMaxVersion();
        short fromByteArray = Shorts.fromByteArray(minVersion);
        short fromByteArray2 = Shorts.fromByteArray(maxVersion);
        if (fromByteArray > s || fromByteArray2 < s) {
            Session.Status status2 = Session.Status.UNKNOWN;
            throw new SmartTapV2Exception(StatusWord.Code.VERSION_NOT_SUPPORTED, String.format("Requested version is not supported. Min version: %s. Max version: %s. Requested version: %s.", Short.valueOf(fromByteArray), Short.valueOf(fromByteArray2), Short.valueOf(s)));
        }
        this.versionOptional = Optional.of(Short.valueOf(s));
    }

    public final SmartTapResponse processCommand(byte[] bArr, boolean z) {
        SmartTapResponse dataResponse;
        boolean z2 = true;
        LOG.d("SmartTap v2.0 command: %s.", Hex.encode(bArr));
        byte b = bArr[0];
        byte b2 = bArr[1];
        if (b == 0) {
            if (b2 == -92) {
                if (!Arrays.equals(SELECT_COMMAND, bArr)) {
                    return SmartTapResponse.create(-92, ResponseApdu.fromStatusWord(Iso7816StatusWord.FILE_NOT_FOUND));
                }
                byte[] minVersion = this.smartTapCallback.getMinVersion();
                byte[] maxVersion = this.smartTapCallback.getMaxVersion();
                Preconditions.checkArgument(minVersion.length == 2);
                Preconditions.checkArgument(maxVersion.length == 2);
                short fromByteArray = Shorts.fromByteArray(minVersion);
                short fromByteArray2 = Shorts.fromByteArray(maxVersion);
                Preconditions.checkArgument(fromByteArray <= fromByteArray2);
                if (fromByteArray < 0) {
                    LOG.w("Specified smarttap min version %s is less than library supported min version %s.", Hex.encodeUpper(minVersion), Hex.encodeUpper(SmartTap2Values.SMARTTAP_MIN_VERSION));
                }
                if (fromByteArray2 > 1) {
                    LOG.w("Specified smarttap max version %s is greater than library supported max version %s.", Hex.encodeUpper(maxVersion), Hex.encodeUpper(SmartTap2Values.SMARTTAP_MAX_VERSION));
                }
                return SmartTapResponse.create(-92, ResponseApdu.fromDataAndStatusWord(Bytes.concat(minVersion, maxVersion, NdefMessages.compose(this.addedNdefRecords, this.removedNdefRecords, SmartTap2Values.SELECT_NDEF_FLAG, (short) 1, new NdefRecord((short) 4, SmartTap2Values.HANDSET_NONCE_NDEF_TYPE, SmartTap2Values.HANDSET_NONCE_NDEF_TYPE, Bytes.concat(new byte[]{Format.BINARY.value}, this.handsetNonce))).toByteArray()), Iso7816StatusWord.NO_ERROR));
            }
        } else if (b == -112) {
            if (b2 == -64) {
                try {
                    GetSmartTapDataCommand getSmartTapDataCommand = this.getSmartTapDataCommand;
                    GetAdditionalSmartTapDataRequest parse = GetAdditionalSmartTapDataRequest.parse(bArr);
                    short s = parse.version;
                    getSmartTapDataCommand.version = s;
                    if (s == 0) {
                        getSmartTapDataCommand.sequenceNumber = (byte) (parse.sequenceNumber + 1);
                    }
                    GetData getData = getSmartTapDataCommand.getData;
                    SmartTapResponse create = (getData == null || !getData.hasMoreData()) ? SmartTapResponse.create(-64, ResponseApdus.get(StatusWord.Code.REQUEST_MORE_NOT_APPLICABLE, getSmartTapDataCommand.version)) : getSmartTapDataCommand.getData.getMoreDataResponse(getSmartTapDataCommand.sequenceNumber, getSmartTapDataCommand.getMaxApduLength(parse.maxApduLength));
                    short s2 = this.getSmartTapDataCommand.version;
                    if (s2 == 1) {
                        return create;
                    }
                    setOrConfirmVersion(s2);
                    GetSmartTapDataCommand getSmartTapDataCommand2 = this.getSmartTapDataCommand;
                    if (getSmartTapDataCommand2.version != 0) {
                        return create;
                    }
                    this.smartTapCallback.serviceObjectsWereConveyed(getSmartTapDataCommand2.merchantInfo, create.serviceObjectsInResponse());
                    return create;
                } catch (ValuablesCryptoException e) {
                    Session.Status status = Session.Status.UNKNOWN;
                    throw new SmartTapV2Exception(StatusWord.Code.CRYPTO_FAILURE, "Unable to encrypt payload for GetMoreData", e);
                }
            }
            if (b2 == 80) {
                try {
                    GetSmartTapDataCommand getSmartTapDataCommand3 = this.getSmartTapDataCommand;
                    SmartTap2Encryptor smartTap2Encryptor = this.encryptor;
                    SmartTap2MerchantVerifier.AuthenticationState authenticationState = this.authenticationState;
                    GetSmartTapDataRequest parse2 = GetSmartTapDataRequest.parse(bArr);
                    boolean isInitialized = smartTap2Encryptor.isInitialized();
                    getSmartTapDataCommand3.useEncryption = isInitialized;
                    getSmartTapDataCommand3.tryCompression = parse2.supportsZlib;
                    getSmartTapDataCommand3.sessionId = parse2.sessionId;
                    getSmartTapDataCommand3.sequenceNumber = (byte) (parse2.sequenceNumber + 1);
                    short s3 = parse2.version;
                    getSmartTapDataCommand3.version = s3;
                    getSmartTapDataCommand3.merchantInfo = parse2.merchantInfo;
                    Pair<Set<ServiceObject>, StatusWord.Code> serviceObjects = getSmartTapDataCommand3.smartTapCallback.getServiceObjects(getSmartTapDataCommand3.merchantInfo, isInitialized, authenticationState, s3);
                    if (serviceObjects.second != StatusWord.Code.UNSPECIFIED) {
                        dataResponse = SmartTapResponse.create(80, ResponseApdu.fromStatusWord(new SmartTapStatusWord(serviceObjects.second)));
                    } else {
                        Set<ServiceObject> set = serviceObjects.first;
                        Iterator<ServiceObject> it = set.iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                z2 = false;
                                break;
                            }
                            if (it.next().unlockRequired()) {
                                break;
                            }
                        }
                        short s4 = getSmartTapDataCommand3.version;
                        if (s4 != 0) {
                            getSmartTapDataCommand3.getData = new GetDataVersion1(getSmartTapDataCommand3.addedNdefRecords, getSmartTapDataCommand3.removedNdefRecords, getSmartTapDataCommand3.sessionId, getSmartTapDataCommand3.sequenceNumber, s4, authenticationState, getSmartTapDataCommand3.useEncryption, getSmartTapDataCommand3.tryCompression, smartTap2Encryptor, set, z2, z);
                        } else {
                            getSmartTapDataCommand3.getData = new GetDataVersion0(getSmartTapDataCommand3.addedNdefRecords, getSmartTapDataCommand3.removedNdefRecords, getSmartTapDataCommand3.sessionId, authenticationState, getSmartTapDataCommand3.useEncryption, smartTap2Encryptor, set, z2);
                        }
                        dataResponse = getSmartTapDataCommand3.getData.getDataResponse(getSmartTapDataCommand3.sequenceNumber, getSmartTapDataCommand3.getMaxApduLength(parse2.maxApduLength));
                    }
                    setOrConfirmVersion(this.getSmartTapDataCommand.version);
                    setOrConfirmMerchant(this.getSmartTapDataCommand.merchantInfo);
                    this.smartTapCallback.serviceObjectsWereConveyed(this.getSmartTapDataCommand.merchantInfo, dataResponse.serviceObjectsInResponse());
                    return dataResponse;
                } catch (ValuablesCryptoException e2) {
                    Session.Status status2 = Session.Status.UNKNOWN;
                    throw new SmartTapV2Exception(StatusWord.Code.CRYPTO_FAILURE, "Unable to encrypt payload for GetData", e2);
                }
            }
            if (b2 == 82) {
                PushSmartTapDataCommand pushSmartTapDataCommand = this.pushSmartTapDataCommand;
                Optional<Long> of = this.merchantInfoOptional.isPresent() ? Optional.of(Long.valueOf(this.merchantInfoOptional.get().collectorId)) : Absent.INSTANCE;
                PushSmartTapDataRequest parse3 = PushSmartTapDataRequest.parse(bArr);
                pushSmartTapDataCommand.version = parse3.version;
                SessionResponse sessionResponse = new SessionResponse(parse3.sessionId, (byte) (parse3.sequenceNumber + 1), StatusWords.get(pushSmartTapDataCommand.smartTapCallback.processPushBackData$ar$ds(parse3.serviceStatuses, parse3.newServices, of), pushSmartTapDataCommand.version));
                Multimap<ByteArrayWrapper, NdefRecord> multimap = pushSmartTapDataCommand.addedNdefRecords;
                Set<ByteArrayWrapper> set2 = pushSmartTapDataCommand.removedNdefRecords;
                byte[] bArr2 = SmartTap2Values.PUSH_NDEF_FLAG;
                byte[] bArr3 = SmartTap2Values.PUSH_SERVICE_RESPONSE_NDEF_TYPE;
                short s5 = pushSmartTapDataCommand.version;
                SmartTapResponse create2 = SmartTapResponse.create(82, ResponseApdu.fromDataAndStatusWord(NdefMessages.compose(multimap, set2, bArr2, s5, NdefRecords.compose(bArr3, NdefMessages.compose(multimap, set2, bArr3, s5, sessionResponse.composeNdef(s5)).toByteArray(), s5)).toByteArray(), sessionResponse.statusWord), null, parse3.newServices, SmartTap2MerchantVerifier.AuthenticationState.NOT_AUTHENTICATED, false, false);
                setOrConfirmVersion(this.pushSmartTapDataCommand.version);
                return create2;
            }
            if (b2 != 83) {
                LOG.w("Unknown INS value: %s", Byte.valueOf(b2));
                return this.versionOptional.isPresent() ? SmartTapResponse.create(b2, ResponseApdu.fromStatusWord(StatusWords.get(StatusWord.Code.UNKNOWN_TERMINAL_COMMAND, this.versionOptional.get().shortValue()))) : SmartTapResponse.create(b2, ResponseApdu.fromStatusWord(Iso7816StatusWord.INS_NOT_SUPPORTED));
            }
            NegotiateSmartTapCommand negotiateSmartTapCommand = this.negotiateSmartTapCommand;
            byte[] bArr4 = this.handsetNonce;
            byte[] ephemeralPublicKey = this.encryptor.getEphemeralPublicKey();
            NegotiateSmartTapRequest parse4 = NegotiateSmartTapRequest.parse(bArr);
            short s6 = parse4.version;
            negotiateSmartTapCommand.version = s6;
            long j = parse4.collectorId;
            negotiateSmartTapCommand.collectorId = j;
            if (s6 != 0) {
                byte[] bArr5 = parse4.encodedCollectorId;
                int length = bArr5.length;
                if (length > 4) {
                    negotiateSmartTapCommand.encodedCollectorId = Arrays.copyOfRange(bArr5, length - 4, length);
                } else {
                    negotiateSmartTapCommand.encodedCollectorId = ByteArrays.updatePayloadLength(bArr5, 4);
                }
                boolean z3 = negotiateSmartTapCommand.encodedCollectorId != null;
                Session.Status status3 = Session.Status.UNKNOWN;
                SmartTapV2Exception.check$ar$ds$8c28c262_0(z3, StatusWord.Code.INVALID_CRYPTO_INPUT, "Unable to parse collector ID", new Object[0]);
            } else {
                byte[] encode = SmartTapBcdUtil.encode(j);
                int length2 = encode.length;
                if (length2 > 4) {
                    throw new IllegalArgumentException(String.format("Cannot encode %d into %d bytes", Long.valueOf(j), 4));
                }
                if (length2 < 4) {
                    encode = Bytes.concat(new byte[4 - length2], encode);
                }
                negotiateSmartTapCommand.encodedCollectorId = encode;
            }
            negotiateSmartTapCommand.terminalEphemeralPublicKey = parse4.ephemeralPublicKey;
            if (!parse4.liveAuthenticate) {
                bArr4 = new byte[32];
            }
            byte[] bArr6 = bArr4;
            negotiateSmartTapCommand.terminalNonce = parse4.terminalNonce;
            negotiateSmartTapCommand.encryptionNegotiated = true;
            negotiateSmartTapCommand.signature = parse4.signature;
            int i = parse4.longTermKeyVersion;
            negotiateSmartTapCommand.keyVersion = i;
            ECPublicKey longTermPublicKey = negotiateSmartTapCommand.smartTapCallback.getLongTermPublicKey(negotiateSmartTapCommand.collectorId, i);
            if (longTermPublicKey != null) {
                try {
                    negotiateSmartTapCommand.authenticationState = negotiateSmartTapCommand.signatureVerifier.verifySignature(longTermPublicKey, negotiateSmartTapCommand.signature, negotiateSmartTapCommand.terminalNonce, bArr6, negotiateSmartTapCommand.encodedCollectorId, negotiateSmartTapCommand.terminalEphemeralPublicKey);
                } catch (ValuablesCryptoException e3) {
                    negotiateSmartTapCommand.authenticationState = SmartTap2MerchantVerifier.AuthenticationState.BAD_KEY;
                }
            } else {
                negotiateSmartTapCommand.authenticationState = SmartTap2MerchantVerifier.AuthenticationState.NO_KEY;
            }
            SmartTapResponse create3 = SmartTapResponse.create(83, ResponseApdu.fromDataAndStatusWord(NdefMessages.compose(negotiateSmartTapCommand.addedNdefRecords, negotiateSmartTapCommand.removedNdefRecords, SmartTap2Values.NEGOTIATE_NDEF_FLAG, negotiateSmartTapCommand.version, NdefRecords.compose(SmartTap2Values.NEGOTIATE_RESPONSE_NDEF_TYPE, NdefMessages.compose(negotiateSmartTapCommand.addedNdefRecords, negotiateSmartTapCommand.removedNdefRecords, SmartTap2Values.NEGOTIATE_RESPONSE_NDEF_TYPE, negotiateSmartTapCommand.version, new Session(parse4.sessionId, (byte) (parse4.sequenceNumber + 1)).composeNdef(negotiateSmartTapCommand.version), NdefRecords.compose(SmartTap2Values.HANDSET_EPHEMERAL_PUBLIC_KEY_NDEF_TYPE, ephemeralPublicKey, negotiateSmartTapCommand.version)).toByteArray(), negotiateSmartTapCommand.version)).toByteArray(), StatusWords.get(NegotiateSmartTapCommand.AUTH_STATE_TO_RESPONSE_CODE.get(negotiateSmartTapCommand.authenticationState), negotiateSmartTapCommand.version)), negotiateSmartTapCommand.authenticationState);
            setOrConfirmVersion(this.negotiateSmartTapCommand.version);
            setOrConfirmMerchant(new MerchantInfo(this.negotiateSmartTapCommand.collectorId, null, null, null, MerchantCategory.UNKNOWN, RegularImmutableSet.EMPTY));
            NegotiateSmartTapCommand negotiateSmartTapCommand2 = this.negotiateSmartTapCommand;
            this.terminalEphemeralPublicKeyBytes = negotiateSmartTapCommand2.terminalEphemeralPublicKey;
            this.terminalNonce = negotiateSmartTapCommand2.terminalNonce;
            this.keyVersionOptional = Optional.of(Integer.valueOf(negotiateSmartTapCommand2.keyVersion));
            NegotiateSmartTapCommand negotiateSmartTapCommand3 = this.negotiateSmartTapCommand;
            this.encodedCollectorId = negotiateSmartTapCommand3.encodedCollectorId;
            this.authenticationState = negotiateSmartTapCommand3.authenticationState;
            if (!negotiateSmartTapCommand3.encryptionNegotiated) {
                return create3;
            }
            try {
                short shortValue = this.versionOptional.get().shortValue();
                if (shortValue == 0) {
                    this.negotiateCommandBytes = bArr;
                    this.encryptor.setCryptoParams(new Version0EncryptionParameters(this.terminalEphemeralPublicKeyBytes, this.handsetNonce, this.negotiateCommandBytes));
                } else if (shortValue > 0) {
                    this.signature = this.negotiateSmartTapCommand.signature;
                    SmartTap2Encryptor smartTap2Encryptor2 = this.encryptor;
                    byte[] bArr7 = this.terminalEphemeralPublicKeyBytes;
                    smartTap2Encryptor2.setCryptoParams(new Version1EncryptionParameters(bArr7, this.handsetNonce, this.terminalNonce, this.encodedCollectorId, bArr7, this.signature));
                }
                return create3;
            } catch (ValuablesCryptoException e4) {
                Session.Status status4 = Session.Status.UNKNOWN;
                throw new SmartTapV2Exception(StatusWord.Code.CRYPTO_FAILURE, "Unable to generate shared key", e4);
            }
        }
        return SmartTapResponse.create(b2, ResponseApdu.fromStatusWord(Iso7816StatusWord.CLA_NOT_SUPPORTED));
    }

    public final void reset() {
        this.versionOptional = Absent.INSTANCE;
        this.merchantInfoOptional = Absent.INSTANCE;
        this.keyVersionOptional = Absent.INSTANCE;
        SecureRandom secureRandom = this.random;
        secureRandom.setSeed(secureRandom.generateSeed(8));
        this.random.nextBytes(this.handsetNonce);
        this.encryptor.reset();
    }
}
