package com.loxone.kerberos.nfc;

import android.content.Intent;
import android.nfc.cardemulation.HostApduService;
import android.os.Bundle;
import android.util.Log;
import android.widget.Toast;
import com.loxone.kerberos.R;
import com.loxone.kerberos.nfc.utils.ByteUtils;
import com.loxone.kerberos.nfc.utils.CryptoUtils;
import java.util.Arrays;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: classes.dex */
public class NfcHceService extends HostApduService {
    private static boolean LOGGING = false;
    private static final String TAG = "NfcHceService";
    private byte[] aesSessionKey;
    private byte[] appMasterKey;
    private String nfcID;
    private byte[] readKey;
    private byte[] rndB;
    private byte[] rndB_enc;
    private byte[] uid;
    private final byte UID_LENGTH = 7;
    private final byte CONTINUE_CMD = -81;
    private final byte[] NOT_ALLOWED_RESPONSE = {105, 0};
    private final byte[] UNKNOWN_ERROR_RESPONSE = {111, 0};
    private final byte[] SELECT_APDU = BuildSelectApdu(Nfc.LOXONE_AID);
    private AuthenticationStatus authenticationStatus = AuthenticationStatus.IDLE;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public enum AuthenticationStatus {
        IDLE,
        SELECTED,
        SELECTED_APP,
        AUTH_REQUEST,
        AUTHENTICATED,
        ERROR
    }

    private byte[] BuildSelectApdu(String str) {
        return ByteUtils.hexStringToByteArray("00A40400" + String.format("%02X", Integer.valueOf(str.length() / 2)) + str);
    }

    private byte[] handleAuthenticationRequest(byte[] bArr) {
        if (ByteUtils.equals(bArr, new byte[]{-86, 1})) {
            if (LOGGING) {
                Log.v(TAG, "Received AES Auth CMD: " + ByteUtils.byteArrayToHexString(bArr));
            }
            try {
                this.readKey = CryptoUtils.generateReadKey(this.uid, this.appMasterKey);
                if (LOGGING) {
                    Log.v(TAG, "ReadKey: " + ByteUtils.byteArrayToHexString(this.readKey));
                }
                this.rndB = ByteUtils.randomBytes(16);
                if (LOGGING) {
                    Log.v(TAG, "Generated RndB: " + ByteUtils.byteArrayToHexString(this.rndB));
                }
                this.rndB_enc = CryptoUtils.encryptAESData(this.rndB, this.readKey, new IvParameterSpec(new byte[16]), CryptoUtils.NO_PADDING);
                if (LOGGING) {
                    Log.v(TAG, "Encrypted RndB: " + ByteUtils.byteArrayToHexString(this.rndB_enc));
                }
                this.authenticationStatus = AuthenticationStatus.AUTH_REQUEST;
                return ByteUtils.concatArrays(new byte[]{-81}, this.rndB_enc);
            } catch (Throwable th) {
                th.printStackTrace();
            }
        }
        return null;
    }

    private byte[] handleAuthenticationResponse(byte[] bArr) {
        if (ByteUtils.startsWith(bArr, new byte[]{-81})) {
            byte[] copyOfRange = Arrays.copyOfRange(bArr, 1, 33);
            try {
                if (LOGGING) {
                    Log.v(TAG, "Encrypted: " + ByteUtils.byteArrayToHexString(copyOfRange));
                }
                IvParameterSpec ivParameterSpec = new IvParameterSpec(this.rndB_enc);
                if (LOGGING) {
                    Log.v(TAG, "IV: " + ByteUtils.byteArrayToHexString(ivParameterSpec.getIV()));
                }
                byte[] decryptAESData = CryptoUtils.decryptAESData(copyOfRange, this.readKey, ivParameterSpec, CryptoUtils.NO_PADDING);
                if (LOGGING) {
                    Log.v(TAG, "Decrypted: " + ByteUtils.byteArrayToHexString(decryptAESData));
                }
                byte[] copyOfRange2 = Arrays.copyOfRange(decryptAESData, 0, 16);
                byte[] copyOfRange3 = Arrays.copyOfRange(decryptAESData, 16, 32);
                byte[] shiftRight = ByteUtils.shiftRight(copyOfRange3);
                if (LOGGING) {
                    Log.v(TAG, "Received RndA: " + ByteUtils.byteArrayToHexString(copyOfRange2));
                }
                if (LOGGING) {
                    Log.v(TAG, "Received Shifted RndB: " + ByteUtils.byteArrayToHexString(copyOfRange3));
                }
                if (LOGGING) {
                    Log.v(TAG, "Received RndB: " + ByteUtils.byteArrayToHexString(shiftRight));
                }
                if (!Arrays.equals(this.rndB, shiftRight)) {
                    throw new Exception("Random Numbers doesn't match!");
                }
                byte[] shiftLeft = ByteUtils.shiftLeft(copyOfRange2);
                if (LOGGING) {
                    Log.v(TAG, "Shifted RndA: " + ByteUtils.byteArrayToHexString(shiftLeft));
                }
                IvParameterSpec ivParameterSpec2 = new IvParameterSpec(Arrays.copyOfRange(copyOfRange, 16, 32));
                if (LOGGING) {
                    Log.v(TAG, "IV: " + ByteUtils.byteArrayToHexString(ivParameterSpec2.getIV()));
                }
                byte[] encryptAESData = CryptoUtils.encryptAESData(shiftLeft, this.readKey, ivParameterSpec2, CryptoUtils.NO_PADDING);
                this.aesSessionKey = CryptoUtils.generatedAesSessionKey(copyOfRange2, shiftRight);
                if (LOGGING) {
                    Log.v(TAG, "AES Session Key: " + ByteUtils.byteArrayToHexString(this.aesSessionKey));
                }
                this.authenticationStatus = AuthenticationStatus.AUTHENTICATED;
                return ByteUtils.concatArrays(new byte[]{0}, encryptAESData);
            } catch (Throwable th) {
                th.printStackTrace();
            }
        }
        return null;
    }

    private byte[] handleFileReadRequest(byte[] bArr) {
        if (ByteUtils.startsWith(bArr, new byte[]{-67})) {
            try {
                byte[] calculateCmac = CryptoUtils.calculateCmac(bArr, this.aesSessionKey, 16);
                if (LOGGING) {
                    Log.v(TAG, "Cmac: " + ByteUtils.byteArrayToHexString(calculateCmac));
                }
                IvParameterSpec ivParameterSpec = new IvParameterSpec(calculateCmac);
                if (this.nfcID != null) {
                    Toast.makeText(getApplicationContext(), R.string.res_0x7f07003e_nfc_hce_success, 0).show();
                    return ByteUtils.concatArrays(new byte[]{0}, CryptoUtils.encryptAESData(ByteUtils.hexStringToByteArray(this.nfcID), this.aesSessionKey, ivParameterSpec, CryptoUtils.ZERO_BYTE_PADDING));
                }
            } catch (Throwable th) {
                th.printStackTrace();
            }
        }
        return null;
    }

    private byte[] handleSelectLoxoneAndAid(byte[] bArr) {
        if (!ByteUtils.startsWith(bArr, this.SELECT_APDU)) {
            return null;
        }
        byte[] subbytes = ByteUtils.subbytes(bArr, bArr[4] + 4 + 1);
        if (subbytes == null || !ByteUtils.equals(subbytes, (byte) 7)) {
            if (LOGGING) {
                Log.v(TAG, "Responding with WRONG Le and correct Le");
            }
            return new byte[]{107, 7};
        }
        this.uid = ByteUtils.randomBytes(7);
        if (LOGGING) {
            Log.v(TAG, "UID: " + ByteUtils.byteArrayToHexString(this.uid));
        }
        if (LOGGING) {
            Log.v(TAG, "Responding with UID + SELECT OK");
        }
        this.authenticationStatus = AuthenticationStatus.SELECTED;
        return ByteUtils.concatArrays(this.uid, new byte[]{-112, 0});
    }

    private byte[] handleSelectNfcApplication(byte[] bArr) {
        if (ByteUtils.startsWith(bArr, new byte[]{90})) {
            if (LOGGING) {
                Log.v(TAG, "Received Select Application: " + ByteUtils.byteArrayToHexString(bArr));
            }
            byte[] copyOfRange = Arrays.copyOfRange(bArr, 1, bArr.length);
            ByteUtils.reverseByteArray(copyOfRange);
            if (LOGGING) {
                Log.v(TAG, "AID: " + ByteUtils.byteArrayToHexString(copyOfRange));
            }
            this.appMasterKey = Nfc.getAppMasterKeyForAID(copyOfRange, getApplicationContext());
            if (this.appMasterKey != null) {
                this.authenticationStatus = AuthenticationStatus.SELECTED_APP;
                return new byte[]{0};
            }
        }
        return null;
    }

    @Override // android.app.Service
    public void onCreate() {
        super.onCreate();
        this.nfcID = Nfc.getNfcID(getApplicationContext());
        Log.i(TAG, "onCreate");
    }

    @Override // android.nfc.cardemulation.HostApduService
    public void onDeactivated(int i) {
        switch (i) {
            case 0:
                Log.i(TAG, "onDeactivated: DEACTIVATION_LINK_LOSS");
                return;
            case 1:
                Log.i(TAG, "onDeactivated: DEACTIVATION_DESELECTED");
                return;
            default:
                Log.i(TAG, "onDeactivated: " + i);
                return;
        }
    }

    @Override // android.app.Service
    public boolean onUnbind(Intent intent) {
        Log.i(TAG, "onUnbind");
        this.authenticationStatus = AuthenticationStatus.IDLE;
        this.appMasterKey = null;
        return super.onUnbind(intent);
    }

    @Override // android.nfc.cardemulation.HostApduService
    public byte[] processCommandApdu(byte[] bArr, Bundle bundle) {
        byte[] handleFileReadRequest;
        if (LOGGING) {
            Log.d(TAG, ">> " + ByteUtils.byteArrayToHexString(bArr));
        }
        switch (this.authenticationStatus) {
            case IDLE:
                handleFileReadRequest = handleSelectLoxoneAndAid(bArr);
                break;
            case SELECTED:
                handleFileReadRequest = handleSelectNfcApplication(bArr);
                break;
            case SELECTED_APP:
                handleFileReadRequest = handleAuthenticationRequest(bArr);
                break;
            case AUTH_REQUEST:
                handleFileReadRequest = handleAuthenticationResponse(bArr);
                break;
            case AUTHENTICATED:
                handleFileReadRequest = handleFileReadRequest(bArr);
                break;
            default:
                if (LOGGING) {
                    Log.e(TAG, "Unexpected CMD");
                }
                handleFileReadRequest = this.NOT_ALLOWED_RESPONSE;
                break;
        }
        if (handleFileReadRequest == null) {
            if (LOGGING) {
                Log.e(TAG, "Cancel due to unexpected error");
            }
            handleFileReadRequest = this.UNKNOWN_ERROR_RESPONSE;
        }
        if (handleFileReadRequest == this.NOT_ALLOWED_RESPONSE || handleFileReadRequest == this.UNKNOWN_ERROR_RESPONSE) {
            this.authenticationStatus = AuthenticationStatus.ERROR;
            Toast.makeText(getApplicationContext(), R.string.res_0x7f07003d_nfc_hce_failed, 0).show();
        }
        if (LOGGING) {
            Log.d(TAG, "<< " + ByteUtils.byteArrayToHexString(handleFileReadRequest));
        }
        return handleFileReadRequest;
    }
}
