package com.loxone.kerberos.nfc;

import android.content.Intent;
import android.nfc.cardemulation.HostApduService;
import android.os.Bundle;
import android.support.annotation.Nullable;
import android.util.Log;
import android.widget.Toast;
import com.loxone.kerberos.R;
import com.loxone.kerberos.helper.SecurePreferences;
import com.loxone.kerberos.nfc.utils.ByteUtils;
import com.loxone.kerberos.nfc.utils.CryptoUtils;
import com.nxp.nfclib.icode.IICodeBase;
import java.math.BigInteger;
import java.util.Locale;
import java.util.zip.CRC32;
import javax.crypto.spec.IvParameterSpec;
import org.json.JSONObject;

/* loaded from: classes10.dex */
public class NfcHceService extends HostApduService {
    private static final byte AUTH_CMD = -86;
    private static final byte AUTH_CONTINUE_CMD = -81;
    private static final byte CREATE_APP_CMD = -54;
    private static final byte CREATE_FILE_CMD = 61;
    private static final byte DELETE_APP_CMD = -38;
    private static final String KEY_FILE = "FILE_%1$d";
    private static final String KEY_NFC_APP_KEY = "KEY_%1$d";
    private static final String KEY_NFC_UID = "NFC_UID";
    private static final boolean LOGGING = true;
    private static final byte READ_FILE_CMD = -67;
    private static final byte SELECT_APP_CMD = 90;
    private static final String TAG = "NfcHceService";
    private static final byte UID_LENGTH = 7;
    private static SecurePreferences preferences;
    private byte[] currentKey;
    private byte[] rndB;
    private byte[] rndB_enc;
    private byte[] selectedAID;
    private byte[] sessionKey;
    private static final byte CHANGE_KEY_CMD = -60;
    private static final byte[] DEFAULT_CARD_MASTER_KEY = {10, 112, -89, -110, 85, 114, 65, -85, 66, 112, 23, -122, -62, -111, -35, CHANGE_KEY_CMD};
    private static final String LOXONE_AID = "F04C6F786F6E654E6663";
    private static final byte[] SELECT_APDU = buildSelectApdu(LOXONE_AID);
    private static final byte[] OPERATION_OK = {0};
    private static final byte[] NOT_ALLOWED_RESPONSE = {105, 0};
    private static final byte[] UNKNOWN_ERROR_RESPONSE = {111, 0};
    private static final byte[] ILLEGAL_COMMAND_CODE = {28};
    private static final byte[] INTEGRITY_ERROR = {30};
    private static final byte[] NO_SUCH_KEY = {IICodeBase.NFCV_FLAG_OPTION};
    private static final byte[] LENGTH_ERROR = {126};
    private static final byte[] PERMISSION_DENIED = {-99};
    private static final byte[] PARAMETER_ERROR = {-98};
    private static final byte[] APPLICATION_NOT_FOUND = {-96};
    private static final byte[] APPL_INTEGRITY_ERROR = {-95};
    private static final byte[] AUTHENTICATION_ERROR = {-82};
    private static final byte[] DUPLICATE_ERROR = {-34};
    private static final byte[] FILE_NOT_FOUND = {-16};
    private static final byte[] FILE_INTEGRITY_ERROR = {-15};
    private static byte[] nfcUID = null;

    private static byte[] buildSelectApdu(String str) {
        return ByteUtils.hexStringToByteArray("00A40400" + String.format("%02X", Integer.valueOf(str.length() / 2)) + str);
    }

    private boolean checkCrc32(byte[] bArr, byte[] bArr2) {
        long hex2dec = hex2dec(bArr2);
        long crc32Checksum = crc32Checksum(bArr);
        Log.v(TAG, "  - " + hex2dec + " " + ByteUtils.byteArrayToHexString(bArr2));
        Log.v(TAG, "  - calculated " + crc32Checksum + " " + ByteUtils.byteArrayToHexString(dec2hex(crc32Checksum)));
        if (hex2dec == crc32Checksum) {
            return LOGGING;
        }
        return false;
    }

    @Nullable
    private byte[] checkPermissions(boolean z, boolean z2) {
        if (z && this.sessionKey == null) {
            Log.v(TAG, " - not authenticated..");
            return PERMISSION_DENIED;
        }
        if (!z2 || this.selectedAID != null) {
            return null;
        }
        Log.v(TAG, " - no application selected..");
        return ILLEGAL_COMMAND_CODE;
    }

    private long crc32Checksum(byte[] bArr) {
        CRC32 crc32 = new CRC32();
        crc32.update(bArr, 0, bArr.length);
        return crc32.getValue();
    }

    private byte[] dec2hex(long j) {
        return ByteUtils.hexStringToByteArray(Integer.toHexString((int) j));
    }

    private JSONObject getJsonObjectForApplication(byte[] bArr) {
        try {
            String byteArrayToHexString = ByteUtils.byteArrayToHexString(bArr);
            if (preferences.containsKey(byteArrayToHexString)) {
                return new JSONObject(preferences.getString(byteArrayToHexString));
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return new JSONObject();
    }

    /* JADX WARN: Code restructure failed: missing block: B:12:0x0009, code lost:
    
        r4 = null;
     */
    @android.support.annotation.Nullable
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private byte[] getKeyForApplication(byte[] r10, int r11) {
        /*
            r9 = this;
            long r4 = r9.hex2dec(r10)     // Catch: java.lang.Exception -> L2f
            int r0 = (int) r4     // Catch: java.lang.Exception -> L2f
            if (r0 != 0) goto La
            byte[] r4 = com.loxone.kerberos.nfc.NfcHceService.DEFAULT_CARD_MASTER_KEY     // Catch: java.lang.Exception -> L2f
        L9:
            return r4
        La:
            java.util.Locale r4 = java.util.Locale.US     // Catch: java.lang.Exception -> L2f
            java.lang.String r5 = "KEY_%1$d"
            r6 = 1
            java.lang.Object[] r6 = new java.lang.Object[r6]     // Catch: java.lang.Exception -> L2f
            r7 = 0
            java.lang.Integer r8 = java.lang.Integer.valueOf(r11)     // Catch: java.lang.Exception -> L2f
            r6[r7] = r8     // Catch: java.lang.Exception -> L2f
            java.lang.String r3 = java.lang.String.format(r4, r5, r6)     // Catch: java.lang.Exception -> L2f
            org.json.JSONObject r1 = r9.getJsonObjectForApplication(r10)     // Catch: java.lang.Exception -> L2f
            boolean r4 = r1.has(r3)     // Catch: java.lang.Exception -> L2f
            if (r4 == 0) goto L33
            java.lang.String r4 = r1.getString(r3)     // Catch: java.lang.Exception -> L2f
            byte[] r4 = com.loxone.kerberos.nfc.utils.ByteUtils.hexStringToByteArray(r4)     // Catch: java.lang.Exception -> L2f
            goto L9
        L2f:
            r2 = move-exception
            r2.printStackTrace()
        L33:
            r4 = 0
            goto L9
        */
        throw new UnsupportedOperationException("Method not decompiled: com.loxone.kerberos.nfc.NfcHceService.getKeyForApplication(byte[], int):byte[]");
    }

    private byte[] getNfcUID() {
        if (preferences.containsKey(KEY_NFC_UID)) {
            return ByteUtils.hexStringToByteArray(preferences.getString(KEY_NFC_UID));
        }
        byte[] randomBytes = ByteUtils.randomBytes(7);
        preferences.put(KEY_NFC_UID, ByteUtils.byteArrayToHexString(randomBytes));
        return randomBytes;
    }

    @Nullable
    private byte[] handleAuthenticationRequest(byte[] bArr) {
        Log.v(TAG, "Received AES Auth CMD");
        try {
            byte b = bArr[1];
            Log.v(TAG, " - keyNo: " + ((int) b));
            if (this.selectedAID != null) {
                this.currentKey = getKeyForApplication(this.selectedAID, b);
                if (this.currentKey == null) {
                    Log.v(TAG, " - no key found");
                    return NO_SUCH_KEY;
                }
            } else {
                this.selectedAID = new byte[]{0};
                this.currentKey = DEFAULT_CARD_MASTER_KEY;
            }
            Log.v(TAG, " - AuthKey: " + ByteUtils.byteArrayToHexString(this.currentKey));
            this.rndB = ByteUtils.randomBytes(16);
            Log.v(TAG, "  - Generated RndB: " + ByteUtils.byteArrayToHexString(this.rndB));
            this.rndB_enc = CryptoUtils.encryptAESData(this.rndB, this.currentKey, new IvParameterSpec(new byte[16]), CryptoUtils.NO_PADDING);
            Log.v(TAG, "  - Encrypted RndB: " + ByteUtils.byteArrayToHexString(this.rndB_enc));
            return ByteUtils.concatArrays(new byte[]{AUTH_CONTINUE_CMD}, this.rndB_enc);
        } catch (Throwable th) {
            th.printStackTrace();
            return null;
        }
    }

    @Nullable
    private byte[] handleAuthenticationResponse(byte[] bArr) {
        byte[] bArr2 = null;
        Log.v(TAG, "Received AES Auth Response");
        byte[] subbytes = ByteUtils.subbytes(bArr, 1, 33);
        try {
            Log.v(TAG, "  - Encrypted: " + ByteUtils.byteArrayToHexString(subbytes));
            IvParameterSpec ivParameterSpec = new IvParameterSpec(this.rndB_enc);
            Log.v(TAG, "  - IV: " + ByteUtils.byteArrayToHexString(ivParameterSpec.getIV()));
            byte[] decryptAESData = CryptoUtils.decryptAESData(subbytes, this.currentKey, ivParameterSpec, CryptoUtils.NO_PADDING);
            Log.v(TAG, "  - Decrypted: " + ByteUtils.byteArrayToHexString(decryptAESData));
            byte[] subbytes2 = ByteUtils.subbytes(decryptAESData, 0, 16);
            byte[] subbytes3 = ByteUtils.subbytes(decryptAESData, 16, 32);
            byte[] shiftRight = ByteUtils.shiftRight(subbytes3);
            Log.v(TAG, "  - Received RndA: " + ByteUtils.byteArrayToHexString(subbytes2));
            Log.v(TAG, "  - Received Shifted RndB: " + ByteUtils.byteArrayToHexString(subbytes3));
            Log.v(TAG, "  - Received RndB: " + ByteUtils.byteArrayToHexString(shiftRight));
            if (ByteUtils.equals(this.rndB, shiftRight)) {
                byte[] shiftLeft = ByteUtils.shiftLeft(subbytes2);
                Log.v(TAG, "  - Shifted RndA: " + ByteUtils.byteArrayToHexString(shiftLeft));
                IvParameterSpec ivParameterSpec2 = new IvParameterSpec(ByteUtils.subbytes(subbytes, 16, 32));
                Log.v(TAG, " - IV: " + ByteUtils.byteArrayToHexString(ivParameterSpec2.getIV()));
                byte[] encryptAESData = CryptoUtils.encryptAESData(shiftLeft, this.currentKey, ivParameterSpec2, CryptoUtils.NO_PADDING);
                this.currentKey = null;
                this.sessionKey = CryptoUtils.generatedAesSessionKey(subbytes2, shiftRight);
                Log.v(TAG, " - AES Session Key: " + ByteUtils.byteArrayToHexString(this.sessionKey));
                bArr2 = ByteUtils.concatArrays(OPERATION_OK, encryptAESData);
            } else {
                Log.v(TAG, "Authentication failed!");
                bArr2 = AUTHENTICATION_ERROR;
            }
        } catch (Throwable th) {
            th.printStackTrace();
        }
        return bArr2;
    }

    @Nullable
    private byte[] handleChangeKeyRequest(byte[] bArr) {
        Log.v(TAG, "Received Change Key Request");
        byte[] checkPermissions = checkPermissions(LOGGING, LOGGING);
        if (checkPermissions != null) {
            return checkPermissions;
        }
        try {
            byte b = bArr[1];
            byte[] decryptAESData = CryptoUtils.decryptAESData(ByteUtils.subbytes(bArr, 2), this.sessionKey, new IvParameterSpec(new byte[16]), CryptoUtils.ZERO_BYTE_PADDING);
            byte[] subbytes = ByteUtils.subbytes(decryptAESData, 0, 16);
            byte b2 = decryptAESData[16];
            Log.v(TAG, " - keyNo " + ((int) b));
            Log.v(TAG, " - keyVersion " + ((int) b2));
            Log.v(TAG, " - key " + ByteUtils.byteArrayToHexString(subbytes));
            setKeyForApplication(this.selectedAID, b, subbytes);
            return OPERATION_OK;
        } catch (Throwable th) {
            th.printStackTrace();
            return null;
        }
    }

    private byte[] handleCreateApplicationRequest(byte[] bArr) {
        Log.v(TAG, "Received Create Application Request");
        byte[] checkPermissions = checkPermissions(LOGGING, LOGGING);
        if (checkPermissions != null) {
            return checkPermissions;
        }
        byte[] subbytes = ByteUtils.subbytes(bArr, 1, 4);
        ByteUtils.reverseByteArray(subbytes);
        if (hasApplicationForAID(subbytes)) {
            Log.v(TAG, " - Application already available, can't create");
            return DUPLICATE_ERROR;
        }
        Log.v(TAG, " - Created Application with AID " + ByteUtils.byteArrayToHexString(subbytes));
        this.selectedAID = subbytes;
        return OPERATION_OK;
    }

    @Nullable
    private byte[] handleCreateFileRequest(byte[] bArr) {
        byte[] bArr2;
        Log.v(TAG, "Received Create File Request");
        byte[] checkPermissions = checkPermissions(LOGGING, LOGGING);
        if (checkPermissions != null) {
            return checkPermissions;
        }
        try {
            byte b = bArr[1];
            byte[] subbytes = ByteUtils.subbytes(bArr, 2, 5);
            ByteUtils.reverseByteArray(subbytes);
            int hex2dec = (int) hex2dec(subbytes);
            Log.v(TAG, " - offset " + hex2dec);
            if (hex2dec != 0) {
                Log.v(TAG, " - can't handle offset != 0");
                bArr2 = PARAMETER_ERROR;
            } else {
                byte[] subbytes2 = ByteUtils.subbytes(bArr, 5, 8);
                ByteUtils.reverseByteArray(subbytes2);
                int hex2dec2 = (int) hex2dec(subbytes2);
                Log.v(TAG, " - length " + hex2dec2);
                byte[] subbytes3 = ByteUtils.subbytes(CryptoUtils.decryptAESData(ByteUtils.subbytes(bArr, 8), this.sessionKey, new IvParameterSpec(new byte[16]), CryptoUtils.ZERO_BYTE_PADDING), 0, hex2dec2);
                Log.v(TAG, " - fileNo " + ((int) b));
                Log.v(TAG, " - fileData " + ByteUtils.byteArrayToHexString(subbytes3));
                saveFileToApplication(this.selectedAID, b, subbytes3);
                bArr2 = OPERATION_OK;
            }
            return bArr2;
        } catch (Throwable th) {
            th.printStackTrace();
            return null;
        }
    }

    private byte[] handleDeleteApplicationRequest(byte[] bArr) {
        Log.v(TAG, "Received Delete Application Request");
        byte[] subbytes = ByteUtils.subbytes(bArr, 1);
        ByteUtils.reverseByteArray(subbytes);
        Log.v(TAG, " - AID " + ByteUtils.byteArrayToHexString(subbytes));
        if (!hasApplicationForAID(subbytes)) {
            Log.v(TAG, " - not found!");
            return APPLICATION_NOT_FOUND;
        }
        removeApplicationForAID(subbytes);
        Log.v(TAG, " - deleted");
        return OPERATION_OK;
    }

    @Nullable
    private byte[] handleReadFileRequest(byte[] bArr) {
        byte[] bArr2;
        Log.v(TAG, "Received Read File Request");
        byte[] checkPermissions = checkPermissions(LOGGING, LOGGING);
        if (checkPermissions != null) {
            return checkPermissions;
        }
        try {
            byte b = bArr[1];
            byte[] subbytes = ByteUtils.subbytes(bArr, 2, 5);
            ByteUtils.reverseByteArray(subbytes);
            int hex2dec = (int) hex2dec(subbytes);
            ByteUtils.reverseByteArray(subbytes);
            Log.v(TAG, " - offset " + hex2dec);
            if (hex2dec != 0) {
                Log.v(TAG, " - can't handle offset != 0");
                bArr2 = PARAMETER_ERROR;
            } else {
                byte[] subbytes2 = ByteUtils.subbytes(bArr, 5, 8);
                ByteUtils.reverseByteArray(subbytes2);
                int hex2dec2 = (int) hex2dec(subbytes2);
                ByteUtils.reverseByteArray(subbytes2);
                Log.v(TAG, " - length " + hex2dec2);
                byte[] readFileFromApplication = readFileFromApplication(this.selectedAID, b);
                if (readFileFromApplication == null) {
                    bArr2 = FILE_NOT_FOUND;
                } else if (readFileFromApplication.length != hex2dec2) {
                    Log.v(TAG, " - length of parameter and file doesn't match!");
                    bArr2 = LENGTH_ERROR;
                } else {
                    byte[] calculateCmac = CryptoUtils.calculateCmac(bArr, this.sessionKey, 16);
                    Log.v(TAG, " - Cmac: " + ByteUtils.byteArrayToHexString(calculateCmac));
                    byte[] encryptAESData = CryptoUtils.encryptAESData(readFileFromApplication, this.sessionKey, new IvParameterSpec(calculateCmac), CryptoUtils.ZERO_BYTE_PADDING);
                    Toast.makeText(getApplicationContext(), R.string.res_0x7f07003b_nfc_hce_success, 0).show();
                    bArr2 = ByteUtils.concatArrays(OPERATION_OK, encryptAESData);
                }
            }
            return bArr2;
        } catch (Throwable th) {
            th.printStackTrace();
            return null;
        }
    }

    private byte[] handleSelectApplicationRequest(byte[] bArr) {
        Log.v(TAG, "Received Select Application");
        byte[] subbytes = ByteUtils.subbytes(bArr, 1);
        ByteUtils.reverseByteArray(subbytes);
        Log.v(TAG, " - AID: " + ByteUtils.byteArrayToHexString(subbytes));
        if (hasApplicationForAID(subbytes)) {
            this.selectedAID = subbytes;
            return OPERATION_OK;
        }
        this.selectedAID = null;
        return APPLICATION_NOT_FOUND;
    }

    private byte[] handleSelectLoxoneApp(byte[] bArr) {
        Log.v(TAG, "Received Select Loxone App");
        byte[] subbytes = ByteUtils.subbytes(bArr, bArr[4] + 4 + 1);
        if (subbytes == null || !ByteUtils.equals(subbytes, UID_LENGTH)) {
            Log.v(TAG, "Responding with WRONG Le and correct Le");
            return new byte[]{107, UID_LENGTH};
        }
        Log.v(TAG, " - NFC UID is " + ByteUtils.byteArrayToHexString(nfcUID));
        return ByteUtils.concatArrays(nfcUID, new byte[]{-112, 0});
    }

    private boolean hasApplicationForAID(byte[] bArr) {
        String byteArrayToHexString = ByteUtils.byteArrayToHexString(bArr);
        if (hex2dec(bArr) == 0 || preferences.containsKey(byteArrayToHexString)) {
            return LOGGING;
        }
        return false;
    }

    private long hex2dec(byte[] bArr) {
        return new BigInteger(ByteUtils.byteArrayToHexString(bArr), 16).longValue();
    }

    @Nullable
    private byte[] readFileFromApplication(byte[] bArr, int i) {
        try {
            String format = String.format(Locale.US, KEY_FILE, Integer.valueOf(i));
            JSONObject jsonObjectForApplication = getJsonObjectForApplication(bArr);
            if (jsonObjectForApplication.has(format)) {
                return ByteUtils.hexStringToByteArray(jsonObjectForApplication.getString(format));
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }

    private void removeApplicationForAID(byte[] bArr) {
        String byteArrayToHexString = ByteUtils.byteArrayToHexString(bArr);
        if (preferences.containsKey(byteArrayToHexString)) {
            preferences.removeValue(byteArrayToHexString);
        }
    }

    private void saveFileToApplication(byte[] bArr, int i, byte[] bArr2) {
        try {
            String format = String.format(Locale.US, KEY_FILE, Integer.valueOf(i));
            JSONObject jsonObjectForApplication = getJsonObjectForApplication(bArr);
            jsonObjectForApplication.put(format, ByteUtils.byteArrayToHexString(bArr2));
            preferences.put(ByteUtils.byteArrayToHexString(bArr), jsonObjectForApplication.toString());
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private void setKeyForApplication(byte[] bArr, int i, byte[] bArr2) {
        try {
            String format = String.format(Locale.US, KEY_NFC_APP_KEY, Integer.valueOf(i));
            JSONObject jsonObjectForApplication = getJsonObjectForApplication(bArr);
            jsonObjectForApplication.put(format, ByteUtils.byteArrayToHexString(bArr2));
            preferences.put(ByteUtils.byteArrayToHexString(bArr), jsonObjectForApplication.toString());
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    @Override // android.app.Service
    public void onCreate() {
        Log.i(TAG, "onCreate");
        super.onCreate();
        if (preferences == null) {
            preferences = new SecurePreferences(getApplicationContext(), "NFC");
        }
        if (nfcUID == null) {
            nfcUID = getNfcUID();
        }
    }

    @Override // android.nfc.cardemulation.HostApduService
    public void onDeactivated(int i) {
        this.selectedAID = null;
        this.currentKey = null;
        this.rndB = null;
        this.rndB_enc = null;
        this.sessionKey = null;
        switch (i) {
            case 0:
                Log.i(TAG, "onDeactivated: DEACTIVATION_LINK_LOSS");
                return;
            case 1:
                Log.i(TAG, "onDeactivated: DEACTIVATION_DESELECTED");
                return;
            default:
                Log.i(TAG, "onDeactivated: " + i);
                return;
        }
    }

    @Override // android.app.Service
    public boolean onUnbind(Intent intent) {
        Log.i(TAG, "onUnbind");
        return super.onUnbind(intent);
    }

    @Override // android.nfc.cardemulation.HostApduService
    public byte[] processCommandApdu(byte[] bArr, Bundle bundle) {
        byte[] bArr2;
        Log.d(TAG, ">> " + ByteUtils.byteArrayToHexString(bArr));
        try {
            switch (bArr[0]) {
                case -86:
                    bArr2 = handleAuthenticationRequest(bArr);
                    break;
                case -81:
                    bArr2 = handleAuthenticationResponse(bArr);
                    break;
                case -67:
                    bArr2 = handleReadFileRequest(bArr);
                    break;
                case -60:
                    bArr2 = handleChangeKeyRequest(bArr);
                    break;
                case -54:
                    bArr2 = handleCreateApplicationRequest(bArr);
                    break;
                case -38:
                    bArr2 = handleDeleteApplicationRequest(bArr);
                    break;
                case 61:
                    bArr2 = handleCreateFileRequest(bArr);
                    break;
                case 90:
                    bArr2 = handleSelectApplicationRequest(bArr);
                    break;
                default:
                    if (!ByteUtils.startsWith(bArr, SELECT_APDU)) {
                        Log.e(TAG, "Unexpected CMD");
                        bArr2 = NOT_ALLOWED_RESPONSE;
                        break;
                    } else {
                        bArr2 = handleSelectLoxoneApp(bArr);
                        break;
                    }
            }
        } catch (Throwable th) {
            th.printStackTrace();
            bArr2 = UNKNOWN_ERROR_RESPONSE;
        }
        if (bArr2 == null) {
            Log.e(TAG, "Cancel due to unexpected error");
            bArr2 = UNKNOWN_ERROR_RESPONSE;
        }
        if (bArr2[0] != OPERATION_OK[0] && bArr2[0] != -81 && !ByteUtils.startsWith(bArr2, nfcUID)) {
            Toast.makeText(getApplicationContext(), R.string.res_0x7f07003a_nfc_hce_failed, 0).show();
        }
        Log.d(TAG, "<< " + ByteUtils.byteArrayToHexString(bArr2));
        return bArr2;
    }
}
