package es.gob.jmulticard.card.dnie;

import es.gob.jmulticard.CancelledOperationException;
import es.gob.jmulticard.CryptoHelper;
import es.gob.jmulticard.HexUtils;
import es.gob.jmulticard.apdu.ResponseApdu;
import es.gob.jmulticard.apdu.connection.ApduConnection;
import es.gob.jmulticard.apdu.connection.ApduConnectionException;
import es.gob.jmulticard.apdu.connection.LostChannelException;
import es.gob.jmulticard.apdu.connection.cwa14890.Cwa14890Connection;
import es.gob.jmulticard.apdu.connection.cwa14890.Cwa14890OneV1Connection;
import es.gob.jmulticard.apdu.connection.cwa14890.SecureChannelException;
import es.gob.jmulticard.apdu.dnie.ChangePINApduCommand;
import es.gob.jmulticard.apdu.dnie.GetChipInfoApduCommand;
import es.gob.jmulticard.apdu.dnie.RetriesLeftApduCommand;
import es.gob.jmulticard.apdu.dnie.VerifyApduCommand;
import es.gob.jmulticard.apdu.iso7816eight.PsoSignHashApduCommand;
import es.gob.jmulticard.apdu.iso7816four.ExternalAuthenticateApduCommand;
import es.gob.jmulticard.apdu.iso7816four.InternalAuthenticateApduCommand;
import es.gob.jmulticard.apdu.iso7816four.MseSetAuthenticationKeyApduCommand;
import es.gob.jmulticard.apdu.iso7816four.MseSetComputationApduCommand;
import es.gob.jmulticard.asn1.der.pkcs1.DigestInfo;
import es.gob.jmulticard.asn1.der.pkcs15.Cdf;
import es.gob.jmulticard.asn1.der.pkcs15.PrKdf;
import es.gob.jmulticard.callback.CustomAuthorizeCallback;
import es.gob.jmulticard.card.AuthenticationModeLockedException;
import es.gob.jmulticard.card.BadPinException;
import es.gob.jmulticard.card.CardMessages;
import es.gob.jmulticard.card.CompressionUtils;
import es.gob.jmulticard.card.CryptoCardException;
import es.gob.jmulticard.card.Location;
import es.gob.jmulticard.card.PasswordCallbackNotFoundException;
import es.gob.jmulticard.card.PinException;
import es.gob.jmulticard.card.PrivateKeyReference;
import es.gob.jmulticard.card.cwa14890.Cwa14890Card;
import es.gob.jmulticard.card.cwa14890.Cwa14890PrivateConstants;
import es.gob.jmulticard.card.cwa14890.Cwa14890PublicConstants;
import es.gob.jmulticard.card.iso7816eight.Iso7816EightCard;
import es.gob.jmulticard.card.iso7816four.Iso7816FourCardException;
import es.gob.jmulticard.card.pace.PaceConnection;
import java.io.IOException;
import java.security.AccessControlException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.logging.Logger;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.commons.io.IOUtils;

/* loaded from: classes.dex */
public class Dnie extends Iso7816EightCard implements Dni, Cwa14890Card {
    private static final String AUTH_KEY_LABEL = "KprivAutenticacion";
    public static final String CERT_ALIAS_AUTH = "CertAutenticacion";
    private static final String CERT_ALIAS_CYPHER = "CertCifrado";
    private static final String CERT_ALIAS_INTERMEDIATE_CA = "CertCAIntermediaDGP";
    public static final String CERT_ALIAS_SIGN = "CertFirmaDigital";
    private static final String CERT_ALIAS_SIGNALIAS = "CertFirmaSeudonimo";
    private static final String CYPH_KEY_LABEL = "KprivCifrado";
    private static final int DEFAULT_KEY_SIZE = 2048;
    private static final byte ERROR_PIN_SW1 = 99;
    private static final String MASTER_FILE_NAME = "Master.File";
    private static final String SIGN_KEY_LABEL = "KprivFirmaDigital";
    private String[] aliases;
    private X509Certificate authCert;
    private Location authCertPath;
    private DniePrivateKeyReference authKeyRef;
    private CallbackHandler callbackHandler;
    protected final CryptoHelper cryptoHelper;
    private X509Certificate cyphCert;
    private Location cyphCertPath;
    private DniePrivateKeyReference cyphKeyRef;
    private X509Certificate intermediateCaCert;
    private PasswordCallback passwordCallback;
    protected ApduConnection rawConnection;
    private X509Certificate signAliasCert;
    private Location signAliasCertPath;
    private DniePrivateKeyReference signAliasKeyRef;
    private X509Certificate signCert;
    private Location signCertPath;
    private DniePrivateKeyReference signKeyRef;
    protected static final Logger LOGGER = Logger.getLogger("es.gob.jmulticard");
    private static final boolean PIN_AUTO_RETRY = true;
    private static final byte[] CERT_ICC_FILE_ID = {96, 31};
    protected static final Location CDF_LOCATION = new Location("50156004");
    protected static final Location PRKDF_LOCATION = new Location("50156001");

    /* JADX INFO: Access modifiers changed from: package-private */
    public Dnie(ApduConnection apduConnection, PasswordCallback passwordCallback, CryptoHelper cryptoHelper, CallbackHandler callbackHandler) throws ApduConnectionException {
        this(apduConnection, passwordCallback, cryptoHelper, callbackHandler, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Dnie(ApduConnection apduConnection, PasswordCallback passwordCallback, CryptoHelper cryptoHelper, CallbackHandler callbackHandler, boolean z) throws ApduConnectionException {
        super((byte) 0, apduConnection);
        this.aliases = null;
        this.cyphCertPath = null;
        this.signAliasCertPath = null;
        this.cyphKeyRef = null;
        this.signAliasKeyRef = null;
        apduConnection.reset();
        connect(apduConnection);
        this.rawConnection = apduConnection;
        this.callbackHandler = callbackHandler;
        try {
            selectMasterFile();
        } catch (Iso7816FourCardException e) {
            LOGGER.warning("No se ha podido seleccionar el directorio raiz antes de leer las estructuras: " + e);
        }
        this.passwordCallback = passwordCallback;
        if (cryptoHelper == null) {
            throw new IllegalArgumentException("El CryptoHelper no puede ser nulo");
        }
        this.cryptoHelper = cryptoHelper;
        if (z) {
            preloadCertificates();
            loadKeyReferences();
        }
    }

    public static void connect(ApduConnection apduConnection) throws ApduConnectionException {
        if (apduConnection.isOpen()) {
            return;
        }
        apduConnection.open();
    }

    private int getPinRetriesLeft() throws PinException {
        try {
            return getConnection().transmit(new RetriesLeftApduCommand()).getStatusWord().getLsb() + 64;
        } catch (ApduConnectionException e) {
            throw new PinException("Error obteniendo el PIN del CallbackHandler: " + e);
        }
    }

    private X509Certificate loadCertificate(Location location) throws IOException, Iso7816FourCardException, CertificateException {
        selectMasterFile();
        return CompressionUtils.getCertificateFromCompressedOrNotData(selectFileByLocationAndRead(location));
    }

    public byte[] changePIN(String str, String str2) throws CryptoCardException, PinException, AuthenticationModeLockedException {
        openSecureChannelIfNotAlreadyOpened();
        try {
            selectMasterFile();
            selectFileById(new byte[]{0, 0});
            ResponseApdu transmit = getConnection().transmit(new ChangePINApduCommand(str.getBytes(), str2.getBytes()));
            if (transmit.isOk()) {
                return transmit.getData();
            }
            throw new DnieCardException("Error en el establecimiento de las variables de entorno para el cambio de PIN", transmit.getStatusWord());
        } catch (LostChannelException e) {
            LOGGER.warning("Se ha perdido el canal seguro para cambiar el PIN, se procede a recuperarlo: " + e);
            try {
                getConnection().close();
                if (getConnection() instanceof Cwa14890Connection) {
                    setConnection(((Cwa14890Connection) getConnection()).getSubConnection());
                }
                return changePIN(str, str2);
            } catch (Exception e2) {
                throw new DnieCardException("No se pudo recuperar el canal seguro para firmar: " + e2, e2);
            }
        } catch (ApduConnectionException e3) {
            throw new DnieCardException("Error en la transmision de comandos a la tarjeta: " + e3, e3);
        } catch (Iso7816FourCardException e4) {
            throw new DnieCardException("No se pudo seleccionar el fichero de PIN de la tarjeta: " + e4, e4);
        }
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public boolean externalAuthentication(byte[] bArr) throws ApduConnectionException {
        return getConnection().transmit(new ExternalAuthenticateApduCommand((byte) 0, bArr)).isOk();
    }

    public String[] getAliases() {
        if (this.aliases == null) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(CERT_ALIAS_AUTH);
            arrayList.add(CERT_ALIAS_SIGN);
            if (this.cyphCertPath != null) {
                arrayList.add(CERT_ALIAS_CYPHER);
            }
            if (this.signAliasCertPath != null) {
                arrayList.add(CERT_ALIAS_SIGNALIAS);
            }
            this.aliases = (String[]) arrayList.toArray(new String[0]);
        }
        return this.aliases;
    }

    @Override // es.gob.jmulticard.card.SmartCard
    public String getCardName() {
        return "DNIe";
    }

    public Cdf getCdf() throws ApduConnectionException {
        Cdf cdf = new Cdf();
        try {
            selectMasterFile();
            cdf.setDerValue(selectFileByLocationAndRead(CDF_LOCATION));
            return cdf;
        } catch (Exception e) {
            throw new ApduConnectionException("No se ha podido cargar el CDF de la tarjeta: " + e.toString(), e);
        }
    }

    public X509Certificate getCertificate(String str) throws CryptoCardException, PinException {
        if (this.authCert == null) {
            loadCertificates();
        }
        if (CERT_ALIAS_AUTH.equals(str)) {
            return this.authCert;
        }
        if (CERT_ALIAS_SIGN.equals(str)) {
            return this.signCert;
        }
        if (CERT_ALIAS_INTERMEDIATE_CA.equals(str)) {
            return this.intermediateCaCert;
        }
        if (CERT_ALIAS_CYPHER.equals(str)) {
            return this.cyphCert;
        }
        if (CERT_ALIAS_SIGNALIAS.equals(str)) {
            return this.signAliasCert;
        }
        return null;
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public byte[] getChrCCvIfd(Cwa14890PublicConstants cwa14890PublicConstants) {
        return cwa14890PublicConstants.getChrCCvIfd();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CryptoHelper getCryptoHelper() {
        return this.cryptoHelper;
    }

    protected Cwa14890PrivateConstants getCwa14890PrivateConstants() {
        return new DnieCwa14890Constants();
    }

    protected Cwa14890PublicConstants getCwa14890PublicConstants() {
        return new DnieCwa14890Constants();
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public byte[] getIccCertEncoded() throws IOException {
        try {
            selectMasterFile();
            return selectFileByIdAndRead(CERT_ICC_FILE_ID);
        } catch (ApduConnectionException e) {
            throw new IOException("Error en el envio de APDU para la seleccion del certificado de componente de la tarjeta: " + e, e);
        } catch (Iso7816FourCardException e2) {
            throw new IOException("Error en la seleccion del certificado de componente de la tarjeta: " + e2, e2);
        }
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public int getIfdKeyLength(Cwa14890PublicConstants cwa14890PublicConstants) {
        return cwa14890PublicConstants.getIfdKeyLength();
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public RSAPrivateKey getIfdPrivateKey(Cwa14890PrivateConstants cwa14890PrivateConstants) {
        return cwa14890PrivateConstants.getIfdPrivateKey();
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public byte[] getInternalAuthenticateMessage(byte[] bArr, byte[] bArr2) throws ApduConnectionException {
        ResponseApdu transmit = getConnection().transmit(new InternalAuthenticateApduCommand((byte) 0, bArr, bArr2));
        if (transmit.isOk()) {
            return transmit.getData();
        }
        throw new ApduConnectionException("Respuesta invalida en la obtencion del mensaje de autenticacion interna con el codigo: " + transmit.getStatusWord());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PasswordCallback getInternalPasswordCallback() throws PinException, PasswordCallbackNotFoundException {
        return getInternalPasswordCallback(false);
    }

    protected PasswordCallback getInternalPasswordCallback(boolean z) throws PinException, PasswordCallbackNotFoundException {
        if (this.passwordCallback != null) {
            if (getPinRetriesLeft() != 0) {
                return this.passwordCallback;
            }
            throw new AuthenticationModeLockedException();
        }
        CallbackHandler callbackHandler = this.callbackHandler;
        if (callbackHandler == null) {
            throw new PasswordCallbackNotFoundException("No hay ningun metodo para obtener el PIN");
        }
        if (z && (callbackHandler instanceof CacheElement)) {
            ((CacheElement) callbackHandler).reset();
        }
        int pinRetriesLeft = getPinRetriesLeft();
        if (pinRetriesLeft == 0) {
            throw new AuthenticationModeLockedException();
        }
        PasswordCallback passwordCallback = new PasswordCallback(getPinMessage(pinRetriesLeft), false);
        try {
            this.callbackHandler.handle(new Callback[]{passwordCallback});
            if (passwordCallback.getPassword() == null || passwordCallback.getPassword().toString().isEmpty()) {
                throw new PinException("El PIN no puede ser nulo ni vacio");
            }
            return passwordCallback;
        } catch (IOException e) {
            throw new PinException("Error obteniendo el PIN del CallbackHandler: " + e, e);
        } catch (UnsupportedCallbackException e2) {
            throw new PasswordCallbackNotFoundException("El CallbackHandler no soporta pedir el PIN al usuario: " + e2, e2);
        }
    }

    protected PasswordCallback getPasswordCallback() {
        return this.passwordCallback;
    }

    protected String getPinMessage(int i) {
        return CardMessages.getString("Dnie.0", Integer.toString(i));
    }

    public PrivateKeyReference getPrivateKey(String str) {
        if (CERT_ALIAS_AUTH.equals(str)) {
            return this.authKeyRef;
        }
        if (CERT_ALIAS_SIGN.equals(str)) {
            return this.signKeyRef;
        }
        if (CERT_ALIAS_CYPHER.equals(str)) {
            return this.cyphKeyRef;
        }
        if (CERT_ALIAS_SIGNALIAS.equals(str)) {
            return this.signAliasKeyRef;
        }
        return null;
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public byte[] getRefIccPrivateKey(Cwa14890PublicConstants cwa14890PublicConstants) {
        return cwa14890PublicConstants.getRefIccPrivateKey();
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public byte[] getSerialNumber() throws ApduConnectionException {
        ResponseApdu transmit = getConnection().transmit(new GetChipInfoApduCommand());
        if (transmit.isOk()) {
            return transmit.getData();
        }
        throw new ApduConnectionException("Respuesta invalida en la obtencion del numero de serie con el codigo: " + transmit.getStatusWord());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isSecurityChannelOpen() {
        return (getConnection() instanceof Cwa14890Connection) && getConnection().isOpen() && !(getConnection() instanceof PaceConnection);
    }

    protected void loadCertificates() throws CryptoCardException, PinException {
        openSecureChannelIfNotAlreadyOpened();
        loadCertificatesInternal();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void loadCertificatesInternal() throws CryptoCardException {
        if (this.authCert == null || this.signCert == null || ((this.cyphCert == null && this.cyphCertPath != null) || (this.signAliasCert == null && this.signAliasCertPath != null))) {
            try {
                this.signCert = loadCertificate(this.signCertPath);
                this.authCert = loadCertificate(this.authCertPath);
                Location location = this.cyphCertPath;
                if (location != null) {
                    this.cyphCert = loadCertificate(location);
                }
                Location location2 = this.signAliasCertPath;
                if (location2 != null) {
                    this.signAliasCert = loadCertificate(location2);
                }
            } catch (Iso7816FourCardException e) {
                throw new CryptoCardException("Error al cargar los certificados del DNIe: " + e, e);
            } catch (IOException e2) {
                throw new CryptoCardException("Error al cargar los certificados del DNIe, error en la descompresion de los datos: " + e2, e2);
            } catch (CertificateException e3) {
                throw new CryptoCardException("Error al cargar los certificados del DNIe, no es posible obtener una factoria de certificados X.509: " + e3, e3);
            }
        }
    }

    protected void loadKeyReferences() {
        PrKdf prKdf = new PrKdf();
        try {
            prKdf.setDerValue(selectFileByLocationAndRead(PRKDF_LOCATION));
            for (int i = 0; i < prKdf.getKeyCount(); i++) {
                if (AUTH_KEY_LABEL.equals(prKdf.getKeyName(i))) {
                    this.authKeyRef = new DniePrivateKeyReference(this, prKdf.getKeyIdentifier(i), new Location(prKdf.getKeyPath(i)), AUTH_KEY_LABEL, prKdf.getKeyReference(i), 2048);
                } else if (SIGN_KEY_LABEL.equals(prKdf.getKeyName(i))) {
                    this.signKeyRef = new DniePrivateKeyReference(this, prKdf.getKeyIdentifier(i), new Location(prKdf.getKeyPath(i)), SIGN_KEY_LABEL, prKdf.getKeyReference(i), 2048);
                } else if (CYPH_KEY_LABEL.equals(prKdf.getKeyName(i))) {
                    this.cyphKeyRef = new DniePrivateKeyReference(this, prKdf.getKeyIdentifier(i), new Location(prKdf.getKeyPath(i)), CYPH_KEY_LABEL, prKdf.getKeyReference(i), 2048);
                } else {
                    this.signAliasKeyRef = new DniePrivateKeyReference(this, prKdf.getKeyIdentifier(i), new Location(prKdf.getKeyPath(i)), prKdf.getKeyName(i), prKdf.getKeyReference(i), 2048);
                }
            }
        } catch (Exception e) {
            throw new IllegalStateException("No se ha podido cargar el PrKDF de la tarjeta: " + e.toString());
        }
    }

    protected boolean needAuthorizationToSign() {
        return true;
    }

    public void openSecureChannelIfNotAlreadyOpened() throws CryptoCardException, PinException {
        if (isSecurityChannelOpen()) {
            return;
        }
        if (!(getConnection() instanceof Cwa14890Connection)) {
            try {
                setConnection(new Cwa14890OneV1Connection(this, getConnection(), this.cryptoHelper, getCwa14890PublicConstants(), getCwa14890PrivateConstants()));
            } catch (ApduConnectionException e) {
                throw new CryptoCardException("Error en el establecimiento del canal seguro: " + e, e);
            }
        }
        try {
            verifyPin(getInternalPasswordCallback());
        } catch (ApduConnectionException e2) {
            throw new CryptoCardException("Error en la apertura del canal seguro: " + e2, e2);
        }
    }

    protected void preloadCertificates() throws ApduConnectionException {
        Cdf cdf = getCdf();
        for (int i = 0; i < cdf.getCertificateCount(); i++) {
            String certificateAlias = cdf.getCertificateAlias(i);
            if (CERT_ALIAS_AUTH.equals(certificateAlias)) {
                this.authCertPath = new Location(cdf.getCertificatePath(i));
            } else if (CERT_ALIAS_SIGN.equals(certificateAlias)) {
                this.signCertPath = new Location(cdf.getCertificatePath(i));
            } else if (CERT_ALIAS_CYPHER.equals(certificateAlias)) {
                this.cyphCertPath = new Location(cdf.getCertificatePath(i));
            } else if (CERT_ALIAS_INTERMEDIATE_CA.equals(certificateAlias)) {
                try {
                    this.intermediateCaCert = CompressionUtils.getCertificateFromCompressedOrNotData(selectFileByLocationAndRead(new Location(cdf.getCertificatePath(i))));
                } catch (Exception e) {
                    LOGGER.warning("No se ha podido cargar el certificado de la autoridad intermedia del CNP: " + e);
                    this.intermediateCaCert = null;
                }
            } else {
                this.signAliasCertPath = new Location(cdf.getCertificatePath(i));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // es.gob.jmulticard.card.iso7816four.Iso7816FourCard
    public void selectMasterFile() throws ApduConnectionException, Iso7816FourCardException {
        selectFileByName(MASTER_FILE_NAME);
    }

    public void setCallbackHandler(CallbackHandler callbackHandler) {
        this.callbackHandler = callbackHandler;
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public void setKeysToAuthentication(byte[] bArr, byte[] bArr2) throws ApduConnectionException {
        ResponseApdu transmit = getConnection().transmit(new MseSetAuthenticationKeyApduCommand((byte) 0, bArr, bArr2));
        if (!transmit.isOk()) {
            throw new SecureChannelException("Error durante el establecimiento de las claves publica y privada para atenticacion (error: " + HexUtils.hexify(transmit.getBytes(), true) + ")");
        }
    }

    public void setPasswordCallback(PasswordCallback passwordCallback) {
        this.passwordCallback = passwordCallback;
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public byte[] sign(byte[] bArr, String str, PrivateKeyReference privateKeyReference) throws CryptoCardException, PinException {
        byte[] signInternal = signInternal(bArr, str, privateKeyReference);
        try {
            this.rawConnection.reset();
            setConnection(this.rawConnection);
            return signInternal;
        } catch (ApduConnectionException e) {
            throw new CryptoCardException("Error en el establecimiento del canal inicial previo al seguro de PIN: " + e, e);
        }
    }

    protected byte[] signInternal(byte[] bArr, String str, PrivateKeyReference privateKeyReference) throws CryptoCardException, PinException {
        if (!(privateKeyReference instanceof DniePrivateKeyReference)) {
            throw new IllegalArgumentException("La referencia a la clave privada tiene que ser de tipo DniePrivateKeyReference");
        }
        if (needAuthorizationToSign()) {
            if (this.callbackHandler != null) {
                CustomAuthorizeCallback customAuthorizeCallback = new CustomAuthorizeCallback();
                try {
                    this.callbackHandler.handle(new Callback[]{customAuthorizeCallback});
                } catch (UnsupportedCallbackException e) {
                    LOGGER.warning("No se ha proporcionado un CallbackHandler valido para mostrar el dialogo de confirmacion de firma, se omitira: " + e);
                } catch (Exception e2) {
                    throw new AccessControlException("No ha sido posible pedir la confirmacion de firma al usuario: " + e2);
                }
                if (!customAuthorizeCallback.isAuthorized()) {
                    throw new CancelledOperationException("El usuario ha denegado la operacion de firma");
                }
            } else {
                LOGGER.warning("No se ha proporcionado un CallbackHandler para mostrar el dialogo de confirmacion de firma. Se omitira.");
            }
        }
        return signOperation(bArr, str, privateKeyReference);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] signOperation(byte[] bArr, String str, PrivateKeyReference privateKeyReference) throws CryptoCardException, PinException {
        openSecureChannelIfNotAlreadyOpened();
        try {
            ResponseApdu transmit = getConnection().transmit(new MseSetComputationApduCommand((byte) 0, ((DniePrivateKeyReference) privateKeyReference).getKeyPath().getLastFilePath(), null));
            if (!transmit.isOk()) {
                throw new DnieCardException("Error en el establecimiento de las clave de firma con respuesta: " + transmit.getStatusWord(), transmit.getStatusWord());
            }
            try {
                try {
                    ResponseApdu transmit2 = getConnection().transmit(new PsoSignHashApduCommand((byte) 0, DigestInfo.encode(str, bArr, this.cryptoHelper)));
                    if (transmit2.isOk()) {
                        return transmit2.getData();
                    }
                    throw new DnieCardException("Error durante la operacion de firma con respuesta: " + transmit2.getStatusWord(), transmit2.getStatusWord());
                } catch (Exception e) {
                    throw new DnieCardException("No se pudo recuperar el canal seguro para firmar: " + e, e);
                }
            } catch (IOException e2) {
                throw new DnieCardException("Error en el calculo de la huella para firmar: " + e2, e2);
            }
        } catch (LostChannelException unused) {
            getConnection().close();
            if (getConnection() instanceof Cwa14890Connection) {
                setConnection(((Cwa14890Connection) getConnection()).getSubConnection());
            }
            return signOperation(bArr, str, privateKeyReference);
        } catch (ApduConnectionException e3) {
            throw new DnieCardException("Error en la transmision de comandos a la tarjeta: " + e3, e3);
        }
    }

    public String toString() {
        try {
            return getCardName() + IOUtils.LINE_SEPARATOR_UNIX + new DnieSubjectPrincipalParser(getCdf().getCertificateSubjectPrincipal(0)).toString();
        } catch (ApduConnectionException e) {
            LOGGER.warning("No se ha podido leer el CDF del DNIe: " + e);
            return getCardName();
        }
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public void verifyCaIntermediateIcc() {
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public void verifyIcc() {
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public void verifyIfdCertificateChain(Cwa14890PublicConstants cwa14890PublicConstants) throws ApduConnectionException {
        try {
            setPublicKeyToVerification(cwa14890PublicConstants.getRefCCvCaPublicKey());
            try {
                verifyCertificate(cwa14890PublicConstants.getCCvCa());
                try {
                    setPublicKeyToVerification(cwa14890PublicConstants.getChrCCvCa());
                    try {
                        verifyCertificate(cwa14890PublicConstants.getCCvIfd());
                    } catch (SecureChannelException e) {
                        throw new SecureChannelException("Error en la verificacion del certificado de Terminal: " + e, e);
                    }
                } catch (SecureChannelException e2) {
                    throw new SecureChannelException("Error al establecer la clave publica del certificado de CA intermedia de Terminal para su verificacion en tarjeta: " + e2, e2);
                }
            } catch (SecureChannelException e3) {
                throw new SecureChannelException("Error en la verificacion del certificado de la CA intermedia de Terminal: " + e3, e3);
            }
        } catch (SecureChannelException e4) {
            throw new SecureChannelException("Error al seleccionar para verificacion la clave publica de la CA raiz de los certificados verificables por la tarjeta", e4);
        }
    }

    @Override // es.gob.jmulticard.card.iso7816four.Iso7816FourCard
    public void verifyPin(PasswordCallback passwordCallback) throws ApduConnectionException, PinException {
        if (passwordCallback == null) {
            throw new IllegalArgumentException("No se puede verificar el titular con un PasswordCallback nulo");
        }
        ResponseApdu transmit = getConnection().transmit(new VerifyApduCommand((byte) 0, passwordCallback));
        if (transmit.isOk()) {
            return;
        }
        if (transmit.getStatusWord().getMsb() == 99) {
            if (!PIN_AUTO_RETRY || passwordCallback.getClass().getName().endsWith("CachePasswordCallback")) {
                throw new BadPinException(transmit.getStatusWord().getLsb() + 64);
            }
            verifyPin(getInternalPasswordCallback(true));
            return;
        }
        if (transmit.getStatusWord().getMsb() == 105 && transmit.getStatusWord().getLsb() == -125) {
            throw new AuthenticationModeLockedException();
        }
        if (transmit.getStatusWord().getMsb() != 0 || transmit.getStatusWord().getLsb() != 0) {
            throw new ApduConnectionException(new Iso7816FourCardException("Error en la verificacion de PIN (" + transmit.getStatusWord() + ")", transmit.getStatusWord()));
        }
        throw new ApduConnectionException("Se ha perdido el canal NFC");
    }
}
