package es.gob.jmulticard.card.dnie;

import es.gob.jmulticard.CryptoHelper;
import es.gob.jmulticard.HexUtils;
import es.gob.jmulticard.apdu.ResponseApdu;
import es.gob.jmulticard.apdu.connection.ApduConnection;
import es.gob.jmulticard.apdu.connection.ApduConnectionException;
import es.gob.jmulticard.apdu.connection.LostChannelException;
import es.gob.jmulticard.apdu.connection.cwa14890.Cwa14890Connection;
import es.gob.jmulticard.apdu.connection.cwa14890.Cwa14890OneV2Connection;
import es.gob.jmulticard.apdu.iso7816eight.PsoSignHashApduCommand;
import es.gob.jmulticard.apdu.iso7816four.MseSetComputationApduCommand;
import es.gob.jmulticard.asn1.Asn1Exception;
import es.gob.jmulticard.asn1.TlvException;
import es.gob.jmulticard.asn1.der.pkcs1.DigestInfo;
import es.gob.jmulticard.asn1.der.pkcs15.Cdf;
import es.gob.jmulticard.asn1.der.pkcs15.PrKdf;
import es.gob.jmulticard.card.Atr;
import es.gob.jmulticard.card.CardMessages;
import es.gob.jmulticard.card.CompressionUtils;
import es.gob.jmulticard.card.CryptoCardException;
import es.gob.jmulticard.card.InvalidCardException;
import es.gob.jmulticard.card.Location;
import es.gob.jmulticard.card.PinException;
import es.gob.jmulticard.card.PrivateKeyReference;
import es.gob.jmulticard.card.cwa14890.Cwa14890PrivateConstants;
import es.gob.jmulticard.card.cwa14890.Cwa14890PublicConstants;
import es.gob.jmulticard.card.iso7816four.Iso7816FourCardException;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;

/* loaded from: classes.dex */
public final class CeresSc extends Dnie {
    private static final byte[] ATR_MASK_TC;
    private static final Atr ATR_TC;
    private Map<String, String> aliasByCertAndKeyId;
    private Map<String, X509Certificate> certs;
    private Map<String, DniePrivateKeyReference> keyReferences;

    static {
        byte[] bArr = {-1, -1, 0, -1, -1, -1, -1, -1, -1, -1, -1, 0, 0, 0, 0, 0, 0, -1, -1, -1};
        ATR_MASK_TC = bArr;
        ATR_TC = new Atr(new byte[]{59, Byte.MAX_VALUE, 0, 0, 0, 0, 106, 70, 78, 77, 84, 0, 0, 0, 0, 0, 0, 3, -112, 0}, bArr);
    }

    public CeresSc(ApduConnection apduConnection, PasswordCallback passwordCallback, CryptoHelper cryptoHelper, CallbackHandler callbackHandler) throws ApduConnectionException, InvalidCardException {
        super(apduConnection, passwordCallback, cryptoHelper, callbackHandler);
        checkAtr(apduConnection.reset());
    }

    private static void checkAtr(byte[] bArr) throws InvalidCardException {
        Atr atr = new Atr(bArr, ATR_MASK_TC);
        Atr atr2 = ATR_TC;
        if (!atr2.equals(atr) || bArr[15] < 4 || bArr[16] < 48) {
            throw new InvalidCardException("CERES", atr2, bArr);
        }
        LOGGER.info("Encontrada TC CERES en version " + HexUtils.hexify(new byte[]{bArr[15]}, false) + "." + HexUtils.hexify(new byte[]{bArr[16]}, false));
    }

    private void hideCertsWithoutKey() {
        for (String str : getAliases()) {
            if (this.keyReferences.get(str) == null) {
                this.certs.remove(str);
            }
        }
    }

    private void preload() throws ApduConnectionException, Iso7816FourCardException, IOException, CertificateException, Asn1Exception, TlvException {
        selectMasterFile();
        byte[] selectFileByLocationAndRead = selectFileByLocationAndRead(CDF_LOCATION);
        Cdf cdf = new Cdf();
        cdf.setDerValue(selectFileByLocationAndRead);
        this.certs = new LinkedHashMap(cdf.getCertificateCount());
        this.aliasByCertAndKeyId = new LinkedHashMap(cdf.getCertificateCount());
        for (int i = 0; i < cdf.getCertificateCount(); i++) {
            X509Certificate certificateFromCompressedOrNotData = CompressionUtils.getCertificateFromCompressedOrNotData(selectFileByLocationAndRead(new Location(cdf.getCertificatePath(i).replace("\\", "").trim())));
            String str = i + " " + certificateFromCompressedOrNotData.getSerialNumber();
            this.aliasByCertAndKeyId.put(HexUtils.hexify(cdf.getCertificateId(i), false), str);
            this.certs.put(str, certificateFromCompressedOrNotData);
        }
        byte[] selectFileByLocationAndRead2 = selectFileByLocationAndRead(PRKDF_LOCATION);
        PrKdf prKdf = new PrKdf();
        prKdf.setDerValue(selectFileByLocationAndRead2);
        this.keyReferences = new LinkedHashMap();
        for (int i2 = 0; i2 < prKdf.getKeyCount(); i2++) {
            String str2 = this.aliasByCertAndKeyId.get(HexUtils.hexify(prKdf.getKeyId(i2), false));
            if (str2 != null) {
                this.keyReferences.put(str2, new DniePrivateKeyReference(this, prKdf.getKeyIdentifier(i2), new Location(prKdf.getKeyPath(i2)), prKdf.getKeyName(i2), prKdf.getKeyReference(i2), ((RSAPublicKey) this.certs.get(str2).getPublicKey()).getModulus().bitLength()));
            }
        }
        hideCertsWithoutKey();
    }

    @Override // es.gob.jmulticard.card.dnie.Dnie, es.gob.jmulticard.card.CryptoCard
    public String[] getAliases() {
        return (String[]) this.certs.keySet().toArray(new String[0]);
    }

    @Override // es.gob.jmulticard.card.dnie.Dnie, es.gob.jmulticard.card.CryptoCard
    public X509Certificate getCertificate(String str) {
        return this.certs.get(str);
    }

    @Override // es.gob.jmulticard.card.dnie.Dnie
    protected Cwa14890PrivateConstants getCwa14890PrivateConstants() {
        return new CeresScCwa14890Constants();
    }

    @Override // es.gob.jmulticard.card.dnie.Dnie
    protected Cwa14890PublicConstants getCwa14890PublicConstants() {
        return new CeresScCwa14890Constants();
    }

    @Override // es.gob.jmulticard.card.dnie.Dnie
    protected String getPinMessage(int i) {
        return CardMessages.getString("Gen.0", Integer.toString(i));
    }

    @Override // es.gob.jmulticard.card.dnie.Dnie, es.gob.jmulticard.card.CryptoCard
    public PrivateKeyReference getPrivateKey(String str) {
        return this.keyReferences.get(str);
    }

    @Override // es.gob.jmulticard.card.dnie.Dnie
    protected void loadKeyReferences() {
    }

    @Override // es.gob.jmulticard.card.dnie.Dnie
    protected boolean needAuthorizationToSign() {
        return false;
    }

    @Override // es.gob.jmulticard.card.dnie.Dnie
    public void openSecureChannelIfNotAlreadyOpened() throws CryptoCardException, PinException {
        if (isSecurityChannelOpen()) {
            return;
        }
        if (!(getConnection() instanceof Cwa14890Connection)) {
            try {
                setConnection(new Cwa14890OneV2Connection(this, getConnection(), this.cryptoHelper, getCwa14890PublicConstants(), getCwa14890PrivateConstants()));
            } catch (ApduConnectionException e) {
                throw new CryptoCardException("Error en el establecimiento del canal seguro: " + e, e);
            }
        }
        try {
            verifyPin(getInternalPasswordCallback());
        } catch (ApduConnectionException e2) {
            throw new CryptoCardException("Error en la apertura del canal seguro: " + e2, e2);
        }
    }

    @Override // es.gob.jmulticard.card.dnie.Dnie
    protected void preloadCertificates() throws ApduConnectionException {
        try {
            preload();
        } catch (Exception e) {
            throw new ApduConnectionException("Error cargando las estructuras iniciales de la tarjeta: " + e, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // es.gob.jmulticard.card.dnie.Dnie
    public byte[] signOperation(byte[] bArr, String str, PrivateKeyReference privateKeyReference) throws CryptoCardException, PinException {
        openSecureChannelIfNotAlreadyOpened();
        try {
            ResponseApdu transmit = getConnection().transmit(new MseSetComputationApduCommand((byte) 0, ((DniePrivateKeyReference) privateKeyReference).getKeyPath().getLastFilePath(), null));
            if (!transmit.isOk()) {
                throw new DnieCardException("Error en el establecimiento de las clave de firma con respuesta: " + transmit.getStatusWord(), transmit.getStatusWord());
            }
            try {
                try {
                    ResponseApdu transmit2 = getConnection().transmit(new PsoSignHashApduCommand((byte) 0, DigestInfo.encode(str, bArr, this.cryptoHelper)));
                    if (transmit2.isOk()) {
                        return transmit2.getData();
                    }
                    throw new DnieCardException("Error durante la operacion de firma con respuesta: " + transmit2.getStatusWord(), transmit2.getStatusWord());
                } catch (Exception e) {
                    throw new DnieCardException("No se pudo recuperar el canal seguro para firmar: " + e, e);
                }
            } catch (IOException e2) {
                throw new DnieCardException("Error en el calculo del hash para firmar: " + e2, e2);
            }
        } catch (LostChannelException unused) {
            getConnection().close();
            if (getConnection() instanceof Cwa14890Connection) {
                setConnection(((Cwa14890Connection) getConnection()).getSubConnection());
            }
            return signOperation(bArr, str, privateKeyReference);
        } catch (ApduConnectionException e3) {
            throw new DnieCardException("Error en la transmision de comandos a la tarjeta: " + e3, e3);
        }
    }
}
