package es.gob.jmulticard.card.gide.smartcafe;

import es.gob.jmulticard.CryptoHelper;
import es.gob.jmulticard.HexUtils;
import es.gob.jmulticard.apdu.CommandApdu;
import es.gob.jmulticard.apdu.ResponseApdu;
import es.gob.jmulticard.apdu.StatusWord;
import es.gob.jmulticard.apdu.connection.ApduConnection;
import es.gob.jmulticard.apdu.connection.ApduConnectionException;
import es.gob.jmulticard.apdu.gide.RetriesLeftApduCommand;
import es.gob.jmulticard.apdu.gide.VerifyApduCommand;
import es.gob.jmulticard.apdu.iso7816eight.PsoSignHashApduCommand;
import es.gob.jmulticard.apdu.iso7816four.MseSetComputationApduCommand;
import es.gob.jmulticard.apdu.iso7816four.SelectFileApduResponse;
import es.gob.jmulticard.apdu.iso7816four.SelectFileByIdApduCommand;
import es.gob.jmulticard.asn1.Asn1Exception;
import es.gob.jmulticard.asn1.TlvException;
import es.gob.jmulticard.asn1.der.pkcs1.DigestInfo;
import es.gob.jmulticard.asn1.der.pkcs15.Cdf;
import es.gob.jmulticard.asn1.der.pkcs15.Odf;
import es.gob.jmulticard.asn1.der.pkcs15.Path;
import es.gob.jmulticard.card.Atr;
import es.gob.jmulticard.card.AuthenticationModeLockedException;
import es.gob.jmulticard.card.BadPinException;
import es.gob.jmulticard.card.CardMessages;
import es.gob.jmulticard.card.CryptoCard;
import es.gob.jmulticard.card.CryptoCardException;
import es.gob.jmulticard.card.InvalidCardException;
import es.gob.jmulticard.card.Location;
import es.gob.jmulticard.card.PinException;
import es.gob.jmulticard.card.PrivateKeyReference;
import es.gob.jmulticard.card.iso7816four.FileNotFoundException;
import es.gob.jmulticard.card.iso7816four.Iso7816FourCard;
import es.gob.jmulticard.card.iso7816four.Iso7816FourCardException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import java.util.logging.Logger;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;

/* loaded from: classes.dex */
public final class SmartCafePkcs15Applet extends Iso7816FourCard implements CryptoCard {
    private static final Atr ATR;
    private static final byte[] ATR_MASK;
    private static final byte[] ATR_MASK_MSC;
    private static final byte[] ATR_MASK_TCL;
    private static final Atr ATR_MSC;
    private static final Atr ATR_TCL;
    private boolean authenticated;
    private CallbackHandler callbackHandler;
    protected final CryptoHelper cryptoHelper;
    private PasswordCallback passwordCallback;
    private static final byte ERROR_PIN_SW1 = 99;
    private static final byte[] PKCS15_NAME = {-96, 0, 0, 0, ERROR_PIN_SW1, 80, 75, 67, 83, 45, 49, 53};
    private static final byte[] ODF_PATH = {80, 49};
    private static final byte[] MF_PATH = {63, 0};
    private static byte CLA = 0;
    private static final Logger LOGGER = Logger.getLogger("es.gob.jmulticard");
    private static final Map<String, X509Certificate> CERTS_BY_ALIAS = new LinkedHashMap();
    private static final Map<String, Integer> KEYNO_BY_ALIAS = new LinkedHashMap();

    static {
        byte[] bArr = {-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 15};
        ATR_MASK = bArr;
        ATR = new Atr(new byte[]{59, -9, 24, 0, 0, Byte.MIN_VALUE, 49, -2, 69, 115, 102, 116, 101, 45, 110, 102, -60}, bArr);
        byte[] bArr2 = {-1, -1, -1, -1, -1};
        ATR_MASK_MSC = bArr2;
        ATR_MSC = new Atr(new byte[]{59, Byte.MIN_VALUE, Byte.MIN_VALUE, 1, 1}, bArr2);
        byte[] bArr3 = {-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 15};
        ATR_MASK_TCL = bArr3;
        ATR_TCL = new Atr(new byte[]{59, -9, 24, 0, 0, Byte.MIN_VALUE, 49, -2, 69, 115, 102, 116, 101, 45, 110, 102, -60}, bArr3);
    }

    public SmartCafePkcs15Applet(ApduConnection apduConnection, CryptoHelper cryptoHelper) throws IOException {
        this(apduConnection, cryptoHelper, true);
    }

    public SmartCafePkcs15Applet(ApduConnection apduConnection, CryptoHelper cryptoHelper, boolean z) throws IOException {
        super(CLA, apduConnection);
        this.passwordCallback = null;
        this.callbackHandler = null;
        this.authenticated = false;
        if (cryptoHelper == null) {
            throw new IllegalArgumentException("El CryptoHelper no puede ser nulo");
        }
        this.cryptoHelper = cryptoHelper;
        apduConnection.reset();
        connect(apduConnection);
        try {
            selectFileByName(PKCS15_NAME);
            try {
                preloadCertificates();
                int keyCount = getKeyCount(sendArbitraryApdu(new CommandApdu(new byte[]{0, -54, 1, 2, 6})));
                Logger logger = LOGGER;
                StringBuilder append = new StringBuilder().append("Se ha").append(keyCount > 1 ? "n" : "").append(" encontrado ").append(keyCount).append(" clave").append(keyCount > 1 ? "s" : "").append(" y ");
                Map<String, X509Certificate> map = CERTS_BY_ALIAS;
                logger.info(append.append(map.size()).append(" certificado").append(map.size() > 1 ? "s" : "").append(" en la tarjeta").toString());
                for (int i = 0; i < keyCount; i++) {
                    ResponseApdu sendArbitraryApdu = sendArbitraryApdu(new CommandApdu(new byte[]{Byte.MIN_VALUE, 58, (byte) i, 1, 0}));
                    if (sendArbitraryApdu.isOk()) {
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        byteArrayOutputStream.write(0);
                        byteArrayOutputStream.write(sendArbitraryApdu.getData());
                        storeKeyOrdinal(i, new BigInteger(byteArrayOutputStream.toByteArray()));
                    } else {
                        LOGGER.severe("Error obteniendo el modulo de la clave " + i + ": " + sendArbitraryApdu);
                    }
                }
                Set<String> keySet = CERTS_BY_ALIAS.keySet();
                for (String str : keySet) {
                    if (!KEYNO_BY_ALIAS.containsKey(str)) {
                        LOGGER.info("El certificado '" + str + "' se descarta por carecer de clave privada");
                        CERTS_BY_ALIAS.remove(str);
                    }
                }
                if (keySet.isEmpty()) {
                    throw new IOException("La tarjeta no contiene claves");
                }
            } catch (Asn1Exception | TlvException | Iso7816FourCardException e) {
                throw new IOException("No se han podido leer los certificados: " + e, e);
            }
        } catch (Iso7816FourCardException e2) {
            throw new IOException("No se ha podido seleccionar el Applet AET PKCS#15: " + e2, e2);
        }
    }

    private static void checkAtr(byte[] bArr) throws InvalidCardException {
        Atr atr = new Atr(bArr, ATR_MASK);
        if (ATR.equals(atr)) {
            LOGGER.info("Detectada G&D SmartCafe 3.2");
        } else if (ATR_MSC.equals(atr)) {
            LOGGER.info("Detectada G&D Mobile Security Card");
        } else {
            if (!ATR_TCL.equals(atr)) {
                throw new InvalidCardException("La tarjeta no es una SmartCafe 3.2 (ATR encontrado: " + HexUtils.hexify(bArr, false) + ")");
            }
            LOGGER.info("Detectada G&D SmartCafe 3.2 via T=CL (conexion inalambrica)");
        }
    }

    public static void connect(ApduConnection apduConnection) throws IOException {
        if (apduConnection == null) {
            throw new IllegalArgumentException("La conexion no puede ser nula");
        }
        if (!apduConnection.isOpen()) {
            apduConnection.open();
        }
        checkAtr(apduConnection.reset());
    }

    private PasswordCallback getInternalPasswordCallback() throws PinException {
        if (this.passwordCallback != null) {
            if (getPinRetriesLeft() != 0) {
                return this.passwordCallback;
            }
            throw new AuthenticationModeLockedException();
        }
        if (this.callbackHandler == null) {
            throw new PinException("No hay ningun metodo para obtener el PIN");
        }
        int pinRetriesLeft = getPinRetriesLeft();
        if (pinRetriesLeft == 0) {
            throw new AuthenticationModeLockedException();
        }
        PasswordCallback passwordCallback = new PasswordCallback(CardMessages.getString("Gen.0", Integer.toString(pinRetriesLeft)), false);
        try {
            this.callbackHandler.handle(new Callback[]{passwordCallback});
            return passwordCallback;
        } catch (IOException e) {
            throw new PinException("Error obteniendo el PIN del CallbackHandler: " + e, e);
        } catch (UnsupportedCallbackException e2) {
            throw new PinException("El CallbackHandler no soporta pedir el PIN al usuario: " + e2, e2);
        }
    }

    private static int getKeyCount(ResponseApdu responseApdu) throws IOException {
        if (!responseApdu.isOk()) {
            throw new IOException("No se ha podido determinar el numero de claves en tarjeta: " + HexUtils.hexify(responseApdu.getBytes(), true));
        }
        byte[] data = responseApdu.getData();
        if (data.length == 6 && data[0] == Byte.MAX_VALUE && data[1] == -1 && data[2] == 32 && data[4] == 12 && data[5] == 11) {
            return 32 - data[3];
        }
        throw new IOException("No se ha podido determinar el numero de claves en tarjeta: " + HexUtils.hexify(responseApdu.getBytes(), true));
    }

    private int getPinRetriesLeft() throws PinException {
        try {
            ResponseApdu transmit = getConnection().transmit(new RetriesLeftApduCommand());
            if (transmit.isOk() || transmit.getBytes().length > 2) {
                return transmit.getBytes()[1];
            }
            throw new PinException("Error comprobando los intentos restantes de PIN con respuesta: " + HexUtils.hexify(transmit.getBytes(), true));
        } catch (ApduConnectionException e) {
            throw new PinException("Error obteniendo el PIN del CallbackHandler: " + e, e);
        }
    }

    private void preloadCertificates() throws FileNotFoundException, Iso7816FourCardException, IOException, Asn1Exception, TlvException {
        selectMasterFile();
        selectFileById(ODF_PATH);
        byte[] readBinaryComplete = readBinaryComplete(162);
        Odf odf = new Odf();
        odf.setDerValue(readBinaryComplete);
        Path cdfPath = odf.getCdfPath();
        Cdf cdf = new Cdf();
        try {
            selectMasterFile();
            cdf.setDerValue(selectFileByIdAndRead(cdfPath.getPathBytes()));
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                if (cdf.getCertificateCount() < 1) {
                    LOGGER.warning("La tarjeta no contiene ningun certificado");
                }
                for (int i = 0; i < cdf.getCertificateCount(); i++) {
                    int i2 = -1;
                    try {
                        for (Location location = new Location(cdf.getCertificatePath(i)); location != null; location = location.getChild()) {
                            try {
                                i2 = selectFileById(location.getFile());
                            } catch (FileNotFoundException e) {
                                System.out.println("El CDF indicaba un certificado en la ruta '" + location + "', pero un elemento de esta no existe, se ignorara: " + e);
                            }
                        }
                        if (i2 > 0) {
                            CERTS_BY_ALIAS.put(cdf.getCertificateAlias(i), (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(readBinaryComplete(i2))));
                        } else {
                            LOGGER.warning("El certificado " + i + " del dispositivo esta vacio");
                        }
                    } catch (Exception e2) {
                        LOGGER.severe("Error en la lectura del certificado " + i + " del dispositivo: " + e2);
                    }
                }
            } catch (CertificateException e3) {
                throw new IOException("Error obteniendo la factoria de certificados X.509: " + e3, e3);
            }
        } catch (Exception e4) {
            throw new ApduConnectionException("No se ha podido cargar el CDF de la tarjeta: " + e4, e4);
        }
    }

    private static void storeKeyOrdinal(int i, BigInteger bigInteger) {
        for (String str : CERTS_BY_ALIAS.keySet()) {
            PublicKey publicKey = CERTS_BY_ALIAS.get(str).getPublicKey();
            if ((publicKey instanceof RSAPublicKey) && ((RSAPublicKey) publicKey).getModulus().equals(bigInteger)) {
                KEYNO_BY_ALIAS.put(str, Integer.valueOf(i));
            }
        }
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public String[] getAliases() {
        return (String[]) CERTS_BY_ALIAS.keySet().toArray(new String[0]);
    }

    @Override // es.gob.jmulticard.card.SmartCard
    public String getCardName() {
        return "G&D SmartCafe 3.2 (PKCS#15 Applet)";
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public X509Certificate getCertificate(String str) {
        return CERTS_BY_ALIAS.get(str);
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public PrivateKeyReference getPrivateKey(String str) {
        Map<String, Integer> map = KEYNO_BY_ALIAS;
        if (map.containsKey(str)) {
            return new SmartCafePrivateKeyReference(map.get(str));
        }
        return null;
    }

    @Override // es.gob.jmulticard.card.iso7816four.Iso7816FourCard
    public int selectFileById(byte[] bArr) throws ApduConnectionException, Iso7816FourCardException {
        SelectFileByIdApduCommand selectFileByIdApduCommand = new SelectFileByIdApduCommand(getCla(), bArr);
        ResponseApdu transmit = getConnection().transmit(selectFileByIdApduCommand);
        if (HexUtils.arrayEquals(transmit.getBytes(), new byte[]{106, -126})) {
            throw new FileNotFoundException(bArr);
        }
        SelectFileApduResponse selectFileApduResponse = new SelectFileApduResponse(transmit);
        if (selectFileApduResponse.isOk()) {
            return HexUtils.getUnsignedInt(new byte[]{selectFileApduResponse.getData()[4], selectFileApduResponse.getData()[5]}, 0);
        }
        StatusWord statusWord = selectFileApduResponse.getStatusWord();
        if (statusWord.equals(new StatusWord((byte) 106, (byte) -126))) {
            throw new FileNotFoundException(bArr);
        }
        throw new Iso7816FourCardException(statusWord, selectFileByIdApduCommand);
    }

    @Override // es.gob.jmulticard.card.iso7816four.Iso7816FourCard
    protected void selectMasterFile() throws ApduConnectionException, Iso7816FourCardException {
        selectFileById(MF_PATH);
    }

    public void setCallbackHandler(CallbackHandler callbackHandler) {
        this.callbackHandler = callbackHandler;
    }

    public void setPasswordCallback(PasswordCallback passwordCallback) {
        this.passwordCallback = passwordCallback;
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public byte[] sign(byte[] bArr, String str, PrivateKeyReference privateKeyReference) throws CryptoCardException, PinException {
        if (bArr == null) {
            throw new CryptoCardException("Los datos a firmar no pueden ser nulos");
        }
        if (privateKeyReference == null) {
            throw new IllegalArgumentException("La clave privada no puede ser nula");
        }
        if (!(privateKeyReference instanceof SmartCafePrivateKeyReference)) {
            throw new IllegalArgumentException("La clave proporcionada debe ser de tipo " + SmartCafePrivateKeyReference.class.getName() + ", pero se ha recibido de tipo " + privateKeyReference.getClass().getName());
        }
        SmartCafePrivateKeyReference smartCafePrivateKeyReference = (SmartCafePrivateKeyReference) privateKeyReference;
        if (!this.authenticated) {
            try {
                verifyPin(getInternalPasswordCallback());
                this.authenticated = true;
            } catch (ApduConnectionException e) {
                throw new CryptoCardException("Error en la verificacion de PIN: " + e, e);
            }
        }
        try {
            ResponseApdu sendArbitraryApdu = sendArbitraryApdu(new MseSetComputationApduCommand((byte) 1, new byte[]{(byte) smartCafePrivateKeyReference.getKeyOrdinal()}, new byte[]{2}));
            if (sendArbitraryApdu == null || !sendArbitraryApdu.isOk()) {
                throw new CryptoCardException("No se ha podido establecer la clave y el algoritmo de firma" + (sendArbitraryApdu != null ? " (repuesta=" + sendArbitraryApdu + ")" : ""));
            }
            try {
                try {
                    ResponseApdu sendArbitraryApdu2 = sendArbitraryApdu(new PsoSignHashApduCommand((byte) 1, DigestInfo.encode(str, bArr, this.cryptoHelper)));
                    if (sendArbitraryApdu2 == null || !sendArbitraryApdu2.isOk()) {
                        throw new CryptoCardException("No se ha podido firmar el DigestInfo" + (sendArbitraryApdu2 != null ? " (repuesta=" + sendArbitraryApdu2 + ")" : ""));
                    }
                    return sendArbitraryApdu2.getData();
                } catch (ApduConnectionException e2) {
                    throw new CryptoCardException("Error firmando (repuesta=" + sendArbitraryApdu + "): " + e2, e2);
                }
            } catch (IOException e3) {
                throw new CryptoCardException("Error en el calculo de la huella para firmar: " + e3, e3);
            }
        } catch (ApduConnectionException e4) {
            throw new CryptoCardException("Error estableciendo la clave y el algoritmo de firma (repuesta=" + ((Object) null) + "): " + e4, e4);
        }
    }

    public String toString() {
        StringBuilder append = new StringBuilder(getCardName()).append("\n Tarjeta con ").append(CERTS_BY_ALIAS.size()).append(" certificado(s):\n");
        String[] aliases = getAliases();
        int i = 0;
        while (i < aliases.length) {
            append.append("  ");
            int i2 = i + 1;
            append.append(i2);
            append.append(" - ");
            append.append(aliases[i]);
            i = i2;
        }
        return append.toString();
    }

    @Override // es.gob.jmulticard.card.iso7816four.Iso7816FourCard
    public void verifyPin(PasswordCallback passwordCallback) throws ApduConnectionException, PinException {
        if (passwordCallback == null) {
            throw new IllegalArgumentException("No se puede verificar el titular con un PasswordCallback nulo");
        }
        ResponseApdu transmit = getConnection().transmit(new VerifyApduCommand(passwordCallback));
        if (transmit.isOk()) {
            return;
        }
        if (transmit.getStatusWord().getMsb() == 99) {
            throw new BadPinException(transmit.getStatusWord().getLsb() + 64);
        }
        if (transmit.getStatusWord().getMsb() != 105 || transmit.getStatusWord().getLsb() != -125) {
            throw new ApduConnectionException(new Iso7816FourCardException("Error en la verificacion de PIN (" + transmit.getStatusWord() + ")", transmit.getStatusWord()));
        }
        throw new AuthenticationModeLockedException();
    }
}
