package com.lexpersona.token.ias.profils;

import com.lexpersona.exceptions.digest.DigestAlgorithmNotSupportedException;
import com.lexpersona.exceptions.identity.EmptyPINException;
import com.lexpersona.exceptions.identity.PINLockedException;
import com.lexpersona.exceptions.identity.WrongPINException;
import com.lexpersona.exceptions.token.TokenException;
import com.lexpersona.token.CardType;
import com.lexpersona.token.DigestAlg;
import com.lexpersona.token.apdu.APDUChannel;
import com.lexpersona.token.apdu.APDUResponse;
import com.lexpersona.token.apdu.OtherAPDUCommand;
import com.lexpersona.token.apdu.SelectFileAPDUCommand;
import com.lexpersona.token.apdu.VerifyAPDUCommand;
import com.lexpersona.token.bertlv.BERTLV;
import com.lexpersona.token.cert.CertUtil;
import com.lexpersona.token.ias.Pkcs11IAS;
import com.lexpersona.token.provider.LPNativeProvider;
import com.lexpersona.token.provider.keys.NativeKeyEntry;
import com.lexpersona.token.tools.SecurityUtils;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import kotlin.jvm.internal.ByteCompanionObject;

/* loaded from: classes.dex */
public class IASCPS3Profil extends IASProfil {
    private byte[] getEFOD(APDUChannel aPDUChannel) throws TokenException {
        APDUResponse transmit = new SelectFileAPDUCommand(aPDUChannel, (byte) 9, (byte) 4, new byte[]{63, 0, 0, 1, 80, 49}).transmit();
        if (transmit.getSW() == 36864) {
            return this.iasToken.readBinary(new BERTLV(transmit.getData()).getChild().valueAsNumber());
        }
        throw new TokenException("Card file selection error (APDU response: " + Integer.toHexString(transmit.getSW()) + ".");
    }

    private void parseKeyEntries(Map<Integer, byte[]> map, Map<Integer, X509Certificate> map2) {
        for (Integer num : map.keySet()) {
            byte[] bArr = map.get(num);
            boolean[] keyUsage = map2.get(num).getKeyUsage();
            IASPrivateKeyAndCertificate iASPrivateKeyAndCertificate = new IASPrivateKeyAndCertificate(bArr, map2.get(num));
            iASPrivateKeyAndCertificate.setNonRepudiation(keyUsage[1]);
            this.keyEntries.put(num, iASPrivateKeyAndCertificate);
        }
    }

    private Map<Integer, X509Certificate> readCertificate(APDUChannel aPDUChannel, Map<Integer, Integer> map) throws TokenException {
        CertificateFactory certificateFactory;
        APDUResponse transmit;
        HashMap hashMap = new HashMap();
        for (int i = 0; i <= 32; i++) {
            try {
                certificateFactory = SecurityUtils.getCertificateFactory();
                transmit = new SelectFileAPDUCommand(aPDUChannel, (byte) 9, (byte) 4, new byte[]{63, 0, 0, 1, -96, (byte) i}).transmit();
            } catch (Exception unused) {
            }
            if (transmit.getSW1() != 97) {
                if (transmit.getSW() != 27266) {
                    if (transmit.getSW() != 36864) {
                        throw new TokenException("Card file selection error (APDU response: " + Integer.toHexString(transmit.getSW()) + ".");
                        break;
                    }
                }
            } else {
                this.iasToken.getResponse(transmit.getSW2());
            }
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(this.iasToken.readBinary(new BERTLV(transmit.getData()).getChild().valueAsNumber())));
            this.certificates.add(x509Certificate);
            Integer num = map.get(Integer.valueOf(40960 + i));
            if (num != null) {
                hashMap.put(num, x509Certificate);
            }
        }
        return hashMap;
    }

    private byte[] readEFFile(APDUChannel aPDUChannel, byte[] bArr) throws TokenException {
        APDUResponse transmit = new SelectFileAPDUCommand(aPDUChannel, (byte) 9, (byte) 4, new byte[]{63, 0, 0, 1, bArr[0], bArr[1]}).transmit();
        if (transmit.getSW() == 36864) {
            return this.iasToken.readBinary(new BERTLV(transmit.getData()).getChild().valueAsNumber());
        }
        throw new TokenException("Card file selection error (APDU response: " + Integer.toHexString(transmit.getSW()) + ".");
    }

    private byte[] secureSign(APDUChannel aPDUChannel, byte[] bArr, DigestAlg digestAlg) throws TokenException, DigestAlgorithmNotSupportedException {
        APDUResponse transmit = new SelectFileAPDUCommand(aPDUChannel, (byte) 9, (byte) 12, new byte[]{63, 0, 0, 1}).transmit();
        if (transmit.getSW() != 36864) {
            throw new TokenException("Card file selection error (APDU response: " + Integer.toHexString(transmit.getSW()) + ".");
        }
        OtherAPDUCommand otherAPDUCommand = new OtherAPDUCommand(aPDUChannel, (byte) -92, (byte) 0, (byte) 0, new byte[]{63, 0});
        otherAPDUCommand.setCla((byte) -96);
        otherAPDUCommand.transmit();
        OtherAPDUCommand otherAPDUCommand2 = new OtherAPDUCommand(aPDUChannel, (byte) -92, (byte) 0, (byte) 0, new byte[]{0, 23});
        otherAPDUCommand2.setCla((byte) -96);
        otherAPDUCommand2.transmit();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write(new byte[]{0, 1});
            if (digestAlg == DigestAlg.SHA1) {
                int length = (247 - Pkcs11IAS.SHA1_DIGEST_INFO_PREFIX.length) - (bArr.length - 16);
                for (int i = 0; i < length; i++) {
                    byteArrayOutputStream.write(-1);
                }
                byteArrayOutputStream.write(0);
                byteArrayOutputStream.write(Pkcs11IAS.SHA1_DIGEST_INFO_PREFIX);
            } else {
                if (digestAlg != DigestAlg.SHA256) {
                    throw new DigestAlgorithmNotSupportedException(digestAlg.toString());
                }
                int length2 = (247 - Pkcs11IAS.SHA256_DIGEST_INFO_PREFIX.length) - (bArr.length - 16);
                for (int i2 = 0; i2 < length2; i2++) {
                    byteArrayOutputStream.write(-1);
                }
                byteArrayOutputStream.write(0);
                byteArrayOutputStream.write(Pkcs11IAS.SHA256_DIGEST_INFO_PREFIX);
            }
            byteArrayOutputStream.write(bArr);
            OtherAPDUCommand otherAPDUCommand3 = new OtherAPDUCommand(aPDUChannel, (byte) 62, (byte) 0, (byte) 23, byteArrayOutputStream.toByteArray(), 240);
            otherAPDUCommand3.setCla((byte) -124);
            otherAPDUCommand3.transmit();
            int length3 = bArr.length;
            OtherAPDUCommand otherAPDUCommand4 = new OtherAPDUCommand(aPDUChannel, (byte) 62, (byte) 0, (byte) 23, Arrays.copyOfRange(bArr, length3 - 16, length3), 16);
            otherAPDUCommand4.setCla((byte) -124);
            APDUResponse transmit2 = otherAPDUCommand4.transmit();
            if (transmit2.getSW() == 36864) {
                return transmit2.getData();
            }
            if (transmit2.getSW1() == 97) {
                return this.iasToken.getResponse(transmit2.getSW2());
            }
            if (transmit2.getSW1() == -97) {
                return this.iasToken.getResponse((byte) -96, transmit2.getSW2());
            }
            throw new TokenException("Digital signature computing error (APDU response: " + Integer.toHexString(transmit2.getSW()) + ".");
        } catch (IOException e) {
            throw new TokenException("Digest algorithm error", e);
        }
    }

    @Override // com.lexpersona.token.ias.profils.IASProfil
    public List<NativeKeyEntry> getKeyEntries(APDUChannel aPDUChannel, LPNativeProvider lPNativeProvider) throws TokenException {
        init(aPDUChannel);
        ArrayList arrayList = new ArrayList();
        X509Certificate[] x509CertificateArr = (X509Certificate[]) this.certificates.toArray(new X509Certificate[this.certificates.size()]);
        Iterator<Integer> it = this.keyEntries.keySet().iterator();
        while (it.hasNext()) {
            IASPrivateKeyAndCertificate iASPrivateKeyAndCertificate = this.keyEntries.get(it.next());
            arrayList.add(new NativeKeyEntry(CardType.IAS_CARD, this.identity, CertUtil.buildCertificatePath(iASPrivateKeyAndCertificate.getCertificate(), x509CertificateArr), iASPrivateKeyAndCertificate.getKeyRef()[1], lPNativeProvider));
        }
        return arrayList;
    }

    @Override // com.lexpersona.token.ias.profils.IASProfil
    protected void loadTokenObjects(APDUChannel aPDUChannel) throws TokenException {
        BERTLV bertlv;
        BERTLV bertlv2;
        BERTLV bertlv3;
        if (this.identity == null) {
            readCardIdentity(aPDUChannel);
        }
        byte[] efod = getEFOD(aPDUChannel);
        HashMap hashMap = new HashMap();
        do {
            bertlv = new BERTLV(efod);
            hashMap.put(Integer.valueOf(bertlv.tag().code()), bertlv.getChild().getChild().valueAsByteArray());
            efod = Arrays.copyOfRange(efod, bertlv.length() + 2, efod.length);
        } while (efod.length > bertlv.length() + 2);
        byte[] readEFFile = readEFFile(aPDUChannel, (byte[]) hashMap.get(0));
        HashMap hashMap2 = new HashMap();
        byte[] bArr = readEFFile;
        do {
            bertlv2 = new BERTLV(bArr);
            BERTLV child = bertlv2.getChild().getSibling().getChild();
            Integer num = null;
            byte[] bArr2 = null;
            do {
                if (child.tag().code() == 4) {
                    num = Integer.valueOf(child.valueAsNumber());
                } else if (child.tag().code() == 2) {
                    bArr2 = child.valueAsByteArray();
                }
                child = child.getSibling();
            } while (child != null);
            if (num != null && bArr2 != null) {
                hashMap2.put(num, bArr2);
            }
            bArr = Arrays.copyOfRange(bArr, bertlv2.length() + 2, bArr.length);
        } while (bArr.length > bertlv2.length() + 2);
        byte[] readEFFile2 = readEFFile(aPDUChannel, (byte[]) hashMap.get(4));
        HashMap hashMap3 = new HashMap();
        do {
            bertlv3 = new BERTLV(readEFFile2);
            BERTLV child2 = bertlv3.getChild().getSibling().getChild();
            BERTLV child3 = bertlv3.getChild().getSibling().getSibling().getChild().getChild().getChild();
            if (child2 != null && child3 != null) {
                hashMap3.put(Integer.valueOf(child3.valueAsNumber()), Integer.valueOf(child2.valueAsNumber()));
            }
            readEFFile2 = Arrays.copyOfRange(readEFFile2, bertlv3.length() + 2, readEFFile2.length);
        } while (readEFFile2.length > bertlv3.length() + 2);
        parseKeyEntries(hashMap2, readCertificate(aPDUChannel, hashMap3));
    }

    @Override // com.lexpersona.token.ias.profils.IASProfil
    public void readCardIdentity(APDUChannel aPDUChannel) throws TokenException {
        APDUResponse transmit = new SelectFileAPDUCommand(aPDUChannel, (byte) 9, (byte) 12, new byte[]{63, 0, 0, 1}).transmit();
        if (transmit.getSW() != 36864) {
            throw new TokenException("Card file selection error (APDU response: " + Integer.toHexString(transmit.getSW()) + ".");
        }
        APDUResponse transmit2 = new SelectFileAPDUCommand(aPDUChannel, (byte) 9, (byte) 4, new byte[]{63, 0, 0, 1, 80, 50}).transmit();
        if (transmit2.getSW() != 36864) {
            throw new TokenException("Card file selection error (APDU response: " + Integer.toHexString(transmit2.getSW()) + ".");
        }
        BERTLV child = new BERTLV(this.iasToken.readBinary(new BERTLV(transmit2.getData()).getChild().valueAsNumber())).getChild();
        while (child.tag().code() != 0) {
            child = child.getSibling();
            if (child == null) {
                return;
            }
        }
        this.identity = child.valueAsString();
    }

    @Override // com.lexpersona.token.ias.profils.IASProfil
    public byte[] sign(APDUChannel aPDUChannel, byte[] bArr, DigestAlg digestAlg, byte b, char[] cArr) throws TokenException, DigestAlgorithmNotSupportedException, EmptyPINException, PINLockedException, WrongPINException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        for (int i = 0; i < 8; i++) {
            if (i < cArr.length) {
                byteArrayOutputStream.write((byte) cArr[i]);
            } else {
                byteArrayOutputStream.write(255);
            }
        }
        APDUResponse transmit = new VerifyAPDUCommand(aPDUChannel, byteArrayOutputStream.toByteArray()).transmit();
        if (transmit.getSW() != 36864) {
            if (transmit.getSW() == 27011 || transmit.getSW() == 27012) {
                throw new PINLockedException(new Exception("Card blocked"));
            }
            if (transmit.getSW1() != 99) {
                throw new WrongPINException();
            }
            if (transmit.getSW2() == 0) {
                throw new EmptyPINException();
            }
            if ((transmit.getSW2() & 240) == 192) {
                throw new WrongPINException(transmit.getSW2() & 15);
            }
            throw new WrongPINException();
        }
        APDUResponse transmit2 = new SelectFileAPDUCommand(aPDUChannel, (byte) 9, (byte) 12, new byte[]{63, 0, 0, 1}).transmit();
        if (transmit2.getSW() != 36864) {
            throw new TokenException("Card file selection error (APDU response: " + Integer.toHexString(transmit2.getSW()) + ".");
        }
        APDUResponse transmit3 = new OtherAPDUCommand(aPDUChannel, (byte) 34, (byte) 65, (byte) -92, new byte[]{ByteCompanionObject.MIN_VALUE, 1, 2, -124, 1, b}).transmit();
        if (transmit3.getSW() != 36864) {
            throw new TokenException("Key selection error (APDU response: " + Integer.toHexString(transmit3.getSW()) + ".");
        }
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        try {
            if (digestAlg == DigestAlg.SHA1) {
                byteArrayOutputStream2.write(Pkcs11IAS.SHA1_DIGEST_INFO_PREFIX);
            } else {
                if (digestAlg != DigestAlg.SHA256) {
                    try {
                        throw new DigestAlgorithmNotSupportedException(digestAlg.toString());
                    } catch (IOException e) {
                        e = e;
                        throw new TokenException("Digest algorithm error", e);
                    }
                }
                byteArrayOutputStream2.write(Pkcs11IAS.SHA256_DIGEST_INFO_PREFIX);
            }
            byteArrayOutputStream2.write(bArr);
            APDUResponse transmit4 = new OtherAPDUCommand(aPDUChannel, (byte) -120, (byte) 0, (byte) 0, byteArrayOutputStream2.toByteArray()).transmit();
            if (transmit4.getSW() == 36864) {
                return transmit4.getData();
            }
            if (transmit4.getSW1() == 97) {
                return this.iasToken.getResponse(transmit4.getSW2());
            }
            if (transmit4.getSW() == 27010) {
                return secureSign(aPDUChannel, bArr, digestAlg);
            }
            throw new TokenException("Digital signature computing error (APDU response: " + Integer.toHexString(transmit4.getSW()) + ".");
        } catch (IOException e2) {
            e = e2;
        }
    }

    @Override // com.lexpersona.token.ias.profils.IASProfil
    public void verifyPin(APDUChannel aPDUChannel, char[] cArr) throws PINLockedException, WrongPINException, EmptyPINException, TokenException {
        byte[] bArr = new byte[8];
        for (int i = 0; i < 8; i++) {
            if (i < cArr.length) {
                bArr[i] = (byte) cArr[i];
            } else {
                bArr[i] = -1;
            }
        }
        APDUResponse transmit = new VerifyAPDUCommand(aPDUChannel, bArr).transmit();
        if (transmit.getSW() != 36864) {
            if (transmit.getSW() == 27011) {
                throw new PINLockedException(new Exception("Card blocked"));
            }
            if (transmit.getSW1() != 99) {
                throw new WrongPINException();
            }
            if (transmit.getSW2() != 0) {
                throw new WrongPINException(transmit.getSW2() & 15);
            }
            throw new EmptyPINException();
        }
    }
}
