package com.lexpersona.token.eid;

import com.lexpersona.exceptions.digest.DigestAlgorithmNotSupportedException;
import com.lexpersona.exceptions.identity.EmptyPINException;
import com.lexpersona.exceptions.identity.PINLockedException;
import com.lexpersona.exceptions.identity.WrongPINException;
import com.lexpersona.exceptions.token.TokenException;
import com.lexpersona.token.AbstractCard;
import com.lexpersona.token.DigestAlg;
import com.lexpersona.token.apdu.APDUChannel;
import com.lexpersona.token.apdu.APDUResponse;
import com.lexpersona.token.apdu.OtherAPDUCommand;
import com.lexpersona.token.apdu.SelectFileAPDUCommand;
import com.lexpersona.token.apdu.VerifyAPDUCommand;
import com.lexpersona.token.provider.keys.NativeKeyEntry;
import com.lexpersona.token.tools.SecurityUtils;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import kotlin.jvm.internal.ByteCompanionObject;

/* loaded from: classes.dex */
public class EIDCard extends AbstractCard {
    public static final byte AUTH_PKEY_REF = -126;
    public static final byte SIGN_PKEY_REF = -125;
    public static final byte[] AUTH_CERT_FILE_ID = {63, 0, -33, 0, 80, 56};
    public static final byte[] SIGN_CERT_FILE_ID = {63, 0, -33, 0, 80, 57};
    public static final byte[] CA_CERT_FILE_ID = {63, 0, -33, 0, 80, 58};
    public static final byte[] ROOT_CERT_FILE_ID = {63, 0, -33, 0, 80, 59};
    public static final byte[] IDENTITY_FILE_AID = {63, 0, -33, 1, 64, 49};

    public EIDCard(APDUChannel aPDUChannel) {
        super(null, aPDUChannel);
    }

    private Map<String, X509Certificate> getCertificates(boolean z) throws TokenException {
        HashMap hashMap = new HashMap();
        if (!z) {
            try {
                this.channel.connect();
            } finally {
                if (!z) {
                    this.channel.disconnect();
                }
            }
        }
        APDUChannel aPDUChannel = this.channel;
        byte[] bArr = SIGN_CERT_FILE_ID;
        APDUResponse transmit = new SelectFileAPDUCommand(aPDUChannel, (byte) 8, (byte) 12, bArr).transmit();
        if (transmit.getSW1() == 97) {
            getResponse(transmit.getSW2());
        } else if (transmit.getSW() != 36864) {
            throw new TokenException("Card file selection error (APDU response: " + Integer.toHexString(transmit.getSW()) + ".");
        }
        byte[] readBinary = readBinary();
        try {
            CertificateFactory certificateFactory = SecurityUtils.getCertificateFactory();
            hashMap.put(new String(bArr), (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(readBinary)));
            APDUChannel aPDUChannel2 = this.channel;
            byte[] bArr2 = AUTH_CERT_FILE_ID;
            APDUResponse transmit2 = new SelectFileAPDUCommand(aPDUChannel2, (byte) 8, (byte) 12, bArr2).transmit();
            if (transmit2.getSW1() == 97) {
                getResponse(transmit2.getSW2());
            } else if (transmit2.getSW() != 36864) {
                throw new TokenException("Card file selection error (APDU response: " + Integer.toHexString(transmit2.getSW()) + ".");
            }
            hashMap.put(new String(bArr2), (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(readBinary())));
            APDUChannel aPDUChannel3 = this.channel;
            byte[] bArr3 = CA_CERT_FILE_ID;
            APDUResponse transmit3 = new SelectFileAPDUCommand(aPDUChannel3, (byte) 8, (byte) 12, bArr3).transmit();
            if (transmit3.getSW1() == 97) {
                getResponse(transmit3.getSW2());
            } else if (transmit3.getSW() != 36864) {
                throw new TokenException("Card file selection error (APDU response: " + Integer.toHexString(transmit3.getSW()) + ".");
            }
            hashMap.put(new String(bArr3), (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(readBinary())));
            APDUChannel aPDUChannel4 = this.channel;
            byte[] bArr4 = ROOT_CERT_FILE_ID;
            APDUResponse transmit4 = new SelectFileAPDUCommand(aPDUChannel4, (byte) 8, (byte) 12, bArr4).transmit();
            if (transmit4.getSW1() == 97) {
                getResponse(transmit4.getSW2());
            } else if (transmit4.getSW() != 36864) {
                throw new TokenException("Card file selection error (APDU response: " + Integer.toHexString(transmit4.getSW()) + ".");
            }
            hashMap.put(new String(bArr4), (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(readBinary())));
            return hashMap;
        } catch (Exception e) {
            throw new TokenException("Certificate parsing error", e);
        }
    }

    @Override // com.lexpersona.token.AbstractCard
    public String getCardIdentity() throws TokenException {
        if (this.identity == null) {
            try {
                this.channel.connect();
                APDUResponse transmit = new SelectFileAPDUCommand(this.channel, (byte) 8, (byte) 12, IDENTITY_FILE_AID).transmit();
                if (transmit.getSW1() == 97) {
                    getResponse(transmit.getSW2());
                } else if (transmit.getSW() != 36864) {
                    throw new TokenException("Card file selection error (APDU response: " + Integer.toHexString(transmit.getSW()) + ".");
                }
                byte[] readBinary = readBinary();
                int i = 0;
                byte b = 0;
                while (true) {
                    if (i >= readBinary.length) {
                        break;
                    }
                    byte b2 = readBinary[i];
                    int i2 = i + 1;
                    byte b3 = readBinary[i2];
                    i = i2 + 1;
                    if (b2 == 1) {
                        b = b3;
                        break;
                    }
                    i += b3;
                    b = b3;
                }
                this.identity = new String(Arrays.copyOfRange(readBinary, i, b + i));
            } finally {
                this.channel.disconnect();
            }
        }
        return this.identity;
    }

    @Override // com.lexpersona.token.AbstractCard
    public List<X509Certificate> getCertificates() throws TokenException {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(getCertificates(false).values());
        return arrayList;
    }

    @Override // com.lexpersona.token.AbstractCard
    public List<NativeKeyEntry> getKeyEntries() throws TokenException {
        Map<String, X509Certificate> certificates = getCertificates(false);
        X509Certificate x509Certificate = certificates.get(new String(SIGN_CERT_FILE_ID));
        X509Certificate x509Certificate2 = certificates.get(new String(AUTH_CERT_FILE_ID));
        X509Certificate x509Certificate3 = certificates.get(new String(CA_CERT_FILE_ID));
        X509Certificate x509Certificate4 = certificates.get(new String(ROOT_CERT_FILE_ID));
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NativeKeyEntry(null, this.identity, new X509Certificate[]{x509Certificate, x509Certificate3, x509Certificate4}, SIGN_PKEY_REF, this.provider));
        arrayList.add(new NativeKeyEntry(null, this.identity, new X509Certificate[]{x509Certificate2, x509Certificate3, x509Certificate4}, AUTH_PKEY_REF, this.provider));
        return arrayList;
    }

    @Override // com.lexpersona.token.AbstractCard
    public byte[] sign(byte[] bArr, DigestAlg digestAlg, byte b, char[] cArr) throws TokenException, DigestAlgorithmNotSupportedException, EmptyPINException, PINLockedException, WrongPINException {
        byte[] data;
        try {
            this.channel.connect();
            APDUResponse transmit = new OtherAPDUCommand(this.channel, (byte) 34, (byte) 65, (byte) -74, new byte[]{4, ByteCompanionObject.MIN_VALUE, 1, -124, b}).transmit();
            if (transmit.getSW() != 36864) {
                throw new TokenException("Digital signature computing error (APDU response: " + Integer.toHexString(transmit.getSW()) + ".");
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                if (digestAlg == DigestAlg.SHA1) {
                    byteArrayOutputStream.write(Pkcs11Eid.SHA1_DIGEST_INFO_PREFIX);
                } else if (digestAlg == DigestAlg.SHA256) {
                    byteArrayOutputStream.write(Pkcs11Eid.SHA256_DIGEST_INFO_PREFIX);
                } else if (digestAlg == DigestAlg.SHA384) {
                    byteArrayOutputStream.write(Pkcs11Eid.SHA384_DIGEST_INFO_PREFIX);
                } else {
                    if (digestAlg != DigestAlg.SHA512) {
                        throw new DigestAlgorithmNotSupportedException(digestAlg.toString());
                    }
                    byteArrayOutputStream.write(Pkcs11Eid.SHA512_DIGEST_INFO_PREFIX);
                }
                byteArrayOutputStream.write(bArr);
                OtherAPDUCommand otherAPDUCommand = new OtherAPDUCommand(this.channel, (byte) 42, (byte) -98, (byte) -102, byteArrayOutputStream.toByteArray());
                APDUResponse transmit2 = otherAPDUCommand.transmit();
                if (transmit2.getSW() == 36864) {
                    data = transmit2.getData();
                } else if (transmit2.getSW1() == 97) {
                    data = getResponse(transmit2.getSW2());
                } else {
                    if (transmit2.getSW() != 27010) {
                        throw new TokenException("Digital signature computing error (APDU response: " + Integer.toHexString(transmit2.getSW()) + ".");
                    }
                    if (cArr == null || cArr.length == 0) {
                        throw new EmptyPINException();
                    }
                    verifyPin(cArr);
                    APDUResponse transmit3 = otherAPDUCommand.transmit();
                    if (transmit3.getSW1() == 97) {
                        data = getResponse(transmit3.getSW1());
                    } else {
                        if (transmit3.getSW() != 36864) {
                            throw new TokenException("Digital signature copute error (APDU response: " + Integer.toHexString(transmit3.getSW()) + ".");
                        }
                        data = transmit3.getData();
                    }
                }
                return data;
            } catch (IOException e) {
                throw new TokenException("Digest algorithm error", e);
            }
        } finally {
            this.channel.disconnect();
        }
    }

    @Override // com.lexpersona.token.AbstractCard
    public void verifyPin(char[] cArr) throws PINLockedException, WrongPINException, EmptyPINException, TokenException {
        byte[] bArr = new byte[8];
        bArr[0] = (byte) (cArr.length | 32);
        bArr[1] = -1;
        bArr[2] = -1;
        bArr[3] = -1;
        bArr[4] = -1;
        bArr[5] = -1;
        bArr[6] = -1;
        bArr[7] = -1;
        for (int i = 0; i < cArr.length; i += 2) {
            bArr[(i / 2) + 1] = (byte) (((cArr[i] - '0') << 4) + ((i + 1 < cArr.length ? cArr[r5] : '?') - '0'));
        }
        APDUResponse transmit = new VerifyAPDUCommand(this.channel, bArr).transmit();
        if (transmit.getSW() != 36864) {
            if (transmit.getSW() == 27011) {
                throw new PINLockedException(new Exception("Card blocked"));
            }
            if (transmit.getSW1() != 99) {
                throw new WrongPINException();
            }
            if (transmit.getSW2() != 0) {
                throw new WrongPINException(transmit.getSW2() & 15);
            }
            throw new EmptyPINException();
        }
    }
}
