package es.gob.jmulticard.card.gide.smartcafe;

import es.gob.jmulticard.CryptoHelper;
import es.gob.jmulticard.HexUtils;
import es.gob.jmulticard.JmcLogger;
import es.gob.jmulticard.apdu.CommandApdu;
import es.gob.jmulticard.apdu.ResponseApdu;
import es.gob.jmulticard.apdu.StatusWord;
import es.gob.jmulticard.apdu.gide.GiDeRetriesLeftApduCommand;
import es.gob.jmulticard.apdu.gide.GiDeVerifyApduCommand;
import es.gob.jmulticard.apdu.iso7816eight.PsoSignHashApduCommand;
import es.gob.jmulticard.apdu.iso7816four.MseSetComputationApduCommand;
import es.gob.jmulticard.apdu.iso7816four.SelectFileApduResponse;
import es.gob.jmulticard.apdu.iso7816four.SelectFileByIdApduCommand;
import es.gob.jmulticard.asn1.Asn1Exception;
import es.gob.jmulticard.asn1.TlvException;
import es.gob.jmulticard.asn1.der.pkcs1.DigestInfo;
import es.gob.jmulticard.asn1.der.pkcs15.Cdf;
import es.gob.jmulticard.asn1.der.pkcs15.Odf;
import es.gob.jmulticard.asn1.der.pkcs15.Path;
import es.gob.jmulticard.card.Atr;
import es.gob.jmulticard.card.AuthenticationModeLockedException;
import es.gob.jmulticard.card.BadPinException;
import es.gob.jmulticard.card.CardMessages;
import es.gob.jmulticard.card.CryptoCard;
import es.gob.jmulticard.card.CryptoCardException;
import es.gob.jmulticard.card.InvalidCardException;
import es.gob.jmulticard.card.Location;
import es.gob.jmulticard.card.PasswordCallbackNotFoundException;
import es.gob.jmulticard.card.PinException;
import es.gob.jmulticard.card.PrivateKeyReference;
import es.gob.jmulticard.card.iso7816four.AbstractIso7816FourCard;
import es.gob.jmulticard.card.iso7816four.FileNotFoundException;
import es.gob.jmulticard.card.iso7816four.Iso7816FourCardException;
import es.gob.jmulticard.connection.ApduConnection;
import es.gob.jmulticard.connection.ApduConnectionException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import okhttp3.HttpUrl;
import okio.Utf8;

/* loaded from: classes.dex */
public final class SmartCafePkcs15Applet extends AbstractIso7816FourCard implements CryptoCard {
    private static final Atr ATR;
    private static final byte[] ATR_MASK;
    private static final byte[] ATR_MASK_MSC;
    private static final byte[] ATR_MASK_TCL;
    private static final Atr ATR_MSC;
    private static final Atr ATR_TCL;
    private static final byte CLA = 0;
    private boolean authenticated;
    private CallbackHandler callbackHandler;
    private final CryptoHelper cryptoHelper;
    private PasswordCallback passwordCallback;
    private static final byte ERROR_PIN_SW1 = 99;
    private static final byte[] PKCS15_NAME = {-96, 0, 0, 0, ERROR_PIN_SW1, 80, 75, 67, 83, 45, 49, 53};
    private static final byte[] ODF_PATH = {80, 49};
    private static final byte[] MF_PATH = {Utf8.REPLACEMENT_BYTE, 0};
    private static final Map<String, X509Certificate> CERTS_BY_ALIAS = new ConcurrentHashMap();
    private static final Map<String, Integer> KEYNO_BY_ALIAS = new ConcurrentHashMap();

    static {
        byte[] bArr = {-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 15};
        ATR_MASK = bArr;
        ATR = new Atr(new byte[]{59, -9, 24, 0, 0, Byte.MIN_VALUE, 49, -2, 69, 115, 102, 116, 101, 45, 110, 102, -60}, bArr);
        byte[] bArr2 = {-1, -1, -1, -1, -1};
        ATR_MASK_MSC = bArr2;
        ATR_MSC = new Atr(new byte[]{59, Byte.MIN_VALUE, Byte.MIN_VALUE, 1, 1}, bArr2);
        byte[] bArr3 = {-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 15};
        ATR_MASK_TCL = bArr3;
        ATR_TCL = new Atr(new byte[]{59, -9, 24, 0, 0, Byte.MIN_VALUE, 49, -2, 69, 115, 102, 116, 101, 45, 110, 102, -60}, bArr3);
    }

    public SmartCafePkcs15Applet(ApduConnection apduConnection, CryptoHelper cryptoHelper) throws IOException {
        super((byte) 0, apduConnection);
        this.passwordCallback = null;
        this.callbackHandler = null;
        this.authenticated = false;
        if (cryptoHelper == null) {
            throw new IllegalArgumentException("El CryptoHelper no puede ser nulo");
        }
        this.cryptoHelper = cryptoHelper;
        apduConnection.reset();
        connect(apduConnection);
        try {
            selectFileByName(PKCS15_NAME);
            try {
                preloadCertificates();
                int keyCount = getKeyCount(sendArbitraryApdu(new CommandApdu(new byte[]{0, -54, 1, 2, 6})));
                String name = SmartCafePkcs15Applet.class.getName();
                StringBuilder sb2 = new StringBuilder("Se ha");
                String str = HttpUrl.FRAGMENT_ENCODE_SET;
                sb2.append(keyCount > 1 ? "n" : HttpUrl.FRAGMENT_ENCODE_SET);
                sb2.append(" encontrado ");
                sb2.append(keyCount);
                sb2.append(" clave");
                sb2.append(keyCount > 1 ? "s" : HttpUrl.FRAGMENT_ENCODE_SET);
                sb2.append(" y ");
                Map<String, X509Certificate> map = CERTS_BY_ALIAS;
                sb2.append(map.size());
                sb2.append(" certificado");
                sb2.append(map.size() > 1 ? "s" : str);
                sb2.append(" en la tarjeta");
                JmcLogger.info(name, "constructor", sb2.toString());
                for (int i10 = 0; i10 < keyCount; i10++) {
                    ResponseApdu sendArbitraryApdu = sendArbitraryApdu(new CommandApdu(new byte[]{Byte.MIN_VALUE, 58, (byte) i10, 1, 0}));
                    if (sendArbitraryApdu.isOk()) {
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        byteArrayOutputStream.write(0);
                        byteArrayOutputStream.write(sendArbitraryApdu.getData());
                        storeKeyOrdinal(i10, new BigInteger(byteArrayOutputStream.toByteArray()));
                    } else {
                        JmcLogger.severe("Error obteniendo el modulo de la clave " + i10 + ": " + sendArbitraryApdu);
                    }
                }
                Set<String> keySet = CERTS_BY_ALIAS.keySet();
                for (String str2 : keySet) {
                    if (!KEYNO_BY_ALIAS.containsKey(str2)) {
                        JmcLogger.info(SmartCafePkcs15Applet.class.getName(), "constructor", "El certificado '" + str2 + "' se descarta por carecer de clave privada");
                        CERTS_BY_ALIAS.remove(str2);
                    }
                }
                if (keySet.isEmpty()) {
                    throw new IOException("La tarjeta no contiene claves");
                }
            } catch (Asn1Exception | TlvException | Iso7816FourCardException e10) {
                throw new IOException("No se han podido leer los certificados", e10);
            }
        } catch (Iso7816FourCardException e11) {
            throw new IOException("No se ha podido seleccionar el Applet AET PKCS#15", e11);
        }
    }

    private static void checkAtr(byte[] bArr) throws InvalidCardException {
        String name;
        String str;
        Atr atr = new Atr(bArr, ATR_MASK);
        if (ATR.equals(atr)) {
            name = SmartCafePkcs15Applet.class.getName();
            str = "Detectada G&D SmartCafe 3.2";
        } else if (ATR_MSC.equals(atr)) {
            name = SmartCafePkcs15Applet.class.getName();
            str = "Detectada G&D Mobile Security Card";
        } else {
            if (!ATR_TCL.equals(atr)) {
                throw new InvalidCardException("La tarjeta no es una SmartCafe 3.2 (ATR encontrado: " + HexUtils.hexify(bArr, false) + ")");
            }
            name = SmartCafePkcs15Applet.class.getName();
            str = "Detectada G&D SmartCafe 3.2 via T=CL (conexion inalambrica)";
        }
        JmcLogger.info(name, "checkAtr", str);
    }

    public static void connect(ApduConnection apduConnection) throws IOException {
        if (apduConnection == null) {
            throw new IllegalArgumentException("La conexion no puede ser nula");
        }
        if (!apduConnection.isOpen()) {
            apduConnection.open();
        }
        checkAtr(apduConnection.reset());
    }

    private PasswordCallback getInternalPasswordCallback() throws PinException {
        if (this.passwordCallback != null) {
            if (getPinRetriesLeft() != 0) {
                return this.passwordCallback;
            }
            throw new AuthenticationModeLockedException();
        }
        if (this.callbackHandler == null) {
            throw new PinException("No hay ningun metodo para obtener el PIN");
        }
        int pinRetriesLeft = getPinRetriesLeft();
        if (pinRetriesLeft == 0) {
            throw new AuthenticationModeLockedException();
        }
        PasswordCallback passwordCallback = new PasswordCallback(CardMessages.getString("Gen.0", Integer.toString(pinRetriesLeft)), false);
        try {
            this.callbackHandler.handle(new Callback[]{passwordCallback});
            return passwordCallback;
        } catch (IOException e10) {
            throw new PinException("Error obteniendo el PIN del CallbackHandler", e10);
        } catch (UnsupportedCallbackException e11) {
            throw new PinException("El CallbackHandler no soporta pedir el PIN al usuario", e11);
        }
    }

    private static int getKeyCount(ResponseApdu responseApdu) throws IOException {
        if (!responseApdu.isOk()) {
            throw new IOException("No se ha podido determinar el numero de claves en tarjeta: " + HexUtils.hexify(responseApdu.getBytes(), true));
        }
        byte[] data = responseApdu.getData();
        if (data.length == 6 && data[0] == Byte.MAX_VALUE && data[1] == -1 && data[2] == 32 && data[4] == 12 && data[5] == 11) {
            return 32 - data[3];
        }
        throw new IOException("No se ha podido determinar el numero de claves en tarjeta: " + HexUtils.hexify(responseApdu.getBytes(), true));
    }

    private int getPinRetriesLeft() throws PinException {
        try {
            ResponseApdu transmit = getConnection().transmit(new GiDeRetriesLeftApduCommand());
            if (transmit.isOk() || transmit.getBytes().length > 2) {
                return transmit.getBytes()[1];
            }
            throw new PinException("Error comprobando los intentos restantes de PIN con respuesta: " + transmit.getStatusWord());
        } catch (ApduConnectionException e10) {
            throw new PinException("Error obteniendo el PIN del CallbackHandler", e10);
        }
    }

    private void preloadCertificate(String str, String str2) {
        try {
            int i10 = -1;
            for (Location location = new Location(str); location != null; location = location.getChild()) {
                try {
                    i10 = selectFileById(location.getFile());
                } catch (FileNotFoundException e10) {
                    JmcLogger.warning("El CDF indicaba un certificado en la ruta '" + location + "', pero un elemento de esta no existe, se ignorara: " + e10);
                }
            }
            if (i10 > 0) {
                CERTS_BY_ALIAS.put(str2, CryptoHelper.generateCertificate(readBinaryComplete(i10)));
                return;
            }
            JmcLogger.warning("El certificado " + str2 + " del dispositivo esta vacio");
        } catch (Exception e11) {
            JmcLogger.severe("Error en la lectura del certificado " + str2 + " del dispositivo: " + e11);
        }
    }

    private void preloadCertificates() throws Iso7816FourCardException, IOException, Asn1Exception, TlvException {
        selectMasterFile();
        selectFileById(ODF_PATH);
        byte[] readBinaryComplete = readBinaryComplete(162);
        Odf odf = new Odf();
        odf.setDerValue(readBinaryComplete);
        Path cdfPath = odf.getCdfPath();
        Cdf cdf = new Cdf();
        try {
            selectMasterFile();
            cdf.setDerValue(selectFileByIdAndRead(cdfPath.getPathBytes()));
            if (cdf.getCertificateCount() < 1) {
                JmcLogger.warning("La tarjeta no contiene ningun certificado");
            }
            for (int i10 = 0; i10 < cdf.getCertificateCount(); i10++) {
                preloadCertificate(cdf.getCertificatePath(i10), cdf.getCertificateAlias(i10));
            }
        } catch (Exception e10) {
            throw new ApduConnectionException("No se ha podido cargar el CDF de la tarjeta", e10);
        }
    }

    private static void storeKeyOrdinal(int i10, BigInteger bigInteger) {
        for (String str : CERTS_BY_ALIAS.keySet()) {
            PublicKey publicKey = CERTS_BY_ALIAS.get(str).getPublicKey();
            if ((publicKey instanceof RSAPublicKey) && ((RSAPublicKey) publicKey).getModulus().equals(bigInteger)) {
                KEYNO_BY_ALIAS.put(str, Integer.valueOf(i10));
            }
        }
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public String[] getAliases() {
        return (String[]) CERTS_BY_ALIAS.keySet().toArray(new String[0]);
    }

    @Override // es.gob.jmulticard.card.AbstractSmartCard
    public String getCardName() {
        return "G&D SmartCafe 3.2 (PKCS#15 Applet)";
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public X509Certificate getCertificate(String str) {
        return CERTS_BY_ALIAS.get(str);
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public PrivateKeyReference getPrivateKey(String str) {
        Map<String, Integer> map = KEYNO_BY_ALIAS;
        if (map.containsKey(str)) {
            return new SmartCafePrivateKeyReference(map.get(str));
        }
        return null;
    }

    @Override // es.gob.jmulticard.card.iso7816four.AbstractIso7816FourCard
    public int selectFileById(byte[] bArr) throws ApduConnectionException, Iso7816FourCardException {
        SelectFileByIdApduCommand selectFileByIdApduCommand = new SelectFileByIdApduCommand(getCla(), bArr);
        ResponseApdu transmit = getConnection().transmit(selectFileByIdApduCommand);
        if (HexUtils.arrayEquals(transmit.getBytes(), new byte[]{106, -126})) {
            throw new FileNotFoundException(bArr);
        }
        SelectFileApduResponse selectFileApduResponse = new SelectFileApduResponse(transmit);
        if (selectFileApduResponse.isOk()) {
            return HexUtils.getUnsignedInt(new byte[]{selectFileApduResponse.getData()[4], selectFileApduResponse.getData()[5]}, 0);
        }
        StatusWord statusWord = selectFileApduResponse.getStatusWord();
        if (statusWord.equals(new StatusWord((byte) 106, (byte) -126))) {
            throw new FileNotFoundException(bArr);
        }
        throw new Iso7816FourCardException(statusWord, selectFileByIdApduCommand);
    }

    @Override // es.gob.jmulticard.card.iso7816four.AbstractIso7816FourCard
    public void selectMasterFile() throws ApduConnectionException, Iso7816FourCardException {
        selectFileById(MF_PATH);
    }

    public void setCallbackHandler(CallbackHandler callbackHandler) {
        this.callbackHandler = callbackHandler;
    }

    public void setPasswordCallback(PasswordCallback passwordCallback) {
        this.passwordCallback = passwordCallback;
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public byte[] sign(byte[] bArr, String str, PrivateKeyReference privateKeyReference) throws CryptoCardException, PinException {
        if (bArr == null) {
            throw new CryptoCardException("Los datos a firmar no pueden ser nulos");
        }
        if (privateKeyReference == null) {
            throw new IllegalArgumentException("La clave privada no puede ser nula");
        }
        if (!(privateKeyReference instanceof SmartCafePrivateKeyReference)) {
            throw new IllegalArgumentException("La clave proporcionada debe ser de tipo " + SmartCafePrivateKeyReference.class.getName() + ", pero se ha recibido de tipo " + privateKeyReference.getClass().getName());
        }
        SmartCafePrivateKeyReference smartCafePrivateKeyReference = (SmartCafePrivateKeyReference) privateKeyReference;
        if (!this.authenticated) {
            try {
                verifyPin(getInternalPasswordCallback());
                this.authenticated = true;
            } catch (ApduConnectionException e10) {
                throw new CryptoCardException("Error en la verificacion de PIN", e10);
            }
        }
        try {
            ResponseApdu sendArbitraryApdu = sendArbitraryApdu(new MseSetComputationApduCommand((byte) 1, new byte[]{(byte) smartCafePrivateKeyReference.getKeyOrdinal()}, new byte[]{2}));
            String str2 = HttpUrl.FRAGMENT_ENCODE_SET;
            if (sendArbitraryApdu == null || !sendArbitraryApdu.isOk()) {
                StringBuilder sb2 = new StringBuilder("No se ha podido establecer la clave y el algoritmo de firma");
                if (sendArbitraryApdu != null) {
                    str2 = " (repuesta=" + sendArbitraryApdu + ")";
                }
                sb2.append(str2);
                throw new CryptoCardException(sb2.toString());
            }
            try {
                try {
                    ResponseApdu sendArbitraryApdu2 = sendArbitraryApdu(new PsoSignHashApduCommand((byte) 1, DigestInfo.encode(str, bArr, this.cryptoHelper)));
                    if (sendArbitraryApdu2 != null && sendArbitraryApdu2.isOk()) {
                        return sendArbitraryApdu2.getData();
                    }
                    StringBuilder sb3 = new StringBuilder("No se ha podido firmar el DigestInfo");
                    if (sendArbitraryApdu2 != null) {
                        str2 = " (repuesta=" + sendArbitraryApdu2 + ")";
                    }
                    sb3.append(str2);
                    throw new CryptoCardException(sb3.toString());
                } catch (ApduConnectionException e11) {
                    throw new CryptoCardException("Error firmando (repuesta=" + sendArbitraryApdu + ")", e11);
                }
            } catch (IOException e12) {
                throw new CryptoCardException("Error en el calculo de la huella para firmar", e12);
            }
        } catch (ApduConnectionException e13) {
            throw new CryptoCardException("Error estableciendo la clave y el algoritmo de firma (repuesta=null)", e13);
        }
    }

    public String toString() {
        StringBuilder sb2 = new StringBuilder(getCardName());
        sb2.append("\n Tarjeta con ");
        sb2.append(CERTS_BY_ALIAS.size());
        sb2.append(" certificado(s):\n");
        String[] aliases = getAliases();
        int i10 = 0;
        while (i10 < aliases.length) {
            sb2.append("  ");
            int i11 = i10 + 1;
            sb2.append(i11);
            sb2.append(" - ");
            sb2.append(aliases[i10]);
            i10 = i11;
        }
        return sb2.toString();
    }

    @Override // es.gob.jmulticard.card.iso7816four.AbstractIso7816FourCard
    public void verifyPin(PasswordCallback passwordCallback) throws ApduConnectionException, PinException, PasswordCallbackNotFoundException {
        if (passwordCallback == null) {
            throw new PasswordCallbackNotFoundException("No se puede verificar el titular con un PasswordCallback nulo");
        }
        ResponseApdu transmit = getConnection().transmit(new GiDeVerifyApduCommand(passwordCallback));
        if (transmit.isOk()) {
            return;
        }
        if (transmit.getStatusWord().getMsb() == 99) {
            throw new BadPinException(transmit.getStatusWord().getLsb() + 64);
        }
        if (transmit.getStatusWord().getMsb() == 105 && transmit.getStatusWord().getLsb() == -125) {
            throw new AuthenticationModeLockedException();
        }
        throw new ApduConnectionException(new Iso7816FourCardException("Error en la verificacion de PIN (" + transmit.getStatusWord() + ")", transmit.getStatusWord()));
    }
}
