package at.gv.egiz.smcc;

import at.gv.egiz.smcc.SignatureCard;
import at.gv.egiz.smcc.pin.gui.ModifyPINGUI;
import at.gv.egiz.smcc.pin.gui.PINGUI;
import at.gv.egiz.smcc.util.MSCMException;
import at.gv.egiz.smcc.util.MSCMService;
import iaik.me.security.CryptoBag;
import iaik.me.security.CryptoException;
import iaik.me.security.MessageDigest;
import iaik.me.security.cipher.TripleDES;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.util.zip.DataFormatException;
import java.util.zip.Inflater;
import javax.smartcardio.Card;
import javax.smartcardio.CardChannel;
import javax.smartcardio.CardException;
import javax.smartcardio.CardTerminal;
import org.apache.http.protocol.HTTP;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sun.security.rsa.RSAPadding;

/* loaded from: input_file:at/gv/egiz/smcc/GemaltoNetV2_0Card.class */
public class GemaltoNetV2_0Card extends AbstractSignatureCard implements PINMgmtSignatureCard {
    PinInfo pinPinInfo;
    PinInfo pukPinInfo;
    private final Logger log = LoggerFactory.getLogger((Class<?>) GemaltoNetV2_0Card.class);
    private final byte[] SHA1_PADDING = {48, 33, 48, 9, 6, 5, 43, 14, 3, 2, 26, 5, 0, 4, 20};
    private final byte[] SHA256_PADDING = {48, 49, 48, 13, 6, 9, 96, -122, 72, 1, 101, 3, 4, 2, 1, 5, 0, 4, 32};

    @Override // at.gv.egiz.smcc.AbstractSignatureCard, at.gv.egiz.smcc.SignatureCard
    public void init(Card card, CardTerminal cardTerminal) {
        super.init(card, cardTerminal);
        this.log.info("GemaltoNetV2 card found");
        this.pinPinInfo = new PinInfo(4, 64, "[0-9]", "at/gv/egiz/smcc/GemaltoNetV2_0Card", "sig.pin", (byte) 1, new byte[0], 5);
        this.pukPinInfo = new PinInfo(48, 48, "[0-9A-F]", "at/gv/egiz/smcc/GemaltoNetV2_0Card", "sig.puk", (byte) 2, new byte[0], 3);
    }

    public static byte[] hexStringToByteArray(String str) {
        int length = str.length();
        byte[] bArr = new byte[length / 2];
        for (int i = 0; i < length; i += 2) {
            bArr[i / 2] = (byte) ((Character.digit(str.charAt(i), 16) << 4) + Character.digit(str.charAt(i + 1), 16));
        }
        return bArr;
    }

    @Override // at.gv.egiz.smcc.SignatureCard
    public byte[] getCertificate(SignatureCard.KeyboxName keyboxName, PINGUI pingui) throws SignatureCardException, InterruptedException {
        try {
            byte[] readFile = new MSCMService(getCardChannel()).readFile("mscp\\ksc00");
            Inflater inflater = new Inflater();
            inflater.setInput(readFile, 4, readFile.length - 4);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            while (!inflater.finished()) {
                byte[] bArr = new byte[1024];
                byteArrayOutputStream.write(bArr, 0, inflater.inflate(bArr, 0, bArr.length));
            }
            return byteArrayOutputStream.toByteArray();
        } catch (MSCMException e) {
            this.log.info("Failed to get certificate.", (Throwable) e);
            throw new SignatureCardException(e);
        } catch (IOException e2) {
            this.log.info("Failed to get certificate.", (Throwable) e2);
            throw new SignatureCardException(e2);
        } catch (DataFormatException e3) {
            this.log.info("Failed to get certificate.", (Throwable) e3);
            throw new SignatureCardException(e3);
        } catch (CardException e4) {
            this.log.info("Failed to get certificate.", e4);
            throw new SignatureCardException(e4);
        }
    }

    @Override // at.gv.egiz.smcc.SignatureCard
    public byte[] getInfobox(String str, PINGUI pingui, String str2) throws SignatureCardException, InterruptedException {
        throw new IllegalArgumentException("Infobox '" + str + "' not supported.");
    }

    @Override // at.gv.egiz.smcc.SignatureCard
    public byte[] createSignature(InputStream inputStream, SignatureCard.KeyboxName keyboxName, PINGUI pingui, String str) throws SignatureCardException, InterruptedException, IOException {
        MessageDigest messageDigest;
        boolean z = false;
        try {
            if (SignatureCard.KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName) && (str == null || "http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(str))) {
                messageDigest = MessageDigest.getInstance("SHA-1");
                z = true;
            } else {
                if (!SignatureCard.KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName) || !"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256".equals(str)) {
                    throw new SignatureCardException("Card does not support signature algorithm " + str + ".");
                }
                messageDigest = MessageDigest.getInstance("SHA-256");
            }
            byte[] bArr = new byte[messageDigest.getDigestLength()];
            while (true) {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    break;
                }
                messageDigest.update(bArr, 0, read);
            }
            byte[] digest = messageDigest.digest();
            try {
                RSAPadding rSAPadding = RSAPadding.getInstance(1, 256);
                CardChannel cardChannel = getCardChannel();
                MSCMService mSCMService = new MSCMService(cardChannel);
                verifyPINLoop(cardChannel, this.pinPinInfo, pingui);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                if (z) {
                    byteArrayOutputStream.write(this.SHA1_PADDING);
                } else {
                    byteArrayOutputStream.write(this.SHA256_PADDING);
                }
                byteArrayOutputStream.write(digest);
                byteArrayOutputStream.close();
                return mSCMService.privateKeyDecrypt((byte) 0, (byte) 2, rSAPadding.pad(byteArrayOutputStream.toByteArray()));
            } catch (Throwable th) {
                this.log.warn("Failed to execute command.", th);
                throw new SignatureCardException("Failed to access card.", th);
            }
        } catch (CryptoException e) {
            this.log.error("Failed to get MessageDigest.", (Throwable) e);
            throw new SignatureCardException(e);
        }
    }

    protected void unblockPINLoop(CardChannel cardChannel, ModifyPINGUI modifyPINGUI, PinInfo pinInfo) throws InterruptedException, CardException, SignatureCardException {
        do {
        } while (exec_unblockPIN(cardChannel, modifyPINGUI, pinInfo) > 0);
    }

    protected int exec_unblockPIN(CardChannel cardChannel, ModifyPINGUI modifyPINGUI, PinInfo pinInfo) throws InterruptedException, CardException, SignatureCardException {
        char[] providePUK = modifyPINGUI.providePUK(pinInfo, this.pukPinInfo, this.pukPinInfo.retries);
        byte[] encodePIN = encodePIN(modifyPINGUI.provideNewPIN(pinInfo));
        MSCMService mSCMService = new MSCMService(cardChannel);
        try {
            byte[] hexStringToByteArray = hexStringToByteArray(new String(providePUK));
            if (hexStringToByteArray.length != 24) {
                throw new SignatureCardException("Invalid ADMIN PIN (not 24 bytes long)!");
            }
            mSCMService.unblockPIN((byte) 1, mSCMService.cryptoResponse(mSCMService.getChallenge(), hexStringToByteArray), encodePIN, pinInfo.maxRetries);
            pinInfo.setActive(pinInfo.maxRetries);
            return -1;
        } catch (MSCMException e) {
            this.log.info(e.getMessage());
            try {
                return mSCMService.getTriesRemaining((byte) 2);
            } catch (MSCMException e2) {
                this.log.info("getTriesRemaining failed.");
                pinInfo.setUnknown();
                throw new SignatureCardException("getTriesRemaining failed.", e2);
            } catch (IOException e3) {
                this.log.info("getTriesRemaining failed.");
                pinInfo.setUnknown();
                throw new SignatureCardException("getTriesRemaining failed.", e3);
            }
        } catch (IOException e4) {
            this.log.info("SET PIN failed.");
            pinInfo.setUnknown();
            throw new SignatureCardException("SET PIN failed.", e4);
        }
    }

    protected void verifyPINLoop(CardChannel cardChannel, PinInfo pinInfo, PINGUI pingui) throws InterruptedException, CardException, SignatureCardException {
        int i = -1;
        do {
            i = verifyPIN(cardChannel, pinInfo, pingui, i);
        } while (i > 0);
    }

    protected int verifyPUK(CardChannel cardChannel, PinInfo pinInfo, PINGUI pingui, int i) throws InterruptedException, CardException, SignatureCardException {
        byte[] hexStringToByteArray = hexStringToByteArray(new String(pingui.providePIN(pinInfo, pinInfo.retries)));
        if (hexStringToByteArray.length != 24) {
            throw new SignatureCardException("Invalid ADMIN PIN (not 24 bytes long)!");
        }
        MSCMService mSCMService = new MSCMService(cardChannel);
        try {
            mSCMService.doExternalAuthentication(mSCMService.cryptoResponse(mSCMService.getChallenge(), hexStringToByteArray));
            pinInfo.setActive(pinInfo.maxRetries);
            return -1;
        } catch (MSCMException e) {
            try {
                int triesRemaining = mSCMService.getTriesRemaining(pinInfo.getKID());
                pinInfo.setActive(triesRemaining);
                return triesRemaining;
            } catch (Exception e2) {
                this.log.error("Failed to get remaining tries");
                throw new SignatureCardException(e2);
            }
        } catch (IOException e3) {
            this.log.error("Failed to verify PIN");
            throw new SignatureCardException(e3);
        }
    }

    protected int verifyPIN(CardChannel cardChannel, PinInfo pinInfo, PINGUI pingui, int i) throws InterruptedException, CardException, SignatureCardException {
        byte[] encodePIN = encodePIN(pingui.providePIN(pinInfo, pinInfo.retries));
        MSCMService mSCMService = new MSCMService(cardChannel);
        try {
            mSCMService.verifyPin(pinInfo.getKID(), encodePIN);
            pinInfo.setActive(pinInfo.maxRetries);
            return -1;
        } catch (MSCMException e) {
            try {
                int triesRemaining = mSCMService.getTriesRemaining(pinInfo.getKID());
                if (triesRemaining == 0) {
                    pinInfo.setBlocked();
                    throw new LockedException();
                }
                pinInfo.setActive(triesRemaining);
                return triesRemaining;
            } catch (MSCMException e2) {
                this.log.error("Failed to get remaining tries");
                throw new SignatureCardException(e2);
            } catch (IOException e3) {
                this.log.error("Failed to get remaining tries");
                throw new SignatureCardException(e3);
            }
        } catch (IOException e4) {
            this.log.error("Failed to verify PIN");
            throw new SignatureCardException(e4);
        }
    }

    protected void changePINLoop(CardChannel cardChannel, ModifyPINGUI modifyPINGUI, PinInfo pinInfo) throws InterruptedException, CardException, SignatureCardException {
        do {
        } while ((pinInfo.getKID() == 2 ? exec_changePUK(cardChannel, modifyPINGUI, pinInfo) : exec_changePIN(cardChannel, modifyPINGUI, pinInfo)) > 0);
    }

    protected byte[] cryptoChallenge(byte[] bArr, byte[] bArr2) {
        try {
            TripleDES tripleDES = new TripleDES();
            tripleDES.init(1, CryptoBag.makeSecretKey(bArr2), CryptoBag.makeIV(new byte[]{0, 0, 0, 0, 0, 0, 0, 0}), null);
            this.log.info("Crypto IV: " + MSCMService.bytArrayToHex(tripleDES.getIV().getEncoded()));
            byte[] doFinal = tripleDES.doFinal(bArr);
            this.log.info("Crypto result: " + MSCMService.bytArrayToHex(doFinal));
            return doFinal;
        } catch (CryptoException e) {
            this.log.error("Failed to get crypto stuff", (Throwable) e);
            return null;
        }
    }

    protected int exec_changePUK(CardChannel cardChannel, ModifyPINGUI modifyPINGUI, PinInfo pinInfo) throws InterruptedException, CardException, SignatureCardException {
        char[] providePUK = modifyPINGUI.providePUK(pinInfo, this.pukPinInfo, this.pukPinInfo.retries);
        char[] provideNewPIN = modifyPINGUI.provideNewPIN(pinInfo);
        MSCMService mSCMService = new MSCMService(cardChannel);
        try {
            byte[] hexStringToByteArray = hexStringToByteArray(new String(providePUK));
            byte[] hexStringToByteArray2 = hexStringToByteArray(new String(provideNewPIN));
            if (hexStringToByteArray.length != 24) {
                throw new SignatureCardException("Invalid ADMIN PIN (not 24 bytes long)!");
            }
            if (hexStringToByteArray2.length != 24) {
                throw new SignatureCardException("Invalid ADMIN PIN (not 24 bytes long)!");
            }
            mSCMService.changePIN((byte) 2, mSCMService.cryptoResponse(mSCMService.getChallenge(), hexStringToByteArray), hexStringToByteArray2, pinInfo.maxRetries);
            pinInfo.setActive(pinInfo.maxRetries);
            return -1;
        } catch (MSCMException e) {
            this.log.info(e.getMessage());
            try {
                int triesRemaining = mSCMService.getTriesRemaining(pinInfo.getKID());
                if (triesRemaining == 0) {
                    pinInfo.setBlocked();
                    throw new LockedException();
                }
                pinInfo.setActive(triesRemaining);
                return triesRemaining;
            } catch (MSCMException e2) {
                this.log.info("getTriesRemaining failed.");
                pinInfo.setUnknown();
                throw new SignatureCardException("getTriesRemaining failed.", e2);
            } catch (IOException e3) {
                this.log.info("getTriesRemaining failed.");
                pinInfo.setUnknown();
                throw new SignatureCardException("getTriesRemaining failed.", e3);
            }
        } catch (IOException e4) {
            this.log.info("SET PIN failed.");
            pinInfo.setUnknown();
            throw new SignatureCardException("SET PIN failed.", e4);
        }
    }

    protected int exec_changePIN(CardChannel cardChannel, ModifyPINGUI modifyPINGUI, PinInfo pinInfo) throws InterruptedException, CardException, SignatureCardException {
        char[] providePUK = modifyPINGUI.providePUK(pinInfo, this.pinPinInfo, this.pinPinInfo.retries);
        char[] provideNewPIN = modifyPINGUI.provideNewPIN(pinInfo);
        byte[] encodePIN = encodePIN(providePUK);
        byte[] encodePIN2 = encodePIN(provideNewPIN);
        MSCMService mSCMService = new MSCMService(cardChannel);
        try {
            mSCMService.changePIN((byte) 1, encodePIN, encodePIN2, pinInfo.maxRetries);
            pinInfo.setActive(pinInfo.maxRetries);
            return -1;
        } catch (MSCMException e) {
            this.log.info(e.getMessage());
            try {
                int triesRemaining = mSCMService.getTriesRemaining(pinInfo.getKID());
                if (triesRemaining == 0) {
                    pinInfo.setBlocked();
                    throw new LockedException();
                }
                pinInfo.setActive(triesRemaining);
                return triesRemaining;
            } catch (MSCMException e2) {
                this.log.info("getTriesRemaining failed.");
                pinInfo.setUnknown();
                throw new SignatureCardException("getTriesRemaining failed.", e2);
            } catch (IOException e3) {
                this.log.info("getTriesRemaining failed.");
                pinInfo.setUnknown();
                throw new SignatureCardException("getTriesRemaining failed.", e3);
            }
        } catch (IOException e4) {
            this.log.info("SET PIN failed.");
            pinInfo.setUnknown();
            throw new SignatureCardException("SET PIN failed.", e4);
        }
    }

    private byte[] encodePIN(char[] cArr) {
        return Charset.forName(HTTP.ASCII).encode(CharBuffer.wrap(cArr)).array();
    }

    @Override // at.gv.egiz.smcc.PINMgmtSignatureCard
    public PinInfo[] getPinInfos() throws SignatureCardException {
        return new PinInfo[]{this.pinPinInfo, this.pukPinInfo};
    }

    @Override // at.gv.egiz.smcc.PINMgmtSignatureCard
    public void verifyPIN(PinInfo pinInfo, PINGUI pingui) throws LockedException, NotActivatedException, CancelledException, SignatureCardException, InterruptedException {
        try {
            CardChannel cardChannel = getCardChannel();
            if (pinInfo.getKID() == 2) {
                verifyPUK(cardChannel, pinInfo, pingui, pinInfo.retries);
            } else {
                verifyPIN(cardChannel, pinInfo, pingui, pinInfo.retries);
            }
        } catch (CardException e) {
            this.log.error("Failed to verify PIN");
            throw new SignatureCardException((Throwable) e);
        }
    }

    @Override // at.gv.egiz.smcc.PINMgmtSignatureCard
    public void changePIN(PinInfo pinInfo, ModifyPINGUI modifyPINGUI) throws LockedException, NotActivatedException, CancelledException, PINFormatException, SignatureCardException, InterruptedException {
        try {
            changePINLoop(getCardChannel(), modifyPINGUI, pinInfo);
        } catch (CardException e) {
            this.log.error("Failed to change PIN");
            throw new SignatureCardException((Throwable) e);
        }
    }

    @Override // at.gv.egiz.smcc.PINMgmtSignatureCard
    public void activatePIN(PinInfo pinInfo, ModifyPINGUI modifyPINGUI) throws CancelledException, SignatureCardException, InterruptedException {
        this.log.error("ACTIVATE PIN not supported by Cypriotic EID");
        throw new SignatureCardException("PIN activation not supported by this card.");
    }

    @Override // at.gv.egiz.smcc.PINMgmtSignatureCard
    public void unblockPIN(PinInfo pinInfo, ModifyPINGUI modifyPINGUI) throws CancelledException, SignatureCardException, InterruptedException {
        if (pinInfo.getKID() == 2) {
            throw new SignatureCardException("Unable to unblock PUK");
        }
        try {
            unblockPINLoop(getCardChannel(), modifyPINGUI, pinInfo);
        } catch (CardException e) {
            this.log.info("Failed to unblock PIN.", e);
            throw new SignatureCardException("Failed to unblock PIN.", e);
        }
    }
}
