package at.gv.egiz.smcc;

import at.gv.egiz.smcc.SignatureCard;
import at.gv.egiz.smcc.pin.gui.PINGUI;
import at.gv.egiz.smcc.util.ISO7816Utils;
import at.gv.egiz.smcc.util.SMCCHelper;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.smartcardio.CardChannel;
import javax.smartcardio.CardException;
import javax.smartcardio.CommandAPDU;
import javax.smartcardio.ResponseAPDU;
import org.bouncycastle.crypto.tls.CipherSuite;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:at/gv/egiz/smcc/PtEidCard.class */
public class PtEidCard extends AbstractSignatureCard {
    private final Logger log = LoggerFactory.getLogger((Class<?>) PtEidCard.class);
    private static final byte[] AID_APPLET = {96, 70, 50, -1, 0, 0, 2};
    private static final byte[] DF_ISSUES = {95, 0};
    private static final byte[] EF_SIGN_CERT = {-17, 8};
    private static final PinInfo QS_PIN_SPEC = new PinInfo(4, 4, "[0-9]", "at/gv/egiz/smcc/PtEidCard", "sig.pin", (byte) -126, DF_ISSUES, -1);

    @Override // at.gv.egiz.smcc.SignatureCard
    public byte[] getCertificate(SignatureCard.KeyboxName keyboxName, PINGUI pingui) throws SignatureCardException, InterruptedException {
        try {
            CardChannel cardChannel = getCardChannel();
            execSELECT_AID(cardChannel, AID_APPLET);
            execSELECT_FID(cardChannel, DF_ISSUES);
            byte[] readTransparentFileTLV = ISO7816Utils.readTransparentFileTLV(cardChannel, ISO7816Utils.getLengthFromFCx(execSELECT_FID(cardChannel, EF_SIGN_CERT)), (byte) 48);
            if (readTransparentFileTLV == null) {
                throw new NotActivatedException();
            }
            return readTransparentFileTLV;
        } catch (FileNotFoundException e) {
            throw new NotActivatedException();
        } catch (CardException e2) {
            this.log.info("Failed to get certificate.", e2);
            throw new SignatureCardException(e2);
        }
    }

    @Override // at.gv.egiz.smcc.SignatureCard
    public byte[] getInfobox(String str, PINGUI pingui, String str2) throws SignatureCardException, InterruptedException {
        throw new IllegalArgumentException("Infobox '" + str + "' not supported.");
    }

    @Override // at.gv.egiz.smcc.SignatureCard
    public byte[] createSignature(InputStream inputStream, SignatureCard.KeyboxName keyboxName, PINGUI pingui, String str) throws SignatureCardException, InterruptedException, IOException {
        if (!"http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(str)) {
            throw new SignatureCardException("Card does not support algorithm " + str + ".");
        }
        byte[] bArr = {Byte.MIN_VALUE, 1, 18, -124, 1, 1};
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            byte[] bArr2 = new byte[messageDigest.getDigestLength()];
            while (true) {
                int read = inputStream.read(bArr2);
                if (read == -1) {
                    byte[] digest = messageDigest.digest();
                    try {
                        CardChannel cardChannel = getCardChannel();
                        execSELECT_AID(cardChannel, AID_APPLET);
                        execSELECT_FID(cardChannel, DF_ISSUES);
                        verifyPINLoop(cardChannel, QS_PIN_SPEC, pingui);
                        execMSE(cardChannel, 115, 3, null);
                        execMSE(cardChannel, 65, CipherSuite.TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, bArr);
                        execPSO_HASH(cardChannel, digest);
                        return execPSO_COMPUTE_DIGITAL_SIGNATURE(cardChannel);
                    } catch (CardException e) {
                        this.log.warn("Failed to execute command.", e);
                        throw new SignatureCardException("Failed to access card.", e);
                    }
                }
                messageDigest.update(bArr2, 0, read);
            }
        } catch (NoSuchAlgorithmException e2) {
            this.log.error("Failed to get MessageDigest.", (Throwable) e2);
            throw new SignatureCardException(e2);
        }
    }

    protected void verifyPINLoop(CardChannel cardChannel, PinInfo pinInfo, PINGUI pingui) throws LockedException, NotActivatedException, SignatureCardException, InterruptedException, CardException {
        int i = -1;
        do {
            i = verifyPIN(cardChannel, pinInfo, pingui, i);
        } while (i >= -1);
    }

    protected int verifyPIN(CardChannel cardChannel, PinInfo pinInfo, PINGUI pingui, int i) throws SignatureCardException, LockedException, NotActivatedException, InterruptedException, CardException {
        ResponseAPDU verify = this.reader.verify(cardChannel, new VerifyAPDUSpec(new byte[]{0, 32, 0, pinInfo.getKID(), 8, -1, -1, -1, -1, -1, -1, -1, -1}, 0, 2, 8), pingui, pinInfo, i);
        if (verify.getSW() == 36864) {
            return -2;
        }
        if ((verify.getSW() >> 4) == 1596) {
            return 15 & verify.getSW();
        }
        switch (verify.getSW()) {
            case 25344:
                return -1;
            case 27011:
                throw new LockedException();
            default:
                String str = "VERIFY failed. SW=" + Integer.toHexString(verify.getSW());
                this.log.info(str);
                throw new SignatureCardException(str);
        }
    }

    protected void execSELECT_AID(CardChannel cardChannel, byte[] bArr) throws SignatureCardException, CardException {
        ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, CipherSuite.TLS_DH_DSS_WITH_AES_128_GCM_SHA256, 4, 12, bArr, 256));
        if (transmit.getSW() == 27266) {
            String str = "File or application not found FID=" + SMCCHelper.toString(bArr) + " SW=" + Integer.toHexString(transmit.getSW()) + ".";
            this.log.info(str);
            throw new FileNotFoundException(str);
        }
        if (transmit.getSW() != 36864) {
            String str2 = "Failed to select application FID=" + SMCCHelper.toString(bArr) + " SW=" + Integer.toHexString(transmit.getSW()) + ".";
            this.log.error(str2);
            throw new SignatureCardException(str2);
        }
    }

    protected byte[] execSELECT_FID(CardChannel cardChannel, byte[] bArr) throws SignatureCardException, CardException {
        ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, CipherSuite.TLS_DH_DSS_WITH_AES_128_GCM_SHA256, 0, 0, bArr, 256));
        if (transmit.getSW() == 27266) {
            String str = "File or application not found FID=" + SMCCHelper.toString(bArr) + " SW=" + Integer.toHexString(transmit.getSW()) + ".";
            this.log.info(str);
            throw new FileNotFoundException(str);
        }
        if (transmit.getSW() == 36864) {
            return transmit.getBytes();
        }
        String str2 = "Failed to select application FID=" + SMCCHelper.toString(bArr) + " SW=" + Integer.toHexString(transmit.getSW()) + ".";
        this.log.error(str2);
        throw new SignatureCardException(str2);
    }

    protected void execMSE(CardChannel cardChannel, int i, int i2, byte[] bArr) throws CardException, SignatureCardException {
        ResponseAPDU transmit = bArr == null ? cardChannel.transmit(new CommandAPDU(0, 34, i, i2, 256)) : cardChannel.transmit(new CommandAPDU(0, 34, i, i2, bArr, 256));
        if (transmit.getSW() != 36864) {
            throw new SignatureCardException("MSE:SET failed: SW=" + Integer.toHexString(transmit.getSW()));
        }
    }

    protected void execPSO_HASH(CardChannel cardChannel, byte[] bArr) throws CardException, SignatureCardException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(bArr.length + 2);
        try {
            byteArrayOutputStream.write(144);
            byteArrayOutputStream.write(bArr.length);
            byteArrayOutputStream.write(bArr);
            ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, 42, 144, 160, byteArrayOutputStream.toByteArray()));
            if (transmit.getSW() != 36864) {
                throw new SignatureCardException("PSO - HASH failed: SW=" + Integer.toHexString(transmit.getSW()));
            }
        } catch (IOException e) {
            throw new SignatureCardException(e);
        }
    }

    protected byte[] execPSO_COMPUTE_DIGITAL_SIGNATURE(CardChannel cardChannel) throws CardException, SignatureCardException {
        ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, 42, CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_DHE_RSA_WITH_SEED_CBC_SHA, 20));
        if (transmit.getSW() == 27010) {
            throw new SecurityStatusNotSatisfiedException();
        }
        if (transmit.getSW() == 27011) {
            throw new LockedException();
        }
        if (transmit.getSW() != 36864) {
            throw new SignatureCardException("PSO: COMPUTE DIGITAL SIGNATURE failed: SW=" + Integer.toHexString(transmit.getSW()));
        }
        return transmit.getData();
    }
}
