package at.gv.egiz.smcc;

import at.gv.egiz.smcc.PinInfo;
import at.gv.egiz.smcc.SignatureCard;
import at.gv.egiz.smcc.cio.ObjectDirectory;
import at.gv.egiz.smcc.pin.gui.ModifyPINGUI;
import at.gv.egiz.smcc.pin.gui.PINGUI;
import at.gv.egiz.smcc.util.SMCCHelper;
import iaik.me.asn1.ASN1;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.smartcardio.Card;
import javax.smartcardio.CardChannel;
import javax.smartcardio.CardException;
import javax.smartcardio.CardTerminal;
import javax.smartcardio.CommandAPDU;
import javax.smartcardio.ResponseAPDU;
import org.apache.http.protocol.HTTP;
import org.bouncycastle.crypto.tls.CipherSuite;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:at/gv/egiz/smcc/CypriotEID.class */
public class CypriotEID extends AbstractSignatureCard implements PINMgmtSignatureCard {
    private final Logger log = LoggerFactory.getLogger((Class<?>) ACOSCard.class);
    public static final byte KID_PUK_SIG = 2;
    public static final byte KID_PIN_SIG = 1;
    public static final byte[] CD_ID = {112, 5};
    public static final byte[] MF_ID = {63, 0};
    public static final byte[] ADF_AWP_ID = {-83, -15};
    public static final byte[] AID_SIG = {-96, 0, 0, 0, 119, 1, 8, 0, 7, 0, 0, -2, 0, 0, 1, 0};
    PinInfo pinPinInfo;
    PinInfo pukPinInfo;
    ObjectDirectory od;
    protected byte[] cert_id;

    @Override // at.gv.egiz.smcc.AbstractSignatureCard, at.gv.egiz.smcc.SignatureCard
    public void init(Card card, CardTerminal cardTerminal) {
        super.init(card, cardTerminal);
        this.log.info("Cypriot EID found");
        this.pinPinInfo = new PinInfo(4, 64, "[0-9]", "at/gv/egiz/smcc/CypriotEID", "sig.pin", (byte) 1, AID_SIG, 3);
        this.pukPinInfo = new PinInfo(4, 64, "[0-9]", "at/gv/egiz/smcc/CypriotEID", "sig.puk", (byte) 2, AID_SIG, 3);
        try {
            exec_readcd(getCardChannel());
        } catch (SignatureCardException e) {
            this.log.warn("Failed to read the certificate ID", (Throwable) e);
            this.cert_id = null;
        } catch (CardException e2) {
            this.log.warn("Failed to read the certificate ID", e2);
            this.cert_id = null;
        } catch (IOException e3) {
            this.log.warn("Failed to read the certificate ID", (Throwable) e3);
            this.cert_id = null;
        }
    }

    @Override // at.gv.egiz.smcc.SignatureCard
    public byte[] getCertificate(SignatureCard.KeyboxName keyboxName, PINGUI pingui) throws SignatureCardException, InterruptedException {
        try {
            return exec_readcert(getCardChannel());
        } catch (IOException e) {
            this.log.info("Failed to get the certificate.", (Throwable) e);
            throw new SignatureCardException("Failed to get the certificate.", e);
        } catch (CardException e2) {
            this.log.info("Failed to get the certificate.", e2);
            throw new SignatureCardException("Failed to get the certificate.", e2);
        }
    }

    @Override // at.gv.egiz.smcc.SignatureCard
    public byte[] getInfobox(String str, PINGUI pingui, String str2) throws SignatureCardException, InterruptedException {
        throw new IllegalArgumentException("Infobox '" + str + "' not supported.");
    }

    @Override // at.gv.egiz.smcc.SignatureCard
    public byte[] createSignature(InputStream inputStream, SignatureCard.KeyboxName keyboxName, PINGUI pingui, String str) throws SignatureCardException, InterruptedException, IOException {
        byte b;
        MessageDigest messageDigest;
        try {
            if (SignatureCard.KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName) && (str == null || "http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(str))) {
                b = 18;
                messageDigest = MessageDigest.getInstance("SHA-1");
            } else {
                if (!SignatureCard.KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName) || !"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256".equals(str)) {
                    throw new SignatureCardException("Card does not support signature algorithm " + str + ".");
                }
                b = 65;
                messageDigest = MessageDigest.getInstance("SHA-256");
            }
            byte[] bArr = new byte[messageDigest.getDigestLength()];
            while (true) {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    byte[] digest = messageDigest.digest();
                    CardChannel cardChannel = getCardChannel();
                    try {
                        try {
                            exec_selectADF(cardChannel);
                            exec_MSE(cardChannel, b);
                            return exec_sign(cardChannel, digest);
                        } catch (SecurityStatusNotSatisfiedException e) {
                            exec_selectADF(cardChannel);
                            exec_MSE(cardChannel, b);
                            verifyPINLoop(cardChannel, this.pinPinInfo, pingui);
                            return exec_sign(cardChannel, digest);
                        }
                    } catch (CardException e2) {
                        this.log.info("Failed to create digital signature", e2);
                        throw new SignatureCardException("Failed to create digital signature", e2);
                    }
                }
                messageDigest.update(bArr, 0, read);
            }
        } catch (NoSuchAlgorithmException e3) {
            this.log.error("Failed to get MessageDigest.", (Throwable) e3);
            throw new SignatureCardException(e3);
        }
    }

    @Override // at.gv.egiz.smcc.PINMgmtSignatureCard
    public PinInfo[] getPinInfos() throws SignatureCardException {
        PinInfo[] pinInfoArr = {this.pinPinInfo, this.pukPinInfo};
        CardChannel cardChannel = getCardChannel();
        for (PinInfo pinInfo : pinInfoArr) {
            if (pinInfo.getState() == PinInfo.STATE.UNKNOWN) {
                try {
                    this.log.debug("Query pin status for {}.", pinInfo.getLocalizedName());
                    testPIN(cardChannel, pinInfo);
                } catch (Exception e) {
                    this.log.trace("Failed to execute command.", (Throwable) e);
                }
            } else if (this.log.isTraceEnabled()) {
                this.log.trace("assume pin status {} to be up to date", pinInfo.getState());
            }
        }
        return pinInfoArr;
    }

    @Override // at.gv.egiz.smcc.PINMgmtSignatureCard
    public void verifyPIN(PinInfo pinInfo, PINGUI pingui) throws LockedException, NotActivatedException, CancelledException, SignatureCardException, InterruptedException {
        CardChannel cardChannel = getCardChannel();
        try {
            exec_selectADF(cardChannel);
            verifyPINLoop(cardChannel, pinInfo, pingui);
        } catch (CardException e) {
            this.log.info("Failed to verify PIN.", e);
            throw new SignatureCardException("Failed to verify PIN.", e);
        }
    }

    public String toString() {
        return "Oberthur Thechnologies ID-ONE Token SLIM";
    }

    @Override // at.gv.egiz.smcc.PINMgmtSignatureCard
    public void changePIN(PinInfo pinInfo, ModifyPINGUI modifyPINGUI) throws LockedException, NotActivatedException, CancelledException, PINFormatException, SignatureCardException, InterruptedException {
        try {
            unblockPINLoop(getCardChannel(), modifyPINGUI, pinInfo);
        } catch (CardException e) {
            this.log.info("Failed to change PIN.", e);
            throw new SignatureCardException("Failed to change PIN.", e);
        }
    }

    @Override // at.gv.egiz.smcc.PINMgmtSignatureCard
    public void activatePIN(PinInfo pinInfo, ModifyPINGUI modifyPINGUI) throws CancelledException, SignatureCardException, InterruptedException {
        this.log.error("ACTIVATE PIN not supported by Cypriotic EID");
        throw new SignatureCardException("PIN activation not supported by this card.");
    }

    @Override // at.gv.egiz.smcc.PINMgmtSignatureCard
    public void unblockPIN(PinInfo pinInfo, ModifyPINGUI modifyPINGUI) throws CancelledException, SignatureCardException, InterruptedException {
        try {
            unblockPINLoop(getCardChannel(), modifyPINGUI, pinInfo);
        } catch (CardException e) {
            this.log.info("Failed to unblock PIN.", e);
            throw new SignatureCardException("Failed to unblock PIN.", e);
        }
    }

    protected void verifyPINLoop(CardChannel cardChannel, PinInfo pinInfo, PINGUI pingui) throws InterruptedException, CardException, SignatureCardException {
        int i = -1;
        do {
            i = verifyPIN(cardChannel, pinInfo, pingui, i);
        } while (i > 0);
    }

    protected void unblockPINLoop(CardChannel cardChannel, ModifyPINGUI modifyPINGUI, PinInfo pinInfo) throws InterruptedException, CardException, SignatureCardException {
        do {
        } while (exec_unblockPIN(cardChannel, modifyPINGUI, pinInfo) > 0);
    }

    protected int verifyPIN(CardChannel cardChannel, PinInfo pinInfo, PINGUI pingui, int i) throws InterruptedException, CardException, SignatureCardException {
        byte[] encodePIN = encodePIN(pingui.providePIN(pinInfo, pinInfo.retries));
        exec_selectADF(cardChannel);
        ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, 32, 0, pinInfo.getKID(), encodePIN));
        if (transmit.getSW() == 36864) {
            pinInfo.setActive(pinInfo.maxRetries);
            return -1;
        }
        if ((transmit.getSW() >> 4) == 1596) {
            pinInfo.setActive(15 & transmit.getSW());
            return 15 & transmit.getSW();
        }
        switch (transmit.getSW()) {
            case 27011:
                pinInfo.setBlocked();
                throw new LockedException();
            default:
                String str = "VERIFY failed. SW=" + Integer.toHexString(transmit.getSW());
                this.log.info(str);
                pinInfo.setUnknown();
                throw new SignatureCardException(str);
        }
    }

    protected int testPIN(CardChannel cardChannel, PinInfo pinInfo) throws InterruptedException, CardException, SignatureCardException {
        exec_selectADF(cardChannel);
        ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, 32, 0, pinInfo.getKID()));
        if (transmit.getSW() == 36864) {
            pinInfo.setActive(pinInfo.maxRetries);
            return -1;
        }
        if ((transmit.getSW() >> 4) == 1596) {
            pinInfo.setActive(15 & transmit.getSW());
            return 15 & transmit.getSW();
        }
        switch (transmit.getSW()) {
            case 27011:
                pinInfo.setBlocked();
                throw new LockedException();
            default:
                String str = "VERIFY failed. SW=" + Integer.toHexString(transmit.getSW());
                this.log.info(str);
                pinInfo.setUnknown();
                throw new SignatureCardException(str);
        }
    }

    private byte[] encodePIN(char[] cArr) {
        return Charset.forName(HTTP.ASCII).encode(CharBuffer.wrap(cArr)).array();
    }

    protected int exec_unblockPIN(CardChannel cardChannel, ModifyPINGUI modifyPINGUI, PinInfo pinInfo) throws InterruptedException, CardException, SignatureCardException {
        char[] providePUK = modifyPINGUI.providePUK(pinInfo, this.pukPinInfo, this.pukPinInfo.retries);
        char[] provideNewPIN = modifyPINGUI.provideNewPIN(pinInfo);
        byte[] encodePIN = encodePIN(providePUK);
        byte[] encodePIN2 = encodePIN(provideNewPIN);
        exec_selectADF(cardChannel);
        ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, 32, 0, this.pukPinInfo.getKID(), encodePIN));
        if (transmit.getSW() == 36864) {
            this.pukPinInfo.setActive(this.pukPinInfo.maxRetries);
            ResponseAPDU transmit2 = cardChannel.transmit(new CommandAPDU(0, 44, 2, pinInfo.getKID(), encodePIN2));
            if (transmit2.getSW() == 36864) {
                pinInfo.setActive(pinInfo.maxRetries);
                return -1;
            }
            String str = "SET PIN failed. SW=" + Integer.toHexString(transmit2.getSW());
            this.log.info(str);
            pinInfo.setUnknown();
            throw new SignatureCardException(str);
        }
        if ((transmit.getSW() >> 4) == 1596) {
            this.pukPinInfo.setActive(15 & transmit.getSW());
            return 15 & transmit.getSW();
        }
        if (transmit.getSW() == 27011) {
            this.pukPinInfo.setBlocked();
            throw new LockedException();
        }
        String str2 = "VERIFY failed. SW=" + Integer.toHexString(transmit.getSW());
        this.log.info(str2);
        this.pukPinInfo.setUnknown();
        throw new SignatureCardException(str2);
    }

    protected byte[] exec_readcert(CardChannel cardChannel) throws CardException, SignatureCardException, IOException {
        if (this.cert_id == null) {
            exec_readcd(cardChannel);
        }
        if (this.cert_id == null) {
            throw new CardException("Failed to read the certificate id");
        }
        exec_selectADF(cardChannel);
        exec_selectFILE(cardChannel, this.cert_id);
        return exec_readBinary(cardChannel);
    }

    protected void exec_readcd(CardChannel cardChannel) throws CardException, SignatureCardException, IOException {
        exec_selectADF(cardChannel);
        exec_selectFILE(cardChannel, CD_ID);
        ASN1 asn1 = new ASN1(exec_readBinary(cardChannel));
        for (int i = 0; i < asn1.getSize(); i++) {
            ASN1 elementAt = asn1.getElementAt(i);
            if (elementAt.getTagClass() == Integer.MIN_VALUE && elementAt.getTypeOnly() == 1) {
                ASN1 elementAt2 = elementAt.gvASN1().getElementAt(0).getElementAt(0);
                if (elementAt2.getTypeOnly() == 4) {
                    this.cert_id = elementAt2.gvByteArray();
                    return;
                }
            }
        }
        this.cert_id = null;
        throw new CardException("Failed to read the certificate ID.");
    }

    protected void exec_selectADF(CardChannel cardChannel) throws CardException, SignatureCardException {
        exec_selectFILE(cardChannel, MF_ID);
        exec_selectFILE(cardChannel, ADF_AWP_ID);
    }

    protected byte[] exec_selectFILE(CardChannel cardChannel, byte[] bArr) throws CardException, SignatureCardException {
        ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, CipherSuite.TLS_DH_DSS_WITH_AES_128_GCM_SHA256, 1, 12, bArr));
        if (transmit.getSW() == 36864) {
            return transmit.getBytes();
        }
        String str = "Failed to select File=" + SMCCHelper.toString(bArr) + " SW=" + Integer.toHexString(transmit.getSW()) + ".";
        this.log.info(str);
        throw new SignatureCardException(str);
    }

    protected void exec_MSE(CardChannel cardChannel, byte b) throws CardException {
        cardChannel.transmit(new CommandAPDU(0, 34, 65, CipherSuite.TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, new byte[]{Byte.MIN_VALUE, 1, b, -124, 1, -127}));
    }

    protected byte[] exec_sign(CardChannel cardChannel, byte[] bArr) throws CardException, SignatureCardException {
        ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, 42, CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_DHE_RSA_WITH_SEED_CBC_SHA, bArr));
        if (transmit.getSW() == 27010) {
            throw new SecurityStatusNotSatisfiedException();
        }
        if (transmit.getSW() != 36864) {
            throw new SignatureCardException("PSO - COMPUTE DIGITAL SIGNATURE failed: SW=" + Integer.toHexString(transmit.getSW()));
        }
        return transmit.getData();
    }

    protected byte[] exec_readBinary(CardChannel cardChannel) throws CardException, IOException, SignatureCardException {
        boolean z;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        int i = 0;
        do {
            ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, 176, (byte) (i >> 8), (byte) i, 0));
            if (transmit.getSW() != 36864) {
                String str = "Failed to read binary SW=" + Integer.toHexString(transmit.getSW()) + ".";
                this.log.info(str);
                throw new SignatureCardException(str);
            }
            byte[] data = transmit.getData();
            byteArrayOutputStream.write(data);
            z = data.length == 231;
            i += data.length;
        } while (z);
        return byteArrayOutputStream.toByteArray();
    }
}
