package at.gv.egiz.smcc;

import at.gv.egiz.smcc.SignatureCard;
import at.gv.egiz.smcc.pin.gui.ModifyPINGUI;
import at.gv.egiz.smcc.pin.gui.PINGUI;
import at.gv.egiz.smcc.util.ISO7816Utils;
import at.gv.egiz.smcc.util.SMCCHelper;
import iaik.me.asn1.ASN1;
import iaik.me.security.CryptoException;
import iaik.me.security.MessageDigest;
import iaik.xml.crypto.XmldsigMore;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import javax.smartcardio.Card;
import javax.smartcardio.CardChannel;
import javax.smartcardio.CardException;
import javax.smartcardio.CardTerminal;
import javax.smartcardio.CommandAPDU;
import javax.smartcardio.ResponseAPDU;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BKULocal.war:WEB-INF/lib/smcc-1.4.1.jar:at/gv/egiz/smcc/ACOSCard.class */
public class ACOSCard extends AbstractSignatureCard implements PINMgmtSignatureCard {
    public static final int EF_C_CH_EKEY_MAX_SIZE = 2000;
    public static final int EF_C_CH_DS_MAX_SIZE = 2000;
    public static final int EF_INFOBOX_MAX_SIZE = 1500;
    public static final byte KID_PIN_SIG = -127;
    public static final byte KID_PUK_SIG = -125;
    public static final byte KID_PIN_DEC = -127;
    public static final byte KID_PUK_DEC = -126;
    public static final byte KID_PIN_INF = -125;
    public static final byte KID_PUK_INF = -124;
    protected PinInfo decPinInfo;
    protected PinInfo sigPinInfo;
    protected PinInfo infPinInfo;
    private AbstractACOSCardInfoboxHandler _infoboxHandler;
    protected String cardType;
    public static final byte[] AID_DEC = {-96, 0, 0, 1, 24, 69, 78};
    public static final byte[] DF_DEC = {-33, 113};
    public static final byte[] AID_SIG = {-96, 0, 0, 1, 24, 69, 67};
    public static final byte[] DF_SIG = {-33, 112};
    public static final byte[] EF_C_CH_EKEY = {-64, 1};
    public static final byte[] EF_C_CH_DS = {-64, 2};
    public static final byte[] EF_PK_CH_EKEY = {-80, 1};
    public static final byte[] EF_INFOBOX = {-64, 2};
    public static final byte[] EF_INFO = {-48, 2};
    public static final byte[] DST_SIG = {-124, 1, -120, Byte.MIN_VALUE, 1, 20};
    public static final byte[] AT_DEC = {-124, 1, -120, Byte.MIN_VALUE, 1, 1};
    private final Logger log = LoggerFactory.getLogger(ACOSCard.class);
    protected int appVersion = -1;

    @Override // at.gv.egiz.smcc.AbstractSignatureCard, at.gv.egiz.smcc.SignatureCard
    public void init(Card card, CardTerminal cardTerminal) {
        super.init(card, cardTerminal);
        this.log.info("ACOS card found");
        try {
            CardChannel cardChannel = getCardChannel();
            execSELECT_AID(cardChannel, AID_SIG);
            execSELECT_FID(cardChannel, EF_INFO);
            this.appVersion = ISO7816Utils.openTransparentFileInputStream(cardChannel, 8).read();
            this.log.info("a-sign premium application version = " + this.appVersion);
        } catch (FileNotFoundException e) {
            this.appVersion = 1;
            this.log.info("a-sign premium application version = " + this.appVersion);
        } catch (SignatureCardException e2) {
            this.log.warn("Failed to execute command.", (Throwable) e2);
            this.appVersion = 0;
        } catch (IOException e3) {
            this.log.warn("Failed to execute command.", (Throwable) e3);
            this.appVersion = 0;
        } catch (CardException e4) {
            this.log.warn("Failed to execute command.", e4);
            this.appVersion = 0;
        }
        this.decPinInfo = new PinInfo(0, 8, "[0-9]", "at/gv/egiz/smcc/ACOSCard", "dec.pin", (byte) -127, AID_DEC, 10);
        this.sigPinInfo = new PinInfo(0, 8, "[0-9]", "at/gv/egiz/smcc/ACOSCard", "sig.pin", (byte) -127, AID_SIG, 10);
        this.infPinInfo = new PinInfo(0, 8, "[0-9]", "at/gv/egiz/smcc/ACOSCard", "inf.pin", (byte) -125, AID_DEC, 10);
        if (SignatureCardFactory.ENFORCE_RECOMMENDED_PIN_LENGTH) {
            this.decPinInfo.setRecLength(4);
            this.sigPinInfo.setRecLength(6);
            this.infPinInfo.setRecLength(4);
        }
        try {
            ASN1 elementAt = new ASN1(getCertificate(SignatureCard.KeyboxName.SECURE_SIGNATURE_KEYPAIR, null)).getElementAt(0).getElementAt(3);
            String str = null;
            int i = 0;
            while (true) {
                if (i >= elementAt.getSize()) {
                    break;
                }
                if (elementAt.getElementAt(i).getElementAt(0).getElementAt(0).gvString().equals(ASN1.OID_NAME_C)) {
                    str = elementAt.getElementAt(i).getElementAt(0).getElementAt(1).gvString();
                    break;
                }
                i++;
            }
            if (str == null) {
                this.log.debug("No Country found! - default to ACOS Austria.");
                this.cardType = "A-Sign premium";
                this._infoboxHandler = new ACOSATCard(this);
            } else if (str.equalsIgnoreCase("LI")) {
                this.log.debug("Identified lisign card.");
                this.cardType = "lisign";
                this._infoboxHandler = new ACOSLIESignCard(this);
            } else {
                this.log.debug("No lisign card - default to ACOS Austria.");
                this.cardType = "A-Sign premium";
                this._infoboxHandler = new ACOSATCard(this);
            }
            this.log.info("Identified {} card", this.cardType);
        } catch (SignatureCardException e5) {
            this.log.warn("Cannot determine card type by certificate. Using default.", (Throwable) e5);
            this._infoboxHandler = new ACOSATCard(this);
        } catch (IOException e6) {
            this.log.warn("Cannot determine card type by certificate. Using default.", (Throwable) e6);
            this._infoboxHandler = new ACOSATCard(this);
        } catch (RuntimeException e7) {
            this.log.warn("Cannot determine card type by certificate. Using default.", (Throwable) e7);
            this._infoboxHandler = new ACOSATCard(this);
        }
    }

    @Override // at.gv.egiz.smcc.SignatureCard
    @Exclusive
    public byte[] getCertificate(SignatureCard.KeyboxName keyboxName, PINGUI pingui) throws SignatureCardException {
        byte[] bArr;
        byte[] bArr2;
        if (keyboxName == SignatureCard.KeyboxName.SECURE_SIGNATURE_KEYPAIR) {
            bArr = AID_SIG;
            bArr2 = EF_C_CH_DS;
        } else {
            if (keyboxName != SignatureCard.KeyboxName.CERTIFIED_KEYPAIR) {
                throw new IllegalArgumentException("Keybox " + keyboxName + " not supported.");
            }
            bArr = AID_DEC;
            bArr2 = EF_C_CH_EKEY;
        }
        try {
            CardChannel cardChannel = getCardChannel();
            execSELECT_AID(cardChannel, bArr);
            byte[] execSELECT_FID = execSELECT_FID(cardChannel, bArr2);
            int i = -1;
            if (getAppVersion() < 2) {
                i = ISO7816Utils.getLengthFromFCx(execSELECT_FID);
                this.log.debug("Size of selected file = {}.", Integer.valueOf(i));
            }
            byte[] readTransparentFileTLV = ISO7816Utils.readTransparentFileTLV(cardChannel, i, (byte) 48);
            if (readTransparentFileTLV == null) {
                throw new NotActivatedException();
            }
            return readTransparentFileTLV;
        } catch (CardException e) {
            this.log.info("Failed to get certificate.", e);
            throw new SignatureCardException(e);
        } catch (FileNotFoundException e2) {
            throw new NotActivatedException();
        }
    }

    @Override // at.gv.egiz.smcc.SignatureCard
    @Exclusive
    public byte[] getInfobox(String str, PINGUI pingui, String str2) throws SignatureCardException, InterruptedException {
        return this._infoboxHandler.getInfobox(str, pingui, str2);
    }

    @Override // at.gv.egiz.smcc.SignatureCard
    @Exclusive
    public byte[] createSignature(InputStream inputStream, SignatureCard.KeyboxName keyboxName, PINGUI pingui, String str) throws SignatureCardException, InterruptedException, IOException {
        MessageDigest messageDigest;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(new byte[]{-124, 1, -120});
        byteArrayOutputStream.write(new byte[]{Byte.MIN_VALUE, 1});
        try {
            if (SignatureCard.KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName) && (str == null || XmldsigMore.SIGNATURE_ECDSA_SHA1.equals(str))) {
                byteArrayOutputStream.write(20);
                messageDigest = MessageDigest.getInstance("SHA-1");
            } else if (SignatureCard.KeyboxName.CERTIFIED_KEYPAIR.equals(keyboxName) && (str == null || "http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(str))) {
                byteArrayOutputStream.write(18);
                messageDigest = MessageDigest.getInstance("SHA-1");
            } else if (SignatureCard.KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName) && this.appVersion >= 2 && XmldsigMore.SIGNATURE_ECDSA_SHA256.equals(str)) {
                byteArrayOutputStream.write(68);
                messageDigest = MessageDigest.getInstance("SHA-256");
            } else if (SignatureCard.KeyboxName.CERTIFIED_KEYPAIR.equals(keyboxName) && this.appVersion >= 2 && XmldsigMore.SIGNATURE_RSA_SHA256.equals(str)) {
                byteArrayOutputStream.write(65);
                messageDigest = MessageDigest.getInstance("SHA-256");
            } else {
                if (!SignatureCard.KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName) || !XmldsigMore.SIGNATURE_ECDSA_RIPEMD160.equals(str)) {
                    throw new SignatureCardException("Card does not support signature algorithm " + str + ".");
                }
                byteArrayOutputStream.write(20);
                messageDigest = MessageDigest.getInstance("RIPEMD160");
            }
            byte[] bArr = new byte[messageDigest.getDigestLength()];
            while (true) {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    break;
                }
                messageDigest.update(bArr, 0, read);
            }
            byte[] digest = messageDigest.digest();
            try {
                CardChannel cardChannel = getCardChannel();
                if (SignatureCard.KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) {
                    execSELECT_AID(cardChannel, AID_SIG);
                    execMSE(cardChannel, 65, 182, byteArrayOutputStream.toByteArray());
                    verifyPINLoop(cardChannel, this.sigPinInfo, pingui);
                    execPSO_HASH(cardChannel, digest);
                    return execPSO_COMPUTE_DIGITAL_SIGNATURE(cardChannel);
                }
                if (!SignatureCard.KeyboxName.CERTIFIED_KEYPAIR.equals(keyboxName)) {
                    throw new IllegalArgumentException("KeyboxName '" + keyboxName + "' not supported.");
                }
                execSELECT_AID(cardChannel, AID_DEC);
                execMSE(cardChannel, 65, 164, AT_DEC);
                while (true) {
                    try {
                        return execINTERNAL_AUTHENTICATE(cardChannel, digest);
                    } catch (SecurityStatusNotSatisfiedException e) {
                        verifyPINLoop(cardChannel, this.decPinInfo, pingui);
                    }
                }
            } catch (CardException e2) {
                this.log.warn("Failed to execute command.", e2);
                throw new SignatureCardException("Failed to access card.", e2);
            }
        } catch (CryptoException e3) {
            this.log.error("Failed to get MessageDigest.", (Throwable) e3);
            throw new SignatureCardException(e3);
        }
    }

    public int getAppVersion() {
        return this.appVersion;
    }

    @Override // at.gv.egiz.smcc.PINMgmtSignatureCard
    public void verifyPIN(PinInfo pinInfo, PINGUI pingui) throws LockedException, NotActivatedException, CancelledException, TimeoutException, SignatureCardException, InterruptedException {
        CardChannel cardChannel = getCardChannel();
        try {
            execSELECT_AID(cardChannel, pinInfo.getContextAID());
            verifyPINLoop(cardChannel, pinInfo, pingui);
        } catch (CardException e) {
            this.log.info("Failed to verify PIN.", e);
            throw new SignatureCardException("Failed to verify PIN.", e);
        }
    }

    @Override // at.gv.egiz.smcc.PINMgmtSignatureCard
    public void changePIN(PinInfo pinInfo, ModifyPINGUI modifyPINGUI) throws LockedException, NotActivatedException, CancelledException, TimeoutException, SignatureCardException, InterruptedException {
        CardChannel cardChannel = getCardChannel();
        try {
            execSELECT_AID(cardChannel, pinInfo.getContextAID());
            changePINLoop(cardChannel, pinInfo, modifyPINGUI);
        } catch (CardException e) {
            this.log.info("Failed to change PIN.", e);
            throw new SignatureCardException("Failed to change PIN.", e);
        }
    }

    @Override // at.gv.egiz.smcc.PINMgmtSignatureCard
    public void activatePIN(PinInfo pinInfo, ModifyPINGUI modifyPINGUI) throws CancelledException, SignatureCardException, CancelledException, TimeoutException, InterruptedException {
        this.log.error("ACTIVATE PIN not supported by ACOS");
        throw new SignatureCardException("PIN activation not supported by this card.");
    }

    @Override // at.gv.egiz.smcc.PINMgmtSignatureCard
    public void unblockPIN(PinInfo pinInfo, ModifyPINGUI modifyPINGUI) throws CancelledException, SignatureCardException, InterruptedException {
        throw new SignatureCardException("Unblock PIN not supported.");
    }

    @Override // at.gv.egiz.smcc.PINMgmtSignatureCard
    public PinInfo[] getPinInfos() throws SignatureCardException {
        getCertificate(SignatureCard.KeyboxName.SECURE_SIGNATURE_KEYPAIR, null);
        return this.appVersion < 2 ? new PinInfo[]{this.decPinInfo, this.sigPinInfo, this.infPinInfo} : new PinInfo[]{this.decPinInfo, this.sigPinInfo};
    }

    public String toString() {
        String str = "ACOS card: " + this.cardType;
        if (getAppVersion() > 0) {
            str = str + " (application version " + getAppVersion() + DefaultExpressionEngine.DEFAULT_INDEX_END;
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void verifyPINLoop(CardChannel cardChannel, PinInfo pinInfo, PINGUI pingui) throws InterruptedException, CardException, SignatureCardException {
        int i = -1;
        do {
            i = verifyPIN(cardChannel, pinInfo, pingui, i);
        } while (i > 0);
    }

    protected void changePINLoop(CardChannel cardChannel, PinInfo pinInfo, ModifyPINGUI modifyPINGUI) throws InterruptedException, CardException, SignatureCardException {
        int i = -1;
        do {
            i = changePIN(cardChannel, pinInfo, modifyPINGUI, i);
        } while (i > 0);
    }

    protected int verifyPIN(CardChannel cardChannel, PinInfo pinInfo, PINGUI pingui, int i) throws InterruptedException, CardException, SignatureCardException {
        ResponseAPDU verify = this.reader.verify(cardChannel, new VerifyAPDUSpec(new byte[]{0, 32, 0, pinInfo.getKID(), 8, 0, 0, 0, 0, 0, 0, 0, 0}, 0, 2, 8), pingui, pinInfo, i);
        if (verify.getSW() == 36864) {
            pinInfo.setActive(pinInfo.maxRetries);
            return -1;
        }
        if ((verify.getSW() >> 4) == 1596) {
            pinInfo.setActive(15 & verify.getSW());
            return 15 & verify.getSW();
        }
        switch (verify.getSW()) {
            case 27011:
                pinInfo.setBlocked();
                throw new LockedException();
            default:
                String str = "VERIFY failed. SW=" + Integer.toHexString(verify.getSW());
                this.log.info(str);
                pinInfo.setUnknown();
                throw new SignatureCardException(str);
        }
    }

    protected int changePIN(CardChannel cardChannel, PinInfo pinInfo, ModifyPINGUI modifyPINGUI, int i) throws CancelledException, InterruptedException, CardException, SignatureCardException {
        ResponseAPDU modify = this.reader.modify(cardChannel, new ChangeReferenceDataAPDUSpec(new byte[]{0, 36, 0, pinInfo.getKID(), 16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, 0, 2, 8), modifyPINGUI, pinInfo, i);
        if (modify.getSW() == 36864) {
            pinInfo.setActive(pinInfo.maxRetries);
            return -1;
        }
        if ((modify.getSW() >> 4) == 1596) {
            pinInfo.setActive(15 & modify.getSW());
            return 15 & modify.getSW();
        }
        switch (modify.getSW()) {
            case 27011:
                pinInfo.setBlocked();
                throw new LockedException();
            default:
                String str = "CHANGE REFERENCE DATA failed. SW=" + Integer.toHexString(modify.getSW());
                this.log.info(str);
                pinInfo.setUnknown();
                throw new SignatureCardException(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void execMSE(CardChannel cardChannel, int i, int i2, byte[] bArr) throws SignatureCardException, CardException {
        ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, 34, i, i2, bArr));
        if (transmit.getSW() != 36864) {
            String str = "MSE failed: SW=" + Integer.toHexString(transmit.getSW());
            this.log.error(str);
            throw new SignatureCardException(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] execPSO_DECIPHER(CardChannel cardChannel, byte[] bArr) throws CardException, SignatureCardException {
        byte[] bArr2 = new byte[bArr.length + 1];
        bArr2[0] = 0;
        System.arraycopy(bArr, 0, bArr2, 1, bArr.length);
        ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, 42, 128, 134, bArr2, 256));
        if (transmit.getSW() == 27010) {
            throw new SecurityStatusNotSatisfiedException();
        }
        if (transmit.getSW() != 36864) {
            throw new SignatureCardException("PSO - DECIPHER failed: SW=" + Integer.toHexString(transmit.getSW()));
        }
        return transmit.getData();
    }

    protected void execPSO_HASH(CardChannel cardChannel, byte[] bArr) throws CardException, SignatureCardException {
        ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, 42, 144, 129, bArr));
        if (transmit.getSW() != 36864) {
            throw new SignatureCardException("PSO - HASH failed: SW=" + Integer.toHexString(transmit.getSW()));
        }
    }

    protected byte[] execPSO_COMPUTE_DIGITAL_SIGNATURE(CardChannel cardChannel) throws CardException, SignatureCardException {
        ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, 42, 158, 154, 256));
        if (transmit.getSW() == 27010) {
            throw new SecurityStatusNotSatisfiedException();
        }
        if (transmit.getSW() != 36864) {
            throw new SignatureCardException("PSO - COMPUTE DIGITAL SIGNATURE failed: SW=" + Integer.toHexString(transmit.getSW()));
        }
        return transmit.getData();
    }

    protected byte[] execINTERNAL_AUTHENTICATE(CardChannel cardChannel, byte[] bArr) throws CardException, SignatureCardException {
        byte[] bArr2 = {48, 33, 48, 9, 6, 5, 43, 14, 3, 2, 26, 5, 0, 4};
        byte[] bArr3 = new byte[bArr2.length + bArr.length + 1];
        System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
        bArr3[bArr2.length] = (byte) bArr.length;
        System.arraycopy(bArr, 0, bArr3, bArr2.length + 1, bArr.length);
        ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, 136, 16, 0, bArr3, 256));
        if (transmit.getSW() == 27010) {
            throw new SecurityStatusNotSatisfiedException();
        }
        if (transmit.getSW() == 27011) {
            throw new LockedException();
        }
        if (transmit.getSW() != 36864) {
            throw new SignatureCardException("INTERNAL AUTHENTICATE failed: SW=" + Integer.toHexString(transmit.getSW()));
        }
        return transmit.getData();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] execSELECT_AID(CardChannel cardChannel, byte[] bArr) throws SignatureCardException, CardException {
        ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, 164, 4, 0, bArr, 256));
        if (transmit.getSW() == 27266) {
            String str = "File or application not found AID=" + SMCCHelper.toString(bArr) + " SW=" + Integer.toHexString(transmit.getSW()) + ".";
            this.log.info(str);
            throw new FileNotFoundException(str);
        }
        if (transmit.getSW() == 36864) {
            return transmit.getBytes();
        }
        String str2 = "Failed to select application AID=" + SMCCHelper.toString(bArr) + " SW=" + Integer.toHexString(transmit.getSW()) + ".";
        this.log.info(str2);
        throw new SignatureCardException(str2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] execSELECT_FID(CardChannel cardChannel, byte[] bArr) throws SignatureCardException, CardException {
        ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, 164, 0, 0, bArr, 256));
        if (transmit.getSW() == 27266) {
            String str = "File or application not found FID=" + SMCCHelper.toString(bArr) + " SW=" + Integer.toHexString(transmit.getSW()) + ".";
            this.log.info(str);
            throw new FileNotFoundException(str);
        }
        if (transmit.getSW() == 36864) {
            return transmit.getBytes();
        }
        String str2 = "Failed to select application FID=" + SMCCHelper.toString(bArr) + " SW=" + Integer.toHexString(transmit.getSW()) + ".";
        this.log.error(str2);
        throw new SignatureCardException(str2);
    }
}
