package at.gv.egiz.smcc;

import at.gv.egiz.smcc.SignatureCard;
import at.gv.egiz.smcc.cio.CIOCertificate;
import at.gv.egiz.smcc.pin.gui.PINGUI;
import at.gv.egiz.smcc.util.ISO7816Utils;
import at.gv.egiz.smcc.util.SMCCHelper;
import at.gv.egiz.smcc.util.TLVSequence;
import java.io.IOException;
import java.io.InputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.smartcardio.CardChannel;
import javax.smartcardio.CardException;
import javax.smartcardio.CommandAPDU;
import javax.smartcardio.ResponseAPDU;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BKULocal.war:WEB-INF/lib/smcc-1.4.1.jar:at/gv/egiz/smcc/FINEIDCard.class */
public class FINEIDCard extends AbstractSignatureCard implements SignatureCard {
    private static final int EF_OD_PADDING = 255;
    private static final String SIG_CERT_LABEL = "allekirjoitusvarmenne";
    private static final String SIG_KEY_LABEL = "allekirjoitusavain";
    private final Logger log = LoggerFactory.getLogger(FINEIDCard.class);
    protected PinInfo pinInfo = new PinInfo(6, 8, "[0-9]", "at/gv/egiz/smcc/FINEIDCard", "sig.pin", (byte) 0, new byte[0], -1);

    @Override // at.gv.egiz.smcc.SignatureCard
    public byte[] createSignature(InputStream inputStream, SignatureCard.KeyboxName keyboxName, PINGUI pingui, String str) throws SignatureCardException, InterruptedException, IOException {
        CardChannel cardChannel = getCardChannel();
        try {
            FINEIDEFObjectDirectory fINEIDEFObjectDirectory = new FINEIDEFObjectDirectory(255);
            fINEIDEFObjectDirectory.selectAndRead(cardChannel);
            FINEIDCIOKeyDirectory fINEIDCIOKeyDirectory = new FINEIDCIOKeyDirectory(fINEIDEFObjectDirectory.getPrKDReferences().get(0));
            fINEIDCIOKeyDirectory.selectAndRead(cardChannel);
            byte[] bArr = null;
            byte[] bArr2 = null;
            for (CIOCertificate cIOCertificate : fINEIDCIOKeyDirectory.getCIOs()) {
                String label = cIOCertificate.getLabel();
                if (label != null && label.toLowerCase().contains(SIG_KEY_LABEL.toLowerCase())) {
                    bArr = cIOCertificate.getEfidOrPath();
                    bArr2 = cIOCertificate.getAuthId();
                }
            }
            if (bArr == null) {
                throw new SignatureCardException("Could not determine path to private key from PrKD.");
            }
            if (bArr2 == null) {
                throw new SignatureCardException("Could not determine authID of private key from PrKD.");
            }
            FINEIDAODirectory fINEIDAODirectory = new FINEIDAODirectory(fINEIDEFObjectDirectory.getAODReferences().get(0));
            fINEIDAODirectory.selectAndRead(cardChannel);
            byte[] bArr3 = null;
            byte[] bArr4 = null;
            for (FINEIDAuthenticationObject fINEIDAuthenticationObject : fINEIDAODirectory.getAOs()) {
                byte[] authId = fINEIDAuthenticationObject.getAuthId();
                if (authId != null && Arrays.equals(authId, bArr2)) {
                    bArr3 = fINEIDAuthenticationObject.getPath();
                    bArr4 = fINEIDAuthenticationObject.getPwdReference();
                }
            }
            if (bArr3 == null) {
                throw new SignatureCardException("Could not determine path to PIN from AOD.");
            }
            if (bArr4 == null) {
                throw new SignatureCardException("Could not determine PIN reference from AOD.");
            }
            verifyPINLoop(cardChannel, this.pinInfo, pingui, bArr3, bArr4[bArr4.length - 1]);
            if (cardChannel.transmit(new CommandAPDU(0, -92, 8, 0, FINEIDUtil.removeMFPath(bArr))).getSW() != 36864) {
                throw new SignatureCardException("Could not select private key file DF.");
            }
            executeRestoreMSE(cardChannel);
            executeSetMSE(cardChannel, new byte[]{Byte.MIN_VALUE, 1, 18, -127, 2, bArr[bArr.length - 2], bArr[bArr.length - 1]});
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
                byte[] bArr5 = new byte[messageDigest.getDigestLength()];
                while (true) {
                    int read = inputStream.read(bArr5);
                    if (read == -1) {
                        return executeSign(cardChannel, messageDigest.digest());
                    }
                    messageDigest.update(bArr5, 0, read);
                }
            } catch (NoSuchAlgorithmException e) {
                this.log.error("Failed to get MessageDigest.", (Throwable) e);
                throw new SignatureCardException(e);
            }
        } catch (CardException e2) {
            throw new SignatureCardException("Error creating signature.", e2);
        }
    }

    @Override // at.gv.egiz.smcc.SignatureCard
    public byte[] getCertificate(SignatureCard.KeyboxName keyboxName, PINGUI pingui) throws SignatureCardException, InterruptedException {
        CardChannel cardChannel = getCardChannel();
        try {
            FINEIDEFObjectDirectory fINEIDEFObjectDirectory = new FINEIDEFObjectDirectory(255);
            fINEIDEFObjectDirectory.selectAndRead(cardChannel);
            byte[] bArr = null;
            for (int i = 0; i < fINEIDEFObjectDirectory.getCDReferences().size(); i++) {
                FINEIDCIOCertificateDirectory fINEIDCIOCertificateDirectory = new FINEIDCIOCertificateDirectory(fINEIDEFObjectDirectory.getCDReferences().get(i));
                try {
                    fINEIDCIOCertificateDirectory.selectAndRead(cardChannel);
                    for (CIOCertificate cIOCertificate : fINEIDCIOCertificateDirectory.getCIOs()) {
                        String label = cIOCertificate.getLabel();
                        if (label != null && label.toLowerCase().contains(SIG_CERT_LABEL.toLowerCase())) {
                            bArr = cIOCertificate.getEfidOrPath();
                        }
                    }
                } catch (IOException e) {
                    this.log.debug("Cannot read EF.CD - try next one in list..");
                }
            }
            if (bArr == null) {
                throw new SignatureCardException("Could not determine path to certificate.");
            }
            this.log.debug("Read certificate path: " + SMCCHelper.toString(bArr));
            return ISO7816Utils.readTransparentFile(cardChannel, computeLengthFromByteArray(new TLVSequence(new TLVSequence(cardChannel.transmit(new CommandAPDU(0, -92, 8, 0, FINEIDUtil.removeMFPath(bArr))).getBytes()).getValue(111)).getValue(129)));
        } catch (CardException e2) {
            throw new SignatureCardException("Error reading certificate from card.", e2);
        }
    }

    @Override // at.gv.egiz.smcc.SignatureCard
    public byte[] getInfobox(String str, PINGUI pingui, String str2) throws SignatureCardException, InterruptedException {
        throw new IllegalArgumentException("Infobox '" + str + "' not supported.");
    }

    protected void verifyPINLoop(CardChannel cardChannel, PinInfo pinInfo, PINGUI pingui, byte[] bArr, byte b) throws LockedException, NotActivatedException, SignatureCardException, InterruptedException, CardException {
        ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, -92, 8, 0, FINEIDUtil.removeMFPath(bArr)));
        if (transmit.getSW() != 36864) {
            throw new SignatureCardException("Cannot select PIN path " + SMCCHelper.toString(bArr) + ": " + Integer.toHexString(transmit.getSW()));
        }
        int i = -1;
        do {
            i = verifyPIN(cardChannel, pinInfo, pingui, i, b);
        } while (i > 0);
    }

    protected int verifyPIN(CardChannel cardChannel, PinInfo pinInfo, PINGUI pingui, int i, byte b) throws SignatureCardException, LockedException, NotActivatedException, InterruptedException, CardException {
        ResponseAPDU verify = this.reader.verify(cardChannel, new VerifyAPDUSpec(new byte[]{0, 32, 0, b, 8, 0, 0, 0, 0, 0, 0, 0, 0}, 0, 2, 8), pingui, pinInfo, i);
        if (verify.getSW() == 36864) {
            return -1;
        }
        if ((verify.getSW() >> 4) == 1596) {
            return 15 & verify.getSW();
        }
        switch (verify.getSW()) {
            case 27011:
                throw new LockedException();
            case 27012:
                throw new NotActivatedException();
            case 27013:
                throw new NotActivatedException();
            default:
                String str = "VERIFY failed. SW=" + Integer.toHexString(verify.getSW());
                this.log.info(str);
                throw new SignatureCardException(str);
        }
    }

    private void executeRestoreMSE(CardChannel cardChannel) throws CardException {
        ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, 34, -13, 0));
        if (transmit.getSW() != 36864) {
            throw new CardException("Error restoring MSE: " + Integer.toHexString(transmit.getSW()));
        }
    }

    private void executeSetMSE(CardChannel cardChannel, byte[] bArr) throws CardException {
        ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, 34, 65, -74, bArr));
        if (transmit.getSW() != 36864) {
            throw new CardException("Error setting MSE: " + Integer.toHexString(transmit.getSW()));
        }
    }

    private byte[] executeSign(CardChannel cardChannel, byte[] bArr) throws CardException {
        ResponseAPDU transmit = cardChannel.transmit(new CommandAPDU(0, 42, -98, -102, bArr));
        if (transmit.getSW() != 36864) {
            throw new CardException("Error signing hash: " + Integer.toHexString(transmit.getSW()));
        }
        return transmit.getData();
    }

    private int computeLengthFromByteArray(byte[] bArr) {
        int i = 0;
        for (int i2 = 0; i2 < bArr.length; i2++) {
            i += (int) (bArr[(bArr.length - 1) - i2] * Math.pow(256.0d, i2));
        }
        return i;
    }
}
