package es.gob.jmulticard.apdu.connection.cwa14890;

import es.gob.afirma.signers.multi.cades.CAdESTriPhaseCounterSigner;
import es.gob.jmulticard.CryptoHelper;
import es.gob.jmulticard.HexUtils;
import es.gob.jmulticard.apdu.CommandApdu;
import es.gob.jmulticard.apdu.ResponseApdu;
import es.gob.jmulticard.apdu.StatusWord;
import es.gob.jmulticard.apdu.connection.ApduConnection;
import es.gob.jmulticard.apdu.connection.ApduConnectionException;
import es.gob.jmulticard.apdu.connection.CardConnectionListener;
import es.gob.jmulticard.card.cwa14890.Cwa14890Card;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;

/* loaded from: input_file:es/gob/jmulticard/apdu/connection/cwa14890/Cwa14890OneConnection.class */
public final class Cwa14890OneConnection implements ApduConnection {
    private static final StatusWord a = new StatusWord((byte) 102, (byte) -120);
    private static final byte[] b = {0, 0, 0, 1};
    private static final byte[] c = {0, 0, 0, 2};
    private final CryptoHelper d;
    private final Cwa14890Card e;
    private final ApduConnection f;
    private byte[] g = null;
    private byte[] h = null;
    private byte[] i = null;
    private boolean j = false;

    public Cwa14890OneConnection(Cwa14890Card cwa14890Card, ApduConnection apduConnection, CryptoHelper cryptoHelper) {
        if (cwa14890Card == null) {
            throw new IllegalArgumentException("No se ha proporcionado la tarjeta CWA-14890 con la que abrir el canal seguro");
        }
        if (cryptoHelper == null) {
            throw new IllegalArgumentException("CryptoHelper no puede ser nulo");
        }
        this.e = cwa14890Card;
        this.f = apduConnection;
        this.d = cryptoHelper;
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public void open() {
        ApduConnection apduConnection = this.f;
        if (!(apduConnection instanceof Cwa14890OneConnection)) {
            if (apduConnection.isOpen()) {
                apduConnection.reset();
            } else {
                apduConnection.open();
            }
        }
        byte[] a2 = a();
        try {
            this.e.verifyCaIntermediateIcc();
            this.e.verifyIcc();
            try {
                RSAPublicKey rSAPublicKey = (RSAPublicKey) this.d.generateCertificate(this.e.getIccCertEncoded()).getPublicKey();
                try {
                    this.e.verifyIfdCertificateChain();
                    try {
                        byte[] generateRandomBytes = this.d.generateRandomBytes(8);
                        try {
                            byte[] internalAuthentication = internalAuthentication(generateRandomBytes, rSAPublicKey);
                            byte[] challenge = this.e.getChallenge();
                            try {
                                byte[] xor = HexUtils.xor(internalAuthentication, a(a2, challenge, rSAPublicKey));
                                try {
                                    this.g = a(xor);
                                    try {
                                        this.h = b(xor);
                                        this.i = a(generateRandomBytes, challenge);
                                        this.j = true;
                                    } catch (IOException e) {
                                        apduConnection.close();
                                        throw new ApduConnectionException("Error al generar la clave KMac para el tratamiento del canal seguro", e);
                                    }
                                } catch (IOException e2) {
                                    apduConnection.close();
                                    throw new ApduConnectionException("Error al generar la clave KEnc para el tratamiento del canal seguro", e2);
                                }
                            } catch (Exception e3) {
                                apduConnection.close();
                                throw new ApduConnectionException("Error durante el proceso de autenticacion externa de la tarjeta", e3);
                            }
                        } catch (Exception e4) {
                            apduConnection.close();
                            throw new ApduConnectionException("Error durante el proceso de autenticacion interna de la tarjeta", e4);
                        }
                    } catch (IOException e5) {
                        apduConnection.close();
                        throw new SecureChannelException("No se pudo generar el array de aleatorios", e5);
                    }
                } catch (Exception e6) {
                    apduConnection.close();
                    throw new ApduConnectionException("Error al verificar la cadena de certificados del controlador", e6);
                }
            } catch (IOException e7) {
                apduConnection.close();
                throw new ApduConnectionException("No se pudo leer certificado de componente", e7);
            } catch (CertificateException e8) {
                apduConnection.close();
                throw new ApduConnectionException("No se pudo obtener la clave publica del certificado de componente", e8);
            }
        } catch (IOException e9) {
            apduConnection.close();
            throw new IllegalStateException("No se han podido validar los certificados CWA-14890: " + e9);
        } catch (SecurityException e10) {
            apduConnection.close();
            throw new IllegalStateException("Condicion de seguridad no satisfecha en la validacion de los certificados CWA-14890: " + e10);
        } catch (CertificateException e11) {
            apduConnection.close();
            throw new IllegalStateException("No se han podido tratar los certificados CWA-14890: " + e11);
        }
    }

    private byte[] a(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length + b.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        System.arraycopy(b, 0, bArr2, bArr.length, b.length);
        byte[] bArr3 = new byte[16];
        System.arraycopy(this.d.digest("SHA1", bArr2), 0, bArr3, 0, bArr3.length);
        return bArr3;
    }

    private byte[] b(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length + c.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        System.arraycopy(c, 0, bArr2, bArr.length, c.length);
        byte[] bArr3 = new byte[16];
        System.arraycopy(this.d.digest("SHA1", bArr2), 0, bArr3, 0, bArr3.length);
        return bArr3;
    }

    private static byte[] a(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[8];
        System.arraycopy(bArr2, 4, bArr3, 0, 4);
        System.arraycopy(bArr, 4, bArr3, 4, 4);
        return bArr3;
    }

    public byte[] internalAuthentication(byte[] bArr, RSAPublicKey rSAPublicKey) {
        try {
            this.e.setKeysToAuthentication(this.e.getChrCCvIfd(), this.e.getRefIccPrivateKey());
            byte[] rsaDecrypt = this.d.rsaDecrypt(this.e.getInternalAuthenticateMessage(bArr, this.e.getChrCCvIfd()), this.e.getIfdPrivateKey());
            byte[] rsaEncrypt = this.d.rsaEncrypt(rsaDecrypt, rSAPublicKey);
            if (rsaEncrypt[0] != 106 || rsaEncrypt[rsaEncrypt.length - 1] != -68) {
                byte[] byteArray = rSAPublicKey.getModulus().subtract(new BigInteger(rsaDecrypt)).toByteArray();
                byte[] bArr2 = new byte[CAdESTriPhaseCounterSigner.PKCS1_DEFAULT_SIZE];
                if (byteArray.length <= 128 || byteArray[0] != 0) {
                    System.arraycopy(byteArray, 0, bArr2, 0, byteArray.length);
                } else {
                    System.arraycopy(byteArray, 1, bArr2, 0, byteArray.length - 1);
                }
                rsaEncrypt = this.d.rsaEncrypt(bArr2, rSAPublicKey);
                if (rsaEncrypt[0] != 106 || rsaEncrypt[rsaEncrypt.length - 1] != -68) {
                    throw new SecureChannelException("Error en la autenticacion interna para el establecimiento del canal seguro. El mensaje descifrado es: " + HexUtils.hexify(rsaEncrypt, true));
                }
            }
            byte[] bArr3 = new byte[74];
            System.arraycopy(rsaEncrypt, 1, bArr3, 0, bArr3.length);
            byte[] bArr4 = new byte[32];
            System.arraycopy(rsaEncrypt, 75, bArr4, 0, bArr4.length);
            byte[] bArr5 = new byte[20];
            System.arraycopy(rsaEncrypt, 107, bArr5, 0, bArr5.length);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(bArr3);
            byteArrayOutputStream.write(bArr4);
            byteArrayOutputStream.write(bArr);
            byteArrayOutputStream.write(this.e.getChrCCvIfd());
            byte[] digest = this.d.digest("SHA1", byteArrayOutputStream.toByteArray());
            if (HexUtils.arrayEquals(bArr5, digest)) {
                return bArr4;
            }
            throw new SecureChannelException("Error en la comprobacion de la clave de autenticacion interna. Se obtuvo el hash '" + HexUtils.hexify(digest, false) + "' cuando se esperaba:" + HexUtils.hexify(bArr5, false));
        } catch (Exception e) {
            throw new SecureChannelException("Error durante el establecimiento de la clave publica de Terminal y la privada de componente para su atenticacion", e);
        }
    }

    private byte[] a(byte[] bArr, byte[] bArr2, RSAPublicKey rSAPublicKey) {
        byte[] generateRandomBytes = this.d.generateRandomBytes(74);
        byte[] generateRandomBytes2 = this.d.generateRandomBytes(32);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(generateRandomBytes);
        byteArrayOutputStream.write(generateRandomBytes2);
        byteArrayOutputStream.write(bArr2);
        byteArrayOutputStream.write(bArr);
        byte[] digest = this.d.digest("SHA1", byteArrayOutputStream.toByteArray());
        byteArrayOutputStream.reset();
        byteArrayOutputStream.write(106);
        byteArrayOutputStream.write(generateRandomBytes);
        byteArrayOutputStream.write(generateRandomBytes2);
        byteArrayOutputStream.write(digest);
        byteArrayOutputStream.write(-68);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        RSAPrivateKey ifdPrivateKey = this.e.getIfdPrivateKey();
        BigInteger bigInteger = new BigInteger(1, this.d.rsaDecrypt(byteArray, ifdPrivateKey));
        if (this.e.externalAuthentication(this.d.rsaEncrypt(ifdPrivateKey.getModulus().subtract(bigInteger).min(bigInteger).toByteArray(), rSAPublicKey))) {
            return generateRandomBytes2;
        }
        throw new SecureChannelException("Error durante la autenticacion externa del canal seguro");
    }

    private byte[] a() {
        byte[] serialNumber = this.e.getSerialNumber();
        byte[] bArr = serialNumber;
        if (bArr.length < 8) {
            bArr = new byte[8];
            int i = 0;
            while (i < 8 - serialNumber.length) {
                bArr[i] = 0;
                i++;
            }
            System.arraycopy(serialNumber, 0, bArr, i, serialNumber.length);
        }
        return bArr;
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public void close() {
        if (this.j) {
            this.f.close();
            this.j = false;
        }
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public ResponseApdu transmit(CommandApdu commandApdu) {
        try {
            this.i = c(this.i);
            ResponseApdu transmit = this.f.transmit(a.a(commandApdu, this.g, this.h, this.i, this.d));
            if (a.equals(transmit.getStatusWord())) {
                throw new InvalidCryptographicChecksum();
            }
            if (!transmit.isOk()) {
                throw new SecureChannelException("Error en la APDU de respuesta cifrada con el codigo " + transmit.getStatusWord());
            }
            try {
                this.i = c(this.i);
                ResponseApdu a2 = a.a(transmit, this.g, this.i, this.h, this.d);
                if (a2.getStatusWord().getMsb() != 108) {
                    return a2;
                }
                commandApdu.setLe(a2.getStatusWord().getLsb());
                return transmit(commandApdu);
            } catch (Exception e) {
                throw new ApduConnectionException("Error en la desencriptacion de la APDU de respuesta recibida por el canal seguro", e);
            }
        } catch (IOException e2) {
            throw new SecureChannelException("Error en la encriptacion de la APDU para su envio por el canal seguro", e2);
        }
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public byte[] reset() {
        this.j = false;
        byte[] reset = this.f.reset();
        open();
        return reset;
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public void addCardConnectionListener(CardConnectionListener cardConnectionListener) {
        this.f.addCardConnectionListener(cardConnectionListener);
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public void removeCardConnectionListener(CardConnectionListener cardConnectionListener) {
        this.f.removeCardConnectionListener(cardConnectionListener);
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public long[] getTerminals(boolean z) {
        return this.f.getTerminals(z);
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public String getTerminalInfo(int i) {
        return this.f.getTerminalInfo(i);
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public void setTerminal(int i) {
        this.f.setTerminal(i);
    }

    @Override // es.gob.jmulticard.apdu.connection.ApduConnection
    public boolean isOpen() {
        return this.j && this.f.isOpen();
    }

    private static byte[] c(byte[] bArr) {
        byte[] byteArray = new BigInteger(1, bArr).add(BigInteger.ONE).toByteArray();
        if (byteArray.length > 8) {
            byte[] bArr2 = new byte[8];
            System.arraycopy(byteArray, byteArray.length - bArr2.length, bArr2, 0, bArr2.length);
            return bArr2;
        }
        if (byteArray.length >= 8) {
            return byteArray;
        }
        byte[] bArr3 = new byte[8];
        System.arraycopy(byteArray, 0, bArr3, bArr3.length - byteArray.length, byteArray.length);
        return bArr3;
    }

    public ApduConnection getSubConnection() {
        return this.f;
    }
}
