package es.gob.jmulticard.card.fnmt.ceres;

import es.gob.jmulticard.CryptoHelper;
import es.gob.jmulticard.HexUtils;
import es.gob.jmulticard.apdu.ResponseApdu;
import es.gob.jmulticard.apdu.StatusWord;
import es.gob.jmulticard.apdu.ceres.CeresVerifyApduCommand;
import es.gob.jmulticard.apdu.ceres.LoadDataApduCommand;
import es.gob.jmulticard.apdu.ceres.SignDataApduCommand;
import es.gob.jmulticard.apdu.connection.ApduConnection;
import es.gob.jmulticard.apdu.connection.ApduConnectionException;
import es.gob.jmulticard.apdu.iso7816eight.EnvelopeDataApduCommand;
import es.gob.jmulticard.asn1.der.pkcs1.DigestInfo;
import es.gob.jmulticard.card.Atr;
import es.gob.jmulticard.card.AuthenticationModeLockedException;
import es.gob.jmulticard.card.BadPinException;
import es.gob.jmulticard.card.CryptoCard;
import es.gob.jmulticard.card.CryptoCardException;
import es.gob.jmulticard.card.InvalidCardException;
import es.gob.jmulticard.card.Location;
import es.gob.jmulticard.card.PrivateKeyReference;
import es.gob.jmulticard.card.fnmt.ceres.asn1.CeresCdf;
import es.gob.jmulticard.card.fnmt.ceres.asn1.CeresPrKdf;
import es.gob.jmulticard.card.iso7816eight.Iso7816EightCard;
import es.gob.jmulticard.card.iso7816four.Iso7816FourCardException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.zip.DataFormatException;
import java.util.zip.Inflater;
import javax.security.auth.callback.PasswordCallback;

/* loaded from: input_file:es/gob/jmulticard/card/fnmt/ceres/Ceres.class */
public final class Ceres extends Iso7816EightCard implements CryptoCard {
    private final CryptoHelper i;
    private Map l;
    private Map m;
    private Map n;
    private PasswordCallback o;
    private boolean p;
    private static final byte[] a = {-1, -1, 0, -1, -1, -1, -1, -1, -1, -1, -1, 0, 0, 0, 0, 0, 0, -1, -1, -1};
    private static final Atr b = new Atr(new byte[]{59, Byte.MAX_VALUE, 0, 0, 0, 0, 106, 70, 78, 77, 84, 0, 0, 0, 0, 0, 0, 3, -112, 0}, a);
    private static final byte[] c = {-1, -1, 0, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 0, 0, -1, -1, -1};
    private static final Atr d = new Atr(new byte[]{59, Byte.MAX_VALUE, 0, 0, 0, 0, 106, 67, 69, 82, 69, 83, 2, 44, 52, 0, 0, 3, -112, 0}, c);
    private static final byte[] e = {-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1};
    private static final Atr f = new Atr(new byte[]{59, -17, 0, 0, 64, 20, Byte.MIN_VALUE, 37, 67, 69, 82, 69, 83, 87, 5, 96, 1, 2, 3, -112, 0}, e);
    private static final byte[] g = {-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1};
    private static final Atr h = new Atr(new byte[]{59, -17, 0, 0, 64, 20, Byte.MIN_VALUE, 37, 67, 69, 82, 69, 83, 87, 1, 22, 1, 1, 3, -112, 0}, g);
    private static final Location j = new Location("50156004");
    private static final Location k = new Location("50156001");

    public void setPasswordCallback(PasswordCallback passwordCallback) {
        this.o = passwordCallback;
    }

    private static void a(byte[] bArr) {
        if (b.equals(new Atr(bArr, a))) {
            return;
        }
        if (d.equals(new Atr(bArr, c))) {
            return;
        }
        if (h.equals(new Atr(bArr, g))) {
            return;
        }
        if (!f.equals(new Atr(bArr, e))) {
            throw new InvalidCardException("CERES", b, bArr);
        }
    }

    public static void connect(ApduConnection apduConnection) {
        apduConnection.open();
        a(apduConnection.reset());
    }

    public Ceres(ApduConnection apduConnection, CryptoHelper cryptoHelper) {
        super((byte) 0, apduConnection);
        this.o = null;
        this.p = false;
        if (cryptoHelper == null) {
            throw new IllegalArgumentException("El CryptoHelper no puede ser nulo");
        }
        connect(getConnection());
        try {
            a();
            this.i = cryptoHelper;
        } catch (Exception e2) {
            throw new ApduConnectionException("Error cargando las estructuras iniciales de la tarjeta: " + e2, e2);
        }
    }

    private void a() {
        selectMasterFile();
        CeresCdf ceresCdf = new CeresCdf();
        ceresCdf.setDerValue(selectFileByLocationAndRead(j));
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        this.l = new LinkedHashMap(ceresCdf.getCertificateCount());
        this.m = new LinkedHashMap(ceresCdf.getCertificateCount());
        for (int i = 0; i < ceresCdf.getCertificateCount(); i++) {
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(b(selectFileByLocationAndRead(new Location(ceresCdf.getCertificatePath(i).replace("\\", "").trim())))));
            String str = i + " " + x509Certificate.getSerialNumber();
            this.m.put(HexUtils.hexify(ceresCdf.getCertificateId(i), false), str);
            this.l.put(str, x509Certificate);
        }
        CeresPrKdf ceresPrKdf = new CeresPrKdf();
        ceresPrKdf.setDerValue(selectFileByLocationAndRead(k));
        this.n = new LinkedHashMap();
        for (int i2 = 0; i2 < ceresPrKdf.getKeyCount(); i2++) {
            String str2 = (String) this.m.get(HexUtils.hexify(ceresPrKdf.getKeyId(i2), false));
            if (str2 != null) {
                this.n.put(str2, Byte.valueOf(ceresPrKdf.getKeyReference(i2)));
            }
        }
        b();
    }

    private void b() {
        try {
            for (String str : getAliases()) {
                if (this.n.get(str) == null) {
                    this.l.remove(str);
                }
            }
        } catch (Exception e2) {
            throw new IllegalStateException("No se han podido leer los alias de los certificados de la tarjeta CERES: " + e2, e2);
        }
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public String[] getAliases() {
        return (String[]) this.l.keySet().toArray(new String[0]);
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public X509Certificate getCertificate(String str) {
        return (X509Certificate) this.l.get(str);
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public PrivateKeyReference getPrivateKey(String str) {
        return new CeresPrivateKeyReference(((Byte) this.n.get(str)).byteValue(), ((RSAPublicKey) ((X509Certificate) this.l.get(str)).getPublicKey()).getModulus().bitLength());
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public byte[] sign(byte[] bArr, String str, PrivateKeyReference privateKeyReference) {
        if (bArr == null) {
            throw new CryptoCardException("Los datos a firmar no pueden ser nulos");
        }
        if (privateKeyReference == null) {
            throw new IllegalArgumentException("La clave privada no puede ser nula");
        }
        if (!(privateKeyReference instanceof CeresPrivateKeyReference)) {
            throw new IllegalArgumentException("La clave proporcionada debe ser de tipo CeresPrivateKeyReference, pero se ha recibido de tipo " + privateKeyReference.getClass().getName());
        }
        CeresPrivateKeyReference ceresPrivateKeyReference = (CeresPrivateKeyReference) privateKeyReference;
        if (!this.p) {
            try {
                verifyPin(this.o);
                this.p = true;
            } catch (ApduConnectionException e2) {
                throw new CryptoCardException("Error en la verificacion de PIN: " + e2, e2);
            }
        }
        try {
            a(ceresPrivateKeyReference.getKeyBitSize(), DigestInfo.encode(str, bArr, this.i));
            try {
                ResponseApdu sendArbitraryApdu = sendArbitraryApdu(new SignDataApduCommand(ceresPrivateKeyReference.getKeyReference(), ceresPrivateKeyReference.getKeyBitSize()));
                if (sendArbitraryApdu.isOk()) {
                    return sendArbitraryApdu.getData();
                }
                throw new CryptoCardException("No se han podido firmar los datos. Respuesta: " + HexUtils.hexify(sendArbitraryApdu.getBytes(), true));
            } catch (Exception e3) {
                throw new CryptoCardException("Error firmando los datos: " + e3, e3);
            }
        } catch (Exception e4) {
            throw new CryptoCardException("Erros creando el DigestInfo para la firma con el algoritmo " + str + ": " + e4, e4);
        }
    }

    private void a(int i, byte[] bArr) {
        try {
            byte[] addPkcs1PaddingForPrivateKeyOperation = CryptoHelper.addPkcs1PaddingForPrivateKeyOperation(bArr, i);
            if (i < 2048) {
                try {
                    ResponseApdu sendArbitraryApdu = sendArbitraryApdu(new LoadDataApduCommand(addPkcs1PaddingForPrivateKeyOperation));
                    if (!sendArbitraryApdu.isOk()) {
                        throw new CryptoCardException("No se han podido enviar los datos a firmar a la tarjeta. Respuesta: " + HexUtils.hexify(sendArbitraryApdu.getBytes(), true));
                    }
                    return;
                } catch (Exception e2) {
                    throw new CryptoCardException("Error enviando los datos a firmar a la tarjeta: " + e2, e2);
                }
            }
            if (i != 2048) {
                throw new IllegalArgumentException("Solo se soportan claves de 2048 o menos bits");
            }
            byte[] bArr2 = {-112, 88, 0, 0, 0, 1, 0};
            byte[] bArr3 = new byte[255];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            System.arraycopy(addPkcs1PaddingForPrivateKeyOperation, 0, bArr3, bArr2.length, 255 - bArr2.length);
            try {
                ResponseApdu sendArbitraryApdu2 = sendArbitraryApdu(new EnvelopeDataApduCommand(bArr3));
                if (!sendArbitraryApdu2.isOk()) {
                    throw new CryptoCardException("No se han podido enviar (segunda tanda) los datos a firmar a la tarjeta. Respuesta: " + HexUtils.hexify(sendArbitraryApdu2.getBytes(), true));
                }
                byte[] bArr4 = new byte[8];
                System.arraycopy(addPkcs1PaddingForPrivateKeyOperation, 255 - bArr2.length, bArr4, 0, 8);
                try {
                    ResponseApdu sendArbitraryApdu3 = sendArbitraryApdu(new EnvelopeDataApduCommand(bArr4));
                    if (!sendArbitraryApdu3.isOk()) {
                        throw new CryptoCardException("No se han podido enviar (primera tanda) los datos a firmar a la tarjeta. Respuesta: " + HexUtils.hexify(sendArbitraryApdu3.getBytes(), true));
                    }
                } catch (Exception e3) {
                    throw new CryptoCardException("Error en el primer envio a la tarjeta de los datos a firmar: " + e3, e3);
                }
            } catch (Exception e4) {
                throw new CryptoCardException("Error en el segundo envio a la tarjeta de los datos a firmar: " + e4, e4);
            }
        } catch (Exception e5) {
            throw new CryptoCardException("Error realizando el relleno PKCS#1 de los datos a firmar: " + e5, e5);
        }
    }

    @Override // es.gob.jmulticard.card.iso7816four.Iso7816FourCard
    protected void selectMasterFile() {
        selectFileByName("Master.File");
    }

    @Override // es.gob.jmulticard.card.iso7816four.Iso7816FourCard
    public void verifyPin(PasswordCallback passwordCallback) {
        if (passwordCallback == null) {
            throw new BadPinException("No se ha establecido un PasswordCallback");
        }
        ResponseApdu sendArbitraryApdu = sendArbitraryApdu(new CeresVerifyApduCommand((byte) 0, passwordCallback));
        if (sendArbitraryApdu.isOk()) {
            return;
        }
        if (sendArbitraryApdu.getStatusWord().getMsb() == 99) {
            throw new BadPinException(sendArbitraryApdu.getStatusWord().getLsb() - (-64));
        }
        if (!new StatusWord((byte) 105, (byte) -125).equals(sendArbitraryApdu.getStatusWord())) {
            throw new ApduConnectionException(new Iso7816FourCardException("Error en la verificacion de PIN", sendArbitraryApdu.getStatusWord()));
        }
        throw new AuthenticationModeLockedException();
    }

    @Override // es.gob.jmulticard.card.SmartCard
    public String getCardName() {
        return "FNMT-RCM CERES";
    }

    private static byte[] b(byte[] bArr) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Inflater inflater = new Inflater();
        inflater.setInput(bArr, 8, bArr.length - 8);
        byte[] bArr2 = new byte[1024];
        while (!inflater.finished()) {
            try {
                int inflate = inflater.inflate(bArr2);
                if (inflate == 0) {
                    throw new DataFormatException();
                }
                byteArrayOutputStream.write(bArr2, 0, inflate);
            } catch (DataFormatException e2) {
                throw new IOException("Error al descomprimir el certificado: " + e2, e2);
            }
        }
        return byteArrayOutputStream.toByteArray();
    }
}
