package es.gob.jmulticard.card.dnie;

import es.gob.jmulticard.CryptoHelper;
import es.gob.jmulticard.HexUtils;
import es.gob.jmulticard.apdu.ResponseApdu;
import es.gob.jmulticard.apdu.connection.ApduConnection;
import es.gob.jmulticard.apdu.connection.ApduConnectionException;
import es.gob.jmulticard.apdu.connection.LostChannelException;
import es.gob.jmulticard.apdu.connection.cwa14890.Cwa14890Connection;
import es.gob.jmulticard.apdu.connection.cwa14890.Cwa14890OneV1Connection;
import es.gob.jmulticard.apdu.connection.cwa14890.SecureChannelException;
import es.gob.jmulticard.apdu.dnie.GetChipInfoApduCommand;
import es.gob.jmulticard.apdu.dnie.MseSetSignatureKeyApduCommand;
import es.gob.jmulticard.apdu.dnie.VerifyApduCommand;
import es.gob.jmulticard.apdu.iso7816eight.PsoSignHashApduCommand;
import es.gob.jmulticard.apdu.iso7816four.ExternalAuthenticateApduCommand;
import es.gob.jmulticard.apdu.iso7816four.InternalAuthenticateApduCommand;
import es.gob.jmulticard.apdu.iso7816four.MseSetAuthenticationKeyApduCommand;
import es.gob.jmulticard.asn1.der.pkcs1.DigestInfo;
import es.gob.jmulticard.asn1.der.pkcs15.Cdf;
import es.gob.jmulticard.asn1.der.pkcs15.PrKdf;
import es.gob.jmulticard.card.AuthenticationModeLockedException;
import es.gob.jmulticard.card.BadPinException;
import es.gob.jmulticard.card.CryptoCardException;
import es.gob.jmulticard.card.Location;
import es.gob.jmulticard.card.PrivateKeyReference;
import es.gob.jmulticard.card.cwa14890.Cwa14890Card;
import es.gob.jmulticard.card.cwa14890.Cwa14890Constants;
import es.gob.jmulticard.card.iso7816eight.Iso7816EightCard;
import es.gob.jmulticard.card.iso7816four.Iso7816FourCardException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.lang.reflect.Method;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.logging.Logger;
import java.util.zip.DataFormatException;
import java.util.zip.Inflater;
import javax.security.auth.callback.PasswordCallback;

/* loaded from: input_file:es/gob/jmulticard/card/dnie/Dnie.class */
public class Dnie extends Iso7816EightCard implements Cwa14890Card, Dni {
    protected static final Logger LOGGER = Logger.getLogger("es.gob.jmulticard");
    private static final CertificateFactory a;
    private static final boolean b;
    private static final byte[] c;
    private static final Location d;
    private static final Location e;
    private X509Certificate f;
    private X509Certificate g;
    private X509Certificate h;
    private X509Certificate i;
    private X509Certificate j;
    private Location k;
    private Location l;
    private Location m;
    private Location n;
    private DniePrivateKeyReference o;
    private DniePrivateKeyReference p;
    private DniePrivateKeyReference q;
    private DniePrivateKeyReference r;
    private final CryptoHelper s;
    private final PasswordCallback t;
    private String[] u;

    protected Cwa14890Constants getCwa14890Constants() {
        return new d();
    }

    protected boolean shouldShowSignConfirmDialog() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CryptoHelper getCryptoHelper() {
        return this.s;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PasswordCallback getPasswordCallback() {
        return this.t;
    }

    public static void connect(ApduConnection apduConnection) {
        if (apduConnection.isOpen()) {
            return;
        }
        apduConnection.open();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Dnie(ApduConnection apduConnection, PasswordCallback passwordCallback, CryptoHelper cryptoHelper) {
        super((byte) 0, apduConnection);
        this.m = null;
        this.n = null;
        this.q = null;
        this.r = null;
        this.u = null;
        apduConnection.reset();
        connect(apduConnection);
        try {
            selectMasterFile();
        } catch (Iso7816FourCardException e2) {
            LOGGER.warning("No se ha podido seleccionar el directorio raiz antes de leer las estructuras: " + e2);
        }
        this.t = passwordCallback;
        if (cryptoHelper == null) {
            throw new IllegalArgumentException("El CryptoHelper no puede ser nulo");
        }
        this.s = cryptoHelper;
        b();
        a();
    }

    private void a() {
        PrKdf prKdf = new PrKdf();
        try {
            prKdf.setDerValue(selectFileByLocationAndRead(e));
            for (int i = 0; i < prKdf.getKeyCount(); i++) {
                if ("KprivAutenticacion".equals(prKdf.getKeyName(i))) {
                    this.o = new DniePrivateKeyReference(this, prKdf.getKeyIdentifier(i), new Location(prKdf.getKeyPath(i)), "KprivAutenticacion");
                } else if ("KprivFirmaDigital".equals(prKdf.getKeyName(i))) {
                    this.p = new DniePrivateKeyReference(this, prKdf.getKeyIdentifier(i), new Location(prKdf.getKeyPath(i)), "KprivFirmaDigital");
                } else if ("KprivCifrado".equals(prKdf.getKeyName(i))) {
                    this.q = new DniePrivateKeyReference(this, prKdf.getKeyIdentifier(i), new Location(prKdf.getKeyPath(i)), "KprivCifrado");
                } else {
                    this.r = new DniePrivateKeyReference(this, prKdf.getKeyIdentifier(i), new Location(prKdf.getKeyPath(i)), prKdf.getKeyName(i));
                }
            }
        } catch (Exception e2) {
            throw new IllegalStateException("No se ha podido cargar el PrKDF de la tarjeta: " + e2.toString());
        }
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public byte[] getSerialNumber() {
        ResponseApdu transmit = getConnection().transmit(new GetChipInfoApduCommand());
        if (transmit.isOk()) {
            return transmit.getData();
        }
        throw new ApduConnectionException("Respuesta invalida en la obtencion del numero de serie con el codigo: " + transmit.getStatusWord());
    }

    @Override // es.gob.jmulticard.card.SmartCard
    public String getCardName() {
        return "DNIe";
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public String[] getAliases() {
        if (this.u == null) {
            ArrayList arrayList = new ArrayList();
            arrayList.add("CertAutenticacion");
            arrayList.add("CertFirmaDigital");
            if (this.m != null) {
                arrayList.add("CertCifrado");
            }
            if (this.n != null) {
                arrayList.add("CertFirmaSeudonimo");
            }
            this.u = (String[]) arrayList.toArray(new String[0]);
        }
        return this.u;
    }

    private void b() {
        Cdf cdf = new Cdf();
        try {
            selectMasterFile();
            cdf.setDerValue(selectFileByLocationAndRead(d));
            for (int i = 0; i < cdf.getCertificateCount(); i++) {
                String certificateAlias = cdf.getCertificateAlias(i);
                if ("CertAutenticacion".equals(certificateAlias)) {
                    this.k = new Location(cdf.getCertificatePath(i));
                } else if ("CertFirmaDigital".equals(certificateAlias)) {
                    this.l = new Location(cdf.getCertificatePath(i));
                } else if ("CertCifrado".equals(certificateAlias)) {
                    this.m = new Location(cdf.getCertificatePath(i));
                } else if ("CertCAIntermediaDGP".equals(certificateAlias)) {
                    try {
                        this.j = (X509Certificate) a.generateCertificate(new ByteArrayInputStream(a(selectFileByLocationAndRead(new Location(cdf.getCertificatePath(i))))));
                    } catch (Exception e2) {
                        Logger.getLogger("es.gob.jmulticard").warning("No se ha podido cargar el certificado de la autoridad intermedia del CNP: " + e2);
                        this.j = null;
                    }
                } else {
                    this.n = new Location(cdf.getCertificatePath(i));
                }
            }
        } catch (Exception e3) {
            throw new IllegalStateException("No se ha podido cargar el CDF de la tarjeta: " + e3.toString(), e3);
        }
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public X509Certificate getCertificate(String str) {
        if (this.f == null) {
            loadCertificates();
        }
        if ("CertAutenticacion".equals(str)) {
            return this.f;
        }
        if ("CertFirmaDigital".equals(str)) {
            return this.g;
        }
        if ("CertCAIntermediaDGP".equals(str)) {
            return this.j;
        }
        if ("CertCifrado".equals(str)) {
            return this.h;
        }
        if ("CertFirmaSeudonimo".equals(str)) {
            return this.i;
        }
        return null;
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public void verifyCaIntermediateIcc() {
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public void verifyIcc() {
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public byte[] getIccCertEncoded() {
        try {
            selectMasterFile();
            return selectFileByIdAndRead(c);
        } catch (ApduConnectionException e2) {
            throw new IOException("Error en el envio de APDU para la seleccion del certificado de componente de la tarjeta: " + e2, e2);
        } catch (Iso7816FourCardException e3) {
            throw new IOException("Error en la seleccion del certificado de componente de la tarjeta: " + e3, e3);
        }
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public void verifyIfdCertificateChain(Cwa14890Constants cwa14890Constants) {
        try {
            setPublicKeyToVerification(cwa14890Constants.getRefCCvCaPublicKey());
            try {
                verifyCertificate(cwa14890Constants.getCCvCa());
                try {
                    setPublicKeyToVerification(cwa14890Constants.getChrCCvCa());
                    try {
                        verifyCertificate(cwa14890Constants.getCCvIfd());
                    } catch (SecureChannelException e2) {
                        throw new SecureChannelException("Error en la verificacion del certificado de Terminal: " + e2, e2);
                    }
                } catch (SecureChannelException e3) {
                    throw new SecureChannelException("Error al establecer la clave publica del certificado de CA intermedia de Terminal para su verificacion en tarjeta: " + e3, e3);
                }
            } catch (SecureChannelException e4) {
                throw new SecureChannelException("Error en la verificacion del certificado de la CA intermedia de Terminal: " + e4, e4);
            }
        } catch (SecureChannelException e5) {
            throw new SecureChannelException("Error al seleccionar para verificacion la clave publica de la CA raiz de los certificados verificables por la tarjeta", e5);
        }
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public byte[] getRefIccPrivateKey(Cwa14890Constants cwa14890Constants) {
        return cwa14890Constants.getRefIccPrivateKey();
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public byte[] getChrCCvIfd(Cwa14890Constants cwa14890Constants) {
        return cwa14890Constants.getChrCCvIfd();
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public RSAPrivateKey getIfdPrivateKey(Cwa14890Constants cwa14890Constants) {
        return cwa14890Constants.getIfdPrivateKey();
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public void setKeysToAuthentication(byte[] bArr, byte[] bArr2) {
        ResponseApdu transmit = getConnection().transmit(new MseSetAuthenticationKeyApduCommand((byte) 0, bArr, bArr2));
        if (!transmit.isOk()) {
            throw new SecureChannelException("Error durante el establecimiento de las claves publica y privada para atenticacion (error: " + HexUtils.hexify(transmit.getBytes(), true) + ")");
        }
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public byte[] getInternalAuthenticateMessage(byte[] bArr, byte[] bArr2) {
        ResponseApdu transmit = getConnection().transmit(new InternalAuthenticateApduCommand((byte) 0, bArr, bArr2));
        if (transmit.isOk()) {
            return transmit.getData();
        }
        throw new ApduConnectionException("Respuesta invalida en la obtencion del mensaje de autenticacion interna con el codigo: " + transmit.getStatusWord());
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public boolean externalAuthentication(byte[] bArr) {
        return getConnection().transmit(new ExternalAuthenticateApduCommand((byte) 0, bArr)).isOk();
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public PrivateKeyReference getPrivateKey(String str) {
        if ("CertAutenticacion".equals(str)) {
            return this.o;
        }
        if ("CertFirmaDigital".equals(str)) {
            return this.p;
        }
        if ("CertCifrado".equals(str)) {
            return this.q;
        }
        if ("CertFirmaSeudonimo".equals(str)) {
            return this.r;
        }
        return null;
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public byte[] sign(byte[] bArr, String str, PrivateKeyReference privateKeyReference) {
        return signInternal(bArr, str, privateKeyReference);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] signInternal(byte[] bArr, String str, PrivateKeyReference privateKeyReference) {
        boolean z;
        if (!(privateKeyReference instanceof DniePrivateKeyReference)) {
            throw new IllegalArgumentException("La referencia a la clave privada tiene que ser de tipo DniePrivateKeyReference");
        }
        if (shouldShowSignConfirmDialog()) {
            try {
                Method method = Class.forName("es.gob.jmulticard.ui.passwordcallback.DialogBuilder").getMethod("showSignatureConfirmDialog", Class.forName("java.awt.Component"), Boolean.TYPE);
                Object[] objArr = new Object[2];
                objArr[0] = null;
                objArr[1] = Boolean.valueOf(!"KprivAutenticacion".equals(((DniePrivateKeyReference) privateKeyReference).toString()));
                z = ((Integer) method.invoke(null, objArr)).intValue() == 1;
            } catch (Exception e2) {
                Logger.getLogger("es.gob.afirma").severe("No se ha podido mostrar el dialogo grafico para la autorizacion de la firma, se realizara sin aprobacion expresa: " + e2);
                z = false;
            }
            if (z) {
                try {
                    throw ((RuntimeException) Class.forName("es.gob.jmulticard.ui.passwordcallback.CancelledOperationException").getConstructor(String.class).newInstance("Operacion de firma no autorizada por el usuario"));
                } catch (Exception e3) {
                    throw new IllegalArgumentException("No se ha instanciar CancelledOperationException", e3);
                }
            }
        }
        return a(bArr, str, privateKeyReference);
    }

    private byte[] a(byte[] bArr, String str, PrivateKeyReference privateKeyReference) {
        openSecureChannelIfNotAlreadyOpened();
        try {
            ResponseApdu transmit = getConnection().transmit(new MseSetSignatureKeyApduCommand((byte) 0, ((DniePrivateKeyReference) privateKeyReference).getKeyPath().getLastFilePath()));
            if (!transmit.isOk()) {
                throw new DnieCardException("Error en el establecimiento de las clave de firma con respuesta: " + transmit.getStatusWord(), transmit.getStatusWord());
            }
            try {
                ResponseApdu transmit2 = getConnection().transmit(new PsoSignHashApduCommand((byte) 0, DigestInfo.encode(str, bArr, this.s)));
                if (transmit2.isOk()) {
                    return transmit2.getData();
                }
                throw new DnieCardException("Error durante la operacion de firma con respuesta: " + transmit2.getStatusWord(), transmit2.getStatusWord());
            } catch (IOException e2) {
                throw new DnieCardException("Error en el calculo del hash para firmar: " + e2, e2);
            }
        } catch (LostChannelException e3) {
            try {
                getConnection().close();
                if (getConnection() instanceof Cwa14890Connection) {
                    setConnection(((Cwa14890Connection) getConnection()).getSubConnection());
                }
                return a(bArr, str, privateKeyReference);
            } catch (Exception e4) {
                throw new DnieCardException("No se pudo recuperar el canal seguro para firmar: " + e4, e4);
            }
        } catch (ApduConnectionException e5) {
            throw new DnieCardException("Error en la transmision de comandos a la tarjeta: " + e5, e5);
        }
    }

    protected void openSecureChannelIfNotAlreadyOpened() {
        if (isSecurityChannelOpen()) {
            return;
        }
        if (!(getConnection() instanceof Cwa14890Connection)) {
            try {
                setConnection(new Cwa14890OneV1Connection(this, getConnection(), this.s, getCwa14890Constants()));
            } catch (ApduConnectionException e2) {
                throw new CryptoCardException("Error en el establecimiento del canal seguro: " + e2, e2);
            }
        }
        try {
            verifyPin(this.t);
        } catch (ApduConnectionException e3) {
            throw new CryptoCardException("Error en la apertura del canal seguro: " + e3, e3);
        }
    }

    private X509Certificate a(Location location) {
        return (X509Certificate) a.generateCertificate(new ByteArrayInputStream(a(selectFileByLocationAndRead(location))));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void loadCertificatesInternal() {
        if (this.f == null || this.g == null || ((this.h == null && this.m != null) || (this.i == null && this.n != null))) {
            try {
                this.g = a(this.l);
                this.f = a(this.k);
                if (this.m != null) {
                    this.h = a(this.m);
                }
                if (this.n != null) {
                    this.i = a(this.n);
                }
            } catch (Iso7816FourCardException e2) {
                throw new CryptoCardException("Error al cargar los certificados del DNIe: " + e2, e2);
            } catch (IOException e3) {
                throw new CryptoCardException("Error al cargar los certificados del DNIe, error en la descompresion de los datos: " + e3, e3);
            } catch (CertificateException e4) {
                throw new CryptoCardException("Error al cargar los certificados del DNIe, no es posible obtener una factoria de certificados X.509: " + e4, e4);
            }
        }
    }

    protected void loadCertificates() {
        openSecureChannelIfNotAlreadyOpened();
        loadCertificatesInternal();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // es.gob.jmulticard.card.iso7816four.Iso7816FourCard
    public void selectMasterFile() {
        selectFileByName("Master.File");
    }

    private static byte[] a(byte[] bArr) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Inflater inflater = new Inflater();
        inflater.setInput(bArr, 8, bArr.length - 8);
        byte[] bArr2 = new byte[1024];
        while (!inflater.finished()) {
            try {
                int inflate = inflater.inflate(bArr2);
                if (inflate == 0) {
                    throw new DataFormatException();
                }
                byteArrayOutputStream.write(bArr2, 0, inflate);
            } catch (DataFormatException e2) {
                throw new IOException("Error al descomprimir el certificado: " + e2, e2);
            }
        }
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isSecurityChannelOpen() {
        return (getConnection() instanceof Cwa14890Connection) && getConnection().isOpen();
    }

    @Override // es.gob.jmulticard.card.iso7816four.Iso7816FourCard
    public void verifyPin(PasswordCallback passwordCallback) {
        a(passwordCallback, Integer.MAX_VALUE);
    }

    private void a(PasswordCallback passwordCallback, int i) {
        PasswordCallback passwordCallback2;
        if (passwordCallback != null) {
            passwordCallback2 = passwordCallback;
        } else {
            try {
                passwordCallback2 = i < Integer.MAX_VALUE ? (PasswordCallback) Class.forName("es.gob.jmulticard.ui.passwordcallback.gui.CommonPasswordCallback").getMethod("getDnieBadPinPasswordCallback", Integer.TYPE).invoke(null, Integer.valueOf(i)) : (PasswordCallback) Class.forName("es.gob.jmulticard.ui.passwordcallback.gui.CommonPasswordCallback").getMethod("getDniePinForCertificateReadingPasswordCallback", new Class[0]).invoke(null, new Object[0]);
            } catch (Exception e2) {
                throw new IllegalArgumentException("pinPc no puede ser nulo cuando no hay un PasswordCallback por defecto: " + e2, e2);
            }
        }
        ResponseApdu transmit = getConnection().transmit(new VerifyApduCommand((byte) 0, passwordCallback2));
        if (transmit.isOk()) {
            return;
        }
        if (transmit.getStatusWord().getMsb() != 99) {
            if (transmit.getStatusWord().getMsb() == 105 && transmit.getStatusWord().getLsb() == -125) {
                throw new AuthenticationModeLockedException();
            }
        } else {
            if (!b || passwordCallback2.getClass().getName().endsWith("CachePasswordCallback")) {
                throw new BadPinException(transmit.getStatusWord().getLsb() - (-64));
            }
            a(passwordCallback, transmit.getStatusWord().getLsb() - (-64));
        }
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public int getIfdKeyLength(Cwa14890Constants cwa14890Constants) {
        return cwa14890Constants.getIfdKeyLength();
    }

    static {
        try {
            a = CertificateFactory.getInstance("X.509");
            if ("Dalvik".equals(System.getProperty("java.vm.name"))) {
                b = false;
            } else {
                b = true;
            }
            c = new byte[]{96, 31};
            d = new Location("50156004");
            e = new Location("50156001");
        } catch (Exception e2) {
            throw new IllegalStateException("No se ha podido obtener la factoria de certificados X.509: " + e2, e2);
        }
    }
}
