package net.jsign.jca;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.interfaces.ECKey;
import java.security.interfaces.RSAKey;
import java.security.spec.ECParameterSpec;
import java.util.Arrays;
import java.util.LinkedHashSet;
import java.util.Set;
import java.util.zip.GZIPInputStream;
import javax.smartcardio.CardChannel;
import javax.smartcardio.CardException;
import javax.smartcardio.CommandAPDU;
import javax.smartcardio.ResponseAPDU;

/* loaded from: input_file:net/jsign/jca/PIVCard.class */
class PIVCard extends SmartCard {

    /* loaded from: input_file:net/jsign/jca/PIVCard$Key.class */
    public enum Key {
        AUTHENTICATION(154, 6275333, "X.509 Certificate for PIV Authentication"),
        SIGNATURE(156, 6275338, "X.509 Certificate for Digital Signature"),
        KEY_MANAGEMENT(157, 6275339, "X.509 Certificate for Key Management"),
        CARD_AUTHENTICATION(158, 6275329, "X.509 Certificate for Card Authentication"),
        RETIRED1(130, 6275341, "X.509 Certificate for Retired Key 1"),
        RETIRED2(131, 6275342, "X.509 Certificate for Retired Key 2"),
        RETIRED3(132, 6275343, "X.509 Certificate for Retired Key 3"),
        RETIRED4(133, 6275344, "X.509 Certificate for Retired Key 4"),
        RETIRED5(134, 6275345, "X.509 Certificate for Retired Key 5"),
        RETIRED6(135, 6275346, "X.509 Certificate for Retired Key 6"),
        RETIRED7(136, 6275347, "X.509 Certificate for Retired Key 7"),
        RETIRED8(137, 6275348, "X.509 Certificate for Retired Key 8"),
        RETIRED9(138, 6275349, "X.509 Certificate for Retired Key 9"),
        RETIRED10(139, 6275350, "X.509 Certificate for Retired Key 10"),
        RETIRED11(140, 6275351, "X.509 Certificate for Retired Key 11"),
        RETIRED12(141, 6275352, "X.509 Certificate for Retired Key 12"),
        RETIRED13(142, 6275353, "X.509 Certificate for Retired Key 13"),
        RETIRED14(143, 6275354, "X.509 Certificate for Retired Key 14"),
        RETIRED15(144, 6275355, "X.509 Certificate for Retired Key 15"),
        RETIRED16(145, 6275356, "X.509 Certificate for Retired Key 16"),
        RETIRED17(146, 6275357, "X.509 Certificate for Retired Key 17"),
        RETIRED18(147, 6275358, "X.509 Certificate for Retired Key 18"),
        RETIRED19(148, 6275359, "X.509 Certificate for Retired Key 19"),
        RETIRED20(149, 6275360, "X.509 Certificate for Retired Key 20");

        final int slot;
        final int tag;
        final String alias;

        Key(int i, int i2, String str) {
            this.slot = i;
            this.tag = i2;
            this.alias = str;
        }

        public static Key of(String str) {
            if (str == null) {
                return null;
            }
            if (str.length() == 2) {
                int parseInt = Integer.parseInt(str, 16);
                for (Key key : values()) {
                    if (key.slot == parseInt) {
                        return key;
                    }
                }
                return null;
            }
            for (Key key2 : values()) {
                if (key2.name().equalsIgnoreCase(str) || key2.alias.equalsIgnoreCase(str)) {
                    return key2;
                }
            }
            return null;
        }
    }

    /* loaded from: input_file:net/jsign/jca/PIVCard$KeyInfo.class */
    public static class KeyInfo {
        public String algorithm;
        public int algorithmId;
        public int size;
    }

    private PIVCard(CardChannel cardChannel) throws CardException {
        super(cardChannel);
        select();
    }

    private void select() throws CardException {
        ResponseAPDU transmit = transmit(new CommandAPDU(0, 164, 4, 0, new byte[]{-96, 0, 0, 3, 8, 0, 0, 16, 0}));
        switch (transmit.getSW()) {
            case 27266:
            case 27270:
                throw new CardException("PIV application not found on the card/token");
            default:
                handleError(transmit);
                return;
        }
    }

    public void verify(int i, int i2, String str) throws CardException {
        if (str == null) {
            str = "";
        }
        byte[] bArr = new byte[8];
        Arrays.fill(bArr, (byte) -1);
        System.arraycopy(str.getBytes(), 0, bArr, 0, str.length());
        handleError(transmit(new CommandAPDU(0, 32, i, i2, bArr)));
    }

    public byte[] getData(int i) throws CardException {
        byte[] bArr;
        if (this.dataObjectCache.containsKey(Integer.valueOf(i))) {
            return this.dataObjectCache.get(Integer.valueOf(i));
        }
        if (i < 256) {
            bArr = new byte[]{92, 1, (byte) (i & 255)};
        } else if (i < 65536) {
            bArr = new byte[]{92, 2, (byte) ((i & 65280) >> 8), (byte) (i & 255)};
        } else {
            if (i >= 16777216) {
                throw new CardException("Invalid tag 0x" + Integer.toHexString(i).toUpperCase());
            }
            bArr = new byte[]{92, 3, (byte) ((i & 16711680) >> 16), (byte) ((i & 65280) >> 8), (byte) (i & 255)};
        }
        ResponseAPDU transmit = transmit(new CommandAPDU(0, 203, 63, 255, bArr));
        if (transmit.getSW() == 27272) {
            throw new CardException("Data object 0x" + Integer.toHexString(i).toUpperCase() + " not found");
        }
        handleError(transmit);
        this.dataObjectCache.put(Integer.valueOf(i), transmit.getData());
        return transmit.getData();
    }

    public String getVersion() throws CardException {
        ResponseAPDU transmit = transmit(new CommandAPDU(0, 253, 0, 0));
        handleError(transmit);
        byte[] data = transmit.getData();
        return ((int) data[0]) + "." + ((int) data[1]) + "." + ((int) data[2]);
    }

    public Set<Key> getAvailableKeys() throws CardException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (Key key : Key.values()) {
            if (getCertificate(key) != null) {
                linkedHashSet.add(key);
            }
        }
        return linkedHashSet;
    }

    public Certificate getCertificate(Key key) throws CardException {
        try {
            TLV parse = TLV.parse(ByteBuffer.wrap(TLV.parse(ByteBuffer.wrap(getData(key.tag))).value()), false);
            boolean z = false;
            TLV find = parse.find("71");
            if (find != null) {
                z = find.value()[0] == 1;
            }
            try {
                InputStream byteArrayInputStream = new ByteArrayInputStream(parse.find("70").value());
                if (z) {
                    byteArrayInputStream = new GZIPInputStream(byteArrayInputStream);
                }
                return CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
            } catch (IOException | CertificateException e) {
                throw new CardException("Invalid certificate for " + key.name() + " key", e);
            }
        } catch (CardException e2) {
            if ("Incorrect P1 or P2 parameter".equals(e2.getMessage())) {
                return null;
            }
            throw e2;
        }
    }

    public KeyInfo getKeyInfo(Key key) throws CardException {
        Certificate certificate = getCertificate(key);
        if (certificate == null) {
            throw new CardException(key.name() + " key not found");
        }
        PublicKey publicKey = certificate.getPublicKey();
        KeyInfo keyInfo = new KeyInfo();
        keyInfo.algorithm = publicKey.getAlgorithm();
        if (!"RSA".equals(keyInfo.algorithm)) {
            if ("EC".equals(keyInfo.algorithm)) {
                ECParameterSpec params = ((ECKey) publicKey).getParams();
                if (params != null) {
                    keyInfo.size = params.getOrder().bitLength();
                }
                switch (keyInfo.size) {
                    case 256:
                        keyInfo.algorithmId = 17;
                        break;
                    case 384:
                        keyInfo.algorithmId = 20;
                        break;
                }
            }
        } else {
            keyInfo.size = ((RSAKey) publicKey).getModulus().bitLength();
            switch (keyInfo.size) {
                case 1024:
                    keyInfo.algorithmId = 6;
                    break;
                case 2048:
                    keyInfo.algorithmId = 7;
                    break;
                case 3072:
                    keyInfo.algorithmId = 5;
                    break;
            }
        }
        return keyInfo;
    }

    public byte[] sign(Key key, byte[] bArr) throws CardException {
        KeyInfo keyInfo = getKeyInfo(key);
        if ("RSA".equalsIgnoreCase(keyInfo.algorithm)) {
            bArr = rsaPadding(bArr, keyInfo.size);
        }
        if (this.pin != null) {
            verify(0, 128, this.pin);
        }
        TLV tlv = new TLV("7C");
        tlv.children().add(new TLV("82", new byte[0]));
        tlv.children().add(new TLV("81", bArr));
        ResponseAPDU transmit = transmit(new CommandAPDU(0, 135, keyInfo.algorithmId, key.slot, tlv.getEncoded()));
        handleError(transmit);
        return TLV.parse(ByteBuffer.wrap(transmit.getData()), true).find("82").value();
    }

    private byte[] rsaPadding(byte[] bArr, int i) {
        byte[] bArr2 = new byte[i / 8];
        Arrays.fill(bArr2, (byte) -1);
        bArr2[0] = 0;
        bArr2[1] = 1;
        System.arraycopy(bArr, 0, bArr2, bArr2.length - bArr.length, bArr.length);
        bArr2[(bArr2.length - bArr.length) - 1] = 0;
        return bArr2;
    }

    public static PIVCard getCard() throws CardException {
        return getCard(null);
    }

    public static PIVCard getCard(String str) throws CardException {
        CardChannel openChannel = openChannel(str);
        if (openChannel != null) {
            return new PIVCard(openChannel);
        }
        return null;
    }
}
