package es.gob.jmulticard.card.fnmt.ceres;

import es.gob.jmulticard.CryptoHelper;
import es.gob.jmulticard.HexUtils;
import es.gob.jmulticard.apdu.ResponseApdu;
import es.gob.jmulticard.apdu.StatusWord;
import es.gob.jmulticard.apdu.ceres.CeresLoadDataApduCommand;
import es.gob.jmulticard.apdu.ceres.CeresSignDataApduCommand;
import es.gob.jmulticard.apdu.ceres.CeresVerifyApduCommand;
import es.gob.jmulticard.apdu.connection.ApduConnection;
import es.gob.jmulticard.apdu.connection.ApduConnectionException;
import es.gob.jmulticard.apdu.dnie.RetriesLeftApduCommand;
import es.gob.jmulticard.apdu.iso7816eight.EnvelopeDataApduCommand;
import es.gob.jmulticard.asn1.Asn1Exception;
import es.gob.jmulticard.asn1.TlvException;
import es.gob.jmulticard.asn1.custom.fnmt.ceres.CeresCdf;
import es.gob.jmulticard.asn1.custom.fnmt.ceres.CeresPrKdf;
import es.gob.jmulticard.asn1.der.pkcs1.DigestInfo;
import es.gob.jmulticard.asn1.der.pkcs15.Cdf;
import es.gob.jmulticard.asn1.der.pkcs15.Pkcs15Cdf;
import es.gob.jmulticard.asn1.der.pkcs15.Pkcs15PrKdf;
import es.gob.jmulticard.asn1.der.pkcs15.PrKdf;
import es.gob.jmulticard.card.Atr;
import es.gob.jmulticard.card.AuthenticationModeLockedException;
import es.gob.jmulticard.card.BadPinException;
import es.gob.jmulticard.card.CardMessages;
import es.gob.jmulticard.card.CompressionUtils;
import es.gob.jmulticard.card.CryptoCard;
import es.gob.jmulticard.card.CryptoCardException;
import es.gob.jmulticard.card.InvalidCardException;
import es.gob.jmulticard.card.Location;
import es.gob.jmulticard.card.PinException;
import es.gob.jmulticard.card.PrivateKeyReference;
import es.gob.jmulticard.card.iso7816eight.AbstractIso7816EightCard;
import es.gob.jmulticard.card.iso7816four.FileNotFoundException;
import es.gob.jmulticard.card.iso7816four.Iso7816FourCardException;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.logging.Logger;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;

/* loaded from: input_file:es/gob/jmulticard/card/fnmt/ceres/Ceres.class */
public final class Ceres extends AbstractIso7816EightCard implements CryptoCard {
    private static final byte CLA = 0;
    private final transient CryptoHelper cryptoHelper;
    private static final int MAX_APDU_SIZE = 255;
    private static final String MASTER_FILE_NAME = "Master.File";
    private static final byte ERROR_PIN_SW1 = 103;
    private static final byte ERROR_PIN_SW2 = 99;
    private transient Map<String, X509Certificate> certs;
    private transient Map<String, String> aliasByCertAndKeyId;
    private transient Map<String, Byte> keys;
    private transient PasswordCallback passwordCallback;
    private transient boolean authenticated;
    private CallbackHandler callbackHandler;
    private static final byte[] ATR_MASK_TC = {-1, -1, 0, -1, -1, -1, -1, -1, -1, -1, -1, 0, 0, 0, 0, 0, 0, -1, -1, -1};
    private static final Atr ATR_TC = new Atr(new byte[]{59, Byte.MAX_VALUE, 0, 0, 0, 0, 106, 70, 78, 77, 84, 0, 0, 0, 0, 0, 0, 3, -112, 0}, ATR_MASK_TC);
    private static final byte[] ATR_MASK_ST = {-1, -1, 0, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 0, 0, -1, -1, -1};
    private static final Atr ATR_ST = new Atr(new byte[]{59, Byte.MAX_VALUE, 0, 0, 0, 0, 106, 67, 69, 82, 69, 83, 2, 44, 52, 0, 0, 3, -112, 0}, ATR_MASK_ST);
    private static final byte[] ATR_MASK_SLE_FN20 = {-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1};
    private static final boolean AUTO_RETRY = true;
    private static final Atr ATR_SLE_FN20 = new Atr(new byte[]{59, -17, 0, 0, 64, 20, Byte.MIN_VALUE, 37, 67, 69, 82, 69, 83, 87, 5, 96, AUTO_RETRY, 2, 3, -112, 0}, ATR_MASK_SLE_FN20);
    private static final byte[] ATR_MASK_SLE_FN19 = {-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1};
    private static final Atr ATR_SLE_FN19 = new Atr(new byte[]{59, -17, 0, 0, 64, 20, Byte.MIN_VALUE, 37, 67, 69, 82, 69, 83, 87, AUTO_RETRY, 22, AUTO_RETRY, AUTO_RETRY, 3, -112, 0}, ATR_MASK_SLE_FN19);
    private static final Logger LOGGER = Logger.getLogger("es.gob.jmulticard");
    private static final Location CDF_LOCATION = new Location("50156004");
    private static final Location PRKDF_LOCATION = new Location("50156001");

    public void setPasswordCallback(PasswordCallback passwordCallback) {
        this.passwordCallback = passwordCallback;
    }

    private static void checkAtr(byte[] bArr) throws InvalidCardException {
        if (ATR_TC.equals(new Atr(bArr, ATR_MASK_TC))) {
            if (bArr[15] >= 4 && bArr[16] >= 48) {
                throw new InvalidCardException("Encontrada CERES en version " + HexUtils.hexify(new byte[]{bArr[15]}, false) + "." + HexUtils.hexify(new byte[]{bArr[16]}, false) + ", pero las versiones iguales o superiores a la 04.30 no estan soportadas por este controlador");
            }
        } else if (!ATR_ST.equals(new Atr(bArr, ATR_MASK_ST)) && !ATR_SLE_FN19.equals(new Atr(bArr, ATR_MASK_SLE_FN19)) && !ATR_SLE_FN20.equals(new Atr(bArr, ATR_MASK_SLE_FN20))) {
            throw new InvalidCardException("CERES", ATR_TC, bArr);
        }
    }

    public static void connect(ApduConnection apduConnection) throws ApduConnectionException, InvalidCardException {
        apduConnection.open();
        checkAtr(apduConnection.reset());
    }

    public Ceres(ApduConnection apduConnection, CryptoHelper cryptoHelper) throws ApduConnectionException, InvalidCardException {
        super((byte) 0, apduConnection);
        this.passwordCallback = null;
        this.authenticated = false;
        if (cryptoHelper == null) {
            throw new IllegalArgumentException("El CryptoHelper no puede ser nulo");
        }
        connect(getConnection());
        try {
            preload();
            this.cryptoHelper = cryptoHelper;
        } catch (Exception e) {
            throw new ApduConnectionException("Error cargando las estructuras iniciales de la tarjeta", e);
        }
    }

    private void preload() throws ApduConnectionException, Iso7816FourCardException, IOException, CertificateException, Asn1Exception, TlvException {
        selectMasterFile();
        byte[] selectFileByLocationAndRead = selectFileByLocationAndRead(CDF_LOCATION);
        Pkcs15Cdf ceresCdf = new CeresCdf();
        try {
            ceresCdf.setDerValue(selectFileByLocationAndRead);
        } catch (Exception e) {
            LOGGER.info("El CDF no es de tipo FNMT, se intenta en modo PKCS#15: " + e);
            ceresCdf = new Cdf();
            ceresCdf.setDerValue(selectFileByLocationAndRead);
        }
        this.certs = new LinkedHashMap(ceresCdf.getCertificateCount());
        this.aliasByCertAndKeyId = new LinkedHashMap(ceresCdf.getCertificateCount());
        for (int i = 0; i < ceresCdf.getCertificateCount(); i += AUTO_RETRY) {
            try {
                X509Certificate certificateFromCompressedOrNotData = CompressionUtils.getCertificateFromCompressedOrNotData(selectFileByLocationAndRead(new Location(ceresCdf.getCertificatePath(i).replace("\\", "").trim())), this.cryptoHelper);
                String str = i + " " + certificateFromCompressedOrNotData.getSerialNumber();
                this.aliasByCertAndKeyId.put(HexUtils.hexify(ceresCdf.getCertificateId(i), false), str);
                this.certs.put(str, certificateFromCompressedOrNotData);
            } catch (IOException e2) {
                LOGGER.warning("No se ha encontrado un certificado referenciado, se pasa al siguiente: " + e2);
            }
        }
        byte[] selectFileByLocationAndRead2 = selectFileByLocationAndRead(PRKDF_LOCATION);
        Pkcs15PrKdf prKdf = new PrKdf();
        try {
            prKdf.setDerValue(selectFileByLocationAndRead2);
        } catch (Exception e3) {
            LOGGER.info("El PrKDF no es de tipo PKCS#15, se intenta en modo FNMT: " + e3);
            prKdf = new CeresPrKdf();
            prKdf.setDerValue(selectFileByLocationAndRead2);
        }
        this.keys = new LinkedHashMap();
        for (int i2 = 0; i2 < prKdf.getKeyCount(); i2 += AUTO_RETRY) {
            String str2 = this.aliasByCertAndKeyId.get(HexUtils.hexify(prKdf.getKeyId(i2), false));
            if (str2 != null) {
                this.keys.put(str2, Byte.valueOf(prKdf.getKeyReference(i2)));
            }
        }
        hideCertsWithoutKey();
    }

    private void hideCertsWithoutKey() {
        try {
            String[] aliases = getAliases();
            int length = aliases.length;
            for (int i = 0; i < length; i += AUTO_RETRY) {
                String str = aliases[i];
                if (this.keys.get(str) == null) {
                    this.certs.remove(str);
                }
            }
        } catch (Exception e) {
            throw new IllegalStateException("No se han podido leer los alias de los certificados de la tarjeta CERES", e);
        }
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public String[] getAliases() {
        return (String[]) this.certs.keySet().toArray(new String[0]);
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public X509Certificate getCertificate(String str) {
        return this.certs.get(str);
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public PrivateKeyReference getPrivateKey(String str) {
        return new CeresPrivateKeyReference(this.keys.get(str).byteValue(), ((RSAPublicKey) this.certs.get(str).getPublicKey()).getModulus().bitLength());
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public byte[] sign(byte[] bArr, String str, PrivateKeyReference privateKeyReference) throws CryptoCardException, PinException {
        if (bArr == null) {
            throw new CryptoCardException("Los datos a firmar no pueden ser nulos");
        }
        if (privateKeyReference == null) {
            throw new IllegalArgumentException("La clave privada no puede ser nula");
        }
        if (!(privateKeyReference instanceof CeresPrivateKeyReference)) {
            throw new IllegalArgumentException("La clave proporcionada debe ser de tipo CeresPrivateKeyReference, pero se ha recibido de tipo " + privateKeyReference.getClass().getName());
        }
        CeresPrivateKeyReference ceresPrivateKeyReference = (CeresPrivateKeyReference) privateKeyReference;
        if (!this.authenticated) {
            try {
                verifyPin(getInternalPasswordCallback());
                this.authenticated = true;
            } catch (ApduConnectionException e) {
                throw new CryptoCardException("Error en la verificacion de PIN", e);
            }
        }
        try {
            loadData(ceresPrivateKeyReference.getKeyBitSize(), DigestInfo.encode(str, bArr, this.cryptoHelper));
            try {
                ResponseApdu sendArbitraryApdu = sendArbitraryApdu(new CeresSignDataApduCommand(ceresPrivateKeyReference.getKeyReference(), ceresPrivateKeyReference.getKeyBitSize()));
                if (sendArbitraryApdu.isOk()) {
                    return sendArbitraryApdu.getData();
                }
                throw new CryptoCardException("No se han podido firmar los datos. Respuesta: " + HexUtils.hexify(sendArbitraryApdu.getBytes(), true));
            } catch (ApduConnectionException e2) {
                throw new CryptoCardException("Error firmando los datos", e2);
            }
        } catch (Exception e3) {
            throw new CryptoCardException("Error creando el DigestInfo para la firma con el algoritmo " + str, e3);
        }
    }

    private void loadData(int i, byte[] bArr) throws CryptoCardException {
        try {
            byte[] addPkcs1PaddingForPrivateKeyOperation = CryptoHelper.addPkcs1PaddingForPrivateKeyOperation(bArr, i);
            if (i < 2048) {
                try {
                    ResponseApdu sendArbitraryApdu = sendArbitraryApdu(new CeresLoadDataApduCommand(addPkcs1PaddingForPrivateKeyOperation));
                    if (!sendArbitraryApdu.isOk()) {
                        throw new CryptoCardException("No se han podido enviar los datos a firmar a la tarjeta. Respuesta: " + HexUtils.hexify(sendArbitraryApdu.getBytes(), true));
                    }
                    return;
                } catch (ApduConnectionException e) {
                    throw new CryptoCardException("Error enviando los datos a firmar a la tarjeta", e);
                }
            }
            if (i != 2048) {
                throw new IllegalArgumentException("Solo se soportan claves de 2048 o 1024 bits");
            }
            byte[] bArr2 = {-112, 88, 0, 0, 0, AUTO_RETRY, 0};
            byte[] bArr3 = new byte[MAX_APDU_SIZE];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            System.arraycopy(addPkcs1PaddingForPrivateKeyOperation, 0, bArr3, bArr2.length, MAX_APDU_SIZE - bArr2.length);
            try {
                ResponseApdu sendArbitraryApdu2 = sendArbitraryApdu(new EnvelopeDataApduCommand(bArr3));
                if (!sendArbitraryApdu2.isOk()) {
                    throw new CryptoCardException("No se han podido enviar (primera tanda) los datos a firmar a la tarjeta. Respuesta: " + HexUtils.hexify(sendArbitraryApdu2.getBytes(), true));
                }
                byte[] bArr4 = new byte[8];
                System.arraycopy(addPkcs1PaddingForPrivateKeyOperation, MAX_APDU_SIZE - bArr2.length, bArr4, 0, 8);
                try {
                    ResponseApdu sendArbitraryApdu3 = sendArbitraryApdu(new EnvelopeDataApduCommand(bArr4));
                    if (!sendArbitraryApdu3.isOk()) {
                        throw new CryptoCardException("No se han podido enviar (segunda tanda) los datos a firmar a la tarjeta. Respuesta: " + HexUtils.hexify(sendArbitraryApdu3.getBytes(), true));
                    }
                } catch (ApduConnectionException e2) {
                    throw new CryptoCardException("Error en el segundo envio a la tarjeta de los datos a firmar", e2);
                }
            } catch (Exception e3) {
                throw new CryptoCardException("Error en el primer envio a la tarjeta de los datos a firmar", e3);
            }
        } catch (IOException e4) {
            throw new CryptoCardException("Error realizando el relleno PKCS#1 de los datos a firmar", e4);
        }
    }

    @Override // es.gob.jmulticard.card.iso7816four.AbstractIso7816FourCard
    protected void selectMasterFile() throws ApduConnectionException, FileNotFoundException, Iso7816FourCardException {
        selectFileByName(MASTER_FILE_NAME);
    }

    @Override // es.gob.jmulticard.card.iso7816four.AbstractIso7816FourCard
    public void verifyPin(PasswordCallback passwordCallback) throws ApduConnectionException, PinException {
        if (passwordCallback == null) {
            throw new PinException("No se ha establecido un PasswordCallback");
        }
        ResponseApdu sendArbitraryApdu = sendArbitraryApdu(new CeresVerifyApduCommand((byte) 0, passwordCallback));
        if (sendArbitraryApdu.isOk()) {
            return;
        }
        if (sendArbitraryApdu.getStatusWord().getMsb() != ERROR_PIN_SW1 && sendArbitraryApdu.getStatusWord().getMsb() != ERROR_PIN_SW2) {
            if (!new StatusWord((byte) 105, (byte) -125).equals(sendArbitraryApdu.getStatusWord())) {
                throw new ApduConnectionException(new Iso7816FourCardException("Error en la verificacion de PIN (" + sendArbitraryApdu.getStatusWord() + ")", sendArbitraryApdu.getStatusWord()));
            }
            throw new AuthenticationModeLockedException();
        }
        if (passwordCallback.getClass().getName().endsWith("CachePasswordCallback")) {
            throw new BadPinException(sendArbitraryApdu.getStatusWord().getLsb() - (-64));
        }
        this.passwordCallback = null;
        verifyPin(getInternalPasswordCallback());
    }

    protected PasswordCallback getInternalPasswordCallback() throws PinException {
        if (this.passwordCallback != null) {
            if (getPinRetriesLeft() == 0) {
                throw new AuthenticationModeLockedException();
            }
            return this.passwordCallback;
        }
        if (this.callbackHandler == null) {
            throw new PinException("No hay ningun metodo para obtener el PIN");
        }
        int pinRetriesLeft = getPinRetriesLeft();
        if (pinRetriesLeft == 0) {
            throw new AuthenticationModeLockedException();
        }
        PasswordCallback passwordCallback = new PasswordCallback(CardMessages.getString("Gen.0", Integer.toString(pinRetriesLeft)), false);
        try {
            this.callbackHandler.handle(new Callback[]{passwordCallback});
            return passwordCallback;
        } catch (IOException e) {
            throw new PinException("Error obteniendo el PIN del CallbackHandler", e);
        } catch (UnsupportedCallbackException e2) {
            throw new PinException("El CallbackHandler no soporta pedir el PIN al usuario", e2);
        }
    }

    private int getPinRetriesLeft() throws PinException {
        try {
            return getConnection().transmit(new RetriesLeftApduCommand()).getStatusWord().getLsb() - (-64);
        } catch (ApduConnectionException e) {
            throw new PinException("Error obteniendo el PIN del CallbackHandler", e);
        }
    }

    @Override // es.gob.jmulticard.card.AbstractSmartCard
    public String getCardName() {
        return "FNMT-RCM CERES";
    }

    public CallbackHandler getCallbackHandler() {
        return this.callbackHandler;
    }

    public void setCallbackHandler(CallbackHandler callbackHandler) {
        this.callbackHandler = callbackHandler;
    }
}
