package de.cardcontact.opencard.eac.softTA;

import de.cardcontact.opencard.eac.CardVerifiableCertificate;
import de.cardcontact.opencard.eac.PKCS8;
import de.cardcontact.opencard.eac.TerminalAuthenticationSigner;
import de.cardcontact.opencard.eac.cvc.ECPublicKeyTLV;
import java.io.File;
import java.io.FileInputStream;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.interfaces.ECPrivateKey;
import java.util.ArrayList;
import opencard.opt.iso.fs.CardFilePath;

/* loaded from: input_file:de/cardcontact/opencard/eac/softTA/SoftTASigner.class */
public class SoftTASigner implements TerminalAuthenticationSigner {
    String cspath;
    String signerpath;
    String signerCHR;
    ArrayList<CardVerifiableCertificate> chain = new ArrayList<>();
    PrivateKey signer;

    public SoftTASigner(String str, String str2) {
        this.cspath = str;
        this.signerpath = str2;
        try {
            setup();
        } catch (Exception e) {
            throw new RuntimeException("Problem setting up signer", e);
        }
    }

    private byte[] loadBinary(String str) {
        File file = new File(str);
        if (!file.exists()) {
            throw new RuntimeException("File " + str + " does not exist");
        }
        byte[] bArr = new byte[(int) file.length()];
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            fileInputStream.read(bArr);
            fileInputStream.close();
            return bArr;
        } catch (Exception e) {
            throw new RuntimeException("File " + str + " could not be read", e);
        }
    }

    private void loadCertificate(String str, String str2) throws CertificateException {
        String str3 = this.cspath + str + CardFilePath.SYM_SEPARATOR + str2 + ".cvcert";
        if (!new File(str3).exists()) {
            str3 = this.cspath + str + CardFilePath.SYM_SEPARATOR + str2 + ".selfsigned.cvcert";
        }
        this.chain.add(0, new CardVerifiableCertificate(loadBinary(str3)));
    }

    private void loadPrivateKey(String str, String str2) throws Exception {
        this.signer = PKCS8.decodePrivateKey(loadBinary(this.cspath + str + CardFilePath.SYM_SEPARATOR + str2 + ".pkcs8"));
    }

    private void setup() throws Exception {
        String[] split = this.signerpath.substring(1).split(CardFilePath.SYM_SEPARATOR);
        String str = this.signerpath;
        String str2 = split[split.length - 1] + "00001";
        loadCertificate(str, str2);
        String substring = str.substring(0, str.lastIndexOf(47));
        loadCertificate(substring, new String(this.chain.get(0).getCertificationAuthorityReference().getValue()));
        String substring2 = substring.substring(0, substring.lastIndexOf(47));
        loadCertificate(substring2, new String(this.chain.get(0).getCertificationAuthorityReference().getValue()));
        String str3 = new String(this.chain.get(0).getCertificationAuthorityReference().getValue());
        while (true) {
            String str4 = str3;
            if (str4.equals(new String(this.chain.get(0).getCertificateHolderReference().getValue()))) {
                break;
            }
            loadCertificate(substring2, str4);
            str3 = new String(this.chain.get(0).getCertificationAuthorityReference().getValue());
        }
        loadPrivateKey(this.signerpath, str2);
        CardVerifiableCertificate cardVerifiableCertificate = this.chain.get(0);
        PublicKey publicKey = cardVerifiableCertificate.getPublicKey();
        for (int i = 1; i < this.chain.size(); i++) {
            cardVerifiableCertificate = this.chain.get(i);
            cardVerifiableCertificate.verify(publicKey, "SHA256withECDSA", null);
            publicKey = cardVerifiableCertificate.getPublicKey();
        }
        this.signerCHR = new String(cardVerifiableCertificate.getCertificateHolderReference().getValue());
        byte[] bArr = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1};
        Signature signature = Signature.getInstance("NONEwithECDSA");
        signature.initSign(this.signer);
        signature.update(bArr);
        byte[] sign = signature.sign();
        Signature signature2 = Signature.getInstance("NONEwithECDSA");
        signature2.initVerify(publicKey);
        signature2.update(bArr);
        if (!signature2.verify(sign)) {
            throw new GeneralSecurityException("Signer validation failed. Private key matches certificate ?");
        }
    }

    /* JADX WARN: Type inference failed for: r0v11, types: [byte[], byte[][]] */
    @Override // de.cardcontact.opencard.eac.TerminalAuthenticationSigner
    public byte[][] getCertificateChain(String str) {
        int size = this.chain.size() - 1;
        while (size >= 0 && !new String(this.chain.get(size).getCertificationAuthorityReference().getValue()).equals(str)) {
            size--;
        }
        if (size < 0) {
            throw new RuntimeException("No certificate along the chain found that can be verified with " + str);
        }
        int size2 = this.chain.size() - size;
        ?? r0 = new byte[size2];
        for (int i = 0; i < size2; i++) {
            byte[] bArr = null;
            try {
                bArr = this.chain.get(size + i).getEncoded();
            } catch (CertificateEncodingException e) {
            }
            r0[i] = bArr;
        }
        return r0;
    }

    @Override // de.cardcontact.opencard.eac.TerminalAuthenticationSigner
    public byte[] getTASignature(byte[] bArr, String str) {
        if (!str.equals(this.signerCHR)) {
            throw new RuntimeException("Key " + str + " not found");
        }
        try {
            Signature signature = Signature.getInstance(this.chain.get(0).getSignatureAlgorithm());
            signature.initSign(this.signer);
            signature.update(bArr);
            byte[] sign = signature.sign();
            if (this.signer instanceof ECPrivateKey) {
                sign = ECPublicKeyTLV.unwrapSignature(sign, (((ECPrivateKey) this.signer).getParams().getCurve().getField().getFieldSize() + 7) >> 3);
            }
            return sign;
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("Problem signing challenge", e);
        }
    }
}
