package de.cardcontact.opencard.service.smartcardhsm;

import de.cardcontact.opencard.eac.CardVerifiableCertificate;
import de.cardcontact.opencard.eac.TrustStore;
import de.cardcontact.opencard.eac.cvc.CertificationAuthorityReference;
import de.cardcontact.opencard.security.IsoCredentialStore;
import de.cardcontact.opencard.security.SecureChannel;
import de.cardcontact.opencard.security.SecureChannelCredential;
import de.cardcontact.opencard.service.CardServiceUnexpectedStatusWordException;
import de.cardcontact.opencard.service.eac20.EAC20;
import de.cardcontact.opencard.service.isocard.CHVCardServiceWithControl;
import de.cardcontact.opencard.service.isocard.CHVManagementCardService;
import de.cardcontact.opencard.service.isocard.FileSystemSendAPDU;
import de.cardcontact.opencard.service.isocard.IsoFileControlInformation;
import de.cardcontact.opencard.service.remoteclient.HttpURLConnectionFactory;
import de.cardcontact.opencard.service.remoteclient.RemoteClient;
import de.cardcontact.opencard.service.remoteclient.RemoteNotificationListener;
import de.cardcontact.opencard.service.remoteclient.RemoteUpdateService;
import de.cardcontact.tlv.ByteBuffer;
import de.cardcontact.tlv.ConstructedTLV;
import de.cardcontact.tlv.ObjectIdentifier;
import de.cardcontact.tlv.PrimitiveTLV;
import de.cardcontact.tlv.TLV;
import de.cardcontact.tlv.TLVEncodingException;
import de.cardcontact.tlv.Tag;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertPathBuilderException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Properties;
import java.util.Vector;
import opencard.core.OpenCardException;
import opencard.core.service.CHVDialog;
import opencard.core.service.CHVUtils;
import opencard.core.service.CardChannel;
import opencard.core.service.CardServiceException;
import opencard.core.service.CardServiceInabilityException;
import opencard.core.service.CardServiceInvalidCredentialException;
import opencard.core.service.CardServiceInvalidParameterException;
import opencard.core.service.CardServiceOperationFailedException;
import opencard.core.service.CardServiceScheduler;
import opencard.core.service.SmartCard;
import opencard.core.terminal.CHVControl;
import opencard.core.terminal.CHVEncoder;
import opencard.core.terminal.CardTerminalException;
import opencard.core.terminal.CardTerminalIOControl;
import opencard.core.terminal.CommandAPDU;
import opencard.core.terminal.ExtendedVerifiedAPDUInterface;
import opencard.core.terminal.ResponseAPDU;
import opencard.core.terminal.VerifiedAPDUInterface;
import opencard.opt.applet.AppletID;
import opencard.opt.applet.AppletInfo;
import opencard.opt.applet.BasicAppletCardService;
import opencard.opt.iso.fs.CardFileAppID;
import opencard.opt.iso.fs.CardFileFileID;
import opencard.opt.iso.fs.CardFileInfo;
import opencard.opt.iso.fs.CardFilePath;
import opencard.opt.iso.fs.CardFilePathComponent;
import opencard.opt.iso.fs.CardIOException;
import opencard.opt.iso.fs.FileSystemCardService;
import opencard.opt.security.CredentialBag;
import opencard.opt.security.PrivateKeyRef;
import opencard.opt.security.PublicKeyRef;
import opencard.opt.security.SecureService;
import opencard.opt.security.SecurityDomain;
import opencard.opt.service.CardServiceObjectNotAvailableException;
import opencard.opt.service.CardServiceResourceNotFoundException;
import opencard.opt.service.CardServiceUnexpectedResponseException;
import opencard.opt.util.APDUInterface;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/cardcontact/opencard/service/smartcardhsm/SmartCardHSMCardService.class */
public class SmartCardHSMCardService extends BasicAppletCardService implements FileSystemCardService, CHVCardServiceWithControl, CHVManagementCardService, SecureService, KeyGenerationCardServiceWithSpec, DecipherCardService, FileSystemSendAPDU, RemoteUpdateService, APDUInterface {
    public static final String ALGO_PADDING_PKCS1_PSS = "PKCS1_PSS";
    private static final byte WRAP = -110;
    private static final int USER_PIN = 129;
    private static final int SO_PIN = 136;
    public static final byte KEYPREFIX = -52;
    public static final byte PRKDPREFIX = -60;
    public static final byte EECERTIFICATEPREFIX = -50;
    public static final byte CACERTIFICATEPREFIX = -54;
    public static final byte CERTDESCRIPTIONPREFIX = -56;
    private static final int MAX_APDU = 1232;
    private int maxCData;
    private int maxRData;
    private ChangeReferenceDataDialog changeRefenceDataDialog;
    private static final CardFilePath mf = new CardFilePath("#E82B0601040181C31F0201");
    private static final AppletID AID = new AppletID(new byte[]{-24, 43, 6, 1, 4, 1, -127, -61, 31, 2, 1});
    private static HashMap<String, HashMap<String, Byte>> ALGORITHM_PADDING = new HashMap<>();
    private static byte ECDH = Byte.MIN_VALUE;
    private static byte NONE_WITH_RSA_DECRIPTION = 33;
    public static final ObjectIdentifier ID_KEY_DOMAIN_UID = new ObjectIdentifier(new int[]{1, 3, 6, 1, 4, 1, 24991, 3, 2, 2});
    private static final int KEY_CAPACITY = 60;
    private static final byte[] rootCert = {Byte.MAX_VALUE, 33, -126, 1, -76, Byte.MAX_VALUE, 78, -126, 1, 108, 95, 41, 1, 0, 66, 14, 68, 69, 83, 82, 67, 65, 67, 67, 49, 48, 48, 48, 48, 49, Byte.MAX_VALUE, 73, -126, 1, 29, 6, 10, 4, 0, Byte.MAX_VALUE, 0, 7, 2, 2, 2, 2, 3, -127, 32, -87, -5, 87, -37, -95, -18, -87, -68, 62, 102, 10, -112, -99, -125, -115, 114, 110, 59, -10, 35, -43, 38, 32, 40, 32, 19, 72, 29, 31, 110, 83, 119, -126, 32, 125, 90, 9, 117, -4, 44, 48, 87, -18, -10, 117, 48, 65, 122, -1, -25, -5, Byte.MIN_VALUE, 85, -63, 38, -36, 92, 108, -23, 74, 75, 68, -13, 48, -75, -39, -125, 32, 38, -36, 92, 108, -23, 74, 75, 68, -13, 48, -75, -39, -69, -41, 124, -65, -107, -124, 22, 41, 92, -9, -31, -50, 107, -52, -36, 24, -1, -116, 7, -74, -124, 65, 4, -117, -46, -82, -71, -53, 126, 87, -53, 44, 75, 72, 47, -4, -127, -73, -81, -71, -34, 39, -31, -29, -67, 35, -62, 58, 68, 83, -67, -102, -50, 50, 98, 84, 126, -8, 53, -61, -38, -60, -3, -105, -8, 70, 26, 20, 97, 29, -55, -62, 119, 69, 19, 45, -19, -114, 84, 92, 29, 84, -57, 47, 4, 105, -105, -123, 32, -87, -5, 87, -37, -95, -18, -87, -68, 62, 102, 10, -112, -99, -125, -115, 113, -116, 57, 122, -93, -75, 97, -90, -9, -112, 30, 14, -126, -105, 72, 86, -89, -122, 65, 4, 109, 2, 90, Byte.MIN_VALUE, 38, -51, -70, 36, 95, 16, -33, 27, 114, -23, -120, 15, -1, 116, 109, -85, 64, -92, 58, 61, 92, 107, -21, -14, 119, 7, -61, 15, 109, -22, 114, 67, 14, -29, 40, 123, 6, 101, -63, -22, -90, -22, -92, -6, 38, -60, 99, 3, 0, 25, -125, -8, 43, -47, -86, 49, -32, 61, -96, 98, -121, 1, 1, 95, 32, 14, 68, 69, 83, 82, 67, 65, 67, 67, 49, 48, 48, 48, 48, 49, Byte.MAX_VALUE, 76, 16, 6, 11, 43, 6, 1, 4, 1, -127, -61, 31, 3, 1, 1, 83, 1, -64, 95, 37, 6, 1, 2, 1, 1, 0, 9, 95, 36, 6, 3, 2, 1, 1, 0, 8, 95, 55, 64, -99, -69, 56, 43, 23, 17, -46, -70, -84, -80, -58, 35, -44, 12, 98, 103, -48, -75, 43, -92, 85, -64, 31, 86, 51, 61, -55, 85, 72, 16, -71, -78, -121, -115, -81, -98, -61, -83, -95, -100, 123, 6, 93, 120, 13, 108, -100, KEY_CAPACITY, 46, -50, -33, -41, -115, -21, 24, -81, 64, 119, -118, -33, -119, -24, 97, -54};
    private static final byte UNWRAP = -109;
    private static final byte[] utCert = {Byte.MAX_VALUE, 33, -126, 1, -76, Byte.MAX_VALUE, 78, -126, 1, 108, 95, 41, 1, 0, 66, 14, 85, 84, 83, 82, 67, 65, 67, 67, 49, 48, 48, 48, 48, 49, Byte.MAX_VALUE, 73, -126, 1, 29, 6, 10, 4, 0, Byte.MAX_VALUE, 0, 7, 2, 2, 2, 2, 3, -127, 32, -87, -5, 87, -37, -95, -18, -87, -68, 62, 102, 10, -112, -99, -125, -115, 114, 110, 59, -10, 35, -43, 38, 32, 40, 32, 19, 72, 29, 31, 110, 83, 119, -126, 32, 125, 90, 9, 117, -4, 44, 48, 87, -18, -10, 117, 48, 65, 122, -1, -25, -5, Byte.MIN_VALUE, 85, -63, 38, -36, 92, 108, -23, 74, 75, 68, -13, 48, -75, -39, -125, 32, 38, -36, 92, 108, -23, 74, 75, 68, -13, 48, -75, -39, -69, -41, 124, -65, -107, -124, 22, 41, 92, -9, -31, -50, 107, -52, -36, 24, -1, -116, 7, -74, -124, 65, 4, -117, -46, -82, -71, -53, 126, 87, -53, 44, 75, 72, 47, -4, -127, -73, -81, -71, -34, 39, -31, -29, -67, 35, -62, 58, 68, 83, -67, -102, -50, 50, 98, 84, 126, -8, 53, -61, -38, -60, -3, -105, -8, 70, 26, 20, 97, 29, -55, -62, 119, 69, 19, 45, -19, -114, 84, 92, 29, 84, -57, 47, 4, 105, -105, -123, 32, -87, -5, 87, -37, -95, -18, -87, -68, 62, 102, 10, -112, -99, -125, -115, 113, -116, 57, 122, -93, -75, 97, -90, -9, -112, 30, 14, -126, -105, 72, 86, -89, -122, 65, 4, -96, 65, -2, -78, -3, 17, 107, 42, -47, -100, -90, -73, -22, -51, 113, -55, -119, 47, -108, 27, -72, -115, 103, -36, -18, -55, 37, 1, -16, 112, 1, 25, 87, -30, 33, 34, -70, 108, 44, -11, -1, 2, UNWRAP, 111, 72, 46, 53, -90, 18, -100, -53, -70, -114, UNWRAP, -125, -125, 109, 49, 6, -121, -100, 64, -114, -16, -121, 1, 1, 95, 32, 14, 85, 84, 83, 82, 67, 65, 67, 67, 49, 48, 48, 48, 48, 49, Byte.MAX_VALUE, 76, 16, 6, 11, 43, 6, 1, 4, 1, -127, -61, 31, 3, 1, 1, 83, 1, -64, 95, 37, 6, 1, 2, 1, 1, 0, 9, 95, 36, 6, 3, 2, 1, 1, 0, 8, 95, 55, 64, -111, 77, -48, -6, 0, 97, 92, 68, 4, -115, 20, 103, 67, 84, 0, 66, 58, 74, -47, -67, 55, -3, -104, -42, -34, -124, -3, Byte.MIN_VALUE, 55, 72, -107, -126, 50, 92, 114, -107, 109, 79, -33, -85, -58, -19, -70, 72, 24, 74, 117, 79, 55, -15, -66, 81, 66, -35, 28, 39, -42, 101, 105, 48, -116, -31, -102, -81};
    final Logger log = LoggerFactory.getLogger(SmartCardHSMCardService.class);
    private final HashMap<String, SmartCardHSMEntry> namemap = new HashMap<>(200);
    private final HashMap<Byte, SmartCardHSMKey> idmap = new HashMap<>(100);
    private final HashMap<Byte, Certificate> certIDMap = new HashMap<>(100);
    private final Vector<Byte> caid = new Vector<>();
    private byte[] lastobjectlist = null;
    private ArrayList<KeyDomain> keyDomains = null;
    private SmartCardHSMAppletState state = null;
    private RemoteClient remoteClient = null;
    private HttpURLConnectionFactory connectionFactory = null;
    private int maxCAPDU = MAX_APDU;
    private int maxRAPDU = MAX_APDU;
    private boolean limitedAPDU = false;
    private int fastDeleteThreshold = 0;
    private int fastDeleteCount = 0;
    private String id = null;
    private boolean usePinPad = false;
    private boolean addDeviceCertificateToAliases = true;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // opencard.opt.applet.BasicAppletCardService, opencard.core.service.CardService
    public void initialize(CardServiceScheduler cardServiceScheduler, SmartCard smartCard, boolean z) throws CardServiceException {
        super.initialize(cardServiceScheduler, smartCard, z);
        try {
            allocateCardChannel();
            CardChannel cardChannel = getCardChannel();
            Hashtable hashtable = (Hashtable) cardChannel.getState();
            this.state = (SmartCardHSMAppletState) hashtable.get(AID);
            if (this.state == null) {
                this.state = new SmartCardHSMAppletState();
                hashtable.put(AID, this.state);
            }
            Properties features = cardChannel.getCardTerminal().features();
            if (features.containsKey("maxRAPDUSize")) {
                this.maxRAPDU = Integer.valueOf(features.getProperty("maxRAPDUSize")).intValue();
                this.limitedAPDU = true;
            }
            if (features.containsKey("maxCAPDUSize")) {
                this.maxCAPDU = Integer.valueOf(features.getProperty("maxCAPDUSize")).intValue();
                this.limitedAPDU = true;
            }
            this.maxCData = ((((this.maxCAPDU - 9) - 19) / 16) * 16) - 1;
            this.maxRData = ((((this.maxRAPDU - 18) - 2) / 16) * 16) - 1;
            releaseCardChannel();
        } catch (Throwable th) {
            releaseCardChannel();
            throw th;
        }
    }

    @Override // opencard.opt.applet.BasicAppletCardService
    protected void checkSelectResponse(AppletInfo appletInfo) {
        byte[] proprietary = new IsoFileControlInformation(((ResponseAPDU) appletInfo.getData()).data()).getProprietary();
        this.state.setVersion((proprietary[proprietary.length - 2] << 8) | (proprietary[proprietary.length - 1] & 255));
    }

    public void useClassThreePinPad(boolean z) {
        this.usePinPad = z;
    }

    public void addDeviceCertificateToAliases(boolean z) {
        this.addDeviceCertificateToAliases = z;
    }

    @Override // opencard.opt.applet.BasicAppletCardService
    protected boolean isSelected(CardChannel cardChannel) throws CardTerminalException {
        CommandAPDU commandAPDU = new CommandAPDU(40);
        new ResponseAPDU(2);
        commandAPDU.setLength(0);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 32);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) -127);
        return cardChannel.sendCommandAPDU(commandAPDU).sw() == 36864;
    }

    public void initSecureMessaging() throws CardServiceException, CardTerminalException, CertPathBuilderException {
        this.state.setSecureChannelCredential(new EAC20(this, getDevAutPK()).performChipAuthentication());
    }

    public String getId() throws OpenCardException, CertPathBuilderException {
        if (this.id == null) {
            getDevAutPK();
        }
        return this.id;
    }

    public String getProvisioningURL() {
        try {
            return new String(((ConstructedTLV) TLV.factory(read(new CardFilePath(":CB00"), 0, -1))).get(0).getValue());
        } catch (TLVEncodingException | OpenCardException e) {
            this.log.error("Could not read trusted configuration", e);
            return null;
        }
    }

    public int getVersion() throws CardTerminalException, CardServiceException {
        int version = this.state.getVersion();
        if (version != 0) {
            return version;
        }
        CommandAPDU commandAPDU = new CommandAPDU(5);
        commandAPDU.append(Byte.MIN_VALUE);
        commandAPDU.append((byte) 80);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 0);
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864 || sendCommandAPDU.getLength() < 4) {
            return 0;
        }
        int i = (sendCommandAPDU.getByte(sendCommandAPDU.getLength() - 4) << 8) | sendCommandAPDU.getByte(sendCommandAPDU.getLength() - 3);
        this.state.setVersion(i);
        return i;
    }

    public void deactivateSecureMessaging() {
        this.state.setSecureChannelCredential(null);
    }

    private boolean hasSendVerifiedCommandAPDU() {
        allocateCardChannel();
        Object cardTerminal = getCardChannel().getCardTerminal();
        boolean z = cardTerminal instanceof VerifiedAPDUInterface;
        if (cardTerminal instanceof ExtendedVerifiedAPDUInterface) {
            z = ((ExtendedVerifiedAPDUInterface) cardTerminal).hasSendVerifiedCommandAPDU();
        }
        releaseCardChannel();
        return z;
    }

    private ResponseAPDU sendSecMsgCommand(CommandAPDU commandAPDU) throws CardTerminalException, CardServiceException {
        SecureChannelCredential secureChannelCredential = this.state.getSecureChannelCredential();
        SecureChannel secureChannel = secureChannelCredential.getSecureChannel();
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(AID, secureChannel.wrap(commandAPDU, secureChannelCredential.getUsageQualifier()));
        if (sendCommandAPDU.getLength() != 2) {
            return secureChannel.unwrap(sendCommandAPDU, secureChannelCredential.getUsageQualifier());
        }
        this.state.setSecureChannelCredential(null);
        return sendCommandAPDU;
    }

    @Override // opencard.opt.util.APDUInterface
    public ResponseAPDU sendCommandAPDU(CommandAPDU commandAPDU) throws CardTerminalException, CardServiceException {
        if ((commandAPDU.getByte(0) & 8) == 8) {
            this.state.setSecureChannelCredential(null);
        }
        return this.state.useSecureChannel() ? sendSecMsgCommand(commandAPDU) : sendCommandAPDU(AID, commandAPDU);
    }

    @Override // opencard.opt.security.CHVCardService
    public void closeApplication(SecurityDomain securityDomain) throws CardServiceException, CardTerminalException {
        deactivateSecureMessaging();
        try {
            allocateCardChannel();
            getAppletSelector().selectApplet(getCardChannel(), AID);
            releaseCardChannel();
        } catch (Throwable th) {
            releaseCardChannel();
            throw th;
        }
    }

    @Override // opencard.opt.security.CHVCardService
    public int getPasswordLength(SecurityDomain securityDomain, int i) throws CardServiceException, CardTerminalException {
        return 0;
    }

    public boolean verifyBio(byte b, byte[] bArr) throws CardTerminalException, CardServiceException {
        CommandAPDU commandAPDU = new CommandAPDU(300);
        new ResponseAPDU(2);
        commandAPDU.setLength(0);
        commandAPDU.append(Byte.MIN_VALUE);
        commandAPDU.append((byte) 32);
        commandAPDU.append((byte) 0);
        commandAPDU.append(b);
        commandAPDU.append((byte) bArr.length);
        System.arraycopy(bArr, 0, commandAPDU.getBuffer(), 5, bArr.length);
        commandAPDU.setLength(5 + bArr.length);
        sendCommandAPDU(commandAPDU);
        return getSecurityStatus();
    }

    public boolean verifyPassword() throws CardServiceException, CardTerminalException {
        boolean verifyPassword;
        CHVControl cHVControl = new CHVControl("Enter your password", 1, CHVEncoder.STRING_ENCODING, 0, new CardTerminalIOControl(0, 30, CardTerminalIOControl.IS_NUMBERS, ""));
        CHVCardServiceWithControl.PasswordStatus passwordStatus = getPasswordStatus(null, 1);
        if (passwordStatus == CHVCardServiceWithControl.PasswordStatus.VERIFIED) {
            return true;
        }
        if (passwordStatus == CHVCardServiceWithControl.PasswordStatus.TRANSPORTMODE) {
            ChangeReferenceDataDialog changeReferenceDataDialog = new ChangeReferenceDataDialog();
            changeReferenceDataDialog.setPasswordStatus(passwordStatus);
            setChangeReferenceDataDialog(changeReferenceDataDialog);
            return changeReferenceData();
        }
        if (getPasswordStatus(null, 133) != CHVCardServiceWithControl.PasswordStatus.NOTINITIALIZED) {
            return verifyBio((byte) -123, new byte[]{Byte.MAX_VALUE, 36, 0});
        }
        if (this.usePinPad && hasSendVerifiedCommandAPDU()) {
            verifyPassword = verifyPassword(null, 0, cHVControl, null);
        } else {
            CHVDialog cHVDialog = getCHVDialog();
            if (cHVDialog == null) {
                cHVDialog = new SmartCardHSMCHVDialog(this);
                setCHVDialog(cHVDialog);
            }
            if (cHVDialog instanceof SmartCardHSMCHVDialog) {
                ((SmartCardHSMCHVDialog) cHVDialog).setPasswordStatus(passwordStatus);
            }
            String chv = cHVDialog.getCHV(-1);
            if (chv == null) {
                CHVCardServiceWithControl.PasswordStatus passwordStatus2 = getPasswordStatus(null, 1);
                if (passwordStatus2 == CHVCardServiceWithControl.PasswordStatus.VERIFIED) {
                    return true;
                }
                if (passwordStatus2 == CHVCardServiceWithControl.PasswordStatus.BLOCKED) {
                    throw new CardServiceInvalidCredentialException("PIN is blocked");
                }
                throw new CardServiceOperationFailedException("PIN entry cancelled or change of User PIN failed");
            }
            verifyPassword = verifyPassword(null, 0, CHVUtils.encodeCHV(cHVControl, chv));
        }
        return verifyPassword;
    }

    public boolean getSecurityStatus() throws CardServiceException, CardTerminalException {
        return getPasswordStatus(null, 1) == CHVCardServiceWithControl.PasswordStatus.VERIFIED;
    }

    @Override // opencard.opt.security.CHVCardService
    public boolean verifyPassword(SecurityDomain securityDomain, int i, byte[] bArr) throws CardServiceException, CardTerminalException {
        ResponseAPDU sendCommandAPDU;
        boolean z;
        if (bArr == null) {
            return verifyPassword();
        }
        if (getSecurityStatus()) {
            return true;
        }
        CommandAPDU commandAPDU = new CommandAPDU(40);
        new ResponseAPDU(2);
        commandAPDU.setLength(0);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 32);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) -127);
        commandAPDU.append((byte) bArr.length);
        System.arraycopy(bArr, 0, commandAPDU.getBuffer(), 5, bArr.length);
        commandAPDU.setLength(5 + bArr.length);
        if (this.state.useSecureChannel()) {
            commandAPDU.append((byte) 0);
            sendCommandAPDU = sendSecMsgCommand(commandAPDU);
        } else {
            sendCommandAPDU = sendCommandAPDU(AID, commandAPDU);
        }
        commandAPDU.clear();
        if (sendCommandAPDU.sw() == 36864) {
            z = true;
        } else {
            if ((sendCommandAPDU.sw() & 65520) != 25536 && sendCommandAPDU.sw() != 27011) {
                throw new CardServiceUnexpectedStatusWordException("VERIFY", sendCommandAPDU.sw());
            }
            z = false;
        }
        return z;
    }

    @Override // de.cardcontact.opencard.service.isocard.CHVCardServiceWithControl
    public boolean verifyPassword(SecurityDomain securityDomain, int i, CHVControl cHVControl, byte[] bArr) throws CardServiceException, CardTerminalException {
        boolean z;
        if (!hasSendVerifiedCommandAPDU() && getCHVDialog() == null) {
            SmartCardHSMCHVDialog smartCardHSMCHVDialog = new SmartCardHSMCHVDialog(this);
            smartCardHSMCHVDialog.setPasswordStatus(getPasswordStatus(null, 1));
            setCHVDialog(smartCardHSMCHVDialog);
        }
        CommandAPDU commandAPDU = new CommandAPDU(40);
        new ResponseAPDU(2);
        commandAPDU.setLength(0);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 32);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) -127);
        try {
            try {
                ResponseAPDU sendVerifiedAPDU = sendVerifiedAPDU(getChannel(), AID, commandAPDU, cHVControl, -1);
                releaseCardChannel();
                if (this.state.useSecureChannel()) {
                    this.state.setSecureChannelCredential(null);
                    try {
                        initSecureMessaging();
                    } catch (CertPathBuilderException e) {
                        this.log.error("Could not start secure messaging", e);
                        throw new CardServiceException(e.getMessage());
                    }
                }
                if (sendVerifiedAPDU.sw() == 36864) {
                    z = true;
                } else {
                    if ((sendVerifiedAPDU.sw() & 65520) != 25536 && sendVerifiedAPDU.sw() != 27011) {
                        throw new CardServiceUnexpectedStatusWordException("VERIFY", sendVerifiedAPDU.sw());
                    }
                    z = false;
                }
                return z;
            } catch (CardServiceException e2) {
                throw e2;
            }
        } catch (Throwable th) {
            releaseCardChannel();
            throw th;
        }
    }

    @Override // de.cardcontact.opencard.service.isocard.CHVCardServiceWithControl
    public CHVCardServiceWithControl.PasswordStatus getPasswordStatus(SecurityDomain securityDomain, int i) throws CardServiceException, CardTerminalException {
        ResponseAPDU sendCommandAPDU;
        CHVCardServiceWithControl.PasswordStatus passwordStatus;
        CommandAPDU commandAPDU = new CommandAPDU(40);
        new ResponseAPDU(2);
        if (i == 1) {
            CHVCardServiceWithControl.PasswordStatus passwordStatus2 = getPasswordStatus(securityDomain, USER_PIN);
            if (passwordStatus2 == CHVCardServiceWithControl.PasswordStatus.TRANSPORTMODE || passwordStatus2 == CHVCardServiceWithControl.PasswordStatus.NOTINITIALIZED) {
                if (getPasswordStatus(securityDomain, SO_PIN) == CHVCardServiceWithControl.PasswordStatus.NOTINITIALIZED) {
                    return CHVCardServiceWithControl.PasswordStatus.NOTINITIALIZED;
                }
                passwordStatus2 = CHVCardServiceWithControl.PasswordStatus.NOTVERIFIED;
            }
            return passwordStatus2;
        }
        commandAPDU.setLength(0);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 32);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) i);
        if (this.state.useSecureChannel()) {
            commandAPDU.append((byte) 0);
            sendCommandAPDU = sendSecMsgCommand(commandAPDU);
        } else {
            sendCommandAPDU = sendCommandAPDU(AID, commandAPDU);
        }
        if (sendCommandAPDU.sw() == 36864) {
            passwordStatus = CHVCardServiceWithControl.PasswordStatus.VERIFIED;
        } else if (sendCommandAPDU.sw() == 25537) {
            passwordStatus = CHVCardServiceWithControl.PasswordStatus.LASTTRY;
        } else if (sendCommandAPDU.sw() == 25538) {
            passwordStatus = CHVCardServiceWithControl.PasswordStatus.RETRYCOUNTERLOW;
        } else if ((sendCommandAPDU.sw() & 65520) == 25536) {
            passwordStatus = CHVCardServiceWithControl.PasswordStatus.NOTVERIFIED;
        } else if (sendCommandAPDU.sw() == 25344) {
            passwordStatus = CHVCardServiceWithControl.PasswordStatus.NOTVERIFIED;
        } else if (sendCommandAPDU.sw() == 27011) {
            passwordStatus = CHVCardServiceWithControl.PasswordStatus.BLOCKED;
        } else if (sendCommandAPDU.sw() == 27012) {
            passwordStatus = CHVCardServiceWithControl.PasswordStatus.TRANSPORTMODE;
        } else {
            if (sendCommandAPDU.sw() != 27272 && sendCommandAPDU.sw() != 27270) {
                throw new CardServiceUnexpectedStatusWordException("VERIFY", sendCommandAPDU.sw());
            }
            passwordStatus = CHVCardServiceWithControl.PasswordStatus.NOTINITIALIZED;
        }
        return passwordStatus;
    }

    @Override // opencard.opt.iso.fs.FileAccessCardService
    @Deprecated
    public void appendRecord(CardFilePath cardFilePath, byte[] bArr) throws CardServiceException, CardTerminalException {
        throw new CardServiceInabilityException("appendRecord() ist not implemented");
    }

    @Override // opencard.opt.iso.fs.FileAccessCardService
    public boolean exists(CardFilePath cardFilePath) throws CardServiceException, CardTerminalException {
        try {
            getFileInfo(cardFilePath);
            return true;
        } catch (CardServiceObjectNotAvailableException e) {
            return false;
        }
    }

    @Override // opencard.opt.iso.fs.FileAccessCardService
    public CardFileInfo getFileInfo(CardFilePath cardFilePath) throws CardServiceException, CardTerminalException {
        ResponseAPDU sendCommandAPDU;
        CommandAPDU commandAPDU = new CommandAPDU(32);
        CardFilePathComponent tail = cardFilePath.tail();
        boolean z = tail instanceof CardFileAppID;
        byte[] byteArray = z ? ((CardFileAppID) tail).toByteArray() : ((CardFileFileID) tail).toByteArray();
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) -92);
        commandAPDU.append(z ? (byte) 4 : (byte) 2);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) byteArray.length);
        commandAPDU.append(byteArray);
        commandAPDU.append((byte) 0);
        if (!this.state.useSecureChannel()) {
            sendCommandAPDU = sendCommandAPDU(AID, commandAPDU);
        } else if (z) {
            deactivateSecureMessaging();
            sendCommandAPDU = sendCommandAPDU(AID, commandAPDU);
            try {
                initSecureMessaging();
            } catch (CertPathBuilderException e) {
                this.log.error("Could not start secure messaging", e);
                throw new CardServiceException(e.getMessage());
            }
        } else {
            sendCommandAPDU = sendSecMsgCommand(commandAPDU);
        }
        if (sendCommandAPDU.sw() == 27266) {
            throw new CardServiceObjectNotAvailableException(tail + " not found.");
        }
        return new IsoFileControlInformation(sendCommandAPDU.data());
    }

    @Override // opencard.opt.iso.fs.FileAccessCardService
    public CardFilePath getRoot() {
        return mf;
    }

    @Override // opencard.opt.iso.fs.FileAccessCardService
    public byte[] read(CardFilePath cardFilePath, int i, int i2) throws CardServiceException, CardTerminalException {
        if (i < 0 || (i2 != -1 && i2 < 0)) {
            throw new CardServiceInvalidParameterException("read: offset = " + i + ", length = " + i2);
        }
        int i3 = this.maxRData;
        if (i2 == -1 || i2 == 0) {
            i2 = 65535;
        }
        ResponseAPDU responseAPDU = null;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        while (byteArrayOutputStream.size() < i2) {
            CommandAPDU commandAPDU = new CommandAPDU(14);
            commandAPDU.append((byte) 0);
            commandAPDU.append((byte) -79);
            commandAPDU.append(((CardFileFileID) cardFilePath.tail()).toByteArray());
            commandAPDU.append((byte) 0);
            commandAPDU.append((byte) 0);
            commandAPDU.append((byte) 4);
            commandAPDU.append((byte) 84);
            commandAPDU.append((byte) 2);
            commandAPDU.append((byte) (i >> 8));
            commandAPDU.append((byte) i);
            commandAPDU.append((byte) (i3 >> 8));
            commandAPDU.append((byte) i3);
            responseAPDU = sendCommandAPDU(commandAPDU);
            byte[] data = responseAPDU.data();
            if (data != null) {
                byteArrayOutputStream.write(data, 0, data.length);
                i += data.length;
            }
            if (responseAPDU.sw() == 25218 && (data == null || this.state.getVersion() >= 772 || data.length == 0)) {
                break;
            }
            if (responseAPDU.sw() != 36864 && responseAPDU.sw() != 25218) {
                int sw = responseAPDU.sw();
                responseAPDU.clear();
                throw new CardServiceUnexpectedStatusWordException("READ BINARY", sw);
            }
        }
        if (responseAPDU != null) {
            responseAPDU.clear();
        }
        return byteArrayOutputStream.toByteArray();
    }

    @Override // opencard.opt.iso.fs.FileAccessCardService
    @Deprecated
    public byte[] readRecord(CardFilePath cardFilePath, int i) throws CardServiceException, CardTerminalException {
        throw new CardServiceInabilityException("readRecord(CardFilePath file, int recordNumber) is not implemented");
    }

    @Override // opencard.opt.iso.fs.FileAccessCardService
    @Deprecated
    public byte[][] readRecords(CardFilePath cardFilePath, int i) throws CardServiceException, CardTerminalException {
        throw new CardServiceInabilityException("readRecords(CardFilePath file, int number) is not implemented");
    }

    @Override // opencard.opt.iso.fs.FileAccessCardService
    @Deprecated
    public void write(CardFilePath cardFilePath, int i, byte[] bArr, int i2, int i3) throws CardServiceException, CardTerminalException {
        throw new CardServiceInabilityException("write(CardFilePath file, int foffset, byte[] source, int soffset, int length) is not implemented");
    }

    @Override // opencard.opt.iso.fs.FileAccessCardService
    public void write(CardFilePath cardFilePath, int i, byte[] bArr) throws CardServiceException, CardTerminalException {
        byte[] bArr2;
        if (i < 0 || i > 65535) {
            throw new CardServiceInvalidParameterException("write: offset = " + i);
        }
        if (bArr == null) {
            bArr = new byte[0];
        }
        int i2 = this.maxCData - 8;
        CardFileFileID cardFileFileID = (CardFileFileID) cardFilePath.tail();
        int i3 = 0;
        do {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(84);
            byteArrayOutputStream.write(2);
            byteArrayOutputStream.write(i >> 8);
            byteArrayOutputStream.write(i);
            try {
                if (bArr.length <= i2) {
                    bArr2 = bArr;
                } else if (bArr.length - i3 < i2) {
                    bArr2 = new byte[bArr.length - i3];
                    System.arraycopy(bArr, i3, bArr2, 0, bArr2.length);
                } else {
                    bArr2 = new byte[i2];
                    System.arraycopy(bArr, i3, bArr2, 0, i2);
                }
                i += bArr2.length;
                i3 += bArr2.length;
                byteArrayOutputStream.write(new PrimitiveTLV(83, bArr2).getBytes());
            } catch (TLVEncodingException | IOException e) {
            }
            CommandAPDU commandAPDU = new CommandAPDU(11 + byteArrayOutputStream.size());
            commandAPDU.append((byte) 0);
            commandAPDU.append((byte) -41);
            commandAPDU.append(cardFileFileID.toByteArray());
            commandAPDU.append((byte) 0);
            commandAPDU.append((byte) (byteArrayOutputStream.size() >> 8));
            commandAPDU.append((byte) byteArrayOutputStream.size());
            commandAPDU.append(byteArrayOutputStream.toByteArray());
            ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
            if (sendCommandAPDU.sw() != 36864) {
                throw new CardServiceUnexpectedStatusWordException("UPDATE BINARY", sendCommandAPDU.sw());
            }
            if (sendCommandAPDU.getLength() > 2) {
                throw new CardServiceUnexpectedResponseException("No response expected");
            }
        } while (i3 < bArr.length);
    }

    @Override // opencard.opt.iso.fs.FileAccessCardService
    @Deprecated
    public void writeRecord(CardFilePath cardFilePath, int i, byte[] bArr) throws CardServiceException, CardTerminalException {
        throw new CardServiceInabilityException("writeRecord() is not implemented");
    }

    @Override // opencard.opt.security.SecureService
    @Deprecated
    public void provideCredentials(SecurityDomain securityDomain, CredentialBag credentialBag) throws CardServiceException {
    }

    protected static int getLengthFieldSizeHelper(int i) {
        int i2 = 1;
        if (i >= 128) {
            i2 = 1 + 1;
        }
        if (i >= 256) {
            i2++;
        }
        return i2;
    }

    protected static void lengthToByteArrayOutputStream(int i, ByteArrayOutputStream byteArrayOutputStream) {
        int lengthFieldSizeHelper = getLengthFieldSizeHelper(i);
        int i2 = 0;
        if (lengthFieldSizeHelper > 1) {
            byteArrayOutputStream.write((byte) (128 | (lengthFieldSizeHelper - 1)));
            i2 = (lengthFieldSizeHelper - 2) * 8;
        }
        while (i2 >= 0) {
            byteArrayOutputStream.write((byte) (i >> i2));
            i2 -= 8;
        }
    }

    @Override // opencard.opt.iso.fs.FileSystemCardService
    public void create(CardFilePath cardFilePath, byte[] bArr) throws CardServiceException, CardTerminalException {
        if (bArr.length != 4) {
            throw new CardServiceException("Unknown data encoding");
        }
        write(new CardFilePath(new byte[]{bArr[2], bArr[3]}), 0, null);
    }

    public void setFastDeleteThreshold(int i) {
        this.fastDeleteThreshold = i;
        this.fastDeleteCount = i;
    }

    @Override // opencard.opt.iso.fs.FileSystemCardService
    public void delete(CardFilePath cardFilePath) throws CardServiceException, CardTerminalException {
        CommandAPDU commandAPDU = new CommandAPDU(7);
        byte b = 0;
        if (this.fastDeleteCount > 0) {
            b = Byte.MIN_VALUE;
            this.fastDeleteCount--;
        } else {
            this.fastDeleteCount = this.fastDeleteThreshold;
        }
        byte[] byteArray = ((CardFileFileID) cardFilePath.tail()).toByteArray();
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) -28);
        commandAPDU.append((byte) 2);
        commandAPDU.append(b);
        commandAPDU.append((byte) 2);
        System.arraycopy(byteArray, 0, commandAPDU.getBuffer(), commandAPDU.getLength(), byteArray.length);
        commandAPDU.setLength(5 + byteArray.length);
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864 && sendCommandAPDU.sw() != 27266) {
            throw new CardServiceUnexpectedStatusWordException("DELETE FILE", sendCommandAPDU.sw());
        }
        if (sendCommandAPDU.getLength() > 2) {
            throw new CardServiceUnexpectedResponseException("No response expected");
        }
    }

    @Override // opencard.opt.iso.fs.FileSystemCardService
    @Deprecated
    public void invalidate(CardFilePath cardFilePath) throws CardServiceInabilityException, CardServiceException, CardTerminalException {
        throw new CardServiceInabilityException("invalidate(CardFilePath file) is not implemented");
    }

    @Override // opencard.opt.iso.fs.FileSystemCardService
    @Deprecated
    public void rehabilitate(CardFilePath cardFilePath) throws CardServiceInabilityException, CardServiceException, CardTerminalException {
        throw new CardServiceInabilityException("rehabilitate(CardFilePath file) is not implemented");
    }

    public boolean changeReferenceData() throws CardServiceException, CardTerminalException {
        if (getChangeReferenceDataDialog() == null) {
            this.changeRefenceDataDialog = new ChangeReferenceDataDialog();
        }
        CHVCardServiceWithControl.PasswordStatus passwordStatus = getPasswordStatus(null, 1);
        if (passwordStatus == CHVCardServiceWithControl.PasswordStatus.TRANSPORTMODE) {
            this.changeRefenceDataDialog.setPasswordStatus(passwordStatus);
        }
        if (!this.changeRefenceDataDialog.showDialog()) {
            throw new CardServiceInvalidCredentialException("CHV cancelled");
        }
        boolean changeReferenceData = changeReferenceData(null, USER_PIN, null, this.changeRefenceDataDialog.getCurrentPIN(), this.changeRefenceDataDialog.getNewPIN());
        if (!changeReferenceData) {
            this.changeRefenceDataDialog.setPasswordStatus(CHVCardServiceWithControl.PasswordStatus.NOTVERIFIED);
        }
        return changeReferenceData;
    }

    @Override // de.cardcontact.opencard.service.isocard.CHVManagementCardService
    public boolean changeReferenceData(SecurityDomain securityDomain, int i, CHVControl cHVControl, byte[] bArr, byte[] bArr2) throws CardTerminalException, CardServiceException {
        boolean z;
        if (i != USER_PIN && i != SO_PIN) {
            throw new CardServiceInvalidParameterException("Parameter \"number\" must be one of 0x81 or 0x88");
        }
        CommandAPDU commandAPDU = new CommandAPDU(5 + bArr.length + bArr2.length);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 36);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) i);
        commandAPDU.append((byte) (bArr.length + bArr2.length));
        commandAPDU.append(bArr);
        commandAPDU.append(bArr2);
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() == 36864) {
            z = true;
        } else {
            if ((sendCommandAPDU.sw() & 65520) != 25536) {
                throw new CardServiceUnexpectedStatusWordException("VERIFY", sendCommandAPDU.sw());
            }
            z = false;
        }
        return z;
    }

    @Override // de.cardcontact.opencard.service.isocard.CHVManagementCardService
    public boolean resetRetryCounter(SecurityDomain securityDomain, int i, CHVControl cHVControl, byte[] bArr, byte[] bArr2) throws CardTerminalException, CardServiceException {
        Boolean bool;
        if (i != USER_PIN && i != SO_PIN) {
            throw new CardServiceInvalidParameterException("Parameter \"number\" must be one of 0x81 or 0x88");
        }
        CommandAPDU commandAPDU = new CommandAPDU(40);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 44);
        commandAPDU.append(bArr2 == null ? (byte) 1 : (byte) 0);
        commandAPDU.append((byte) i);
        commandAPDU.append(bArr2 == null ? (byte) 8 : (byte) (bArr2.length + bArr.length));
        commandAPDU.append(bArr);
        if (bArr2 != null) {
            commandAPDU.append(bArr2);
        }
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() == 36864) {
            bool = true;
        } else {
            if ((sendCommandAPDU.sw() & 65520) != 25536) {
                throw new CardServiceUnexpectedStatusWordException("VERIFY", sendCommandAPDU.sw());
            }
            bool = false;
        }
        return bool.booleanValue();
    }

    public void initialize(byte[] bArr, byte[] bArr2, byte[] bArr3, byte b) throws CardTerminalException, CardServiceException, TLVEncodingException {
        CommandAPDU commandAPDU = new CommandAPDU(40);
        ConstructedTLV constructedTLV = new ConstructedTLV(48);
        constructedTLV.add(new PrimitiveTLV(IsoCredentialStore.DEACTIVATE, bArr));
        constructedTLV.add(new PrimitiveTLV(USER_PIN, bArr2));
        constructedTLV.add(new PrimitiveTLV(130, bArr3));
        constructedTLV.add(new PrimitiveTLV(145, new byte[]{b}));
        commandAPDU.append(Byte.MIN_VALUE);
        commandAPDU.append((byte) 80);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) constructedTLV.getLength());
        commandAPDU.append(constructedTLV.getValue());
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864) {
            throw new CardServiceUnexpectedStatusWordException("INITIALIZE", sendCommandAPDU.sw());
        }
    }

    public void initialize(byte[] bArr, byte[] bArr2, byte[] bArr3, byte b, byte b2) throws CardTerminalException, CardServiceException, TLVEncodingException {
        CommandAPDU commandAPDU = new CommandAPDU(40);
        ConstructedTLV constructedTLV = new ConstructedTLV(48);
        constructedTLV.add(new PrimitiveTLV(IsoCredentialStore.DEACTIVATE, bArr));
        constructedTLV.add(new PrimitiveTLV(USER_PIN, bArr2));
        constructedTLV.add(new PrimitiveTLV(130, bArr3));
        constructedTLV.add(new PrimitiveTLV(145, new byte[]{b}));
        constructedTLV.add(new PrimitiveTLV(146, new byte[]{b2}));
        commandAPDU.append(Byte.MIN_VALUE);
        commandAPDU.append((byte) 80);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) constructedTLV.getLength());
        commandAPDU.append(constructedTLV.getValue());
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864) {
            throw new CardServiceUnexpectedStatusWordException("INITIALIZE", sendCommandAPDU.sw());
        }
    }

    public void initialize(InitializeConfiguration initializeConfiguration) throws CardTerminalException, CardServiceException, TLVEncodingException {
        CommandAPDU commandAPDU = new CommandAPDU(40);
        byte[] cData = initializeConfiguration.getCData();
        commandAPDU.append(Byte.MIN_VALUE);
        commandAPDU.append((byte) 80);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) cData.length);
        commandAPDU.append(cData);
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864) {
            throw new CardServiceUnexpectedStatusWordException("INITIALIZE", sendCommandAPDU.sw());
        }
    }

    @Deprecated
    public byte[] generateKeyPair(byte b, byte b2, SmartCardHSMPrivateKeySpec smartCardHSMPrivateKeySpec) throws CardTerminalException, CardServiceException, TLVEncodingException {
        try {
            return generateKeyPair(b, smartCardHSMPrivateKeySpec);
        } catch (OpenCardException e) {
            throw new CardServiceException(e.getMessage());
        }
    }

    @Override // de.cardcontact.opencard.service.smartcardhsm.KeyGenerationCardServiceWithSpec
    public byte[] generateKeyPair(byte b, SmartCardHSMPrivateKeySpec smartCardHSMPrivateKeySpec) throws OpenCardException {
        byte[] data;
        CommandAPDU commandAPDU = new CommandAPDU(1024);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 70);
        commandAPDU.append(b);
        commandAPDU.append((byte) 0);
        byte[] cData = smartCardHSMPrivateKeySpec.getCData();
        int length = cData.length;
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) (length >> 8));
        commandAPDU.append((byte) length);
        System.arraycopy(cData, 0, commandAPDU.getBuffer(), commandAPDU.getLength(), cData.length);
        commandAPDU.setLength(7 + cData.length);
        if (!this.limitedAPDU) {
            commandAPDU.append((byte) 0);
            commandAPDU.append((byte) 0);
        }
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864) {
            throw new CardServiceUnexpectedStatusWordException("GENERATE ASYMMETRIC KEY PAIR", sendCommandAPDU.sw());
        }
        if (this.limitedAPDU) {
            data = read(new CardFilePath(new byte[]{-50, b}), 0, -1);
            smartCardHSMPrivateKeySpec.setStorePublicKey(false);
        } else {
            data = sendCommandAPDU.data();
        }
        return data;
    }

    @Override // de.cardcontact.opencard.service.smartcardhsm.KeyGenerationCardServiceWithSpec
    public byte[] generateKey(byte b, SmartCardHSMSecretKeySpec smartCardHSMSecretKeySpec) throws OpenCardException {
        CommandAPDU commandAPDU = new CommandAPDU(512);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 72);
        commandAPDU.append(b);
        byte b2 = -80;
        switch (smartCardHSMSecretKeySpec.getKeySize()) {
            case IsoCredentialStore.DEACTIVATE /* 128 */:
                b2 = -80;
                break;
            case 192:
                b2 = -79;
                break;
            case 256:
                b2 = -78;
                break;
        }
        commandAPDU.append(b2);
        byte[] cData = smartCardHSMSecretKeySpec.getCData();
        commandAPDU.append((byte) cData.length);
        commandAPDU.append(cData);
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864) {
            throw new CardServiceUnexpectedStatusWordException("GENERATE SYMMETRIC KEY failed", sendCommandAPDU.sw());
        }
        return sendCommandAPDU.data();
    }

    public byte[] importDKEKShare(byte[] bArr) throws CardTerminalException, CardServiceException {
        CommandAPDU commandAPDU = new CommandAPDU(300);
        if (bArr.length != 32) {
            throw new CardServiceInvalidParameterException("The DKEK share must have a length of 32 bytes.");
        }
        commandAPDU.append(Byte.MIN_VALUE);
        commandAPDU.append((byte) 82);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) bArr.length);
        commandAPDU.append(bArr);
        commandAPDU.append((byte) 0);
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864) {
            throw new CardServiceUnexpectedStatusWordException("IMPORT DKEK SHARE", sendCommandAPDU.sw());
        }
        return sendCommandAPDU.data();
    }

    public byte[] wrapKey(byte b) throws CardTerminalException, CardServiceException {
        CommandAPDU commandAPDU = new CommandAPDU(300);
        commandAPDU.append(Byte.MIN_VALUE);
        commandAPDU.append((byte) 114);
        commandAPDU.append(b);
        commandAPDU.append((byte) -110);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 0);
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864) {
            throw new CardServiceUnexpectedStatusWordException("WRAP KEY", sendCommandAPDU.sw());
        }
        return sendCommandAPDU.data();
    }

    public boolean unwrapKey(byte b, byte[] bArr) throws CardTerminalException, CardServiceException {
        CommandAPDU commandAPDU = new CommandAPDU(7 + bArr.length);
        commandAPDU.append(Byte.MIN_VALUE);
        commandAPDU.append((byte) 116);
        commandAPDU.append(b);
        commandAPDU.append((byte) -109);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) (bArr.length >> 8));
        commandAPDU.append((byte) bArr.length);
        commandAPDU.append(bArr);
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864) {
            throw new CardServiceUnexpectedStatusWordException("UNWRAP KEY", sendCommandAPDU.sw());
        }
        return true;
    }

    @Override // opencard.opt.signature.KeyGenerationCardService
    @Deprecated
    public void generateKeyPair(PrivateKeyRef privateKeyRef, PublicKeyRef publicKeyRef, int i, String str) throws CardServiceException, InvalidKeyException, CardTerminalException {
    }

    @Override // opencard.opt.signature.KeyGenerationCardService
    @Deprecated
    public PublicKey readPublicKey(PublicKeyRef publicKeyRef, String str) throws CardServiceException, InvalidKeyException, CardTerminalException {
        return null;
    }

    @Override // opencard.opt.signature.SignatureCardService
    public byte[] signData(PrivateKeyRef privateKeyRef, String str, byte[] bArr) throws CardServiceException, CardTerminalException {
        return signData(privateKeyRef, str, "DEFAULT", bArr);
    }

    private byte[] normalizeECDSASignature(byte[] bArr) throws CardServiceOperationFailedException {
        try {
            ConstructedTLV constructedTLV = new ConstructedTLV(bArr);
            ConstructedTLV constructedTLV2 = new ConstructedTLV(new Tag(16, (byte) 0, true));
            for (int i = 0; i < 2; i++) {
                byte[] value = ((PrimitiveTLV) constructedTLV.get(i)).getValue();
                int i2 = 0;
                while (i2 < value.length && value[i2] == 0 && (value[i2 + 1] & 255) < 128) {
                    i2++;
                }
                if (i2 > 0) {
                    byte[] bArr2 = new byte[value.length - i2];
                    System.arraycopy(value, i2, bArr2, 0, bArr2.length);
                    value = bArr2;
                }
                constructedTLV2.add(new PrimitiveTLV(2, value));
            }
            return constructedTLV2.getBytes();
        } catch (TLVEncodingException e) {
            throw new CardServiceOperationFailedException("ECDSA signature invalid format");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // opencard.opt.signature.SignatureCardService
    public byte[] signData(PrivateKeyRef privateKeyRef, String str, String str2, byte[] bArr) throws CardServiceException, CardTerminalException {
        int length = bArr.length;
        CommandAPDU commandAPDU = new CommandAPDU(9 + length);
        if ((str.contains(SmartCardHSMKey.RSA) && !(privateKeyRef instanceof SmartCardHSMKey)) || (str.contains("ECDSA") && !(privateKeyRef instanceof SmartCardHSMKey))) {
            throw new CardServiceOperationFailedException("Algorithm and key don't match.");
        }
        if (!ALGORITHM_PADDING.containsKey(str2) || !ALGORITHM_PADDING.get(str2).containsKey(str)) {
            throw new CardServiceOperationFailedException("There is no matching algorithm.");
        }
        commandAPDU.append(Byte.MIN_VALUE);
        commandAPDU.append((byte) 104);
        commandAPDU.append(((SmartCardHSMKey) privateKeyRef).getKeyRef());
        commandAPDU.append(ALGORITHM_PADDING.get(str2).get(str).byteValue());
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) (length >> 8));
        commandAPDU.append((byte) length);
        commandAPDU.append(bArr);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 0);
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864) {
            throw new CardServiceUnexpectedStatusWordException("SIGN", sendCommandAPDU.sw());
        }
        return str.contains(SmartCardHSMKey.RSA) ? sendCommandAPDU.data() : normalizeECDSASignature(sendCommandAPDU.data());
    }

    @Override // opencard.opt.signature.SignatureCardService
    public byte[] signHash(PrivateKeyRef privateKeyRef, String str, byte[] bArr) throws CardServiceException, InvalidKeyException, CardTerminalException {
        if (str.equals("NONEwithECDSA")) {
            return signData(privateKeyRef, "NONEwithECDSA", bArr);
        }
        if (str.equals("SHA1withRSA") || str.equals("SHA256withRSA")) {
            return signHash(privateKeyRef, str, "PKCS1_V15", bArr);
        }
        if (str.equals("NONEwithRSA")) {
            return signHash(privateKeyRef, str, "PKCS1_V15", bArr);
        }
        throw new CardServiceOperationFailedException("Algorithm for hash object required.");
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // opencard.opt.signature.SignatureCardService
    public byte[] signHash(PrivateKeyRef privateKeyRef, String str, String str2, byte[] bArr) throws CardServiceException, CardTerminalException {
        String str3;
        ObjectIdentifier objectIdentifier;
        if (str2.equals("PKCS1_V15")) {
            if (!(privateKeyRef instanceof SmartCardHSMKey)) {
                throw new CardServiceOperationFailedException("Algorithm and key don't match.");
            }
            if (str.equals("SHA1withRSA")) {
                objectIdentifier = new ObjectIdentifier("1.3.14.3.2.26");
            } else if (str.equals("SHA256withRSA")) {
                objectIdentifier = new ObjectIdentifier("2.16.840.1.101.3.4.2.1");
            } else if (str.equals("SHA384withRSA")) {
                objectIdentifier = new ObjectIdentifier("2.16.840.1.101.3.4.2.2");
            } else {
                if (!str.equals("SHA512withRSA")) {
                    if (str.equals("NONEwithRSA")) {
                        return signData(privateKeyRef, "NONEwithRSA", "NONE", padWithPKCS1v15(bArr, ((SmartCardHSMKey) privateKeyRef).getKeySize()));
                    }
                    throw new CardServiceOperationFailedException("There is no matching algorithm.");
                }
                objectIdentifier = new ObjectIdentifier("2.16.840.1.101.3.4.2.3");
            }
            try {
                return signData(privateKeyRef, "NONEwithRSA", "NONE", padWithPKCS1v15(buildDigestInfo(objectIdentifier, bArr), ((SmartCardHSMKey) privateKeyRef).getKeySize()));
            } catch (TLVEncodingException e) {
                this.log.error("signHash", e);
                return null;
            }
        }
        if (!str2.equals(ALGO_PADDING_PKCS1_PSS)) {
            if (!str2.equals("NONE")) {
                throw new CardServiceOperationFailedException("There is no matching algorithm.");
            }
            if (!str.equals("NONEwithECDSA")) {
                throw new CardServiceOperationFailedException("There is no matching algorithm.");
            }
            if (privateKeyRef instanceof SmartCardHSMKey) {
                return signData(privateKeyRef, "NONEwithECDSA", "NONE", verifyHashLength(((SmartCardHSMKey) privateKeyRef).getKeySize(), bArr));
            }
            throw new CardServiceOperationFailedException("Alogrithm and key don't match.");
        }
        if (!(privateKeyRef instanceof SmartCardHSMKey)) {
            throw new CardServiceOperationFailedException("Algorithm and key don't match.");
        }
        if (str.equals("SHA1withRSA")) {
            str3 = "SHA1";
        } else if (str.equals("SHA256withRSA")) {
            str3 = "SHA256";
        } else if (str.equals("SHA384withRSA")) {
            str3 = "SHA384";
        } else {
            if (!str.equals("SHA512withRSA")) {
                throw new CardServiceOperationFailedException("There is no matching algorithm.");
            }
            str3 = "SHA512";
            if (((SmartCardHSMKey) privateKeyRef).getKeySize() < 1033) {
                throw new CardServiceOperationFailedException("Key size too small for specified hash algorithm.");
            }
        }
        if (this.state.getVersion() >= 512 && (str3.equals("SHA1") || str3.equals("SHA256"))) {
            return signData(privateKeyRef, "NONEwithRSA", ALGO_PADDING_PKCS1_PSS, bArr);
        }
        try {
            try {
                return signData(privateKeyRef, "NONEwithRSA", "NONE", new EMSAPSSEncoder(MessageDigest.getInstance(str3), ((SmartCardHSMKey) privateKeyRef).getKeySize()).encode(bArr));
            } catch (IOException e2) {
                throw new CardServiceOperationFailedException("Unable to create PSS encoding : " + e2.getLocalizedMessage());
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new CardServiceOperationFailedException("Unable to get instance of message digest : " + e3.getLocalizedMessage());
        }
    }

    private byte[] verifyHashLength(int i, byte[] bArr) {
        int i2 = i / 8;
        byte[] bArr2 = new byte[i2];
        if (bArr.length == i2) {
            return bArr;
        }
        if (bArr.length < i2) {
            System.arraycopy(bArr, 0, bArr2, bArr2.length - bArr.length, bArr.length);
            return bArr2;
        }
        System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
        return bArr2;
    }

    private byte[] buildDigestInfo(ObjectIdentifier objectIdentifier, byte[] bArr) throws TLVEncodingException {
        ConstructedTLV constructedTLV = new ConstructedTLV(48);
        ConstructedTLV constructedTLV2 = new ConstructedTLV(48);
        constructedTLV2.add(objectIdentifier);
        constructedTLV2.add(new PrimitiveTLV(5, (byte[]) null));
        PrimitiveTLV primitiveTLV = new PrimitiveTLV(4, bArr);
        constructedTLV.add(constructedTLV2);
        constructedTLV.add(primitiveTLV);
        return constructedTLV.getBytes();
    }

    private byte[] padWithPKCS1v15(byte[] bArr, int i) throws CardServiceOperationFailedException {
        int i2 = i / 8;
        if (i2 < bArr.length + 11) {
            throw new CardServiceOperationFailedException("Intended encoded message length too short.");
        }
        byte[] bArr2 = new byte[i2];
        bArr2[0] = 0;
        bArr2[1] = 1;
        int length = (i2 - bArr.length) - 3;
        int i3 = 2;
        int i4 = 0;
        while (i4 < length) {
            bArr2[i3] = -1;
            i4++;
            i3++;
        }
        bArr2[i3] = 0;
        System.arraycopy(bArr, 0, bArr2, i3 + 1, bArr.length);
        return bArr2;
    }

    @Override // opencard.opt.signature.SignatureCardService
    @Deprecated
    public boolean verifySignedData(PublicKeyRef publicKeyRef, String str, byte[] bArr, byte[] bArr2) throws CardServiceException, InvalidKeyException, CardTerminalException {
        throw new CardServiceInabilityException("verifySignedData(PublicKeyRef publicKey, String signAlgorithm, byte[] data, byte[] signature)");
    }

    @Override // opencard.opt.signature.SignatureCardService
    @Deprecated
    public boolean verifySignedData(PublicKeyRef publicKeyRef, String str, String str2, byte[] bArr, byte[] bArr2) throws CardServiceException, InvalidKeyException, CardTerminalException {
        throw new CardServiceInabilityException("verifySignedData(PublicKeyRef publicKey, String signAlgorithm, String padAlgorithm, byte[] data, byte[] signature)");
    }

    @Override // opencard.opt.signature.SignatureCardService
    @Deprecated
    public boolean verifySignedHash(PublicKeyRef publicKeyRef, String str, byte[] bArr, byte[] bArr2) throws CardServiceException, InvalidKeyException, CardTerminalException {
        throw new CardServiceInabilityException("verifySignedHash(PublicKeyRef publicKey, String signAlgorithm, byte[] hash, byte[] signature)");
    }

    @Override // opencard.opt.signature.SignatureCardService
    @Deprecated
    public boolean verifySignedHash(PublicKeyRef publicKeyRef, String str, String str2, byte[] bArr, byte[] bArr2) throws CardServiceException, InvalidKeyException, CardTerminalException {
        throw new CardServiceInabilityException("verifySignedHash(PublicKeyRef publicKey, String signAlgorithm, String padAlgorithm, byte[] hash, byte[] signature)");
    }

    public byte[] enumerateObjects() throws CardTerminalException, CardServiceException {
        CommandAPDU commandAPDU = new CommandAPDU(7);
        commandAPDU.append(Byte.MIN_VALUE);
        commandAPDU.append((byte) 88);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 0);
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864) {
            throw new CardServiceUnexpectedStatusWordException("ENUMERATE OBJECTS", sendCommandAPDU.sw());
        }
        return sendCommandAPDU.data();
    }

    public byte[] generateRandom(int i) throws CardTerminalException, CardServiceException {
        CommandAPDU commandAPDU = new CommandAPDU(7);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) -124);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) (i >> 8));
        commandAPDU.append((byte) i);
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864) {
            throw new CardServiceUnexpectedStatusWordException("GET CHALLENGE", sendCommandAPDU.sw());
        }
        return sendCommandAPDU.data();
    }

    @Override // de.cardcontact.opencard.service.smartcardhsm.DecipherCardService
    public byte[] decipher(SmartCardHSMKey smartCardHSMKey, byte[] bArr, byte b) throws CardTerminalException, CardServiceException {
        CommandAPDU commandAPDU = new CommandAPDU(530);
        commandAPDU.append(Byte.MIN_VALUE);
        commandAPDU.append((byte) 98);
        commandAPDU.append(smartCardHSMKey.getKeyRef());
        commandAPDU.append(b);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) (bArr.length >> 8));
        commandAPDU.append((byte) bArr.length);
        commandAPDU.append(bArr);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 0);
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864) {
            sendCommandAPDU.clear();
            throw new CardServiceUnexpectedStatusWordException("DECIPHER", sendCommandAPDU.sw());
        }
        byte[] data = sendCommandAPDU.data();
        sendCommandAPDU.clear();
        return data;
    }

    @Override // de.cardcontact.opencard.service.smartcardhsm.DecipherCardService
    public byte[] decipher(SmartCardHSMKey smartCardHSMKey, byte[] bArr) throws CardTerminalException, CardServiceException {
        return decipher(smartCardHSMKey, bArr, (byte) 33);
    }

    @Override // de.cardcontact.opencard.service.smartcardhsm.DecipherCardService
    public byte[] performECCDH(SmartCardHSMKey smartCardHSMKey, byte[] bArr) throws CardServiceException, CardTerminalException {
        CommandAPDU commandAPDU = new CommandAPDU(200);
        commandAPDU.append(Byte.MIN_VALUE);
        commandAPDU.append((byte) 98);
        commandAPDU.append(smartCardHSMKey.getKeyRef());
        commandAPDU.append(ECDH);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) (bArr.length >> 8));
        commandAPDU.append((byte) bArr.length);
        commandAPDU.append(bArr);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 0);
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864) {
            sendCommandAPDU.clear();
            throw new CardServiceUnexpectedStatusWordException("PERFORM ECCDH", sendCommandAPDU.sw());
        }
        byte[] data = sendCommandAPDU.data();
        sendCommandAPDU.clear();
        return data;
    }

    public void verifyCertificate(CardVerifiableCertificate cardVerifiableCertificate) throws CardTerminalException, CardServiceException {
        byte[] bytes = cardVerifiableCertificate.getCVCertificate().getCertificateBody().getBytes();
        byte[] bytes2 = cardVerifiableCertificate.getCVCertificate().getSignatureTLV().getBytes();
        int length = bytes.length + bytes2.length;
        CommandAPDU commandAPDU = new CommandAPDU(9 + length);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 42);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) -66);
        if (length > 255) {
            commandAPDU.append((byte) 0);
            commandAPDU.append((byte) (length >> 8));
            commandAPDU.append((byte) length);
        } else {
            commandAPDU.append((byte) length);
        }
        commandAPDU.append(bytes);
        commandAPDU.append(bytes2);
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864) {
            throw new CardServiceUnexpectedStatusWordException("VERIFY CERTIFICATE", sendCommandAPDU.sw());
        }
    }

    public boolean selectPubKeyForSignature(byte[] bArr) throws OpenCardException {
        return manageSE((byte) -127, (byte) -74, new PrimitiveTLV(new Tag(3, Byte.MIN_VALUE, false), bArr).getBytes());
    }

    public void verifyCertificateChain(CardVerifiableCertificate[] cardVerifiableCertificateArr) throws OpenCardException {
        int i = 0;
        byte[] value = cardVerifiableCertificateArr[0].getOuterCertificationAuthorityReference().getValue();
        while (!selectPubKeyForSignature(value) && i < cardVerifiableCertificateArr.length - 1) {
            i++;
            value = cardVerifiableCertificateArr[i].getCertificationAuthorityReference().getValue();
        }
        while (i > 0) {
            verifyCertificate(cardVerifiableCertificateArr[i]);
            if (!selectPubKeyForSignature(cardVerifiableCertificateArr[i].getCertificateHolderReference().getValue())) {
                throw new CardServiceException("Invalid certificate chain: CAR not found");
            }
            i--;
        }
    }

    public boolean selectPubKeyForAuthentication(byte[] bArr) throws CardTerminalException, CardServiceException {
        return manageSE((byte) -127, (byte) -92, new PrimitiveTLV(new Tag(3, Byte.MIN_VALUE, false), bArr).getBytes());
    }

    public boolean manageSE(byte b, byte b2, byte[] bArr) throws CardTerminalException, CardServiceException {
        CommandAPDU commandAPDU = new CommandAPDU(100);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 34);
        commandAPDU.append(b);
        commandAPDU.append(b2);
        commandAPDU.append((byte) bArr.length);
        commandAPDU.append(bArr);
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() == 36864 || sendCommandAPDU.sw() == 27272) {
            return sendCommandAPDU.sw() == 36864;
        }
        throw new CardServiceUnexpectedStatusWordException("MANAGE SE", sendCommandAPDU.sw());
    }

    public void manageSE(byte[] bArr) throws CardTerminalException, CardServiceException {
        CommandAPDU commandAPDU = new CommandAPDU(100);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 34);
        commandAPDU.append((byte) 65);
        commandAPDU.append((byte) -92);
        commandAPDU.append((byte) 12);
        commandAPDU.append(bArr);
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864) {
            throw new CardServiceUnexpectedStatusWordException("MANAGE SE", sendCommandAPDU.sw());
        }
    }

    public void deriveXKEK(byte b, CardVerifiableCertificate cardVerifiableCertificate) throws OpenCardException {
        byte[] bytes = cardVerifiableCertificate.getCVCertificate().getBytes();
        byte[] bytes2 = cardVerifiableCertificate.getAuthenticatedRequest().getCertificationAuthorityReference().getBytes();
        byte[] bytes3 = cardVerifiableCertificate.getAuthenticatedRequest().getSignatureTLV().getBytes();
        int length = bytes.length + bytes2.length + bytes3.length;
        ByteBuffer byteBuffer = new ByteBuffer(length);
        byteBuffer.append(bytes);
        byteBuffer.append(bytes2);
        byteBuffer.append(bytes3);
        if (length > this.maxCData) {
            write(new CardFilePath(":2F10"), 0, byteBuffer.getBytes());
        }
        CommandAPDU commandAPDU = new CommandAPDU(9 + length);
        commandAPDU.append(Byte.MIN_VALUE);
        commandAPDU.append((byte) 98);
        commandAPDU.append(b);
        commandAPDU.append((byte) -124);
        if (length <= this.maxCData) {
            commandAPDU.append((byte) 0);
            commandAPDU.append((byte) (length >> 8));
            commandAPDU.append((byte) length);
            commandAPDU.append(byteBuffer.getBytes());
            commandAPDU.append((byte) 0);
            commandAPDU.append((byte) 0);
        } else {
            commandAPDU.append((byte) 0);
        }
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864) {
            throw new CardServiceUnexpectedStatusWordException("DERIVE XKEK", sendCommandAPDU.sw());
        }
    }

    public byte[] importPublicKey(CardVerifiableCertificate cardVerifiableCertificate) throws CardTerminalException, CardServiceException {
        byte[] bytes = cardVerifiableCertificate.getCVCertificate().getBytes();
        byte[] bytes2 = cardVerifiableCertificate.getOuterCertificationAuthorityReference().getBytes();
        byte[] bytes3 = cardVerifiableCertificate.getCVCertificate().getSignatureTLV().getBytes();
        int length = bytes.length + bytes2.length + bytes3.length;
        ByteBuffer byteBuffer = new ByteBuffer(length);
        byteBuffer.append(bytes);
        byteBuffer.append(bytes2);
        byteBuffer.append(bytes3);
        if (length > this.maxCData) {
            write(new CardFilePath(":2F10"), 0, byteBuffer.getBytes());
        }
        CommandAPDU commandAPDU = new CommandAPDU(9 + length);
        commandAPDU.append(Byte.MIN_VALUE);
        commandAPDU.append((byte) 84);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 0);
        if (length <= this.maxCData) {
            commandAPDU.append((byte) 0);
            commandAPDU.append((byte) (length >> 8));
            commandAPDU.append((byte) length);
            commandAPDU.append(byteBuffer.getBytes());
            commandAPDU.append((byte) 0);
            commandAPDU.append((byte) 0);
        } else {
            commandAPDU.append((byte) 0);
        }
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864) {
            throw new CardServiceUnexpectedStatusWordException("MANAGE PKA", sendCommandAPDU.sw());
        }
        return sendCommandAPDU.data();
    }

    public boolean externalAuthenticate(byte[] bArr) throws CardTerminalException, CardServiceException {
        CommandAPDU commandAPDU = new CommandAPDU(9 + bArr.length);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) -126);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) bArr.length);
        commandAPDU.append(bArr);
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() == 36864) {
            return true;
        }
        if (sendCommandAPDU.sw() == 25344) {
            return false;
        }
        throw new CardServiceUnexpectedStatusWordException("EXTERNAL AUTHENTICATE", sendCommandAPDU.sw());
    }

    public byte[] generalAuthenticate(byte[] bArr) throws CardTerminalException, CardServiceException {
        CommandAPDU commandAPDU = new CommandAPDU(100);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) -122);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) 0);
        commandAPDU.append((byte) bArr.length);
        commandAPDU.append(bArr);
        commandAPDU.append((byte) 0);
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864) {
            throw new CardServiceUnexpectedStatusWordException("GENERAL AUTHENTICATE", sendCommandAPDU.sw());
        }
        return sendCommandAPDU.data();
    }

    public byte[] deriveSymmetricKey(byte b, byte b2, byte[] bArr) throws CardTerminalException, CardServiceException {
        CommandAPDU commandAPDU = new CommandAPDU(100);
        commandAPDU.append(Byte.MIN_VALUE);
        commandAPDU.append((byte) 120);
        commandAPDU.append(b);
        commandAPDU.append(b2);
        commandAPDU.append((byte) bArr.length);
        commandAPDU.append(bArr);
        commandAPDU.append((byte) 0);
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864) {
            throw new CardServiceUnexpectedStatusWordException("DERIVE SYMMETRIC KEY", sendCommandAPDU.sw());
        }
        return sendCommandAPDU.data();
    }

    public Vector<String> getAliases() throws OpenCardException, CertificateException, TLVEncodingException {
        if (this.namemap.isEmpty()) {
            enumerateEntries();
        }
        return new Vector<>(this.namemap.keySet());
    }

    public void addKeyToMap(SmartCardHSMKey smartCardHSMKey) {
        String label = smartCardHSMKey.getLabel();
        byte keyRef = smartCardHSMKey.getKeyRef();
        SmartCardHSMEntry smartCardHSMEntry = this.namemap.get(label);
        if (smartCardHSMEntry == null) {
            this.namemap.put(label, new SmartCardHSMEntry(smartCardHSMKey));
        } else {
            smartCardHSMEntry.setKey(smartCardHSMKey);
        }
        this.idmap.put(Byte.valueOf(keyRef), smartCardHSMKey);
    }

    public void addCertToMap(Certificate certificate, boolean z, byte b, String str) {
        SmartCardHSMEntry smartCardHSMEntry = this.namemap.get(str);
        if (smartCardHSMEntry != null) {
            smartCardHSMEntry.setCert(certificate, z, b);
        } else {
            this.namemap.put(str, new SmartCardHSMEntry(certificate, z, b));
        }
    }

    public void removeEntry(String str) throws CardServiceException, CardTerminalException, CardIOException {
        SmartCardHSMEntry smartCardHSMEntry = this.namemap.get(str);
        if (smartCardHSMEntry == null) {
            throw new CardServiceResourceNotFoundException("Entry " + str + " not found.");
        }
        if (smartCardHSMEntry.isKeyEntry()) {
            byte keyRef = smartCardHSMEntry.getKey().getKeyRef();
            delete(new CardFilePath(new byte[]{-52, keyRef}));
            delete(new CardFilePath(new byte[]{-60, keyRef}));
        }
        if (smartCardHSMEntry.isCertificateEntry()) {
            byte id = smartCardHSMEntry.getId();
            if (smartCardHSMEntry.isEECertificate()) {
                delete(new CardFilePath(new byte[]{-50, id}));
            } else {
                delete(new CardFilePath(new byte[]{-54, id}));
                delete(new CardFilePath(new byte[]{-56, id}));
            }
            this.certIDMap.remove(Byte.valueOf(id));
        }
        this.idmap.remove(Byte.valueOf(smartCardHSMEntry.getId()));
        this.namemap.remove(str);
    }

    public void renameEntry(String str, String str2) throws CardServiceResourceNotFoundException {
        SmartCardHSMEntry smartCardHSMEntry = this.namemap.get(str);
        if (smartCardHSMEntry == null) {
            throw new CardServiceResourceNotFoundException("Entry " + str + " not found.");
        }
        this.namemap.remove(str);
        this.namemap.put(str2, smartCardHSMEntry);
    }

    public boolean containsLabel(String str) {
        return this.namemap.containsKey(str);
    }

    public SmartCardHSMEntry getSmartCardHSMEntry(String str) {
        try {
            if (this.namemap.isEmpty()) {
                enumerateEntries();
            }
            return this.namemap.get(str);
        } catch (Exception e) {
            this.log.error("Inconsistent PKCS#15 structure: ", e);
            return null;
        }
    }

    public SmartCardHSMKey addKey(byte b) throws OpenCardException {
        SmartCardHSMKey smartCardHSMSecretKey;
        KeyDescription keyDescription = null;
        try {
            keyDescription = new KeyDescription(read(new CardFilePath(new byte[]{-60, b}), 0, -1));
            keyDescription.setKeyRef(b);
        } catch (Exception e) {
            this.log.debug("Error reading key description" + e.getMessage());
        }
        if (keyDescription == null) {
            smartCardHSMSecretKey = new SmartCardHSMKey(b, "(" + ((int) b) + ")", (short) 0);
        } else {
            switch (keyDescription.getType()) {
                case RSA:
                    smartCardHSMSecretKey = new SmartCardHSMRSAKey(b, keyDescription.getTranslatedLabel(), (short) keyDescription.getSize());
                    break;
                case EC:
                    smartCardHSMSecretKey = new SmartCardHSMECKey(b, keyDescription.getTranslatedLabel(), (short) keyDescription.getSize());
                    break;
                case AES:
                    smartCardHSMSecretKey = new SmartCardHSMSecretKey(b, keyDescription.getTranslatedLabel(), (short) keyDescription.getSize(), SmartCardHSMKey.AES);
                    break;
                default:
                    throw new IllegalArgumentException("Unknown key type");
            }
        }
        addKeyToMap(smartCardHSMSecretKey);
        byte[] proprietary = ((IsoFileControlInformation) getFileInfo(new CardFilePath(new byte[]{-52, b}))).getProprietary();
        if (proprietary != null) {
            smartCardHSMSecretKey.processKeyInfo(this.keyDomains, proprietary);
        }
        this.idmap.put(Byte.valueOf(b), smartCardHSMSecretKey);
        this.log.debug("Added key #" + ((int) b) + " " + smartCardHSMSecretKey);
        try {
            byte[] read = read(new CardFilePath(new byte[]{-50, b}), 0, -1);
            Certificate generateCertificate = read[0] == 48 ? CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(read)) : new CardVerifiableCertificate(read);
            if ((smartCardHSMSecretKey instanceof SmartCardHSMPrivateKey) && smartCardHSMSecretKey.getKeySize() == -1) {
                ((SmartCardHSMPrivateKey) smartCardHSMSecretKey).deriveKeySizeFromPublicKey(generateCertificate);
            }
            addCertToMap(generateCertificate, true, b, smartCardHSMSecretKey.getLabel());
        } catch (Exception e2) {
            this.log.debug("Error reading and parsing certificate : " + e2.getMessage());
        }
        return smartCardHSMSecretKey;
    }

    private void enumerateEntries() throws OpenCardException {
        byte[] enumerateObjects = enumerateObjects();
        if (Arrays.equals(enumerateObjects, this.lastobjectlist)) {
            return;
        }
        this.lastobjectlist = enumerateObjects;
        if (this.keyDomains == null) {
            enumerateKeyDomains();
        }
        if (this.addDeviceCertificateToAliases) {
            try {
                byte[] read = read(new CardFilePath(":2F02"), 0, -1);
                CardVerifiableCertificate cardVerifiableCertificate = new CardVerifiableCertificate(read);
                addCertToMap(cardVerifiableCertificate, true, (byte) 0, "DeviceAuthenticationCertificate");
                int length = cardVerifiableCertificate.getEncoded().length;
                int length2 = read.length - length;
                if (length2 > 0) {
                    byte[] bArr = new byte[length2];
                    System.arraycopy(read, length, bArr, 0, length2);
                    addCertToMap(new CardVerifiableCertificate(bArr), false, (byte) 0, "DeviceIssuerCertificate");
                }
            } catch (CardServiceUnexpectedStatusWordException | CertificateException e) {
                this.log.error("Decode DevAut certificates", e);
                throw new CardServiceException("Decoding device certificate failed: " + e.getMessage());
            }
        }
        for (int i = 0; i < enumerateObjects.length; i += 2) {
            if (enumerateObjects[i] == -52 && enumerateObjects[i + 1] != 0) {
                addKey(enumerateObjects[i + 1]);
            }
        }
        for (int i2 = 0; i2 < enumerateObjects.length; i2 += 2) {
            if (enumerateObjects[i2] == -54) {
                byte b = enumerateObjects[i2 + 1];
                this.caid.add(Byte.valueOf(b));
                try {
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(read(new CardFilePath(new byte[]{-54, b}), 0, -1));
                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                    byteArrayInputStream.close();
                    this.certIDMap.put(Byte.valueOf(b), x509Certificate);
                } catch (Exception e2) {
                    this.log.error("Parsing certificate", e2);
                }
            }
        }
        for (int i3 = 0; i3 < enumerateObjects.length; i3 += 2) {
            if (enumerateObjects[i3] == -56) {
                byte b2 = enumerateObjects[i3 + 1];
                String str = "not found";
                try {
                    str = new CertificateDescription().getLabel(read(new CardFilePath(new byte[]{-56, b2}), 0, -1));
                } catch (TLVEncodingException e3) {
                    this.log.error("Error parsing certificate description", e3);
                }
                Certificate certificate = this.certIDMap.get(Byte.valueOf(b2));
                if (certificate == null) {
                    throw new CardServiceException("No corresponding CA certificate for this certificate description found");
                }
                addCertToMap(certificate, false, b2, str);
            }
        }
    }

    public byte determineFreeCAId() throws OpenCardException {
        if (this.namemap.isEmpty()) {
            enumerateEntries();
        }
        if (this.caid.isEmpty()) {
            return (byte) 0;
        }
        int byteValue = (this.caid.lastElement().byteValue() & 255) + 1;
        if (byteValue > 255) {
            return (byte) -1;
        }
        return (byte) byteValue;
    }

    public byte determineFreeKeyId() throws OpenCardException {
        if (this.namemap.isEmpty()) {
            enumerateEntries();
        }
        for (int i = 1; i < KEY_CAPACITY; i++) {
            if (this.idmap.get(Byte.valueOf((byte) i)) == null) {
                return (byte) i;
            }
        }
        return (byte) -1;
    }

    public void storePRKD(byte b, KeyDescription keyDescription) throws CardServiceException, CardTerminalException, CardIOException {
        write(new CardFilePath(new byte[]{-60, b}), 0, keyDescription.getEncoded());
    }

    private void enumerateKeyDomains() throws OpenCardException {
        if (this.keyDomains == null) {
            this.keyDomains = new ArrayList<>();
        }
        byte b = 0;
        while (true) {
            byte b2 = b;
            CommandAPDU commandAPDU = new CommandAPDU(5);
            commandAPDU.append(Byte.MIN_VALUE);
            commandAPDU.append((byte) 82);
            commandAPDU.append((byte) 0);
            commandAPDU.append(b2);
            commandAPDU.append((byte) 0);
            ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
            if (sendCommandAPDU.sw() == 27270 || sendCommandAPDU.sw1() == 109) {
                return;
            }
            KeyDomain keyDomain = b2 >= this.keyDomains.size() ? new KeyDomain(b2) : this.keyDomains.get(b2);
            keyDomain.update(sendCommandAPDU.data());
            if (b2 >= this.keyDomains.size()) {
                this.keyDomains.add(keyDomain);
            }
            b = (byte) (b2 + 1);
        }
    }

    public List<KeyDomain> getKeyDomains() throws OpenCardException {
        enumerateKeyDomains();
        return this.keyDomains;
    }

    public boolean deleteKeyDomain(KeyDomain keyDomain) throws OpenCardException {
        CommandAPDU commandAPDU = new CommandAPDU(5);
        commandAPDU.append(Byte.MIN_VALUE);
        commandAPDU.append((byte) 82);
        commandAPDU.append((byte) 3);
        commandAPDU.append(keyDomain.getId());
        commandAPDU.append((byte) 0);
        ResponseAPDU sendCommandAPDU = sendCommandAPDU(commandAPDU);
        if (sendCommandAPDU.sw() != 36864) {
            return false;
        }
        keyDomain.update(sendCommandAPDU.data());
        return true;
    }

    private CardChannel getChannel() {
        allocateCardChannel();
        return getCardChannel();
    }

    @Override // de.cardcontact.opencard.service.isocard.FileSystemSendAPDU
    public ResponseAPDU sendCommandAPDU(CardFilePath cardFilePath, CommandAPDU commandAPDU, int i) throws CardServiceException, CardTerminalException {
        return sendCommandAPDU(commandAPDU);
    }

    private CardVerifiableCertificate[] getCertificateChain() throws CardServiceException, CardTerminalException {
        CardVerifiableCertificate[] cardVerifiableCertificateArr;
        byte[] read = read(new CardFilePath(":2F02"), 0, -1);
        try {
            byte[] bytes = new ConstructedTLV(read).getBytes();
            try {
                CardVerifiableCertificate cardVerifiableCertificate = new CardVerifiableCertificate(bytes);
                if (bytes.length == read.length) {
                    cardVerifiableCertificateArr = new CardVerifiableCertificate[]{cardVerifiableCertificate};
                } else {
                    cardVerifiableCertificateArr = new CardVerifiableCertificate[2];
                    cardVerifiableCertificateArr[0] = cardVerifiableCertificate;
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    byteArrayOutputStream.write(read, bytes.length, read.length - bytes.length);
                    try {
                        cardVerifiableCertificateArr[1] = new CardVerifiableCertificate(byteArrayOutputStream.toByteArray());
                    } catch (CertificateException e) {
                        this.log.error("Parsing CVC", e);
                        throw new CardServiceException("Unexpected CardVerifiableCertificate error");
                    }
                }
                return cardVerifiableCertificateArr;
            } catch (CertificateException e2) {
                this.log.error("Parsing CVC", e2);
                throw new CardServiceException("Unexptected CardVerifiableCertificate error");
            }
        } catch (TLVEncodingException e3) {
            this.log.error("Parsing CVC", e3);
            throw new CardServiceException("Unexptected TLV encoding error");
        }
    }

    private TrustStore getTrustStore() {
        if (TrustStore.isEmpty()) {
            try {
                TrustStore.getInstance().addTrustedCertificate(new CardVerifiableCertificate(rootCert));
                TrustStore.getInstance().addTrustedCertificate(new CardVerifiableCertificate(utCert));
            } catch (CertificateException e) {
                this.log.error("Error adding default SRCA certificates to trust store", e);
            }
        }
        return TrustStore.getInstance();
    }

    public ECPublicKey getDevAutPK() throws CardServiceException, CardTerminalException, CertPathBuilderException {
        CardVerifiableCertificate[] certificateChain = getCertificateChain();
        if (certificateChain.length != 2) {
            throw new CardServiceException("Unsupported PKI structure");
        }
        CertificationAuthorityReference certificationAuthorityReference = certificateChain[1].getCertificationAuthorityReference();
        CardVerifiableCertificate trustedCertificate = getTrustStore().getTrustedCertificate(certificationAuthorityReference);
        if (trustedCertificate == null) {
            throw new CertPathBuilderException("SRCA certificate for " + new String(certificationAuthorityReference.getValue()) + " not found in trust store");
        }
        try {
            certificateChain[1].verify(trustedCertificate.getPublicKey());
            certificateChain[0].verify(certificateChain[1].getPublicKey());
            this.id = CardFilePath.SYM_SEPARATOR + trustedCertificate.getCertificateHolderReference().getHolder() + CardFilePath.SYM_SEPARATOR + certificateChain[1].getCertificateHolderReference().getHolder() + CardFilePath.SYM_SEPARATOR + certificateChain[0].getCertificateHolderReference().getHolder();
            return (ECPublicKey) certificateChain[0].getPublicKey();
        } catch (InvalidKeyException e) {
            this.log.error("Verify certificate", e);
            throw new CardServiceException("Unexpected InvalidKeyException");
        } catch (NoSuchAlgorithmException e2) {
            this.log.error("Verify certificate", e2);
            throw new CardServiceException("Unexpected NoSuchAlgorithmException");
        } catch (NoSuchProviderException e3) {
            this.log.error("Verify certificate", e3);
            throw new CardServiceException("Unexpected NoSuchProviderException");
        } catch (SignatureException e4) {
            e4.printStackTrace();
            this.log.error("Verify certificate", e4);
            throw new CardServiceException("Unexpected SignatureException");
        } catch (CertificateException e5) {
            this.log.error("Verify certificate", e5);
            throw new CardServiceException("The Device Authentication Certificate isn't valid.");
        }
    }

    public ChangeReferenceDataDialog getChangeReferenceDataDialog() {
        return this.changeRefenceDataDialog;
    }

    public void setChangeReferenceDataDialog(ChangeReferenceDataDialog changeReferenceDataDialog) {
        this.changeRefenceDataDialog = changeReferenceDataDialog;
    }

    @Override // de.cardcontact.opencard.service.remoteclient.RemoteUpdateService
    public void update(String str, String str2, RemoteNotificationListener remoteNotificationListener) throws CardServiceException {
        boolean z = this.state.getSecureChannelCredential() != null;
        this.remoteClient = new RemoteClient(this, str, str2, this.connectionFactory);
        this.remoteClient.update(remoteNotificationListener);
        this.remoteClient = null;
        if (z) {
            try {
                initSecureMessaging();
            } catch (CertPathBuilderException | CardTerminalException e) {
                throw new CardServiceException("Could not reestablish secure channel");
            }
        }
    }

    @Override // de.cardcontact.opencard.service.remoteclient.RemoteUpdateService
    public void cancel() {
        if (this.remoteClient != null) {
            this.remoteClient.cancel();
            this.remoteClient = null;
        }
    }

    @Override // de.cardcontact.opencard.service.remoteclient.RemoteUpdateService
    public void setHttpURLConnectionFactory(HttpURLConnectionFactory httpURLConnectionFactory) {
        this.connectionFactory = httpURLConnectionFactory;
    }

    static {
        HashMap<String, Byte> hashMap = new HashMap<>();
        hashMap.put("SHA1withRSA", (byte) 49);
        hashMap.put("SHA256withRSA", (byte) 51);
        HashMap<String, Byte> hashMap2 = new HashMap<>();
        hashMap2.put("NONEwithRSA", (byte) 64);
        hashMap2.put("SHA1withRSA", (byte) 65);
        hashMap2.put("SHA256withRSA", (byte) 67);
        HashMap<String, Byte> hashMap3 = new HashMap<>();
        hashMap3.put("NONEwithRSA", (byte) 32);
        hashMap3.put("NONEwithECDSA", (byte) 112);
        hashMap3.put("SHA1withECDSA", (byte) 113);
        hashMap3.put("SHA224withECDSA", (byte) 114);
        hashMap3.put("SHA256withECDSA", (byte) 115);
        hashMap3.put("DEFAULT_ALGORITHM", (byte) -96);
        HashMap<String, Byte> hashMap4 = new HashMap<>();
        hashMap4.put("SHA1withRSA", (byte) 49);
        hashMap4.put("SHA256withRSA", (byte) 51);
        hashMap4.put("NONEwithRSA", (byte) 32);
        hashMap4.put("NONEwithECDSA", (byte) 112);
        hashMap4.put("SHA1withECDSA", (byte) 113);
        hashMap4.put("SHA224withECDSA", (byte) 114);
        hashMap4.put("SHA256withECDSA", (byte) 115);
        hashMap4.put("DEFAULT_ALGORITHM", (byte) -96);
        ALGORITHM_PADDING.put("PKCS1_V15", hashMap);
        ALGORITHM_PADDING.put(ALGO_PADDING_PKCS1_PSS, hashMap2);
        ALGORITHM_PADDING.put("NONE", hashMap3);
        ALGORITHM_PADDING.put("DEFAULT", hashMap4);
    }
}
