package es.gob.jmulticard.card.dnie.mrtd;

import android.nfc.Tag;
import de.tsenger.androsmex.mrtd.DG11;
import de.tsenger.androsmex.mrtd.DG1_Dnie;
import de.tsenger.androsmex.mrtd.DG2;
import de.tsenger.androsmex.mrtd.DG7;
import de.tsenger.androsmex.mrtd.EF_COM;
import es.gob.jmulticard.CryptoHelper;
import es.gob.jmulticard.HexUtils;
import es.gob.jmulticard.apdu.ResponseApdu;
import es.gob.jmulticard.apdu.connection.ApduConnection;
import es.gob.jmulticard.apdu.connection.ApduConnectionException;
import es.gob.jmulticard.apdu.connection.CardNotPresentException;
import es.gob.jmulticard.apdu.connection.NoReadersFoundException;
import es.gob.jmulticard.apdu.connection.cwa14890.Cwa14890OneConnection;
import es.gob.jmulticard.apdu.connection.cwa14890.InvalidCryptographicChecksum;
import es.gob.jmulticard.apdu.connection.cwa14890.SecureChannelException;
import es.gob.jmulticard.apdu.dnie.GetChipInfoApduCommand;
import es.gob.jmulticard.apdu.iso7816eight.PsoSignHashApduCommand;
import es.gob.jmulticard.apdu.iso7816four.ExternalAuthenticateApduCommand;
import es.gob.jmulticard.apdu.iso7816four.InternalAuthenticateApduCommand;
import es.gob.jmulticard.apdu.iso7816four.MseSetAuthenticationKeyApduCommand;
import es.gob.jmulticard.apdu.iso7816four.MseSetSignatureKeyApduCommand;
import es.gob.jmulticard.asn1.Asn1Exception;
import es.gob.jmulticard.asn1.TlvException;
import es.gob.jmulticard.asn1.der.pkcs1.DigestInfo;
import es.gob.jmulticard.asn1.der.pkcs15.Cdf;
import es.gob.jmulticard.asn1.der.pkcs15.Dodf;
import es.gob.jmulticard.asn1.der.pkcs15.PrKdf;
import es.gob.jmulticard.card.Atr;
import es.gob.jmulticard.card.CryptoCard;
import es.gob.jmulticard.card.CryptoCardException;
import es.gob.jmulticard.card.InvalidCardException;
import es.gob.jmulticard.card.Location;
import es.gob.jmulticard.card.PrivateKeyReference;
import es.gob.jmulticard.card.cwa14890.Cwa14890Card;
import es.gob.jmulticard.card.dnie.BurnedDnieCardException;
import es.gob.jmulticard.card.dnie.FakeX509Certificate;
import es.gob.jmulticard.card.iso7816eight.Iso7816EightCard;
import es.gob.jmulticard.card.iso7816four.FileNotFoundException;
import es.gob.jmulticard.card.iso7816four.Iso7816FourCardException;
import es.gob.jmulticard.jse.smartcardio.SmartCardMRTDConnection;
import es.gob.jmulticard.ui.passwordcallback.CancelledOperationException;
import es.gob.jmulticard.ui.passwordcallback.gui.DialogBuilder;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Logger;
import java.util.zip.DataFormatException;
import java.util.zip.Inflater;
import javax.security.auth.callback.PasswordCallback;

/* loaded from: classes3.dex */
public final class DnieMrtd extends Iso7816EightCard implements CryptoCard, Cwa14890Card {
    private static final String AUTHENTICATION_CONFIRMATION_PROPERTY = "es.gob.jmulticard.authConfirmation";
    private static final String AUTH_CERT_ALIAS = "CertAutenticacion";
    private static final String AUTH_KEY_LABEL = "KprivAutenticacion";
    private static final String DATA_LABEL_FILI = "ADMIN_DatosFiliacion";
    private static final String DATA_LABEL_FIRMA = "ADMIN_ImagenFirma";
    private static final String DATA_LABEL_FOTO = "ADMIN_ImagenFacial";
    private static final String FAST_MODE_PROPERTY = "es.gob.jmulticard.fastmode";
    private static final String INTERMEDIATE_CA_CERT_ALIAS = "CertCAIntermediaDGP";
    private static final String MASTER_FILE_NAME = "Master.File";
    private static final byte PASSPORT_DG_01 = 1;
    private static final byte PASSPORT_DG_02 = 2;
    private static final byte PASSPORT_DG_07 = 7;
    private static final byte PASSPORT_DG_11 = 11;
    private static final byte PASSPORT_EF_COM = 30;
    private static final String SIGN_CERT_ALIAS = "CertFirmaDigital";
    private static final String SIGN_KEY_LABEL = "KprivFirmaDigital";
    private boolean RequiresNewPinChannel;
    private X509Certificate authCert;
    private Location authCertPath;
    private DnieMrtdPrivateKeyReference authKeyRef;
    private CryptoHelper cryptoHelper;
    private DG1_Dnie dg1;
    private DG11 dg11;
    private DG2 dg2;
    private DG7 dg7;
    private EF_COM efcom;
    private final boolean fastMode;
    private byte[] filiData;
    private Location filiDataPath;
    private byte[] firmaData;
    private Location firmaDataPath;
    private byte[] fotoData;
    private Location fotoDataPath;
    private X509Certificate intermediateCaCerICC;
    private X509Certificate intermediateCaCert;
    public short m_SW;
    private boolean m_secureUserChannel;
    public Tag mtag;
    private boolean needsRealCertificates;
    private final PasswordCallback passwordCallback;
    List<byte[]> prKDFentryCDF;
    List<String> prKDFentryTtl;
    List<byte[]> prKDFentrybts;
    private X509Certificate signCert;
    private Location signCertPath;
    private DnieMrtdPrivateKeyReference signKeyRef;
    private static final byte[] CERT_ICC_FILE_ID = {96, 31};
    private static final byte[] REF_RCA_ICC_PUBLIC_KEY = {96, 32};
    private static final Location CDF_LOCATION = new Location("50156004");
    private static final Location DODF_LOCATION = new Location("50156005");
    private static final Location PRKDF_LOCATION = new Location("50156001");
    private static final byte[] ATR_MASK = {-1, -1, 0, -1, -1, -1, -1, -1, -1, -1, -1, 0, 0, 0, 0, 0, 0, 0, -1, -1};
    private static final Atr ATR = new Atr(new byte[]{59, Byte.MAX_VALUE, 0, 0, 0, 0, 106, 68, 78, 73, 101, 0, 0, 0, 0, 0, 0, 0, -112, 0}, ATR_MASK);
    private static final Atr BURNED_DNI_ATR = new Atr(new byte[]{59, Byte.MAX_VALUE, 0, 0, 0, 0, 106, 68, 78, 73, 101, 0, 0, 0, 0, 0, 0, 0, 101, -127}, ATR_MASK);

    public DnieMrtd(ApduConnection apduConnection, PasswordCallback passwordCallback, CryptoHelper cryptoHelper) throws ApduConnectionException, InvalidCardException, BurnedDnieCardException {
        super((byte) 0, apduConnection);
        this.needsRealCertificates = false;
        this.cryptoHelper = null;
        this.RequiresNewPinChannel = false;
        this.m_secureUserChannel = false;
        this.prKDFentryTtl = new ArrayList();
        this.prKDFentrybts = new ArrayList();
        this.prKDFentryCDF = new ArrayList();
        connect(apduConnection);
        this.passwordCallback = passwordCallback;
        if (cryptoHelper == null) {
            throw new IllegalArgumentException("El CryptoHelper no puede ser nula");
        }
        this.cryptoHelper = cryptoHelper;
        this.fastMode = Boolean.getBoolean(FAST_MODE_PROPERTY);
        try {
            preloadCertificates();
            loadKeyReferences();
        } catch (IllegalStateException unused) {
        }
    }

    private void connect(ApduConnection apduConnection) throws BurnedDnieCardException, InvalidCardException, ApduConnectionException {
        byte[] reset;
        Atr atr;
        if (apduConnection == null) {
            throw new IllegalArgumentException("La conexion no puede ser nula");
        }
        if (apduConnection instanceof SmartCardMRTDConnection) {
            return;
        }
        long[] terminals = apduConnection.getTerminals(false);
        if (terminals.length < 1) {
            throw new NoReadersFoundException();
        }
        InvalidCardException invalidCardException = null;
        CardNotPresentException e = null;
        for (long j : terminals) {
            apduConnection.setTerminal((int) j);
            try {
                reset = apduConnection.reset();
                atr = new Atr(reset, ATR_MASK);
            } catch (CardNotPresentException e2) {
                e = e2;
            }
            if (BURNED_DNI_ATR.equals(atr)) {
                throw new BurnedDnieCardException();
            }
            if (ATR.equals(atr)) {
                return;
            }
            invalidCardException = new InvalidCardException(getCardName(), ATR, reset);
        }
        if (invalidCardException != null) {
            throw invalidCardException;
        }
        if (e == null) {
            throw new ApduConnectionException("No se ha podido conectar con ningun lector de tarjetas");
        }
        throw e;
    }

    private static byte[] deflate(byte[] bArr) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Inflater inflater = new Inflater();
        inflater.setInput(bArr, 8, bArr.length - 8);
        byte[] bArr2 = new byte[1024];
        while (!inflater.finished()) {
            try {
                int inflate = inflater.inflate(bArr2);
                if (inflate == 0) {
                    throw new DataFormatException();
                }
                byteArrayOutputStream.write(bArr2, 0, inflate);
            } catch (DataFormatException unused) {
                try {
                    int i = ((bArr[3] & 255) << 24) + ((bArr[2] & 255) << 16) + ((bArr[1] & 255) << 8) + (bArr[0] & 255);
                    int i2 = ((bArr[7] & 255) << 24) + ((bArr[6] & 255) << 16) + ((bArr[5] & 255) << 8) + (bArr[4] & 255);
                    byte[] bArr3 = new byte[i];
                    byte[] bArr4 = new byte[i2];
                    System.arraycopy(bArr, 8, bArr4, 0, i2);
                    if (i == i2) {
                        return bArr4;
                    }
                    com.jcraft.jzlib.Inflater inflater2 = new com.jcraft.jzlib.Inflater();
                    inflater2.setInput(bArr4);
                    inflater2.setOutput(bArr3);
                    int init = inflater2.init();
                    if (init != 0) {
                        System.out.println("JZlib error: " + init);
                        throw new IOException("Error al descomprimir el certificado: " + init);
                    }
                    while (inflater2.total_out < i && inflater2.total_in < i2) {
                        inflater2.avail_out = 1;
                        inflater2.avail_in = 1;
                        int inflate2 = inflater2.inflate(0);
                        if (inflate2 == 1) {
                            break;
                        }
                        if (inflate2 != 0) {
                            System.out.println("JZlib error: " + inflate2);
                            throw new IOException("Error al descomprimir el certificado: " + inflate2);
                        }
                    }
                    int end = inflater2.end();
                    if (end == 0) {
                        return (byte[]) bArr3.clone();
                    }
                    System.out.println("JZlib error: " + end);
                    throw new IOException("Error al descomprimir el certificado: " + end);
                } catch (Exception e) {
                    throw new IOException("Error al descomprimir el certificado: " + e);
                }
            }
        }
        return byteArrayOutputStream.toByteArray();
    }

    private void establishPINChannel() throws CryptoCardException {
        if ((getConnection() instanceof Cwa14890OneConnection) || this.m_secureUserChannel) {
            Cwa14890OneConnection cwa14890OneConnection = new Cwa14890OneConnection(this, getConnection(), this.cryptoHelper);
            try {
                selectMasterFile();
                setConnection(cwa14890OneConnection);
                this.RequiresNewPinChannel = false;
                this.m_secureUserChannel = false;
                Security.removeProvider("SC");
            } catch (ApduConnectionException e) {
                throw new CryptoCardException("Error en el establecimiento del canal seguro", e);
            } catch (FileNotFoundException e2) {
                e2.printStackTrace();
            }
        }
        try {
            verifyPin(this.passwordCallback);
            if (this.passwordCallback != null) {
                this.passwordCallback.clearPassword();
                System.gc();
            }
            establishUserChannel();
        } catch (ApduConnectionException e3) {
            throw new CryptoCardException("Error en la apertura del canal seguro: ", e3);
        } catch (Exception e4) {
            throw new CryptoCardException("Error en la operación de establishPINChannel", e4);
        }
    }

    private void establishUserChannel() throws CryptoCardException {
        if (isSecurityUserChannelOpen()) {
            return;
        }
        Cwa14890OneConnection cwa14890OneConnection = new Cwa14890OneConnection(this, getConnection(), this.cryptoHelper);
        try {
            selectMasterFile();
            setConnection(cwa14890OneConnection);
            this.m_secureUserChannel = true;
        } catch (ApduConnectionException e) {
            throw new CryptoCardException("Error en el establecimiento del canal seguro", e);
        } catch (FileNotFoundException e2) {
            e2.printStackTrace();
        }
    }

    private boolean isSecurityChannelOpen() {
        return (getConnection() instanceof Cwa14890OneConnection) && getConnection().isOpen() && !(this.authCert instanceof FakeX509Certificate);
    }

    private boolean isSecurityUserChannelOpen() {
        return this.m_secureUserChannel;
    }

    private void loadCertificates() throws CryptoCardException {
        if (isSecurityUserChannelOpen()) {
            return;
        }
        verifyAndLoadCertificates();
    }

    private void loadDataGroups(int i) {
        try {
            if (i == 1) {
                if (this.dg1 == null) {
                    this.dg1 = ((SmartCardMRTDConnection) getConnection()).readDG1();
                    return;
                }
                return;
            }
            if (i == 2) {
                if (this.dg2 == null) {
                    this.dg2 = ((SmartCardMRTDConnection) getConnection()).readDG2();
                    return;
                }
                return;
            }
            if (i == 7) {
                if (this.dg7 == null) {
                    this.dg7 = ((SmartCardMRTDConnection) getConnection()).readDG7();
                }
            } else if (i == 11) {
                if (this.dg11 == null) {
                    this.dg11 = ((SmartCardMRTDConnection) getConnection()).readDG11();
                }
            } else {
                if (i != 30) {
                    throw new IllegalStateException("No es posible acceder al DG solicitado");
                }
                if (this.efcom == null) {
                    this.efcom = ((SmartCardMRTDConnection) getConnection()).readEFCOM();
                }
            }
        } catch (IllegalStateException e) {
            throw e;
        } catch (Exception unused) {
            throw new IllegalStateException("No se ha podido cargar el DG indicado (DG-" + i + ")");
        }
    }

    private void loadDataObjects() {
        Dodf dodf = new Dodf();
        try {
            selectMasterFile();
            dodf.setDerValue(selectFileByLocationAndRead(DODF_LOCATION));
        } catch (Asn1Exception e) {
            Logger.getLogger("es.gob.jmulticard").warning("No se ha podido cargar el DODF de la tarjeta: " + e.getMessage());
        } catch (TlvException e2) {
            Logger.getLogger("es.gob.jmulticard").warning("No se ha podido cargar el DODF de la tarjeta: " + e2.getMessage());
        } catch (Exception e3) {
            throw new IllegalStateException("No se ha podido cargar el DODF de la tarjeta: " + e3.getMessage());
        }
        for (int i = 0; i < dodf.getDataObjectCount(); i++) {
            try {
                if (DATA_LABEL_FIRMA.equals(dodf.getDataObjectName(i))) {
                    this.firmaDataPath = new Location(dodf.getDataObjectPath(i));
                    this.firmaData = deflate(selectCompressedFileByLocationAndRead(this.firmaDataPath));
                }
                if (DATA_LABEL_FOTO.equals(dodf.getDataObjectName(i))) {
                    this.fotoDataPath = new Location(dodf.getDataObjectPath(i));
                    this.fotoData = deflate(selectCompressedFileByLocationAndRead(this.fotoDataPath));
                }
                if (DATA_LABEL_FILI.equals(dodf.getDataObjectName(i))) {
                    this.filiDataPath = new Location(dodf.getDataObjectPath(i));
                    this.filiData = deflate(selectCompressedFileByLocationAndRead(this.filiDataPath));
                }
            } catch (Iso7816FourCardException e4) {
                Logger.getLogger("es.gob.jmulticard").warning("Error al cargar los objetos del DNIe, no es posible obtener una factoria de datos" + e4.toString());
            } catch (IOException e5) {
                Logger.getLogger("es.gob.jmulticard").warning("Error al cargar los objetos del DNIe, error en la descompresion de los datos" + e5.toString());
            }
        }
    }

    private void loadKeyReferences() {
        PrKdf prKdf = new PrKdf();
        try {
            prKdf.setDerValue(selectFileByLocationAndRead(PRKDF_LOCATION));
            for (int i = 0; i < prKdf.getKeyCount(); i++) {
                if (AUTH_KEY_LABEL.equals(prKdf.getKeyName(i))) {
                    this.authKeyRef = new DnieMrtdPrivateKeyReference(this, prKdf.getKeyIdentifier(i), new Location(prKdf.getKeyPath(i)), AUTH_KEY_LABEL);
                } else if (SIGN_KEY_LABEL.equals(prKdf.getKeyName(i))) {
                    this.signKeyRef = new DnieMrtdPrivateKeyReference(this, prKdf.getKeyIdentifier(i), new Location(prKdf.getKeyPath(i)), SIGN_KEY_LABEL);
                }
            }
        } catch (Exception e) {
            throw new IllegalStateException("No se ha podido cargar el PrKDF de la tarjeta: " + e.getMessage());
        }
    }

    private void preloadCertificates() {
        Cdf cdf = new Cdf();
        try {
            selectMasterFile();
            cdf.setDerValue(selectFileByLocationAndRead(CDF_LOCATION));
            for (int i = 0; i < cdf.getCertificateCount(); i++) {
                FakeX509Certificate fakeX509Certificate = new FakeX509Certificate(cdf.getCertificateSubjectPrincipal(i), cdf.getCertificateIssuerPrincipal(i), cdf.getCertificateSerialNumber(i), AUTH_CERT_ALIAS.equals(cdf.getCertificateAlias(i)));
                if (AUTH_CERT_ALIAS.equals(cdf.getCertificateAlias(i))) {
                    this.authCert = fakeX509Certificate;
                    this.authCertPath = new Location(cdf.getCertificatePath(i));
                } else if (SIGN_CERT_ALIAS.equals(cdf.getCertificateAlias(i))) {
                    this.signCert = fakeX509Certificate;
                    this.signCertPath = new Location(cdf.getCertificatePath(i));
                } else {
                    try {
                        this.intermediateCaCert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(deflate(selectCompressedFileByLocationAndRead(new Location(cdf.getCertificatePath(i))))));
                    } catch (Exception e) {
                        Logger.getLogger("es.gob.jmulticard").warning("No se ha podido cargar el certificado de la autoridad intermedia de la DGP: " + e.toString());
                        this.intermediateCaCert = null;
                    }
                }
            }
        } catch (Asn1Exception e2) {
            Logger.getLogger("es.gob.jmulticard").warning("No se ha podido cargar el CDF de la tarjeta: " + e2.getMessage());
            throw new IllegalStateException("No se ha podido cargar el CDF de la tarjeta: " + e2.getMessage());
        } catch (TlvException e3) {
            Logger.getLogger("es.gob.jmulticard").warning("No se ha podido cargar el CDF de la tarjeta: " + e3.getMessage());
            throw new IllegalStateException("No se ha podido cargar el CDF de la tarjeta: " + e3.getMessage());
        } catch (Exception e4) {
            throw new IllegalStateException(e4.getMessage().toLowerCase().contains("tag was lost") ? "Se ha perdido la conexión con el DNIe." : "No se han podido cargar los certificados de la tarjeta: " + e4.getMessage());
        }
    }

    private byte[] signOperation(byte[] bArr, String str, PrivateKeyReference privateKeyReference) throws CryptoCardException {
        if (!isSecurityUserChannelOpen()) {
            establishUserChannel();
        }
        try {
            ResponseApdu transmit = getConnection().transmit(new MseSetSignatureKeyApduCommand((byte) 0, ((DnieMrtdPrivateKeyReference) privateKeyReference).getKeyPath().getLastFilePath()));
            if (!transmit.isOk()) {
                throw new DnieMrtdCardException("Error en el establecimiento de las variables de entorno para firma", transmit.getStatusWord());
            }
            try {
                ResponseApdu transmit2 = getConnection().transmit(new PsoSignHashApduCommand((byte) 0, DigestInfo.encode(str, bArr, this.cryptoHelper)));
                if (!transmit2.isOk()) {
                    throw new DnieMrtdCardException("Error durante la operacion de firma", transmit2.getStatusWord());
                }
                this.RequiresNewPinChannel = true;
                return transmit2.getData();
            } catch (IOException e) {
                throw new DnieMrtdCardException("Error en el calculo del hash para firmar", e);
            }
        } catch (ApduConnectionException e2) {
            throw new DnieMrtdCardException("Error en la transmision de comandos a la tarjeta", e2);
        } catch (Exception e3) {
            throw new DnieMrtdCardException("Error en la operación de firma", e3);
        }
    }

    private void verifyAndLoadCertificates() throws CryptoCardException {
        if (!isSecurityChannelOpen() || !this.m_secureUserChannel) {
            if (!(getConnection() instanceof Cwa14890OneConnection) || !this.m_secureUserChannel) {
                Cwa14890OneConnection cwa14890OneConnection = new Cwa14890OneConnection(this, getConnection(), this.cryptoHelper);
                try {
                    selectMasterFile();
                    setConnection(cwa14890OneConnection);
                    this.m_secureUserChannel = false;
                    Security.removeProvider("SC");
                } catch (ApduConnectionException e) {
                    throw new CryptoCardException("Error en el establecimiento del canal seguro", e);
                } catch (FileNotFoundException e2) {
                    e2.printStackTrace();
                }
            }
            try {
                verifyPin(this.passwordCallback);
                if (this.passwordCallback != null) {
                    this.passwordCallback.clearPassword();
                    System.gc();
                }
                establishUserChannel();
            } catch (ApduConnectionException e3) {
                throw new CryptoCardException("Error en la apertura del canal seguro: ", e3);
            } catch (CancelledOperationException e4) {
                throw e4;
            } catch (Exception e5) {
                throw new CryptoCardException("Error en la operación de verifyAndLoadCertificates", e5);
            }
        }
        try {
            if ((this.authCert instanceof FakeX509Certificate) || (this.signCert instanceof FakeX509Certificate)) {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                this.authCert = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(deflate(selectCompressedFileByLocationAndRead(this.authCertPath))));
                this.signCert = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(deflate(selectCompressedFileByLocationAndRead(this.signCertPath))));
            }
        } catch (Iso7816FourCardException e6) {
            throw new CryptoCardException("Error al cargar los certificados reales del DNIe, no es posible obtener una factoria de certificados X.509", e6);
        } catch (IOException e7) {
            throw new CryptoCardException("Error al cargar los certificados reales del DNIe, error en la descompresion de los datos", e7);
        } catch (CertificateException e8) {
            throw new CryptoCardException("Error al cargar los certificados reales del DNIe, no es posible obtener una factoria de certificados X.509", e8);
        }
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public boolean externalAuthentication(byte[] bArr) throws ApduConnectionException {
        return getConnection().transmit(new ExternalAuthenticateApduCommand((byte) 0, bArr)).isOk();
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public String[] getAliases() {
        return new String[]{AUTH_CERT_ALIAS, SIGN_CERT_ALIAS};
    }

    @Override // es.gob.jmulticard.card.SmartCard
    public String getCardName() {
        return "DNIe";
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public X509Certificate getCertificate(String str) throws CryptoCardException {
        if (this.needsRealCertificates || ((this.authCert instanceof FakeX509Certificate) && !this.fastMode)) {
            loadCertificates();
        }
        if (AUTH_CERT_ALIAS.equals(str)) {
            return this.authCert;
        }
        if (SIGN_CERT_ALIAS.equals(str)) {
            return this.signCert;
        }
        if (INTERMEDIATE_CA_CERT_ALIAS.equals(str)) {
            return this.intermediateCaCert;
        }
        return null;
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public byte[] getChrCCvIfd() {
        return ((getConnection() instanceof SmartCardMRTDConnection) || this.RequiresNewPinChannel) ? DnieMrtdCwa14890Constants.CHR_C_CV_IFD_PIN : DnieMrtdCwa14890Constants.CHR_C_CV_IFD_USER;
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public DG1_Dnie getDataGroup1() throws CryptoCardException {
        loadDataGroups(1);
        return this.dg1;
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public DG11 getDataGroup11() throws CryptoCardException {
        loadDataGroups(11);
        return this.dg11;
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public DG2 getDataGroup2() throws CryptoCardException {
        loadDataGroups(2);
        return this.dg2;
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public DG7 getDataGroup7() throws CryptoCardException {
        loadDataGroups(7);
        return this.dg7;
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public byte[] getDataObject(String str) throws CryptoCardException {
        if (DATA_LABEL_FOTO.equals(str)) {
            return this.fotoData;
        }
        if (DATA_LABEL_FIRMA.equals(str)) {
            return this.firmaData;
        }
        if (DATA_LABEL_FILI.equals(str)) {
            return this.filiData;
        }
        return null;
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public EF_COM getEFCOM() throws CryptoCardException {
        loadDataGroups(30);
        return this.efcom;
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public byte[] getIccCertEncoded() throws IOException {
        try {
            return selectFileByIdAndRead(CERT_ICC_FILE_ID);
        } catch (ApduConnectionException e) {
            throw new IOException("Error en el envio de APDU para la seleccion del certificado de componente de la tarjeta: " + e);
        } catch (Iso7816FourCardException e2) {
            throw new IOException("Error en la seleccion del certificado de componente de la tarjeta: " + e2);
        }
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public RSAPrivateKey getIfdPrivateKey() {
        return ((getConnection() instanceof SmartCardMRTDConnection) || this.RequiresNewPinChannel) ? DnieMrtdCwa14890Constants.IFD_PRIVATE_KEY_PIN : DnieMrtdCwa14890Constants.IFD_PRIVATE_KEY_USER;
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public byte[] getInternalAuthenticateMessage(byte[] bArr, byte[] bArr2) throws ApduConnectionException {
        ResponseApdu transmit = getConnection().transmit(new InternalAuthenticateApduCommand((byte) 0, bArr, bArr2));
        if (transmit.isOk()) {
            return transmit.getData();
        }
        throw new ApduConnectionException("Respuesta invalida en la obtencion del mensaje de autenticacion interna con el codigo: " + transmit.getStatusWord());
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public PrivateKeyReference getPrivateKey(String str) {
        this.needsRealCertificates = true;
        if (AUTH_CERT_ALIAS.equals(str)) {
            return this.authKeyRef;
        }
        if (SIGN_CERT_ALIAS.equals(str)) {
            return this.signKeyRef;
        }
        return null;
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public byte[] getRefIccPrivateKey() {
        return DnieMrtdCwa14890Constants.REF_ICC_PRIVATE_KEY;
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public byte[] getSerialNumber() throws ApduConnectionException {
        try {
            try {
                ResponseApdu transmit = getConnection().transmit(new GetChipInfoApduCommand());
                if (transmit.isOk()) {
                    return transmit.getData();
                }
                throw new ApduConnectionException("Respuesta invalida en la obtencion del numero de serie con el codigo: " + transmit.getStatusWord());
            } catch (Exception e) {
                throw new ApduConnectionException("Error reestableciendo el canal de comunicacion", e);
            }
        } catch (InvalidCryptographicChecksum unused) {
            getConnection().close();
            this.needsRealCertificates = !this.fastMode;
            if (getConnection() instanceof Cwa14890OneConnection) {
                setConnection(((Cwa14890OneConnection) getConnection()).getSubConnection());
            }
            return getSerialNumber();
        } catch (Exception e2) {
            throw new ApduConnectionException("Error al obtener número de serie", e2);
        }
    }

    @Override // es.gob.jmulticard.card.iso7816four.Iso7816FourCard
    protected void selectMasterFile() throws ApduConnectionException, FileNotFoundException {
        selectFileByName(MASTER_FILE_NAME);
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public void setKeysToAuthentication(byte[] bArr, byte[] bArr2) throws ApduConnectionException {
        ResponseApdu transmit = getConnection().transmit(new MseSetAuthenticationKeyApduCommand((byte) 0, bArr, bArr2));
        if (transmit.isOk()) {
            return;
        }
        throw new SecureChannelException("Error durante el establecimiento de las claves publica y privada para atenticacion (error: " + HexUtils.hexify(transmit.getBytes(), true) + ")");
    }

    @Override // es.gob.jmulticard.card.CryptoCard
    public byte[] sign(byte[] bArr, String str, PrivateKeyReference privateKeyReference) throws CryptoCardException, CancelledOperationException {
        if (!(privateKeyReference instanceof DnieMrtdPrivateKeyReference)) {
            throw new IllegalArgumentException("La referencia a la clave privada tiene que ser de tipo DnieMrtdPrivateKeyReference");
        }
        try {
            if (this.RequiresNewPinChannel) {
                establishPINChannel();
            }
            if (Boolean.getBoolean(AUTHENTICATION_CONFIRMATION_PROPERTY) || !AUTH_KEY_LABEL.equals(((DnieMrtdPrivateKeyReference) privateKeyReference).getLabel())) {
                try {
                    if (DialogBuilder.showSignatureConfirmDialog(AUTH_KEY_LABEL.equals(((DnieMrtdPrivateKeyReference) privateKeyReference).getLabel())) == 1) {
                        throw new CancelledOperationException("Operacion de firma no autorizada por el usuario");
                    }
                } catch (Exception unused) {
                    throw new CancelledOperationException("Operacion de firma no autorizada por el usuario");
                }
            }
            return signOperation(bArr, str, privateKeyReference);
        } catch (Exception e) {
            throw new CryptoCardException(e.getMessage());
        }
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public void verifyCaIntermediateIcc() throws CertificateException, IOException {
        try {
            PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(DnieMrtdCwa14890Constants.CA_COMPONENT_PUBLIC_KEY.getEncoded()));
            this.intermediateCaCerICC = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(selectFileByIdAndRead(REF_RCA_ICC_PUBLIC_KEY)));
            this.intermediateCaCerICC.verify((RSAPublicKey) generatePublic);
        } catch (Exception e) {
            throw new SecureChannelException("Error al verificar certificado de la CA intermedia de componentes", e);
        }
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public void verifyIcc() throws CertificateException, IOException {
        try {
            PublicKey publicKey = this.intermediateCaCerICC.getPublicKey();
            ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(selectFileByIdAndRead(CERT_ICC_FILE_ID)))).verify((RSAPublicKey) publicKey);
        } catch (Exception e) {
            throw new SecureChannelException("Error al verificar certificado ICC de componentes", e);
        }
    }

    @Override // es.gob.jmulticard.card.cwa14890.Cwa14890Card
    public void verifyIfdCertificateChain() throws ApduConnectionException {
        try {
            setPublicKeyToVerification(DnieMrtdCwa14890Constants.REF_C_CV_CA_PUBLIC_KEY);
            try {
                verifyCertificate(DnieMrtdCwa14890Constants.C_CV_CA);
                try {
                    setPublicKeyToVerification(DnieMrtdCwa14890Constants.CHR_C_CV_CA);
                    try {
                        if ((getConnection() instanceof SmartCardMRTDConnection) || this.RequiresNewPinChannel) {
                            verifyCertificate(DnieMrtdCwa14890Constants.C_CV_IFD_PIN);
                        }
                        if (!(getConnection() instanceof Cwa14890OneConnection) || this.RequiresNewPinChannel) {
                            return;
                        }
                        verifyCertificate(DnieMrtdCwa14890Constants.C_CV_IFD_USER);
                    } catch (SecureChannelException e) {
                        throw new SecureChannelException("Error en la verificacion del certificado de Terminal", e);
                    }
                } catch (SecureChannelException e2) {
                    throw new SecureChannelException("Error al establecer la clave publica del certificado de CA intermedia de Terminal para su verificacion en tarjeta", e2);
                }
            } catch (SecureChannelException e3) {
                throw new SecureChannelException("Error en la verificacion del certificado de la CA intermedia de Terminal", e3);
            }
        } catch (SecureChannelException e4) {
            throw new SecureChannelException("Error al seleccionar para verificacion la clave publica de la CA raiz de los certificados verificables por la tarjeta", e4);
        }
    }
}
