package be.belgium.eid.eidlib;

import be.belgium.eid.eidcommon.HTTPFileDownload;
import be.belgium.eid.event.CardAlivePromptTask;
import be.belgium.eid.event.CardListener;
import be.belgium.eid.exceptions.EIDException;
import be.belgium.eid.exceptions.HashVerificationException;
import be.belgium.eid.exceptions.InvalidSWException;
import be.belgium.eid.exceptions.RootVerificationException;
import be.belgium.eid.exceptions.SignatureVerificationException;
import be.belgium.eid.objects.IDAddress;
import be.belgium.eid.objects.IDData;
import be.belgium.eid.objects.IDPhoto;
import be.belgium.eid.objects.IDTokenInfo;
import be.belgium.eid.objects.IDVersion;
import be.belgium.eid.security.Certificate;
import be.belgium.eid.security.CertificateChain;
import be.belgium.eid.security.CertificateStatus;
import be.belgium.eid.security.HardCodedRootCertificate;
import be.belgium.eid.security.OCSPClient;
import be.belgium.eid.security.RNCertificate;
import be.belgium.eid.security.RootCertificate;
import be.gaudry.model.eid.EidDocumentVersion;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.smartcardio.CommandAPDU;
import javax.smartcardio.ResponseAPDU;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:be/belgium/eid/eidlib/BeID.class */
public class BeID extends SmartCard {
    private static final String SIGNATURE_ALGORITHM_AFTER_2016 = "SHA256withRSA";
    private static final String SIGNATURE_ALGORITHM_BEFORE_2016 = "SHA1withRSA";
    private boolean fEnableTestCard;
    private String fName;
    private CardAlivePromptTask fCardListenThread;
    private EidDocumentVersion cardVersion = null;
    private CardListener fCardListener = null;

    /* loaded from: input_file:be/belgium/eid/eidlib/BeID$SignatureType.class */
    public enum SignatureType {
        AUTHENTICATIONSIG,
        NONREPUDIATIONSIG
    }

    public EidDocumentVersion getCardVersion() {
        return this.cardVersion;
    }

    public BeID(String str, boolean z) {
        this.fEnableTestCard = z;
        this.fName = str;
    }

    public BeID(boolean z) {
        LogFactory.getLog(getClass()).debug("#load; create eid instance in " + (z ? "test" : "normal") + "mode");
        this.fEnableTestCard = z;
        this.fName = "";
    }

    public void connect() throws EIDException {
        try {
            if ("".equals(this.fName)) {
                super.connectCard();
            } else {
                super.connectCard(this.fName);
            }
        } catch (Exception e) {
            throw new EIDException(e);
        }
    }

    public IDData getIDData() throws EIDException {
        try {
            connectCard();
            byte[] bArr = {IDData.fgDFID[0], IDData.fgDFID[1], 64, 49};
            byte[] bArr2 = {IDData.fgDFID[0], IDData.fgDFID[1], 64, 50};
            byte[] readFile = super.readFile(bArr, 1024);
            byte[] readFile2 = super.readFile(bArr2, 256);
            if (!verifyRoot()) {
                return null;
            }
            if (verifyRNSignature(readFile, readFile2)) {
                return IDData.parse(readFile);
            }
            throw new SignatureVerificationException("ID");
        } catch (EIDException e) {
            throw e;
        } catch (Exception e2) {
            throw new EIDException(e2);
        }
    }

    public IDAddress getIDAddress() throws EIDException {
        try {
            connectCard();
            byte[] bArr = {IDAddress.fgDFID[0], IDAddress.fgDFID[1], 64, 51};
            byte[] bArr2 = {IDData.fgDFID[0], IDData.fgDFID[1], 64, 50};
            byte[] bArr3 = {IDAddress.fgDFID[0], IDAddress.fgDFID[1], 64, 52};
            byte[] readFile = super.readFile(bArr2, 256);
            byte[] readFile2 = super.readFile(bArr3, 256);
            byte[] readFile3 = super.readFile(bArr, 512);
            int i = -1;
            int length = readFile3.length - 1;
            while (true) {
                if (length < 0) {
                    break;
                }
                if (readFile3[length] != 0) {
                    i = length;
                    break;
                }
                length--;
            }
            byte[] bArr4 = new byte[i + 1];
            System.arraycopy(readFile3, 0, bArr4, 0, i + 1);
            byte[] bArr5 = new byte[bArr4.length + readFile.length];
            System.arraycopy(bArr4, 0, bArr5, 0, bArr4.length);
            System.arraycopy(readFile, 0, bArr5, bArr4.length, readFile.length);
            if (!verifyRoot()) {
                throw new RootVerificationException();
            }
            if (verifyRNSignature(bArr5, readFile2)) {
                return IDAddress.parse(bArr4);
            }
            throw new SignatureVerificationException("Address");
        } catch (EIDException e) {
            throw e;
        } catch (Exception e2) {
            throw new EIDException(e2);
        }
    }

    public IDPhoto getIDPhoto() throws EIDException {
        try {
            connectCard();
            byte[] bArr = new byte[0];
            IDPhoto parse = IDPhoto.parse(super.readFile(new byte[]{IDPhoto.fgDFID[0], IDPhoto.fgDFID[1], 64, 53}, 4096));
            if (!verifyRoot()) {
                throw new RootVerificationException();
            }
            if (parse.verifyHash(getIDData().getHashPhoto())) {
                return parse;
            }
            throw new HashVerificationException("Photo");
        } catch (EIDException e) {
            throw e;
        } catch (Exception e2) {
            throw new EIDException(e2);
        }
    }

    public IDVersion getIDVersionInformation() throws EIDException {
        try {
            connectCard();
            byte[] bArr = new byte[0];
            return IDVersion.parse(super.getCardData(), super.readFile(new byte[]{IDTokenInfo.fgDFCert[0], IDTokenInfo.fgDFCert[1], IDTokenInfo.fgTokenInfo[0], IDTokenInfo.fgTokenInfo[1]}, IDTokenInfo.fgOFFSET + 4));
        } catch (Exception e) {
            throw new EIDException(e);
        }
    }

    public CertificateChain getCertificateChain() throws EIDException {
        try {
            connectCard();
            return new CertificateChain(this);
        } catch (Exception e) {
            throw new EIDException(e);
        }
    }

    public RNCertificate getNationalRegisterCertificate() throws EIDException {
        try {
            connectCard();
            RNCertificate rNCertificate = new RNCertificate(this);
            rNCertificate.verify();
            return rNCertificate;
        } catch (Exception e) {
            throw new EIDException(e);
        }
    }

    public byte[] generateSignature(byte[] bArr, String str, SignatureType signatureType) throws EIDException {
        try {
            connectCard();
            MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
            messageDigest.update(bArr);
            super.transmitAPDU(new CommandAPDU(0, 34, 65, 182, signatureType.equals(SignatureType.AUTHENTICATIONSIG) ? new byte[]{4, Byte.MIN_VALUE, 2, -124, -126} : signatureType.equals(SignatureType.NONREPUDIATIONSIG) ? new byte[]{4, Byte.MIN_VALUE, 2, -124, -125} : new byte[0]));
            verifyPIN(str);
            ResponseAPDU transmitAPDU = super.transmitAPDU(new CommandAPDU(0, 42, 158, 154, messageDigest.digest()));
            if (transmitAPDU.getSW1() == 144 && transmitAPDU.getSW2() == 0) {
                return transmitAPDU.getData();
            }
            throw new InvalidSWException(transmitAPDU.getSW1(), transmitAPDU.getSW2());
        } catch (Exception e) {
            throw new EIDException(e);
        }
    }

    public boolean verifySignature(byte[] bArr, byte[] bArr2, SignatureType signatureType) throws EIDException {
        try {
            try {
                Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM_AFTER_2016);
                PublicKey publicKey = null;
                if (signatureType.equals(SignatureType.AUTHENTICATIONSIG)) {
                    publicKey = getCertificateChain().getAuthenticationCert().getX509Certificate().getPublicKey();
                } else if (signatureType.equals(SignatureType.NONREPUDIATIONSIG)) {
                    publicKey = getCertificateChain().getSignatureCert().getX509Certificate().getPublicKey();
                }
                try {
                    signature.initVerify(publicKey);
                    signature.update(bArr, 0, bArr.length);
                    return signature.verify(bArr2);
                } catch (Exception e) {
                    LogFactory.getLog(getClass()).warn("Eid signature algorithm before 2016 failed, try to use algorithm after 2016...");
                    Signature signature2 = Signature.getInstance(SIGNATURE_ALGORITHM_BEFORE_2016);
                    signature2.initVerify(publicKey);
                    signature2.update(bArr, 0, bArr.length);
                    return signature2.verify(bArr2);
                }
            } catch (NoSuchAlgorithmException e2) {
                throw e2;
            }
        } catch (EIDException e3) {
            throw e3;
        } catch (Exception e4) {
            throw new EIDException(e4);
        }
    }

    public boolean verifyOCSP(CertificateChain certificateChain) throws EIDException {
        try {
            connectCard();
            boolean z = true;
            ArrayList<Certificate> arrayList = new ArrayList();
            arrayList.add(certificateChain.getAuthenticationCert());
            arrayList.add(certificateChain.getSignatureCert());
            for (Certificate certificate : arrayList) {
                X509Certificate x509Certificate = certificate.getX509Certificate();
                if (x509Certificate.getNonCriticalExtensionOIDs().contains("1.3.6.1.5.5.7.1.1")) {
                    String str = new String(x509Certificate.getExtensionValue("1.3.6.1.5.5.7.1.1"));
                    if (!OCSPClient.processOCSPRequest(certificateChain.getCertificateAuthorityCert(), certificate, str.substring(str.lastIndexOf("http://")))) {
                        z = false;
                    }
                }
            }
            return z;
        } catch (Exception e) {
            throw new EIDException(e);
        }
    }

    public boolean verifyCRL(CertificateChain certificateChain, RNCertificate rNCertificate) throws EIDException {
        try {
            connectCard();
            boolean z = true;
            RootCertificate rootCert = certificateChain.getRootCert();
            if (rootCert.getStatus().equals(CertificateStatus.BEID_CERTSTATUS_CERT_NOT_VALIDATED)) {
                if (rootCert.getX509Certificate().getSubjectX500Principal().getName().equals(rootCert.getX509Certificate().getIssuerX500Principal().getName())) {
                    rootCert.setStatus(CertificateStatus.BEID_CERTSTATUS_SELF_SIGNED_CERT_IN_CHAIN);
                } else {
                    rootCert.setStatus(CertificateStatus.BEID_CERTSTATUS_CERT_NOT_VALIDATED);
                }
            }
            ArrayList<Certificate> arrayList = new ArrayList();
            arrayList.add(certificateChain.getCertificateAuthorityCert());
            arrayList.add(certificateChain.getAuthenticationCert());
            arrayList.add(certificateChain.getSignatureCert());
            arrayList.add(rNCertificate);
            for (Certificate certificate : arrayList) {
                X509Certificate x509Certificate = certificate.getX509Certificate();
                String str = new String(x509Certificate.getExtensionValue("2.5.29.31"));
                String substring = str.substring(str.indexOf("http://"));
                String substring2 = substring.substring(substring.lastIndexOf(47) + 1);
                boolean z2 = true;
                FileInputStream fileInputStream = null;
                try {
                    HTTPFileDownload.download(substring, substring2);
                    fileInputStream = new FileInputStream(substring2);
                } catch (IOException e) {
                    z2 = false;
                    certificate.setStatus(CertificateStatus.BEID_CERTSTATUS_UNABLE_TO_GET_CRL);
                    z = false;
                }
                if (z2) {
                    if (((X509CRL) CertificateFactory.getInstance("X.509").generateCRL(fileInputStream)).isRevoked(x509Certificate)) {
                        z = false;
                        certificate.setStatus(CertificateStatus.BEID_CERTSTATUS_CERT_REVOKED);
                    } else if (certificate.getStatus().equals(CertificateStatus.BEID_CERTSTATUS_CERT_NOT_VALIDATED)) {
                        certificate.setStatus(CertificateStatus.BEID_CERTSTATUS_CERT_VALIDATED_OK);
                    }
                    new File(substring2).delete();
                }
            }
            return z;
        } catch (Exception e2) {
            throw new EIDException(e2);
        }
    }

    private boolean verifyRoot() throws CertificateException, IOException, EIDException {
        if (this.fEnableTestCard) {
            return true;
        }
        if (getCertificateChain().getRootCert().getX509Certificate().equals(new HardCodedRootCertificate().getX509Certificate())) {
            return true;
        }
        getCertificateChain().getRootCert().setStatus(CertificateStatus.BEID_CERTSTATUS_INVALID_ROOT);
        return false;
    }

    private boolean verifyRNSignature(byte[] bArr, byte[] bArr2) throws EIDException, CertificateException, IOException, InvalidKeyException, NoSuchAlgorithmException, SignatureException {
        if (!this.fEnableTestCard && !getNationalRegisterCertificate().verify()) {
            return false;
        }
        try {
            Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM_AFTER_2016);
            PublicKey publicKey = getNationalRegisterCertificate().getX509Certificate().getPublicKey();
            try {
                signature.initVerify(publicKey);
                signature.update(bArr, 0, bArr.length);
                boolean verify = signature.verify(bArr2);
                this.cardVersion = EidDocumentVersion.ORIGINAL;
                return verify;
            } catch (Exception e) {
                LogFactory.getLog(getClass()).warn("Eid RN signature algorithm before 2016 failed, try to use algorithm after 2016...");
                Signature signature2 = Signature.getInstance(SIGNATURE_ALGORITHM_BEFORE_2016);
                signature2.initVerify(publicKey);
                signature2.update(bArr, 0, bArr.length);
                boolean verify2 = signature2.verify(bArr2);
                this.cardVersion = EidDocumentVersion.V_2016;
                return verify2;
            }
        } catch (NoSuchAlgorithmException e2) {
            throw e2;
        }
    }

    public void enableCardListener(CardListener cardListener) throws IllegalArgumentException {
        this.fCardListener = cardListener;
        this.fCardListenThread = new CardAlivePromptTask(this, this.fCardListener);
        this.fCardListenThread.start();
    }

    public void disableCardListener() {
        this.fCardListener = null;
        this.fCardListenThread.stopThread();
    }

    public CardListener getCardListener() {
        return this.fCardListener;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // be.belgium.eid.eidlib.SmartCard
    public void finalize() throws Throwable {
        super.finalize();
    }
}
