package com.idemia.mdw.j.c;

import com.idemia.mdw.b.c;
import com.idemia.mdw.b.d;
import com.idemia.mdw.data.nist.i;
import com.idemia.mdw.data.nist.k;
import com.idemia.mdw.data.nist.l;
import com.idemia.mdw.data.nist.template.CertificateTemplate;
import com.idemia.mdw.exception.CredentialLockedException;
import com.idemia.mdw.exception.CredentialValueException;
import com.idemia.mdw.exception.CryptographicSWException;
import com.idemia.mdw.exception.DataException;
import com.idemia.mdw.exception.FCPException;
import com.idemia.mdw.exception.GenericSWException;
import com.idemia.mdw.exception.GenericServiceException;
import com.idemia.mdw.exception.PaddingException;
import com.idemia.mdw.exception.RemainingTriesException;
import com.idemia.mdw.exception.SecureMessagingException;
import com.idemia.mdw.exception.SecurityViolationException;
import com.idemia.mdw.exception.TransmitException;
import com.idemia.mdw.h.f;
import com.idemia.mdw.h.g;
import com.idemia.mdw.h.j;
import com.idemia.mdw.icc.asn1.type.ConstructedSequence;
import com.idemia.mdw.icc.asn1.type.ImplicitConstructedSequence;
import com.idemia.mdw.icc.iso7816.type.DynamicAuthenticationTemplate;
import com.idemia.mdw.icc.iso7816.type.dynauth.Challenge;
import com.idemia.mdw.icc.iso7816.type.dynauth.Exponential;
import com.idemia.mdw.icc.iso7816.type.dynauth.Response;
import com.idemia.mdw.j.d;
import com.idemia.mdw.security.b;
import com.idemia.mdw.security.c.b;
import com.idemia.mdw.security.c.h;
import com.idemia.mdw.security.e;
import com.idemia.mdw.security.f;
import com.idemia.mdw.security.g;
import com.idemia.mdw.security.m;
import com.idemia.mdw.security.o;
import com.idemia.mdw.security.p;
import com.idemia.mdw.security.spec.AccessKeySpec;
import com.idemia.mdw.smartcardio.CardException;
import com.idemia.mdw.smartcardio.CommandAPDU;
import com.idemia.mdw.smartcardio.ResponseAPDU;
import com.idemia.mdw.smartcardio.apdu.a;
import com.idemia.mdw.smartcardio.apdu.o;
import com.idemia.mdw.smartcardio.stack.ISecureMessaging;
import idemia.bioserver.metadata.android.core.Configuration;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.TreeMap;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class c extends d {
    private static final Logger h = LoggerFactory.getLogger((Class<?>) c.class);
    private Map<String, com.idemia.mdw.security.c.c> i;
    private Map<String, g> j;
    private k k;
    private com.idemia.mdw.h.d l;
    private boolean m;
    private boolean n;
    private boolean o;

    public c(com.idemia.mdw.smartcardio.stack.a aVar) throws NoSuchAlgorithmException {
        super(aVar);
        h.info("New PIV Smartcard");
        this.j = new TreeMap();
        this.i = new ConcurrentHashMap();
        this.k = new k();
        this.m = false;
        this.n = false;
        this.o = false;
        this.b.a(new a());
        try {
            this.l = new com.idemia.mdw.h.d(a(com.idemia.mdw.j.c.g));
        } catch (GenericServiceException unused) {
            h.error("PIVSmartcard Contructor: Failed to init the Application Property Template");
        }
        try {
            this.j.putAll(j.b(this));
        } catch (GenericServiceException e) {
            h.error("PIVSmartcard Contructor: Failed to init the PIV Data Object map", (Throwable) e);
        }
        ISecureMessaging a2 = com.idemia.mdw.h.a.g.a(this);
        try {
            if (a2.init(new AccessKeySpec(new byte[1], "OPACITY", "RAW"))) {
                this.b.a(a2);
            }
        } catch (SecureMessagingException e2) {
            h.error("PIVSmartcard Contructor: Failed to init the secure messaging", (Throwable) e2);
        }
        if (!this.j.containsKey(l.DISCOVERY_OBJECT.name) || this.j.get(l.DISCOVERY_OBJECT.name).a()) {
            return;
        }
        try {
            i e3 = j.e(this);
            boolean f = e3.a().f();
            this.n = f;
            this.m = f;
            this.o = e3.a().g();
        } catch (GenericServiceException e4) {
            h.error("PIVSmartcard Contructor: Failed to get the PIV Discovery Object", (Throwable) e4);
        }
    }

    private com.idemia.mdw.security.i a(String str, com.idemia.mdw.security.k kVar, com.idemia.mdw.security.g gVar) throws DataException {
        String str2;
        m eVar;
        h.debug("createKeyPairRecord('" + str + "', " + gVar.a().name + "', " + gVar.a().privBitLength + " bits)");
        if (this.d.containsKey(str)) {
            throw new DataException("Alias already exists");
        }
        Iterator<Map.Entry<String, com.idemia.mdw.security.c.c>> it = this.i.entrySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                str2 = "";
                break;
            }
            Map.Entry<String, com.idemia.mdw.security.c.c> next = it.next();
            if (next.getValue().c().d() == kVar.d()) {
                str2 = next.getKey();
                break;
            }
        }
        if (str2.isEmpty()) {
            throw new DataException("Error in Key Container Map. Cannot find key container for key ID 0x" + com.idemia.mdw.k.g.a(kVar.d()));
        }
        if (!this.i.get(str2).d()) {
            throw new DataException("Key Container " + this.i.get(str2) + " is already filled.");
        }
        if (gVar.a().type.equals(f.a.RSA)) {
            eVar = new p("RSA Public Key", (byte) 0, new o(gVar.a(g.a.publicModulus), gVar.a(g.a.publicExponent)), this);
        } else {
            if (!gVar.a().type.equals(f.a.ECC)) {
                throw new DataException("Invalid key algorithm: " + gVar.a().name);
            }
            eVar = new e("ECC Public Key", (byte) 0, new com.idemia.mdw.security.d(gVar.a(g.a.eccPublicPoint)), this);
        }
        com.idemia.mdw.security.c.c remove = this.i.remove(str2);
        remove.a(false);
        remove.c().a(gVar.a());
        this.i.put(str, remove);
        return new com.idemia.mdw.security.i(eVar, this.i.get(str).c());
    }

    private static List<CommandAPDU> a(com.idemia.mdw.security.k kVar, com.idemia.mdw.security.g gVar) throws GenericServiceException {
        Logger logger = h;
        logger.debug("writePrivateKeyCommand");
        ArrayList arrayList = new ArrayList();
        logger.debug("Known key ID = 0x" + com.idemia.mdw.k.g.a(kVar.d()));
        com.idemia.mdw.h.c c = com.idemia.mdw.h.c.c(gVar.a());
        if (gVar.a().type.equals(f.a.RSA)) {
            h hVar = new h(gVar);
            for (h.a aVar : h.a.values()) {
                arrayList.add(com.idemia.mdw.smartcardio.apdu.k.c().a(true).a(b.a(new byte[]{kVar.d(), c.id}, hVar.a(aVar))).a(0).a());
            }
        } else {
            if (!gVar.a().type.equals(f.a.ECC)) {
                throw new DataException("Invalid key algorithm: " + gVar.a().name);
            }
            com.idemia.mdw.security.c.b bVar = new com.idemia.mdw.security.c.b(gVar);
            for (b.a aVar2 : b.a.values()) {
                arrayList.add(com.idemia.mdw.smartcardio.apdu.k.c().a(true).a(b.a(new byte[]{kVar.d(), c.id}, bVar.a(aVar2))).a(0).a());
            }
        }
        return arrayList;
    }

    private String d(String str) {
        h.debug("findKeyContainer");
        for (String str2 : this.i.keySet()) {
            com.idemia.mdw.security.c.c cVar = this.i.get(str2);
            if (cVar.c() != null && cVar.c().c().equals(str)) {
                return str2;
            }
        }
        return "";
    }

    private boolean h(byte[] bArr) throws DataException, TransmitException, GenericSWException {
        Cipher cipher;
        SecretKeySpec secretKeySpec;
        Logger logger = h;
        logger.debug("authenticateAdmin");
        Objects.requireNonNull(bArr, "Null key");
        if (!this.d.containsKey(com.idemia.mdw.h.l.CARD_MANAGEMENT.keyAlias) || this.i.get(com.idemia.mdw.h.l.CARD_MANAGEMENT.keyAlias).d() || !this.i.get(com.idemia.mdw.h.l.CARD_MANAGEMENT.keyAlias).c().a().type.isSymmetric) {
            logger.error("Cannot authenticate as PIV Card Application Administrator. " + com.idemia.mdw.h.l.CARD_MANAGEMENT.keyAlias + " is missing or wrong type.");
            return false;
        }
        byte[] a2 = a(32);
        try {
            if (this.d.get(com.idemia.mdw.h.l.CARD_MANAGEMENT.keyAlias).a().type.equals(f.a.DES)) {
                cipher = Cipher.getInstance("DESEDE/ECB/NoPadding");
                secretKeySpec = new SecretKeySpec(bArr, "DESEDE");
            } else {
                if (!this.d.get(com.idemia.mdw.h.l.CARD_MANAGEMENT.keyAlias).a().type.equals(f.a.AES)) {
                    logger.error("Cannot authenticate as PIV Card Application Administrator. Error with algorithm type " + this.d.get(com.idemia.mdw.h.l.CARD_MANAGEMENT.keyAlias).a().name);
                    return false;
                }
                cipher = Cipher.getInstance("AES/ECB/NoPadding");
                secretKeySpec = new SecretKeySpec(bArr, Configuration.AES);
            }
            cipher.init(1, secretKeySpec);
            byte[] bArr2 = new byte[cipher.getOutputSize(a2.length)];
            cipher.doFinal(bArr2, cipher.update(a2, 0, a2.length, bArr2, 0));
            com.idemia.mdw.smartcardio.apdu.d a3 = com.idemia.mdw.smartcardio.apdu.d.c().a(true);
            a3.d(this.d.get(com.idemia.mdw.h.l.CARD_MANAGEMENT.keyAlias).d());
            a3.c(com.idemia.mdw.h.c.a(((com.idemia.mdw.security.c.g) this.d.get(com.idemia.mdw.h.l.CARD_MANAGEMENT.keyAlias)).a()).id);
            try {
                ResponseAPDU a4 = this.b.a(a3.a(new DynamicAuthenticationTemplate(null, null, new Response(bArr2), null, null, null, null).getBerElement()).a(0).a());
                if (!a4.isOk()) {
                    throw new GenericSWException(a4.getSW(), "Transmit error during admin auth operation");
                }
                this.g = "ADMINISTRATOR PIN";
                return true;
            } catch (CardException e) {
                throw new TransmitException("Transmit error during admin auth operation", e);
            }
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException | ShortBufferException e2) {
            h.error("Cannot cipher challenge for PIV Card Application Administrator authentifcation. " + e2.toString());
            return false;
        }
    }

    private static byte[] i(byte[] bArr) {
        Logger logger = h;
        logger.debug("parseData");
        if (bArr == null) {
            logger.error("Buffer Null");
            return new byte[0];
        }
        try {
            com.idemia.mdw.icc.asn1.type.c a2 = new com.idemia.mdw.icc.asn1.type.g().a(bArr, 0, bArr.length);
            if (!(a2 instanceof ImplicitConstructedSequence)) {
                logger.error("Invalid TLV parsing");
                return new byte[0];
            }
            ImplicitConstructedSequence implicitConstructedSequence = (ImplicitConstructedSequence) a2;
            List<com.idemia.mdw.icc.asn1.type.c> elementList = implicitConstructedSequence.getElementList();
            if (implicitConstructedSequence.getTag().a() != DynamicAuthenticationTemplate.f983a.a()) {
                logger.error("Invalid Tag. Must be 0x7C instead of (0x" + Integer.toHexString(implicitConstructedSequence.getTag().a()) + ")");
                return new byte[0];
            }
            if (elementList.size() != 1) {
                logger.error("Invalid data structure. Must be 1 instead of (" + elementList.size() + ")");
                return new byte[0];
            }
            if (elementList.get(0).getTag().a() == Response.f1014a.a()) {
                return elementList.get(0).getBerValue();
            }
            logger.error("Invalid tag . Must be 0x82 instead of (0x" + Integer.toHexString(elementList.get(0).getTag().a()) + ")");
            return new byte[0];
        } catch (Exception e) {
            h.error("Invalid TLV encoding: " + e.getMessage());
            return new byte[0];
        }
    }

    private com.idemia.mdw.security.k s() {
        h.debug("findFirstFreeAsymKey");
        Iterator<String> it = this.i.keySet().iterator();
        while (it.hasNext()) {
            com.idemia.mdw.security.c.c cVar = this.i.get(it.next());
            if (cVar.d() && (cVar.e().equals(com.idemia.mdw.security.c.f.ASYMMETRIC_KEY_PAIR) || cVar.e().equals(com.idemia.mdw.security.c.f.ASYMMETRIC))) {
                return cVar.c();
            }
        }
        return null;
    }

    @Override // com.idemia.mdw.j.e
    public final com.idemia.mdw.b.c a(com.idemia.mdw.j.f fVar, String str, c.a aVar) throws DataException {
        if (fVar.equals(com.idemia.mdw.j.f.FILE_READ)) {
            if (!this.c.containsKey(str)) {
                throw new DataException("Alias Not Found: " + str);
            }
            if (!((com.idemia.mdw.data.c.a) this.c.get(str)).b()) {
                return null;
            }
        }
        if (aVar.equals(c.a.Password)) {
            return this.e.containsKey("APPLICATION PIN") ? this.e.get("APPLICATION PIN") : new com.idemia.mdw.b.b.d("APPLICATION PIN", com.idemia.mdw.h.m.a(f.b.LOCAL_PIN$c4c2277), d.b.ASCII_NUMERIC, (byte) 8, (byte) 4, (byte) 8, true, true, (byte) 0, (byte) 0);
        }
        if (p()) {
            return this.e.containsKey("LOCAL FINGERPRINT DATA") ? this.e.get("LOCAL FINGERPRINT DATA") : new com.idemia.mdw.b.b.e("LOCAL FINGERPRINT DATA", com.idemia.mdw.h.m.a(f.b.LOCAL_FINGERPRINT$c4c2277), true, true, (byte) 0, (byte) 0);
        }
        return null;
    }

    @Override // com.idemia.mdw.j.e
    public final com.idemia.mdw.security.i a(String str, com.idemia.mdw.security.f fVar) throws GenericServiceException {
        Logger logger = h;
        logger.debug("generateAsymetricKeyPair");
        Objects.requireNonNull(str, "Null alias");
        if (this.d.containsKey(str)) {
            throw new DataException("Alias already exists");
        }
        com.idemia.mdw.security.k s = s();
        if (s == null) {
            throw new GenericServiceException("Key Container Map is full");
        }
        String d = d(str);
        if (!d.isEmpty()) {
            if (!this.i.get(d).d()) {
                throw new GenericServiceException("There is a key in the key container with alias [" + this.i.get(d).b() + "]");
            }
            s = this.i.get(d).c();
        }
        logger.debug("Generate Asymmetric Key Pair with ID 0x" + com.idemia.mdw.k.g.a(s.d()));
        com.idemia.mdw.smartcardio.apdu.e a2 = com.idemia.mdw.smartcardio.apdu.e.c().a(true);
        a2.d(s.d());
        try {
            ResponseAPDU a3 = this.b.a(a2.a(b.a(com.idemia.mdw.h.c.c(fVar))).a(0).a());
            if (!a3.isOk()) {
                throw new CryptographicSWException(a3.getSW());
            }
            byte[] data = a3.getData();
            logger.debug("extractDataFromKeyGeneration");
            com.idemia.mdw.d.a.l lVar = new com.idemia.mdw.d.a.l();
            lVar.a(data);
            com.idemia.mdw.security.i a4 = a(str, s, lVar.d() ? new o(lVar.a(), lVar.b()) : new com.idemia.mdw.security.d(lVar.c()));
            this.d.put(str, a4.a());
            return a4;
        } catch (CardException e) {
            throw new TransmitException("Transmit error during generate random operation", e);
        }
    }

    @Override // com.idemia.mdw.j.e
    public final com.idemia.mdw.security.k a(String str, com.idemia.mdw.security.g gVar, Certificate certificate) throws GenericServiceException {
        boolean z;
        X509Certificate x509Certificate;
        String str2;
        h.debug("writeKey");
        Objects.requireNonNull(str, "Null alias");
        if (this.d.containsKey(str)) {
            throw new GenericServiceException("Alias already exists");
        }
        if (!com.idemia.mdw.h.c.d(gVar.a()) || (!gVar.a().type.equals(f.a.RSA) && !gVar.a().type.equals(f.a.ECC))) {
            throw new DataException("Invalid key algorithm: " + gVar.a().name);
        }
        com.idemia.mdw.security.k s = s();
        if (s == null) {
            throw new GenericServiceException("Key Container Map is full");
        }
        String d = d(str);
        if (d.isEmpty()) {
            if (certificate != null) {
                Iterator<com.idemia.mdw.h.g> it = this.j.values().iterator();
                while (true) {
                    z = true;
                    boolean z2 = false;
                    if (!it.hasNext()) {
                        z = false;
                        break;
                    }
                    com.idemia.mdw.h.g next = it.next();
                    if (!next.a() && (next instanceof com.idemia.mdw.h.e)) {
                        com.idemia.mdw.h.e eVar = (com.idemia.mdw.h.e) next;
                        if (eVar.b() != null && (x509Certificate = eVar.b().getX509Certificate()) != null && x509Certificate.equals(certificate)) {
                            Iterator<com.idemia.mdw.security.k> it2 = this.d.values().iterator();
                            while (true) {
                                if (!it2.hasNext()) {
                                    break;
                                }
                                if (eVar.a(it2.next())) {
                                    z2 = true;
                                    break;
                                }
                            }
                            if (z2) {
                                continue;
                            } else {
                                Iterator<Map.Entry<String, com.idemia.mdw.security.c.c>> it3 = this.i.entrySet().iterator();
                                while (true) {
                                    if (!it3.hasNext()) {
                                        str2 = "";
                                        break;
                                    }
                                    Map.Entry<String, com.idemia.mdw.security.c.c> next2 = it3.next();
                                    if (next2.getValue().d() && eVar.a(next2.getValue().c())) {
                                        str2 = next2.getKey();
                                        break;
                                    }
                                }
                                if (!str2.isEmpty()) {
                                    s = this.i.get(str2).c();
                                    break;
                                }
                            }
                        }
                    }
                }
                if (!z) {
                    throw new GenericServiceException("No certificate associated with private key is found on smartcard");
                }
            }
        } else {
            if (!this.i.get(d).d()) {
                throw new GenericServiceException("There is a key in the key container with alias [" + this.i.get(d).b() + "]");
            }
            s = this.i.get(d).c();
        }
        h.debug("Load private key into container ID 0x" + com.idemia.mdw.k.g.a(s.d()));
        try {
            ResponseAPDU a2 = this.b.a(a(s, gVar));
            if (!a2.isOk()) {
                throw new GenericSWException(a2.getSW());
            }
            com.idemia.mdw.security.i a3 = a(str, s, gVar);
            this.d.put(str, a3.a());
            Iterator<com.idemia.mdw.h.g> it4 = this.j.values().iterator();
            while (true) {
                if (!it4.hasNext()) {
                    break;
                }
                com.idemia.mdw.h.g next3 = it4.next();
                if (!next3.a() && (next3 instanceof com.idemia.mdw.h.e)) {
                    com.idemia.mdw.h.e eVar2 = (com.idemia.mdw.h.e) next3;
                    if (eVar2.a(this.d.get(str))) {
                        if (this.f.containsKey(eVar2.c().c())) {
                            this.f.remove(eVar2.c().c());
                        }
                        this.f.put(eVar2.c().c(), new com.idemia.mdw.security.c.a(eVar2, this.d.get(str), this));
                    }
                }
            }
            return a3.a();
        } catch (CardException e) {
            throw new TransmitException("Transmit error during key loading operation", e);
        }
    }

    @Override // com.idemia.mdw.j.e
    public final X509Certificate a(String str) throws GenericServiceException {
        StringBuilder append;
        Logger logger = h;
        logger.debug("readCertificate");
        Objects.requireNonNull(str, "Null alias");
        if (!this.f.containsKey(str)) {
            throw new DataException("No found certificate with alias: " + str);
        }
        if (!(this.f.get(str) instanceof com.idemia.mdw.security.c.a)) {
            throw new DataException("Wrong type of certificate with alias (" + str + "): " + this.f.get(str).getClass().getSimpleName());
        }
        if (!this.j.containsKey(str)) {
            throw new GenericServiceException("Wrong alias");
        }
        if (!this.j.get(str).a()) {
            if (!(this.j.get(str) instanceof com.idemia.mdw.h.e)) {
                throw new DataException("Wrong type of Data Object for certificate with alias (" + str + "): " + this.j.get(str).getClass().getSimpleName());
            }
            if (!com.idemia.mdw.h.m.a(this.k, ((com.idemia.mdw.security.c.a) this.f.get(str)).d().d())) {
                logger.info("Reading certificate in container: " + this.j.get(str).e().c());
                try {
                    this.j.get(str).a(a(this.j.get(str).e().e()));
                } catch (IOException e) {
                    throw new DataException("An exception occurred while reading certificate", e);
                }
            } else if (((com.idemia.mdw.h.e) this.j.get(str)).b() == null) {
                append = new StringBuilder("Failed to retrieve online certificate ").append(str);
            }
            return ((com.idemia.mdw.h.e) this.j.get(str)).b().getX509Certificate();
        }
        append = new StringBuilder("PIV Container with alias ").append(str).append(" [").append(this.j.get(str).e().c()).append("] is empty");
        logger.error(append.toString());
        return null;
    }

    @Override // com.idemia.mdw.j.e
    public final void a(boolean z) throws GenericServiceException {
        Logger logger = h;
        logger.info("Content Discovery Process -- Start");
        m();
        o();
        l();
        if (z) {
            n();
        }
        logger.info("Content Discovery Process -- End");
    }

    @Override // com.idemia.mdw.j.d
    public final boolean a() {
        return this.m;
    }

    @Override // com.idemia.mdw.j.d, com.idemia.mdw.j.e
    public final boolean a(com.idemia.mdw.b.c cVar) throws GenericServiceException {
        h.debug("isAuthenticated");
        Objects.requireNonNull(cVar, "Null credential");
        try {
            com.idemia.mdw.smartcardio.apdu.o c = com.idemia.mdw.smartcardio.apdu.o.c();
            c.d(cVar.c());
            return a(c.a());
        } catch (RemainingTriesException e) {
            h.warn("isAuthenticate: " + e.getMessage());
            return false;
        }
    }

    @Override // com.idemia.mdw.j.d, com.idemia.mdw.j.e
    public final boolean a(com.idemia.mdw.b.c cVar, byte[] bArr) throws DataException, CredentialValueException, GenericSWException, TransmitException {
        Logger logger = h;
        logger.debug("authenticate");
        Objects.requireNonNull(cVar, "Null credential");
        Objects.requireNonNull(bArr, "Null buffer");
        if (this.e.containsValue(cVar)) {
            return cVar.d().equals("ADMINISTRATOR PIN") ? h(bArr) : super.a(cVar, bArr);
        }
        logger.error("Authenticate: Credential (" + cVar.f() + ") not found");
        return false;
    }

    @Override // com.idemia.mdw.j.e
    public final boolean a(String str, com.idemia.mdw.security.a aVar) throws GenericServiceException {
        Logger logger = h;
        logger.debug("writeCertificate");
        Objects.requireNonNull(str, "Null alias");
        if (this.f.containsKey(str)) {
            throw new GenericServiceException("Alias already exists");
        }
        if (!this.j.containsKey(str)) {
            throw new GenericServiceException("Wrong alias");
        }
        if (!this.j.get(str).a()) {
            throw new GenericServiceException("PIV Container " + this.j.get(str).e().c() + " is already filled.");
        }
        if (!(this.j.get(str) instanceof com.idemia.mdw.h.e)) {
            throw new DataException("Wrong type of Data Object for certificate with alias (" + str + "): " + this.j.get(str).getClass().getSimpleName());
        }
        com.idemia.mdw.h.e eVar = (com.idemia.mdw.h.e) this.j.get(str);
        if (aVar.b().a() && !eVar.a(aVar.b().b())) {
            throw new DataException("Invalid data: the alias does not match with key record info in input certificate record");
        }
        try {
            eVar.a(CertificateTemplate.encode(aVar.a()));
            if (eVar.b() == null) {
                logger.error("Failed to parse certificate");
                return false;
            }
            try {
                ResponseAPDU a2 = this.b.a(com.idemia.mdw.smartcardio.apdu.k.c().a(true).a(b.a(eVar.c().e().d(), eVar.b().getBerValue())).a(0).a());
                if (!a2.isOk()) {
                    throw new GenericSWException(a2.getSW());
                }
                if (!aVar.b().a()) {
                    Iterator<com.idemia.mdw.security.k> it = this.d.values().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        com.idemia.mdw.security.k next = it.next();
                        if (eVar.a(next)) {
                            aVar = new com.idemia.mdw.security.c.a(eVar, next, this);
                            break;
                        }
                    }
                }
                this.f.put(str, aVar);
                return true;
            } catch (CardException e) {
                throw new TransmitException("Transmit error during generate random operation", e);
            }
        } catch (IOException | CertificateEncodingException e2) {
            throw new DataException("An exception occurred while parsing certificate", e2);
        }
    }

    @Override // com.idemia.mdw.j.e
    public final boolean a(Key key) throws GenericServiceException {
        Logger logger = h;
        logger.debug("openSession");
        m();
        if (!this.m || !this.e.containsKey("PAIRING CODE")) {
            return true;
        }
        logger.info("== Smartcard Pairing - Start ==");
        if (!key.getFormat().equals("PAIRING CODE")) {
            logger.error("Unsupported password type: " + key.getFormat());
            logger.info("== Smartcard Pairing - End ==");
            return false;
        }
        try {
            if (!a(this.e.get("PAIRING CODE"), key.getEncoded())) {
                logger.error("Fail to initialize security conditions");
                logger.info("== Smartcard Pairing - End ==");
                return false;
            }
            com.idemia.mdw.smartcardio.d.a.a().a(key);
            this.n = false;
            logger.info("== Smartcard Pairing - End ==");
            return true;
        } catch (CredentialLockedException e) {
            throw new CredentialValueException(e);
        }
    }

    @Override // com.idemia.mdw.j.d, com.idemia.mdw.j.e
    public final byte[] a(com.idemia.mdw.security.k kVar, ECPublicKey eCPublicKey) throws GenericServiceException {
        h.debug("generateSharedSecret");
        if (kVar == null || eCPublicKey == null) {
            throw new NullPointerException("Null private key record or public key");
        }
        if (!kVar.a().type.equals(f.a.ECC)) {
            throw new DataException("Invalid private key type: " + kVar.a().type.name());
        }
        byte[] a2 = com.idemia.mdw.k.o.a(eCPublicKey.getW(), eCPublicKey.getParams().getCurve());
        com.idemia.mdw.smartcardio.apdu.d a3 = com.idemia.mdw.smartcardio.apdu.d.c().a(true);
        a3.d(kVar.d());
        a3.c(com.idemia.mdw.h.c.b(kVar.a()).id);
        try {
            ResponseAPDU a4 = this.b.a(a3.a(new DynamicAuthenticationTemplate(null, null, new Response(new byte[0]), null, null, new Exponential(a2), null).getBerElement()).a(0).a());
            if (a4.isOk()) {
                return i(a4.getData());
            }
            throw new CryptographicSWException(a4.getSW());
        } catch (CardException e) {
            throw new TransmitException("Transmit error during generate shared secret", e);
        }
    }

    @Override // com.idemia.mdw.j.d
    protected final byte[] a(byte[] bArr, boolean z) {
        h.debug("extractSignature");
        byte[] berValue = new ConstructedSequence(bArr, 0, bArr.length).getDataElements().get(0).getBerValue();
        return new ConstructedSequence(berValue, 0, berValue.length).getDataElements().get(0).getBerValue();
    }

    @Override // com.idemia.mdw.j.d
    protected final CommandAPDU b(int i) throws DataException, GenericSWException, TransmitException {
        h.debug("generateRandomCommand");
        if (this.i.isEmpty()) {
            o();
        }
        if (!this.i.containsKey(com.idemia.mdw.h.l.CARD_MANAGEMENT.keyAlias) || this.i.get(com.idemia.mdw.h.l.CARD_MANAGEMENT.keyAlias).d()) {
            throw new IllegalStateException("Key Container with alias (" + com.idemia.mdw.h.l.CARD_MANAGEMENT.keyAlias + ") for random generation is not found");
        }
        com.idemia.mdw.smartcardio.apdu.d a2 = com.idemia.mdw.smartcardio.apdu.d.c().a(true);
        a2.d((byte) -101);
        a2.c(com.idemia.mdw.h.c.a(this.i.get(com.idemia.mdw.h.l.CARD_MANAGEMENT.keyAlias).c().a()).id);
        return a2.a(new DynamicAuthenticationTemplate(null, new Challenge(new byte[0]), null, null, null, null, null).getBerElement()).a(0).a();
    }

    @Override // com.idemia.mdw.j.d
    protected final List<CommandAPDU> b(com.idemia.mdw.security.k kVar, byte[] bArr, b.d dVar) throws DataException {
        h.debug("decipherCommand");
        if (!dVar.equals(b.d.NONE) && !dVar.equals(b.d.RSA_PKCS1)) {
            throw new DataException("Invalid padding mechanism for smartcard: " + dVar.name);
        }
        com.idemia.mdw.smartcardio.apdu.d a2 = com.idemia.mdw.smartcardio.apdu.d.c().a(true);
        a2.d(kVar.d());
        a2.c(com.idemia.mdw.h.c.c(kVar.a()).id);
        return Collections.singletonList(a2.a(new DynamicAuthenticationTemplate(null, new Challenge(bArr), new Response(new byte[0]), null, null, null).getBerElement()).a(0).a());
    }

    /* JADX WARN: Code restructure failed: missing block: B:4:0x0034, code lost:
    
        if (r11.length == (r10.a().privBitLength >> 3)) goto L12;
     */
    @Override // com.idemia.mdw.j.d
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected final java.util.List<com.idemia.mdw.smartcardio.CommandAPDU> b(com.idemia.mdw.security.k r10, byte[] r11, com.idemia.mdw.security.b.e r12, com.idemia.mdw.security.b.EnumC0036b r13, com.idemia.mdw.security.b.d r14, boolean r15) throws com.idemia.mdw.exception.GenericServiceException {
        /*
            r9 = this;
            org.slf4j.Logger r12 = com.idemia.mdw.j.c.c.h
            java.lang.String r13 = "signCommand"
            r12.debug(r13)
            com.idemia.mdw.security.f r13 = r10.a()
            com.idemia.mdw.h.c r13 = com.idemia.mdw.h.c.c(r13)
            com.idemia.mdw.security.f r14 = r10.a()
            com.idemia.mdw.security.f$a r14 = r14.type
            com.idemia.mdw.security.f$a r15 = com.idemia.mdw.security.f.a.RSA
            boolean r14 = r14.equals(r15)
            r15 = 1
            r0 = 0
            if (r14 == 0) goto L37
            com.idemia.mdw.security.f r12 = r10.a()
            int r12 = r12.privBitLength
            int r12 = r12 >> 3
            byte[] r11 = com.idemia.mdw.k.j.b(r11, r12)
            int r12 = r11.length
            com.idemia.mdw.security.f r14 = r10.a()
            int r14 = r14.privBitLength
            int r14 = r14 >> 3
            if (r12 != r14) goto L7c
            goto L7a
        L37:
            com.idemia.mdw.security.f r14 = r10.a()
            com.idemia.mdw.security.f$a r14 = r14.type
            com.idemia.mdw.security.f$a r1 = com.idemia.mdw.security.f.a.ECC
            boolean r14 = r14.equals(r1)
            if (r14 == 0) goto L7c
            com.idemia.mdw.security.f r14 = r10.a()
            int r14 = r14.privBitLength
            int r14 = r14 >> 3
            int r1 = r11.length
            if (r14 >= r1) goto L7a
            java.lang.StringBuilder r14 = new java.lang.StringBuilder
            java.lang.String r1 = "Trim hash to match private key size ("
            r14.<init>(r1)
            com.idemia.mdw.security.f r1 = r10.a()
            int r1 = r1.privBitLength
            java.lang.StringBuilder r14 = r14.append(r1)
            java.lang.String r1 = ")"
            java.lang.StringBuilder r14 = r14.append(r1)
            java.lang.String r14 = r14.toString()
            r12.warn(r14)
            com.idemia.mdw.security.f r12 = r10.a()
            int r12 = r12.privBitLength
            int r12 = r12 >> 3
            byte[] r11 = com.idemia.mdw.c.a.d.a(r11, r0, r12)
        L7a:
            r12 = r15
            goto L7d
        L7c:
            r12 = r0
        L7d:
            if (r12 == 0) goto Lbf
            com.idemia.mdw.smartcardio.apdu.d r12 = com.idemia.mdw.smartcardio.apdu.d.c()
            com.idemia.mdw.smartcardio.apdu.d r12 = r12.a(r15)
            byte r10 = r10.d()
            r12.d(r10)
            byte r10 = r13.id
            r12.c(r10)
            com.idemia.mdw.icc.iso7816.type.DynamicAuthenticationTemplate r10 = new com.idemia.mdw.icc.iso7816.type.DynamicAuthenticationTemplate
            r2 = 0
            com.idemia.mdw.icc.iso7816.type.dynauth.Challenge r3 = new com.idemia.mdw.icc.iso7816.type.dynauth.Challenge
            r3.<init>(r11)
            com.idemia.mdw.icc.iso7816.type.dynauth.Response r4 = new com.idemia.mdw.icc.iso7816.type.dynauth.Response
            byte[] r11 = new byte[r0]
            r4.<init>(r11)
            r5 = 0
            r6 = 0
            r7 = 0
            r8 = 0
            r1 = r10
            r1.<init>(r2, r3, r4, r5, r6, r7, r8)
            byte[] r10 = r10.getBerElement()
            com.idemia.mdw.smartcardio.apdu.a$a r10 = r12.a(r10)
            com.idemia.mdw.smartcardio.apdu.a$a r10 = r10.a(r0)
            com.idemia.mdw.smartcardio.CommandAPDU r10 = r10.a()
            java.util.List r10 = java.util.Collections.singletonList(r10)
            return r10
        Lbf:
            com.idemia.mdw.exception.DataException r10 = new com.idemia.mdw.exception.DataException
            java.lang.StringBuilder r12 = new java.lang.StringBuilder
            java.lang.String r14 = "Input data has invalid length "
            r12.<init>(r14)
            int r11 = r11.length
            java.lang.StringBuilder r11 = r12.append(r11)
            java.lang.String r12 = " for algorithm "
            java.lang.StringBuilder r11 = r11.append(r12)
            java.lang.String r12 = r13.name
            java.lang.StringBuilder r11 = r11.append(r12)
            java.lang.String r11 = r11.toString()
            r10.<init>(r11)
            throw r10
        */
        throw new UnsupportedOperationException("Method not decompiled: com.idemia.mdw.j.c.c.b(com.idemia.mdw.security.k, byte[], com.idemia.mdw.security.b$e, com.idemia.mdw.security.b$b, com.idemia.mdw.security.b$d, boolean):java.util.List");
    }

    @Override // com.idemia.mdw.j.d, com.idemia.mdw.j.e
    public final boolean b() {
        return j() && this.m && this.n;
    }

    @Override // com.idemia.mdw.j.d, com.idemia.mdw.j.e
    public final boolean b(com.idemia.mdw.b.c cVar) throws DataException, GenericSWException, TransmitException {
        Logger logger = h;
        logger.debug("deAuthenticate");
        Objects.requireNonNull(cVar, "Null credential");
        if (!this.e.containsValue(cVar)) {
            throw new DataException("Credential (" + cVar.f() + ") not found");
        }
        if (cVar.d().equals("ADMINISTRATOR PIN")) {
            logger.error("DeAuthenticate Credential (" + cVar.f() + "): Not Supported");
            return false;
        }
        logger.info("Deauthentication for credential: " + cVar.f());
        try {
            com.idemia.mdw.smartcardio.stack.a aVar = this.b;
            o.a d = o.a.d();
            d.d(cVar.c());
            ResponseAPDU a2 = aVar.a(d.a());
            if (a2.isOk()) {
                return super.b(cVar);
            }
            throw new GenericSWException(a2.getSW());
        } catch (CardException e) {
            throw new TransmitException("Transmit error while deauthenticate", e);
        }
    }

    @Override // com.idemia.mdw.j.e
    public final boolean b(String str) throws GenericServiceException {
        Logger logger = h;
        logger.debug("deleteCertificate");
        Objects.requireNonNull(str, "Null alias");
        if (!this.f.containsKey(str)) {
            throw new GenericServiceException("No found certificate with alias: " + str);
        }
        if (!this.j.containsKey(str)) {
            throw new GenericServiceException("Wrong alias");
        }
        if (this.j.get(str).a()) {
            logger.error("Nothing to delete : PIV Container with alias " + str + " [" + this.j.get(str).e().c() + "] is empty");
            return false;
        }
        logger.info("Deleting certificate in container: " + this.j.get(str).e().c());
        try {
            ResponseAPDU a2 = this.b.a(com.idemia.mdw.smartcardio.apdu.k.c().a(true).a(b.a(this.j.get(str).e().e().d(), new byte[0])).a(0).a());
            if (!a2.isOk()) {
                throw new GenericSWException(a2.getSW());
            }
            try {
                this.j.get(str).a(b.f1095a);
                this.f.remove(str);
                return true;
            } catch (IOException e) {
                throw new GenericServiceException("An exception occurred while creating an empty certificate", e);
            }
        } catch (CardException e2) {
            throw new TransmitException("Transmit error during delete certificate operation", e2);
        }
    }

    @Override // com.idemia.mdw.j.e
    public final boolean c(String str) throws GenericServiceException {
        Logger logger = h;
        logger.debug("deleteKey");
        Objects.requireNonNull(str, "Null alias");
        if (!this.d.containsKey(str)) {
            throw new GenericServiceException("No found key with alias: " + str);
        }
        if (!this.i.containsKey(str)) {
            throw new GenericServiceException("Key Container Map does not contain alias: " + str);
        }
        if (this.i.get(str).d()) {
            logger.error("Nothing to delete : Key Container with alias " + str + " [" + this.i.get(str).b() + "] is empty");
            return false;
        }
        logger.info("Deleting key with label: " + this.d.get(str).c());
        a.C0038a a2 = com.idemia.mdw.smartcardio.apdu.k.c().a(true).a(0);
        if (this.d.get(str).a().type.isSymmetric) {
            a2.a(b.a(new byte[]{this.d.get(str).d(), com.idemia.mdw.security.c.f.SYMMETRIC.id}, new byte[0]));
        } else {
            a2.a(b.a(new byte[]{this.d.get(str).d(), com.idemia.mdw.security.c.f.ASYMMETRIC.id}, new byte[0]));
        }
        try {
            ResponseAPDU a3 = this.b.a(a2.a());
            if (a3.getSW() == 27010) {
                throw new SecurityViolationException(a3.getSW());
            }
            if (!a3.isOk()) {
                throw new GenericSWException(a3.getSW());
            }
            Iterator<com.idemia.mdw.h.g> it = this.j.values().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                com.idemia.mdw.h.g next = it.next();
                if (!next.a() && (next instanceof com.idemia.mdw.h.e)) {
                    com.idemia.mdw.h.e eVar = (com.idemia.mdw.h.e) next;
                    if (eVar.a(this.d.get(str))) {
                        if (this.f.containsKey(eVar.c().c())) {
                            this.f.remove(eVar.c().c());
                        }
                        this.f.put(eVar.c().c(), new com.idemia.mdw.security.c.a(eVar, null, this));
                    }
                }
            }
            o();
            return true;
        } catch (CardException e) {
            throw new TransmitException("Transmit error during delete key operation", e);
        }
    }

    @Override // com.idemia.mdw.j.d
    protected final byte[] c(byte[] bArr) {
        return a(bArr, false);
    }

    @Override // com.idemia.mdw.j.d
    protected final byte[] d(byte[] bArr) {
        return a(bArr, false);
    }

    @Override // com.idemia.mdw.j.d
    protected final byte[] e(byte[] bArr) throws PaddingException {
        return com.idemia.mdw.k.j.a(bArr);
    }

    @Override // com.idemia.mdw.j.d, com.idemia.mdw.j.e
    public final String f() {
        return "PAIRING CODE";
    }

    @Override // com.idemia.mdw.j.d
    protected final int g(byte[] bArr) throws FCPException {
        throw new FCPException("Not supported feature");
    }

    @Override // com.idemia.mdw.j.d
    protected final void l() throws GenericServiceException {
        Logger logger = h;
        logger.info("== Certificate List Init - Start ==");
        this.f.clear();
        if ((!this.b.b().isContactLess() || this.o) && this.j.containsKey(l.KEY_HISTORY_OBJECT.name) && !this.j.get(l.KEY_HISTORY_OBJECT.name).a()) {
            this.k = j.f(this);
            logger.info("There are " + this.k.a() + "  on-card retired certificates");
            logger.info("There are " + this.k.b() + " off-card retired certificates");
            logger.info("URL : " + this.k.f());
            if (this.k.b() != 0 && !this.k.f().isEmpty()) {
                try {
                    for (Map.Entry<com.idemia.mdw.h.l, X509Certificate> entry : com.idemia.mdw.h.k.a(new URL(this.k.f())).entrySet()) {
                        if (com.idemia.mdw.h.m.a(this.k, entry.getKey()) && this.j.containsKey(entry.getKey().certAlias)) {
                            try {
                                this.j.get(entry.getKey().certAlias).a(CertificateTemplate.encode(entry.getValue()));
                            } catch (IOException | CertificateEncodingException e) {
                                h.error("An exception occurred while storing a container", e);
                            }
                        }
                    }
                } catch (MalformedURLException e2) {
                    h.error("Failed to retrieve off-card certificates", (Throwable) e2);
                }
            }
        }
        for (String str : this.j.keySet()) {
            if (this.j.get(str) instanceof com.idemia.mdw.h.e) {
                com.idemia.mdw.h.e eVar = (com.idemia.mdw.h.e) this.j.get(str);
                if (!eVar.a() && eVar.d().isVisible) {
                    boolean z = false;
                    Iterator<com.idemia.mdw.security.k> it = this.d.values().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        com.idemia.mdw.security.k next = it.next();
                        if (eVar.a(next)) {
                            com.idemia.mdw.security.c.a aVar = new com.idemia.mdw.security.c.a(eVar, next, this);
                            this.f.put(com.idemia.mdw.k.o.a(this.f.keySet(), eVar.c().c()), aVar);
                            Logger logger2 = h;
                            logger2.debug("Certificate found: " + eVar.c().c() + " (isEmpty: " + eVar.a() + ", isOnline: " + com.idemia.mdw.h.m.a(this.k, aVar.d().d()) + ")");
                            logger2.debug("Association cert/key : " + eVar.c().c() + " / " + next.c() + " (0x" + com.idemia.mdw.k.g.a(next.d()) + ")");
                            z = true;
                            break;
                        }
                    }
                    if (!z) {
                        com.idemia.mdw.security.c.a aVar2 = new com.idemia.mdw.security.c.a(eVar, null, this);
                        this.f.put(com.idemia.mdw.k.o.a(this.f.keySet(), eVar.c().c()), aVar2);
                        h.debug("Certificate found: " + eVar.c().c() + " (isEmpty: " + eVar.a() + ", isOnline: " + com.idemia.mdw.h.m.a(this.k, aVar2.d().d()) + ")");
                    }
                }
            }
        }
        h.info("== Certificate List Init - End ==");
    }

    @Override // com.idemia.mdw.j.d
    protected final void m() throws GenericServiceException {
        if (this.e.isEmpty()) {
            Logger logger = h;
            logger.info("== Credential List Init - Start ==");
            this.e.putAll(j.a(this));
            d.a aVar = new d.a("ADMINISTRATOR PIN", (byte) 0, d.b.ASCII_NUMERIC, (byte) -1, (byte) 0, (byte) -1, false, false);
            this.e.put(aVar.d(), aVar);
            logger.info("== Credential List Init - End ==");
        }
    }

    @Override // com.idemia.mdw.j.d
    protected final void n() throws GenericServiceException {
        h.info("== File List Init - Start ==");
        for (com.idemia.mdw.h.g gVar : this.j.values()) {
            if (!gVar.a() && !(gVar instanceof com.idemia.mdw.h.e)) {
                this.c.put(gVar.e().c(), new com.idemia.mdw.data.c.a(gVar, this));
            }
        }
        h.info("== File List Init - End ==");
    }

    @Override // com.idemia.mdw.j.d
    protected final void o() throws DataException, GenericSWException, TransmitException {
        ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
        ConcurrentHashMap concurrentHashMap2 = new ConcurrentHashMap();
        h.info("== Key List Init - Start ==");
        for (com.idemia.mdw.security.c.c cVar : j.c(this)) {
            String c = cVar.c().c();
            if (!cVar.d() && cVar.c().i().isVisible) {
                if (!this.d.containsKey(c)) {
                    Iterator<String> it = this.d.keySet().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        String next = it.next();
                        if (cVar.c().equals(this.d.get(next))) {
                            c = next;
                            break;
                        }
                    }
                }
                concurrentHashMap2.put(com.idemia.mdw.k.o.a((Set<String>) concurrentHashMap2.keySet(), c), cVar.c());
            }
            concurrentHashMap.put(com.idemia.mdw.k.o.a((Set<String>) concurrentHashMap.keySet(), c), cVar);
        }
        this.d.clear();
        this.d.putAll(concurrentHashMap2);
        this.i.clear();
        this.i.putAll(concurrentHashMap);
        Logger logger = h;
        logger.debug("Key List Init - End : " + this.d.size() + " keys are used / " + (this.i.size() - this.d.size()) + " are free");
        logger.info("== Key List Init - End ==");
    }

    @Override // com.idemia.mdw.j.e
    public final boolean p() {
        h.debug("hasBioTemplate");
        try {
            com.idemia.mdw.data.nist.a d = j.d(this);
            if (d.a() == 0) {
                return false;
            }
            Iterator<com.idemia.mdw.icc.a.l> it = d.b().iterator();
            while (it.hasNext()) {
                if (!Arrays.equals(it.next().a(), new byte[]{-1, -1})) {
                    return true;
                }
            }
            return false;
        } catch (GenericServiceException e) {
            h.error("Error while reading biometric template: ", (Throwable) e);
            return false;
        }
    }

    public final com.idemia.mdw.h.d q() {
        return this.l;
    }

    public final Map<String, com.idemia.mdw.h.g> r() {
        return new ConcurrentHashMap(this.j);
    }
}
