package lv.euso.mobileeid.device.card;

import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Iterator;
import lv.euso.mobileeid.util.CertUtil;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.DigestInfo;
import org.bouncycastle.jce.interfaces.ECPublicKey;

/* loaded from: classes4.dex */
public class KeyStoreApplicationService implements IDCardApplicationService {
    private byte[] data;
    private KeyStore keystore = KeyStore.getInstance("BKS");
    private boolean loaded = false;

    public KeyStoreApplicationService(byte[] bArr) throws KeyStoreException {
        this.data = bArr;
    }

    @Override // lv.euso.mobileeid.device.card.IDCardApplicationService
    public void changePin(TokenCertificate tokenCertificate, String str, String str2, String str3) throws Exception {
    }

    @Override // lv.euso.mobileeid.device.card.IDCardApplicationService
    public boolean checkCardSupported() throws Exception {
        return true;
    }

    @Override // lv.euso.mobileeid.device.card.IDCardApplicationService
    public byte[] computeSignature(TokenCertificate tokenCertificate, String str, byte[] bArr, String str2) throws PACEFailedException, Exception {
        loadKeyStore(str);
        boolean contentEquals = "EC".contentEquals(tokenCertificate.getKeyAlg());
        try {
            PrivateKey privateKey = (PrivateKey) this.keystore.getKey(tokenCertificate.getId(), str2.toCharArray());
            Signature signature = Signature.getInstance(CertUtil.getSignatureAlgorithm(tokenCertificate.getCertificate(), "NONE"));
            signature.initSign(privateKey);
            if (!contentEquals) {
                bArr = new DigestInfo(new AlgorithmIdentifier(CertUtil.detectAlgorithmFromDigest(bArr), DERNull.INSTANCE), bArr).getEncoded();
            }
            signature.update(bArr);
            byte[] sign = signature.sign();
            return contentEquals ? CertUtil.ecdsaSignatureFromASN1(sign, (ECPublicKey) tokenCertificate.getCertificate().getPublicKey()) : sign;
        } catch (UnrecoverableKeyException unused) {
            throw new PasswordWrongException("PIN wrong", 99);
        }
    }

    @Override // lv.euso.mobileeid.device.card.IDCardApplicationService
    public TokenInfo getTokenInfo(String str) throws PACEFailedException, Exception {
        loadKeyStore(str);
        TokenInfo tokenInfo = new TokenInfo();
        tokenInfo.setCan(str);
        Iterator it = Collections.list(this.keystore.aliases()).iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            X509Certificate x509Certificate = (X509Certificate) this.keystore.getCertificate(str2);
            Password password = new Password("PIN", (byte) 0, 4, 12);
            TokenCertificate tokenCertificate = new TokenCertificate(str2, null, str2, x509Certificate, password, (byte) 0);
            if (str2.equals("sign")) {
                password.setName("PIN2");
                password.setMinLength(6);
                tokenInfo.setSignCert(tokenCertificate);
            } else if (str2.equals("auth")) {
                password.setName("PIN1");
                password.setMinLength(4);
                tokenInfo.setAuthCert(tokenCertificate);
            }
        }
        return tokenInfo;
    }

    public boolean loadKeyStore(String str) throws PACEFailedException, Exception {
        if (!this.loaded) {
            try {
                this.keystore.load(new ByteArrayInputStream(this.data), str.toCharArray());
                this.loaded = true;
            } catch (Exception e) {
                if (this.data != null) {
                    throw new PACEFailedException(e);
                }
                throw e;
            }
        }
        return this.loaded;
    }

    @Override // lv.euso.mobileeid.device.card.IDCardApplicationService
    public void unlockPin(TokenCertificate tokenCertificate, String str, String str2, String str3) throws Exception {
    }
}
