package org.jmrtd;

import android.support.test.espresso.core.deps.guava.primitives.UnsignedBytes;
import java.io.ByteArrayOutputStream;
import java.io.Serializable;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECParameterSpec;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.List;
import java.util.Random;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import net.sf.scuba.smartcards.APDUWrapper;
import net.sf.scuba.smartcards.CardFileInputStream;
import net.sf.scuba.smartcards.CardService;
import net.sf.scuba.smartcards.CardServiceException;
import net.sf.scuba.smartcards.ISOFileInfo;
import net.sf.scuba.tlv.TLVOutputStream;
import net.sf.scuba.util.Hex;
import org.jmrtd.cert.CVCAuthorizationTemplate;
import org.jmrtd.cert.CVCPrincipal;
import org.jmrtd.cert.CardVerifiableCertificate;
import org.jmrtd.lds.MRZInfo;
import org.jmrtd.lds.PACEInfo;
import org.spongycastle.jce.interfaces.ECPrivateKey;

/* loaded from: classes3.dex */
public class PassportService extends PassportApduService implements Serializable {
    private static final int BAC_AUTHENTICATED_STATE = 2;
    private static final int CA_AUTHENTICATED_STATE = 4;
    public static final short EF_CARD_ACCESS = 284;
    public static final short EF_COM = 286;
    public static final short EF_CVCA = 284;
    public static final short EF_DG1 = 257;
    public static final short EF_DG10 = 266;
    public static final short EF_DG11 = 267;
    public static final short EF_DG12 = 268;
    public static final short EF_DG13 = 269;
    public static final short EF_DG14 = 270;
    public static final short EF_DG15 = 271;
    public static final short EF_DG16 = 272;
    public static final short EF_DG2 = 258;
    public static final short EF_DG3 = 259;
    public static final short EF_DG4 = 260;
    public static final short EF_DG5 = 261;
    public static final short EF_DG6 = 262;
    public static final short EF_DG7 = 263;
    public static final short EF_DG8 = 264;
    public static final short EF_DG9 = 265;
    public static final short EF_SOD = 285;
    private static final int SESSION_STARTED_STATE = 1;
    private static final int SESSION_STOPPED_STATE = 0;
    public static final byte SF_COM = 30;
    public static final byte SF_CVCA = 28;
    public static final byte SF_DG1 = 1;
    public static final byte SF_DG10 = 10;
    public static final byte SF_DG11 = 11;
    public static final byte SF_DG12 = 12;
    public static final byte SF_DG13 = 13;
    public static final byte SF_DG14 = 14;
    public static final byte SF_DG15 = 15;
    public static final byte SF_DG16 = 16;
    public static final byte SF_DG2 = 2;
    public static final byte SF_DG3 = 3;
    public static final byte SF_DG4 = 4;
    public static final byte SF_DG5 = 5;
    public static final byte SF_DG6 = 6;
    public static final byte SF_DG7 = 7;
    public static final byte SF_DG8 = 8;
    public static final byte SF_DG9 = 9;
    public static final byte SF_SOD = 29;
    private static final int TA_AUTHENTICATED_STATE = 5;
    private static final long serialVersionUID = 1751933705552226972L;
    private final int TAG_CVCERTIFICATE_SIGNATURE;
    private MRTDFileSystem fs;
    protected Random random;
    private int state;
    protected SecureMessagingWrapper wrapper;
    private static final Logger LOGGER = Logger.getLogger("org.jmrtd");
    public static final SimpleDateFormat SDF = new SimpleDateFormat("yyMMdd");
    private static final Provider BC_PROVIDER = JMRTDSecurityProvider.getBouncyCastleProvider();
    public static int maxBlockSize = 223;

    public PassportService(CardService cardService) throws CardServiceException {
        super(cardService);
        this.TAG_CVCERTIFICATE_SIGNATURE = 24375;
        this.random = new SecureRandom();
        this.fs = new MRTDFileSystem(this);
        this.state = 0;
    }

    private static byte[] computeKeySeedForBAC(BACKeySpec bACKeySpec) throws GeneralSecurityException {
        String documentNumber = bACKeySpec.getDocumentNumber();
        String dateOfBirth = bACKeySpec.getDateOfBirth();
        String dateOfExpiry = bACKeySpec.getDateOfExpiry();
        if (dateOfBirth == null || dateOfBirth.length() != 6) {
            throw new IllegalArgumentException("Wrong date format used for date of birth. Expected yyMMdd, found " + dateOfBirth);
        }
        if (dateOfExpiry == null || dateOfExpiry.length() != 6) {
            throw new IllegalArgumentException("Wrong date format used for date of expiry. Expected yyMMdd, found " + dateOfExpiry);
        }
        if (documentNumber == null) {
            throw new IllegalArgumentException("Wrong document number. Found " + documentNumber);
        }
        return Util.computeKeySeedForBAC(fixDocumentNumber(documentNumber), dateOfBirth, dateOfExpiry);
    }

    private static byte[] computeKeySeedForPACE(BACKeySpec bACKeySpec) throws GeneralSecurityException {
        String documentNumber = bACKeySpec.getDocumentNumber();
        String dateOfBirth = bACKeySpec.getDateOfBirth();
        String dateOfExpiry = bACKeySpec.getDateOfExpiry();
        if (dateOfBirth == null || dateOfBirth.length() != 6) {
            throw new IllegalArgumentException("Wrong date format used for date of birth. Expected yyMMdd, found " + dateOfBirth);
        }
        if (dateOfExpiry == null || dateOfExpiry.length() != 6) {
            throw new IllegalArgumentException("Wrong date format used for date of expiry. Expected yyMMdd, found " + dateOfExpiry);
        }
        if (documentNumber == null) {
            throw new IllegalArgumentException("Wrong document number. Found " + documentNumber);
        }
        return Util.computeKeySeedForPACE(fixDocumentNumber(documentNumber), dateOfBirth, dateOfExpiry);
    }

    private static String fixDocumentNumber(String str) {
        String replace = str.replace('<', ' ').trim().replace(' ', '<');
        while (replace.length() < 9) {
            replace = replace + "<";
        }
        return replace;
    }

    @Override // org.jmrtd.PassportApduService, net.sf.scuba.smartcards.CardService
    public void close() {
        try {
            this.wrapper = null;
            super.close();
        } finally {
            this.state = 0;
        }
    }

    public byte[] doAA(PublicKey publicKey, String str, String str2, byte[] bArr) throws CardServiceException {
        if (bArr != null) {
            try {
                if (bArr.length == 8) {
                    return sendInternalAuthenticate(this.wrapper, bArr);
                }
            } catch (IllegalArgumentException e) {
                LOGGER.severe("Exception: " + e.getMessage());
                throw new CardServiceException(e.toString());
            }
        }
        throw new IllegalArgumentException("AA failed: bad challenge");
    }

    public synchronized void doBAC(SecretKey secretKey, SecretKey secretKey2) throws CardServiceException, GeneralSecurityException {
        byte[] sendGetChallenge = sendGetChallenge();
        byte[] bArr = new byte[8];
        this.random.nextBytes(bArr);
        byte[] bArr2 = new byte[16];
        this.random.nextBytes(bArr2);
        byte[] bArr3 = new byte[16];
        System.arraycopy(sendMutualAuth(bArr, sendGetChallenge, bArr2, secretKey, secretKey2), 16, bArr3, 0, 16);
        byte[] bArr4 = new byte[16];
        for (int i = 0; i < 16; i++) {
            bArr4[i] = (byte) ((bArr2[i] & UnsignedBytes.MAX_VALUE) ^ (bArr3[i] & UnsignedBytes.MAX_VALUE));
        }
        this.wrapper = new DESedeSecureMessagingWrapper(Util.deriveKey(bArr4, 1), Util.deriveKey(bArr4, 2), Util.computeSendSequenceCounter(sendGetChallenge, bArr));
        this.state = 2;
    }

    public synchronized void doBAC(BACKeySpec bACKeySpec) throws CardServiceException {
        try {
            byte[] computeKeySeedForBAC = computeKeySeedForBAC(bACKeySpec);
            try {
                doBAC(Util.deriveKey(computeKeySeedForBAC, 1), Util.deriveKey(computeKeySeedForBAC, 2));
            } catch (CardServiceException e) {
                LOGGER.warning("BAC failed for BAC key \"" + bACKeySpec + "\"");
                throw e;
            }
        } catch (GeneralSecurityException e2) {
            throw new CardServiceException(e2.toString());
        }
    }

    public synchronized ChipAuthenticationResult doCA(BigInteger bigInteger, PublicKey publicKey) throws CardServiceException {
        AlgorithmParameterSpec params;
        KeyPair generateKeyPair;
        byte[] bArr;
        byte[] bArr2;
        if (publicKey == null) {
            throw new IllegalArgumentException("Public key is null");
        }
        try {
            String inferKeyAgreementAlgorithm = Util.inferKeyAgreementAlgorithm(publicKey);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(inferKeyAgreementAlgorithm);
            if ("DH".equals(inferKeyAgreementAlgorithm)) {
                params = ((DHPublicKey) publicKey).getParams();
            } else {
                if (!"ECDH".equals(inferKeyAgreementAlgorithm)) {
                    throw new IllegalStateException("Unsupported algorithm \"" + inferKeyAgreementAlgorithm + "\"");
                }
                params = ((ECPublicKey) publicKey).getParams();
            }
            keyPairGenerator.initialize(params);
            generateKeyPair = keyPairGenerator.generateKeyPair();
            KeyAgreement keyAgreement = KeyAgreement.getInstance(inferKeyAgreementAlgorithm);
            keyAgreement.init(generateKeyPair.getPrivate());
            keyAgreement.doPhase(publicKey, true);
            byte[] generateSecret = keyAgreement.generateSecret();
            byte[] bArr3 = new byte[0];
            if ("DH".equals(inferKeyAgreementAlgorithm)) {
                byte[] byteArray = ((DHPublicKey) generateKeyPair.getPublic()).getY().toByteArray();
                MessageDigest.getInstance("SHA1");
                bArr2 = byteArray;
                bArr = MessageDigest.getInstance("SHA1").digest(byteArray);
            } else if ("ECDH".equals(inferKeyAgreementAlgorithm)) {
                org.spongycastle.jce.interfaces.ECPublicKey eCPublicKey = (org.spongycastle.jce.interfaces.ECPublicKey) generateKeyPair.getPublic();
                byte[] encoded = eCPublicKey.getQ().getEncoded();
                byte[] alignKeyDataToSize = Util.alignKeyDataToSize(Util.i2os(eCPublicKey.getQ().getX().toBigInteger()), eCPublicKey.getParameters().getCurve().getFieldSize() / 8);
                bArr2 = encoded;
                bArr = alignKeyDataToSize;
            } else {
                bArr = bArr3;
                bArr2 = null;
            }
            sendMSEKAT(this.wrapper, Util.wrapDO((byte) -111, bArr2), bigInteger.compareTo(BigInteger.ZERO) >= 0 ? Util.wrapDO((byte) -124, bigInteger.toByteArray()) : null);
            this.wrapper = new DESedeSecureMessagingWrapper(Util.deriveKey(generateSecret, 1), Util.deriveKey(generateSecret, 2), 0L);
            this.state = 4;
        } catch (GeneralSecurityException e) {
            throw new CardServiceException(e.toString());
        }
        return new ChipAuthenticationResult(bigInteger, publicKey, bArr, generateKeyPair);
    }

    public synchronized void doPACE(BACKeySpec bACKeySpec, String str, AlgorithmParameterSpec algorithmParameterSpec) throws PACEException {
        byte[] encodePublicKeyForSmartCard;
        AlgorithmParameterSpec mapNonceGM;
        PACEInfo.MappingType mappingType = PACEInfo.toMappingType(str);
        String keyAgreementAlgorithm = PACEInfo.toKeyAgreementAlgorithm(str);
        String cipherAlgorithm = PACEInfo.toCipherAlgorithm(str);
        PACEInfo.toDigestAlgorithm(str);
        int keyLength = PACEInfo.toKeyLength(str);
        if (keyAgreementAlgorithm == null) {
            throw new IllegalArgumentException("Unknown agreement algorithm");
        }
        if (!"ECDH".equals(keyAgreementAlgorithm) && !"DH".equals(keyAgreementAlgorithm)) {
            throw new IllegalArgumentException("Unsupported agreement algorithm, expected ECDH or DH, found " + keyAgreementAlgorithm);
        }
        if ("ECDH".equals(keyAgreementAlgorithm)) {
            if (!(algorithmParameterSpec instanceof ECParameterSpec)) {
                throw new IllegalArgumentException("Expected ECParameterSpec for agreement algorithm " + keyAgreementAlgorithm);
            }
        } else if ("DH".equals(keyAgreementAlgorithm) && !(algorithmParameterSpec instanceof DHParameterSpec)) {
            throw new IllegalArgumentException("Expected DHParameterSpec for agreement algorithm " + keyAgreementAlgorithm);
        }
        try {
            SecretKey deriveKey = Util.deriveKey(computeKeySeedForPACE(bACKeySpec), cipherAlgorithm, keyLength, 3);
            Cipher cipher = Cipher.getInstance(cipherAlgorithm + "/CBC/NoPadding");
            try {
                sendMSESetATMutualAuth(this.wrapper, str, 1, null);
                try {
                    try {
                        byte[] unwrapDO = Util.unwrapDO(Byte.MIN_VALUE, sendGeneralAuthenticate(this.wrapper, new byte[0], false));
                        cipher.init(2, deriveKey, new IvParameterSpec(new byte[unwrapDO.length]));
                        byte[] doFinal = cipher.doFinal(unwrapDO);
                        try {
                            try {
                                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyAgreementAlgorithm, BC_PROVIDER);
                                keyPairGenerator.initialize(algorithmParameterSpec);
                                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                                PublicKey publicKey = generateKeyPair.getPublic();
                                PrivateKey privateKey = generateKeyPair.getPrivate();
                                KeyAgreement keyAgreement = KeyAgreement.getInstance(keyAgreementAlgorithm);
                                keyAgreement.init(privateKey);
                                switch (mappingType) {
                                    case GM:
                                        encodePublicKeyForSmartCard = Util.encodePublicKeyForSmartCard(publicKey);
                                        break;
                                    case IM:
                                        throw new IllegalStateException("IM not yet implemented");
                                    default:
                                        encodePublicKeyForSmartCard = null;
                                        break;
                                }
                                byte[] sendGeneralAuthenticate = sendGeneralAuthenticate(this.wrapper, Util.wrapDO(ISOFileInfo.DATA_BYTES2, encodePublicKeyForSmartCard), false);
                                switch (mappingType) {
                                    case GM:
                                        try {
                                            keyAgreement.doPhase(Util.decodePublicKeyFromSmartCard(Util.unwrapDO((byte) -126, sendGeneralAuthenticate), algorithmParameterSpec), true);
                                            mapNonceGM = Util.mapNonceGM(doFinal, keyAgreement.generateSecret(), algorithmParameterSpec);
                                            break;
                                        } catch (GeneralSecurityException e) {
                                            LOGGER.severe("Exception: " + e.getMessage());
                                            throw new PACEException("Error during mapping" + e.getMessage());
                                        }
                                    case IM:
                                        throw new IllegalStateException("DEBUG: IM not yet implemented");
                                    default:
                                        mapNonceGM = null;
                                        break;
                                }
                                try {
                                    try {
                                        try {
                                            KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance(keyAgreementAlgorithm, BC_PROVIDER);
                                            keyPairGenerator2.initialize(mapNonceGM);
                                            KeyPair generateKeyPair2 = keyPairGenerator2.generateKeyPair();
                                            PublicKey publicKey2 = generateKeyPair2.getPublic();
                                            PrivateKey privateKey2 = generateKeyPair2.getPrivate();
                                            KeyAgreement keyAgreement2 = KeyAgreement.getInstance(keyAgreementAlgorithm, BC_PROVIDER);
                                            keyAgreement2.init(privateKey2);
                                            PublicKey decodePublicKeyFromSmartCard = Util.decodePublicKeyFromSmartCard(Util.unwrapDO((byte) -124, sendGeneralAuthenticate(this.wrapper, Util.wrapDO(ISOFileInfo.FILE_IDENTIFIER, Util.encodePublicKeyForSmartCard(publicKey2)), false)), mapNonceGM);
                                            ((ECPublicKey) decodePublicKeyFromSmartCard).getW();
                                            Util.getPrime(mapNonceGM);
                                            if (publicKey2.equals(decodePublicKeyFromSmartCard)) {
                                                throw new PACEException("PCD's public key and PICC's public key are the same in key agreement step!");
                                            }
                                            keyAgreement2.doPhase(decodePublicKeyFromSmartCard, true);
                                            byte[] generateSecret = keyAgreement2.generateSecret();
                                            try {
                                                SecretKey deriveKey2 = Util.deriveKey(generateSecret, cipherAlgorithm, keyLength, 1);
                                                SecretKey deriveKey3 = Util.deriveKey(generateSecret, cipherAlgorithm, keyLength, 2);
                                                try {
                                                    try {
                                                        LOGGER.info("DEBUG: macKey = (" + deriveKey3.getEncoded().length + ") " + Hex.bytesToHexString(deriveKey3.getEncoded()));
                                                        if (!Arrays.equals(Util.generateAuthenticationToken(str, deriveKey3, publicKey2), Util.unwrapDO((byte) -122, sendGeneralAuthenticate(this.wrapper, Util.wrapDO(ISOFileInfo.PROP_INFO, Util.generateAuthenticationToken(str, deriveKey3, decodePublicKeyFromSmartCard)), true)))) {
                                                            throw new GeneralSecurityException("PICC authentication token mismatch");
                                                        }
                                                        try {
                                                            if (cipherAlgorithm.startsWith("DESede")) {
                                                                this.wrapper = new DESedeSecureMessagingWrapper(deriveKey2, deriveKey3);
                                                            } else if (cipherAlgorithm.startsWith("AES")) {
                                                                this.wrapper = new AESSecureMessagingWrapper(deriveKey2, deriveKey3, this.wrapper == null ? 0L : this.wrapper.getSendSequenceCounter());
                                                            }
                                                            LOGGER.info("DEBUG: Starting secure messaging based on PACE");
                                                        } catch (GeneralSecurityException e2) {
                                                            LOGGER.severe("Exception: " + e2.getMessage());
                                                            throw new IllegalStateException("Security exception in secure messaging establishment: " + e2.getMessage());
                                                        }
                                                    } catch (CardServiceException e3) {
                                                        throw new PACEException("PICC side exception in authentication token generation step", e3.getSW());
                                                    }
                                                } catch (GeneralSecurityException e4) {
                                                    throw new PACEException("PCD side exception in authentication token generation step: " + e4.getMessage());
                                                }
                                            } catch (GeneralSecurityException e5) {
                                                LOGGER.severe("Exception: " + e5.getMessage());
                                                throw new PACEException("Security exception during secure messaging key derivation: " + e5.getMessage());
                                            }
                                        } catch (IllegalStateException e6) {
                                            throw new PACEException("PCD side exception in key agreement step: " + e6.getMessage());
                                        }
                                    } catch (CardServiceException e7) {
                                        throw new PACEException("PICC side exception in key agreement step", e7.getSW());
                                    }
                                } catch (GeneralSecurityException e8) {
                                    throw new PACEException("PCD side exception in key agreement step: " + e8.getMessage());
                                }
                            } catch (CardServiceException e9) {
                                throw new PACEException("PICC side exception in mapping nonce step", e9.getSW());
                            }
                        } catch (GeneralSecurityException e10) {
                            throw new PACEException("PCD side error in mapping nonce step: " + e10.getMessage());
                        }
                    } catch (CardServiceException e11) {
                        throw new PACEException("PICC side exception in tranceiving nonce step", e11.getSW());
                    }
                } catch (GeneralSecurityException e12) {
                    LOGGER.severe("Exception: " + e12.getMessage());
                    throw new PACEException("PCD side exception in tranceiving nonce step: " + e12.getMessage());
                }
            } catch (CardServiceException e13) {
                throw new PACEException("PICC side error in static PACE key derivation step", e13.getSW());
            }
        } catch (GeneralSecurityException e14) {
            throw new PACEException("PCD side error in static PACE key derivation step");
        }
    }

    public synchronized TerminalAuthenticationResult doTA(CVCPrincipal cVCPrincipal, List<CardVerifiableCertificate> list, PrivateKey privateKey, String str, ChipAuthenticationResult chipAuthenticationResult, String str2) throws CardServiceException {
        CVCPrincipal cVCPrincipal2;
        CVCPrincipal authorityReference;
        byte[] sendGetChallenge;
        if (list != null) {
            try {
                if (list.size() >= 1) {
                    byte[] keyHash = chipAuthenticationResult.getKeyHash();
                    if (keyHash == null) {
                        throw new IllegalArgumentException("CA key hash is null");
                    }
                    CardVerifiableCertificate cardVerifiableCertificate = list.get(0);
                    if (CVCAuthorizationTemplate.Role.CVCA.equals(cardVerifiableCertificate.getAuthorizationTemplate().getRole())) {
                        cVCPrincipal2 = cardVerifiableCertificate.getHolderReference();
                        if (cVCPrincipal != null && !cVCPrincipal.equals(cVCPrincipal2)) {
                            throw new CardServiceException("First certificate holds wrong authority, found " + cVCPrincipal2.getName() + ", expected " + cVCPrincipal.getName());
                        }
                        if (cVCPrincipal != null) {
                            cVCPrincipal2 = cVCPrincipal;
                        }
                        list.remove(0);
                    } else {
                        cVCPrincipal2 = cVCPrincipal;
                    }
                    authorityReference = cardVerifiableCertificate.getAuthorityReference();
                    if (cVCPrincipal2 != null && !cVCPrincipal2.equals(authorityReference)) {
                        throw new CardServiceException("First certificate not signed by expected CA, found " + authorityReference.getName() + ",  expected " + cVCPrincipal2.getName());
                    }
                    if (cVCPrincipal2 != null) {
                        authorityReference = cVCPrincipal2;
                    }
                    CardVerifiableCertificate cardVerifiableCertificate2 = list.get(list.size() - 1);
                    CVCAuthorizationTemplate.Role role = cardVerifiableCertificate2.getAuthorizationTemplate().getRole();
                    if (!CVCAuthorizationTemplate.Role.IS.equals(role)) {
                        throw new CardServiceException("Last certificate in chain (" + cardVerifiableCertificate2.getHolderReference().getName() + ") does not have role IS, but has role " + role);
                    }
                    for (CardVerifiableCertificate cardVerifiableCertificate3 : list) {
                        try {
                            sendMSESetDST(this.wrapper, Util.wrapDO(ISOFileInfo.FILE_IDENTIFIER, cardVerifiableCertificate3.getAuthorityReference().getName().getBytes("ISO-8859-1")));
                            byte[] certBodyData = cardVerifiableCertificate3.getCertBodyData();
                            byte[] signature = cardVerifiableCertificate3.getSignature();
                            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                            TLVOutputStream tLVOutputStream = new TLVOutputStream(byteArrayOutputStream);
                            tLVOutputStream.writeTag(24375);
                            tLVOutputStream.writeValue(signature);
                            tLVOutputStream.close();
                            sendPSOExtendedLengthMode(this.wrapper, certBodyData, byteArrayOutputStream.toByteArray());
                        } catch (CardServiceException e) {
                            throw e;
                        } catch (Exception e2) {
                            throw new CardServiceException(e2.getMessage());
                        }
                    }
                    if (privateKey == null) {
                        throw new CardServiceException("No terminal key");
                    }
                    sendMSESetATExtAuth(this.wrapper, Util.wrapDO(ISOFileInfo.FILE_IDENTIFIER, cardVerifiableCertificate2.getHolderReference().getName().getBytes("ISO-8859-1")));
                    sendGetChallenge = sendGetChallenge(this.wrapper);
                    byte[] bArr = new byte[str2.length() + 1];
                    System.arraycopy(str2.getBytes("ISO-8859-1"), 0, bArr, 0, str2.length());
                    bArr[bArr.length - 1] = (byte) MRZInfo.checkDigit(str2);
                    ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                    byteArrayOutputStream2.write(bArr);
                    byteArrayOutputStream2.write(sendGetChallenge);
                    byteArrayOutputStream2.write(keyHash);
                    byteArrayOutputStream2.close();
                    byte[] byteArray = byteArrayOutputStream2.toByteArray();
                    String sigAlgName = cardVerifiableCertificate2.getSigAlgName();
                    if (sigAlgName == null) {
                        throw new IllegalStateException("ERROR: Could not determine signature algorithm for terminal certificate " + cardVerifiableCertificate2.getHolderReference().getName());
                    }
                    Signature signature2 = Signature.getInstance(sigAlgName);
                    signature2.initSign(privateKey);
                    signature2.update(byteArray);
                    byte[] sign = signature2.sign();
                    sendMutualAuthenticate(this.wrapper, sigAlgName.toUpperCase().endsWith("ECDSA") ? Util.getRawECDSASignature(sign, ((ECPrivateKey) privateKey).getParameters().getCurve().getFieldSize() / 8) : sign);
                    this.state = 5;
                }
            } catch (CardServiceException e3) {
                throw e3;
            } catch (Exception e4) {
                throw new CardServiceException(e4.toString());
            }
        }
        throw new IllegalArgumentException("Need at least 1 certificate to perform TA, found: " + list);
        return new TerminalAuthenticationResult(chipAuthenticationResult, authorityReference, list, privateKey, str2, sendGetChallenge);
    }

    public synchronized CardFileInputStream getInputStream(short s) throws CardServiceException {
        CardFileInputStream cardFileInputStream;
        synchronized (this.fs) {
            this.fs.selectFile(s);
            cardFileInputStream = new CardFileInputStream(maxBlockSize, this.fs);
        }
        return cardFileInputStream;
    }

    public APDUWrapper getWrapper() {
        return this.wrapper;
    }

    @Override // org.jmrtd.PassportApduService, net.sf.scuba.smartcards.CardService
    public boolean isOpen() {
        return this.state != 0;
    }

    @Override // org.jmrtd.PassportApduService, net.sf.scuba.smartcards.CardService
    public void open() throws CardServiceException {
        if (isOpen()) {
            return;
        }
        synchronized (this) {
            super.open();
            this.state = 1;
        }
    }

    public synchronized byte[] sendReadBinary(int i, int i2, boolean z) throws CardServiceException {
        return sendReadBinary(this.wrapper, i, i2, z);
    }

    public void sendSelectApplet(boolean z) throws CardServiceException {
        if (!z) {
            sendSelectApplet(null, APPLET_AID);
        } else {
            LOGGER.info("DEBUG: wrapper = " + this.wrapper);
            sendSelectApplet(this.wrapper, APPLET_AID);
        }
    }

    @Override // org.jmrtd.PassportApduService
    public synchronized void sendSelectFile(short s) throws CardServiceException {
        sendSelectFile(this.wrapper, s);
    }

    public void setWrapper(SecureMessagingWrapper secureMessagingWrapper) {
        this.wrapper = secureMessagingWrapper;
    }
}
