package net.pwendland.javacard.pki.isoapplet;

import com.mysmartlogon.gidsApplet.GidsApplet;
import javacard.framework.APDU;
import javacard.framework.Applet;
import javacard.framework.ISO7816;
import javacard.framework.ISOException;
import javacard.framework.JCSystem;
import javacard.framework.OwnerPIN;
import javacard.framework.Util;
import javacard.security.CryptoException;
import javacard.security.ECKey;
import javacard.security.ECPrivateKey;
import javacard.security.ECPublicKey;
import javacard.security.Key;
import javacard.security.KeyBuilder;
import javacard.security.KeyPair;
import javacard.security.RSAPrivateCrtKey;
import javacard.security.RSAPublicKey;
import javacard.security.RandomData;
import javacard.security.Signature;
import javacardx.apdu.ExtendedLength;
import javacardx.crypto.Cipher;

/* loaded from: classes.dex */
public class IsoApplet extends Applet implements ExtendedLength {
    private static final byte ALG_ECDSA_SHA1 = 33;
    private static final byte ALG_GEN_EC = -20;
    private static final byte ALG_GEN_RSA_2048 = -13;
    private static final byte ALG_RSA_PAD_PKCS1 = 17;
    private static final byte API_FEATURE_ECC = 4;
    private static final byte API_FEATURE_EXT_APDU = 1;
    private static final byte API_FEATURE_SECURE_RANDOM = 2;
    public static final byte API_VERSION_MAJOR = 0;
    public static final byte API_VERSION_MINOR = 6;
    public static final boolean DEF_EXT_APDU = false;
    public static final boolean DEF_PRIVATE_KEY_IMPORT_ALLOWED = false;
    public static final byte INS_CHANGE_REFERENCE_DATA = 36;
    public static final byte INS_CREATE_FILE = -32;
    public static final byte INS_DELETE_FILE = -28;
    public static final byte INS_GENERATE_ASYMMETRIC_KEYPAIR = 70;
    public static final byte INS_GET_CHALLENGE = -124;
    public static final byte INS_GET_RESPONSE = -64;
    public static final byte INS_MANAGE_SECURITY_ENVIRONMENT = 34;
    public static final byte INS_PERFORM_SECURITY_OPERATION = 42;
    public static final byte INS_PUT_DATA = -37;
    public static final byte INS_READ_BINARY = -80;
    public static final byte INS_RESET_RETRY_COUNTER = 44;
    public static final byte INS_UPDATE_BINARY = -42;
    public static final byte INS_VERIFY = 32;
    private static final short KEY_MAX_COUNT = 16;
    private static final short LENGTH_EC_FP_224 = 224;
    private static final short LENGTH_EC_FP_256 = 256;
    private static final short LENGTH_EC_FP_320 = 320;
    private static final short LENGTH_EC_FP_384 = 384;
    private static final short LENGTH_EC_FP_521 = 521;
    private static final byte PIN_MAX_LENGTH = 16;
    private static final byte PIN_MAX_TRIES = 3;
    private static final byte PIN_MIN_LENGTH = 4;
    private static final byte PUK_LENGTH = 16;
    private static final byte PUK_MAX_TRIES = 5;
    private static final boolean PUK_MUST_BE_SET = false;
    private static final short RAM_BUF_SIZE = 660;
    private static final short RAM_CHAINING_CACHE_OFFSET_BYTES_REMAINING = 0;
    private static final short RAM_CHAINING_CACHE_OFFSET_CURRENT_INS = 2;
    private static final short RAM_CHAINING_CACHE_OFFSET_CURRENT_P1P2 = 3;
    private static final short RAM_CHAINING_CACHE_OFFSET_CURRENT_POS = 1;
    private static final short RAM_CHAINING_CACHE_SIZE = 4;
    private static final byte STATE_CREATION = 0;
    private static final byte STATE_INITIALISATION = 1;
    private static final byte STATE_OPERATIONAL_ACTIVATED = 5;
    private static final byte STATE_OPERATIONAL_DEACTIVATED = 4;
    private static final byte STATE_TERMINATED = 12;
    public static final short SW_COMMAND_NOT_ALLOWED_GENERAL = 26880;
    public static final short SW_PIN_TRIES_REMAINING = 25536;
    private byte api_features;
    private byte[] currentAlgorithmRef;
    private short[] currentPrivateKeyRef;
    private Signature ecdsaSignature;
    private IsoFileSystem fs;
    private Key[] keys;
    private OwnerPIN pin;
    private OwnerPIN puk;
    private byte[] ram_buf;
    private short[] ram_chaining_cache;
    private RandomData randomData;
    private Cipher rsaPkcs1Cipher;
    private byte state;

    protected IsoApplet() {
        this.fs = null;
        this.pin = null;
        this.puk = null;
        this.currentAlgorithmRef = null;
        this.currentPrivateKeyRef = null;
        this.keys = null;
        this.ram_buf = null;
        this.ram_chaining_cache = null;
        this.rsaPkcs1Cipher = null;
        this.ecdsaSignature = null;
        this.randomData = null;
        this.api_features = (byte) 0;
        this.pin = new OwnerPIN((byte) 3, (byte) 16);
        this.puk = new OwnerPIN((byte) 5, (byte) 16);
        this.fs = new IsoFileSystem();
        this.ram_buf = JCSystem.makeTransientByteArray(RAM_BUF_SIZE, (byte) 2);
        this.ram_chaining_cache = JCSystem.makeTransientShortArray((short) 4, (byte) 2);
        this.currentAlgorithmRef = JCSystem.makeTransientByteArray((short) 1, (byte) 2);
        this.currentPrivateKeyRef = JCSystem.makeTransientShortArray((short) 1, (byte) 2);
        this.keys = new Key[16];
        this.rsaPkcs1Cipher = Cipher.getInstance((byte) 10, false);
        try {
            this.ecdsaSignature = Signature.getInstance((byte) 17, false);
            this.api_features = (byte) (this.api_features | 4);
        } catch (CryptoException e) {
            if (e.getReason() != 3) {
                throw e;
            }
            this.ecdsaSignature = null;
            this.api_features = (byte) (this.api_features & (-5));
        }
        try {
            this.randomData = RandomData.getInstance((byte) 2);
            this.api_features = (byte) (this.api_features | 2);
        } catch (CryptoException e2) {
            if (e2.getReason() != 3) {
                throw e2;
            }
            this.randomData = null;
            this.api_features = (byte) (this.api_features & (-3));
        }
        this.state = (byte) 0;
        register();
    }

    private void computeDigitalSignature(APDU apdu) throws ISOException {
        byte[] buffer = apdu.getBuffer();
        switch (this.currentAlgorithmRef[0]) {
            case 17:
                short incomingAndReceive = apdu.setIncomingAndReceive();
                if (incomingAndReceive != apdu.getIncomingLength()) {
                    ISOException.throwIt((short) 26368);
                }
                short offsetCdata = apdu.getOffsetCdata();
                RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) this.keys[this.currentPrivateKeyRef[0]];
                if (incomingAndReceive > 247) {
                    ISOException.throwIt((short) 26368);
                }
                this.rsaPkcs1Cipher.init(rSAPrivateCrtKey, (byte) 2);
                short doFinal = this.rsaPkcs1Cipher.doFinal(buffer, offsetCdata, incomingAndReceive, this.ram_buf, (short) 0);
                if (doFinal != 256) {
                    ISOException.throwIt(ISO7816.SW_UNKNOWN);
                }
                if (apdu.setOutgoing() < doFinal) {
                    ISOException.throwIt(ISO7816.SW_CORRECT_LENGTH_00);
                }
                apdu.setOutgoingLength(doFinal);
                apdu.sendBytesLong(this.ram_buf, (short) 0, doFinal);
                return;
            case 33:
                ECPrivateKey eCPrivateKey = (ECPrivateKey) this.keys[this.currentPrivateKeyRef[0]];
                if (this.ram_chaining_cache[1] == 0) {
                    this.ecdsaSignature.init(eCPrivateKey, (byte) 1);
                    if (isCommandChainingCLA(apdu)) {
                        this.ram_chaining_cache[1] = 1;
                    }
                }
                short incomingAndReceive2 = apdu.setIncomingAndReceive();
                short offsetCdata2 = apdu.getOffsetCdata();
                while (incomingAndReceive2 > 0) {
                    this.ecdsaSignature.update(buffer, offsetCdata2, incomingAndReceive2);
                    incomingAndReceive2 = apdu.receiveBytes(offsetCdata2);
                }
                if (isCommandChainingCLA(apdu)) {
                    short[] sArr = this.ram_chaining_cache;
                    sArr[1] = (short) (sArr[1] + 1);
                    return;
                } else {
                    short sign = this.ecdsaSignature.sign(buffer, (short) 0, (short) 0, buffer, (short) 0);
                    this.ram_chaining_cache[1] = 0;
                    apdu.setOutgoingAndSend((short) 0, sign);
                    return;
                }
            default:
                ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
                return;
        }
    }

    private void decipher(APDU apdu) {
        byte[] buffer = apdu.getBuffer();
        short s = -1;
        short doChainingOrExtAPDU = doChainingOrExtAPDU(apdu);
        if (buffer[0] != 0) {
            ISOException.throwIt((short) 26368);
        }
        switch (this.currentAlgorithmRef[0]) {
            case 17:
                RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) this.keys[this.currentPrivateKeyRef[0]];
                if (((short) (doChainingOrExtAPDU - 1)) != ((short) (rSAPrivateCrtKey.getSize() / 8))) {
                    ISOException.throwIt((short) 26368);
                }
                this.rsaPkcs1Cipher.init(rSAPrivateCrtKey, (byte) 1);
                try {
                    s = this.rsaPkcs1Cipher.doFinal(this.ram_buf, (short) 1, (short) (doChainingOrExtAPDU - 1), buffer, (short) 0);
                } catch (CryptoException e) {
                    ISOException.throwIt((short) 26368);
                }
                apdu.setOutgoingAndSend((short) 0, s);
                return;
            default:
                ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
                return;
        }
    }

    private short doChainingOrExtAPDU(APDU apdu) throws ISOException {
        byte[] buffer = apdu.getBuffer();
        short incomingAndReceive = apdu.setIncomingAndReceive();
        short offsetCdata = apdu.getOffsetCdata();
        while (incomingAndReceive > 0) {
            if (((short) (this.ram_chaining_cache[1] + incomingAndReceive)) > 660) {
                ISOException.throwIt((short) 26368);
            }
            Util.arrayCopyNonAtomic(buffer, offsetCdata, this.ram_buf, this.ram_chaining_cache[1], incomingAndReceive);
            short[] sArr = this.ram_chaining_cache;
            sArr[1] = (short) (sArr[1] + incomingAndReceive);
            incomingAndReceive = apdu.receiveBytes(offsetCdata);
        }
        if (isCommandChainingCLA(apdu)) {
            ISOException.throwIt(ISO7816.SW_NO_ERROR);
            return (short) 0;
        }
        short s = (short) (this.ram_chaining_cache[1] + incomingAndReceive);
        this.ram_chaining_cache[1] = 0;
        return s;
    }

    private short getEcFpFieldLength(short s) {
        switch (s) {
            case 24:
                return (short) 192;
            case 28:
                return (short) 224;
            case 32:
                return (short) 256;
            case 40:
                return LENGTH_EC_FP_320;
            case 48:
                return (short) 384;
            case 66:
                return (short) 521;
            default:
                ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
                return (short) 0;
        }
    }

    private void importECkey(byte[] bArr, short s, short s2) throws InvalidArgumentsException, NotFoundException, ISOException {
        if (this.currentAlgorithmRef[0] != -20) {
            ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
        }
        try {
            ECPrivateKey eCPrivateKey = (ECPrivateKey) KeyBuilder.buildKey((byte) 12, getEcFpFieldLength(UtilTLV.decodeLengthField(bArr, (short) (UtilTLV.findTag(bArr, s, s2, (byte) -127) + 1))), false);
            initEcParams(bArr, s, s2, eCPrivateKey);
            short findTag = (short) (UtilTLV.findTag(bArr, s, s2, (byte) -120) + 1);
            short decodeLengthField = UtilTLV.decodeLengthField(bArr, findTag);
            eCPrivateKey.setS(bArr, (short) (UtilTLV.getLengthFieldLength(decodeLengthField) + findTag), decodeLengthField);
            if (!eCPrivateKey.isInitialized()) {
                ISOException.throwIt(ISO7816.SW_DATA_INVALID);
                return;
            }
            JCSystem.beginTransaction();
            Util.arrayFillNonAtomic(bArr, s, s2, (byte) 0);
            if (this.keys[this.currentPrivateKeyRef[0]] != null) {
                this.keys[this.currentPrivateKeyRef[0]].clearKey();
            }
            this.keys[this.currentPrivateKeyRef[0]] = eCPrivateKey;
            if (JCSystem.isObjectDeletionSupported()) {
                JCSystem.requestObjectDeletion();
            }
            JCSystem.commitTransaction();
        } catch (CryptoException e) {
            if (e.getReason() == 3) {
                ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
            }
            ISOException.throwIt(ISO7816.SW_UNKNOWN);
        }
    }

    private void importPrivateKey(APDU apdu) throws ISOException {
        short s;
        short s2 = 0;
        if (!this.pin.isValidated()) {
            ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
        }
        switch (this.currentAlgorithmRef[0]) {
            case -20:
                short doChainingOrExtAPDU = doChainingOrExtAPDU(apdu);
                short s3 = (short) 1;
                if (this.ram_buf[0] != -32) {
                    ISOException.throwIt((short) 26368);
                }
                try {
                    s2 = UtilTLV.decodeLengthField(this.ram_buf, s3);
                    s = (short) (UtilTLV.getLengthFieldLength(s2) + s3);
                } catch (InvalidArgumentsException e) {
                    ISOException.throwIt(ISO7816.SW_DATA_INVALID);
                    s = s3;
                }
                if (s2 != ((short) (doChainingOrExtAPDU - s))) {
                    ISOException.throwIt(ISO7816.SW_DATA_INVALID);
                }
                if (!UtilTLV.isTLVconsistent(this.ram_buf, s, s2)) {
                    ISOException.throwIt(ISO7816.SW_DATA_INVALID);
                }
                try {
                    importECkey(this.ram_buf, s, s2);
                    return;
                } catch (InvalidArgumentsException e2) {
                    ISOException.throwIt(ISO7816.SW_DATA_INVALID);
                    return;
                } catch (NotFoundException e3) {
                    ISOException.throwIt(ISO7816.SW_DATA_INVALID);
                    return;
                }
            case -13:
                short doChainingOrExtAPDU2 = doChainingOrExtAPDU(apdu);
                if (this.ram_buf[0] != Byte.MAX_VALUE && this.ram_buf[0] != 72) {
                    ISOException.throwIt((short) 26368);
                }
                short s4 = (short) 2;
                try {
                    s2 = UtilTLV.decodeLengthField(this.ram_buf, s4);
                    s4 = (short) (UtilTLV.getLengthFieldLength(s2) + s4);
                } catch (InvalidArgumentsException e4) {
                    ISOException.throwIt(ISO7816.SW_DATA_INVALID);
                }
                if (s2 != ((short) (doChainingOrExtAPDU2 - s4))) {
                    ISOException.throwIt(ISO7816.SW_DATA_INVALID);
                }
                if (!UtilTLV.isTLVconsistent(this.ram_buf, s4, s2)) {
                    ISOException.throwIt(ISO7816.SW_DATA_INVALID);
                }
                try {
                    importRSAkey(this.ram_buf, s4, s2);
                    return;
                } catch (InvalidArgumentsException e5) {
                    ISOException.throwIt(ISO7816.SW_DATA_INVALID);
                    return;
                } catch (NotFoundException e6) {
                    ISOException.throwIt(ISO7816.SW_DATA_INVALID);
                    return;
                }
            default:
                ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
                return;
        }
    }

    private void importRSAkey(byte[] bArr, short s, short s2) throws ISOException, NotFoundException, InvalidArgumentsException {
        if (this.currentAlgorithmRef[0] != -13) {
            ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
        }
        try {
            RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) KeyBuilder.buildKey((byte) 6, (short) 2048, false);
            if (!UtilTLV.isTLVconsistent(bArr, s, s2)) {
                throw InvalidArgumentsException.getInstance();
            }
            short findTag = (short) (UtilTLV.findTag(bArr, s, s2, (byte) -110) + 1);
            short decodeLengthField = UtilTLV.decodeLengthField(bArr, findTag);
            rSAPrivateCrtKey.setP(bArr, (short) (UtilTLV.getLengthFieldLength(decodeLengthField) + findTag), decodeLengthField);
            short findTag2 = (short) (UtilTLV.findTag(bArr, s, s2, (byte) -109) + 1);
            short decodeLengthField2 = UtilTLV.decodeLengthField(bArr, findTag2);
            rSAPrivateCrtKey.setQ(bArr, (short) (UtilTLV.getLengthFieldLength(decodeLengthField2) + findTag2), decodeLengthField2);
            short findTag3 = (short) (UtilTLV.findTag(bArr, s, s2, (byte) -108) + 1);
            short decodeLengthField3 = UtilTLV.decodeLengthField(bArr, findTag3);
            rSAPrivateCrtKey.setPQ(bArr, (short) (UtilTLV.getLengthFieldLength(decodeLengthField3) + findTag3), decodeLengthField3);
            short findTag4 = (short) (UtilTLV.findTag(bArr, s, s2, (byte) -107) + 1);
            short decodeLengthField4 = UtilTLV.decodeLengthField(bArr, findTag4);
            rSAPrivateCrtKey.setDP1(bArr, (short) (UtilTLV.getLengthFieldLength(decodeLengthField4) + findTag4), decodeLengthField4);
            short findTag5 = (short) (UtilTLV.findTag(bArr, s, s2, (byte) -106) + 1);
            short decodeLengthField5 = UtilTLV.decodeLengthField(bArr, findTag5);
            rSAPrivateCrtKey.setDQ1(bArr, (short) (UtilTLV.getLengthFieldLength(decodeLengthField5) + findTag5), decodeLengthField5);
            if (!rSAPrivateCrtKey.isInitialized()) {
                ISOException.throwIt(ISO7816.SW_DATA_INVALID);
                return;
            }
            JCSystem.beginTransaction();
            Util.arrayFillNonAtomic(bArr, s, s2, (byte) 0);
            if (this.keys[this.currentPrivateKeyRef[0]] != null) {
                this.keys[this.currentPrivateKeyRef[0]].clearKey();
            }
            this.keys[this.currentPrivateKeyRef[0]] = rSAPrivateCrtKey;
            if (JCSystem.isObjectDeletionSupported()) {
                JCSystem.requestObjectDeletion();
            }
            JCSystem.commitTransaction();
        } catch (CryptoException e) {
            if (e.getReason() == 3) {
                ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
            }
            ISOException.throwIt(ISO7816.SW_UNKNOWN);
        }
    }

    private void initEcParams(byte[] bArr, short s, short s2, ECKey eCKey) throws NotFoundException, InvalidArgumentsException {
        short findTag = (short) (UtilTLV.findTag(bArr, s, s2, (byte) -127) + 1);
        short decodeLengthField = UtilTLV.decodeLengthField(bArr, findTag);
        eCKey.setFieldFP(bArr, (short) (UtilTLV.getLengthFieldLength(decodeLengthField) + findTag), decodeLengthField);
        short findTag2 = (short) (UtilTLV.findTag(bArr, s, s2, ISO7816.INS_EXTERNAL_AUTHENTICATE) + 1);
        short decodeLengthField2 = UtilTLV.decodeLengthField(bArr, findTag2);
        eCKey.setA(bArr, (short) (UtilTLV.getLengthFieldLength(decodeLengthField2) + findTag2), decodeLengthField2);
        short findTag3 = (short) (UtilTLV.findTag(bArr, s, s2, (byte) -125) + 1);
        short decodeLengthField3 = UtilTLV.decodeLengthField(bArr, findTag3);
        eCKey.setB(bArr, (short) (UtilTLV.getLengthFieldLength(decodeLengthField3) + findTag3), decodeLengthField3);
        short findTag4 = (short) (UtilTLV.findTag(bArr, s, s2, (byte) -124) + 1);
        short decodeLengthField4 = UtilTLV.decodeLengthField(bArr, findTag4);
        eCKey.setG(bArr, (short) (UtilTLV.getLengthFieldLength(decodeLengthField4) + findTag4), decodeLengthField4);
        short findTag5 = (short) (UtilTLV.findTag(bArr, s, s2, (byte) -123) + 1);
        short decodeLengthField5 = UtilTLV.decodeLengthField(bArr, findTag5);
        eCKey.setR(bArr, (short) (UtilTLV.getLengthFieldLength(decodeLengthField5) + findTag5), decodeLengthField5);
        short findTag6 = (short) (UtilTLV.findTag(bArr, s, s2, GidsApplet.INS_GENERAL_AUTHENTICATE) + 1);
        short decodeLengthField6 = UtilTLV.decodeLengthField(bArr, findTag6);
        short lengthFieldLength = (short) (UtilTLV.getLengthFieldLength(decodeLengthField6) + findTag6);
        if (decodeLengthField6 == 2) {
            eCKey.setK(Util.getShort(bArr, lengthFieldLength));
        } else {
            if (decodeLengthField6 != 1) {
                throw InvalidArgumentsException.getInstance();
            }
            eCKey.setK(bArr[lengthFieldLength]);
        }
    }

    public static void install(byte[] bArr, short s, byte b) {
        new IsoApplet();
    }

    static boolean isCommandChainingCLA(APDU apdu) {
        return ((byte) (apdu.getBuffer()[0] & 16)) == 16;
    }

    private void processChangeReferenceData(APDU apdu) throws ISOException {
        byte[] buffer = apdu.getBuffer();
        byte b = buffer[2];
        byte b2 = buffer[3];
        short incomingAndReceive = apdu.setIncomingAndReceive();
        if (incomingAndReceive != apdu.getIncomingLength()) {
            ISOException.throwIt((short) 26368);
        }
        short offsetCdata = apdu.getOffsetCdata();
        if (this.state == 0) {
            if (b != 1 || (b2 != 2 && b2 != 1)) {
                ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
            }
            if (b2 == 2) {
                if (incomingAndReceive != 16) {
                    ISOException.throwIt((short) 26368);
                }
                this.puk.update(buffer, offsetCdata, (byte) incomingAndReceive);
                this.puk.resetAndUnblock();
                this.state = (byte) 1;
                return;
            }
            if (b2 == 1) {
                if (incomingAndReceive > 16 || incomingAndReceive < 4) {
                    ISOException.throwIt((short) 26368);
                }
                Util.arrayFillNonAtomic(buffer, (short) (offsetCdata + incomingAndReceive), (short) (16 - incomingAndReceive), (byte) 0);
                this.pin.update(buffer, offsetCdata, (byte) 16);
                this.pin.resetAndUnblock();
                this.state = (byte) 5;
                return;
            }
            return;
        }
        if (this.state != 1) {
            if (buffer[2] != 0 || buffer[3] != 1) {
                ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
            }
            if (incomingAndReceive != 32) {
                ISOException.throwIt((short) 26368);
            }
            if (!this.pin.check(buffer, offsetCdata, (byte) 16)) {
                ISOException.throwIt((short) (this.pin.getTriesRemaining() | 25536));
            }
            this.pin.update(buffer, (short) (offsetCdata + 16), (byte) 16);
            return;
        }
        if (buffer[2] != 1 || buffer[3] != 1) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
        }
        if (incomingAndReceive > 16 || incomingAndReceive < 4) {
            ISOException.throwIt((short) 26368);
        }
        Util.arrayFillNonAtomic(buffer, (short) (offsetCdata + incomingAndReceive), (short) (16 - incomingAndReceive), (byte) 0);
        this.pin.update(buffer, offsetCdata, (byte) 16);
        this.pin.resetAndUnblock();
        this.state = (byte) 5;
    }

    private void processGetChallenge(APDU apdu) {
        byte[] buffer = apdu.getBuffer();
        byte b = buffer[2];
        byte b2 = buffer[3];
        if (this.randomData == null) {
            ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
        }
        if (b != 0 || b != 0) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
        }
        short outgoing = apdu.setOutgoing();
        if (outgoing <= 0 || outgoing > 256) {
            ISOException.throwIt((short) 26368);
        }
        this.randomData.generateData(buffer, (short) 0, outgoing);
        apdu.setOutgoingLength(outgoing);
        apdu.sendBytes((short) 0, outgoing);
    }

    private void processGetResponse(APDU apdu) {
        apdu.getBuffer();
        short outgoing = apdu.setOutgoing();
        if (!this.pin.isValidated()) {
            ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
        }
        if (this.ram_chaining_cache[0] <= 0) {
            ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
        }
        short s = this.ram_chaining_cache[0] <= 256 ? this.ram_chaining_cache[0] : (short) 256;
        if (outgoing != s) {
            ISOException.throwIt((short) (s | ISO7816.SW_CORRECT_LENGTH_00));
        }
        sendLargeData(apdu, this.ram_chaining_cache[1], this.ram_chaining_cache[0]);
    }

    private void processPerformSecurityOperation(APDU apdu) throws ISOException {
        byte[] buffer = apdu.getBuffer();
        byte b = buffer[2];
        byte b2 = buffer[3];
        if (!this.pin.isValidated()) {
            ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
        }
        if (b == -98 && b2 == -102) {
            computeDigitalSignature(apdu);
        } else if (b == Byte.MIN_VALUE && b2 == -122) {
            decipher(apdu);
        } else {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
        }
    }

    private void processPutData(APDU apdu) throws ISOException {
        byte[] buffer = apdu.getBuffer();
        byte b = buffer[2];
        byte b2 = buffer[3];
        if (!this.pin.isValidated()) {
            ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
        }
        if (b != 63 || b2 != -1) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
        } else {
            ISOException.throwIt((short) 26880);
            importPrivateKey(apdu);
        }
    }

    private void processVerify(APDU apdu) throws ISOException {
        byte[] buffer = apdu.getBuffer();
        if (buffer[2] != 0 || buffer[3] != 1) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
        }
        short incomingAndReceive = apdu.setIncomingAndReceive();
        if (incomingAndReceive != apdu.getIncomingLength()) {
            ISOException.throwIt((short) 26368);
        }
        short offsetCdata = apdu.getOffsetCdata();
        if ((incomingAndReceive > 0 && incomingAndReceive < 4) || incomingAndReceive > 16) {
            ISOException.throwIt((short) 26368);
        }
        if (incomingAndReceive == 0 && this.state != 0 && this.state != 1) {
            ISOException.throwIt((short) (this.pin.getTriesRemaining() | 25536));
        } else if (incomingAndReceive == 0 && (this.state == 0 || this.state == 1)) {
            ISOException.throwIt(ISO7816.SW_NO_ERROR);
        }
        Util.arrayFillNonAtomic(buffer, (short) (offsetCdata + incomingAndReceive), (short) (16 - incomingAndReceive), (byte) 0);
        if (this.pin.check(buffer, offsetCdata, (byte) 16)) {
            this.fs.setUserAuthenticated(true);
        } else {
            this.fs.setUserAuthenticated(false);
            ISOException.throwIt((short) (this.pin.getTriesRemaining() | 25536));
        }
    }

    private void sendECPublicKey(APDU apdu, ECPublicKey eCPublicKey) throws InvalidArgumentsException, NotEnoughSpaceException {
        short size = eCPublicKey.getSize() % 8 == 0 ? (short) (eCPublicKey.getSize() / 8) : (short) ((eCPublicKey.getSize() / 8) + 1);
        short writeTagAndLen = (short) (UtilTLV.writeTagAndLen((short) 32585, (short) ((eCPublicKey.getSize() == 521 ? 9 : 7) + 7 + (size * 8) + 4), this.ram_buf, (short) 0) + 0);
        short s = size;
        short writeTagAndLen2 = (short) (UtilTLV.writeTagAndLen((short) 129, s, this.ram_buf, writeTagAndLen) + writeTagAndLen);
        short field = eCPublicKey.getField(this.ram_buf, writeTagAndLen2);
        if (field < s) {
            Util.arrayCopyNonAtomic(this.ram_buf, writeTagAndLen2, this.ram_buf, (short) ((writeTagAndLen2 + s) - field), (short) (s - field));
            Util.arrayFillNonAtomic(this.ram_buf, writeTagAndLen2, field, (byte) 0);
        } else if (field > s) {
            throw InvalidArgumentsException.getInstance();
        }
        short s2 = (short) (writeTagAndLen2 + s);
        short s3 = size;
        short writeTagAndLen3 = (short) (UtilTLV.writeTagAndLen((short) 130, s3, this.ram_buf, s2) + s2);
        short a = eCPublicKey.getA(this.ram_buf, writeTagAndLen3);
        if (a < s3) {
            Util.arrayCopyNonAtomic(this.ram_buf, writeTagAndLen3, this.ram_buf, (short) ((writeTagAndLen3 + s3) - a), (short) (s3 - a));
            Util.arrayFillNonAtomic(this.ram_buf, writeTagAndLen3, a, (byte) 0);
        } else if (a > s3) {
            throw InvalidArgumentsException.getInstance();
        }
        short s4 = (short) (writeTagAndLen3 + s3);
        short s5 = size;
        short writeTagAndLen4 = (short) (UtilTLV.writeTagAndLen(KeyBuilder.LENGTH_EC_F2M_131, s5, this.ram_buf, s4) + s4);
        short b = eCPublicKey.getB(this.ram_buf, writeTagAndLen4);
        if (b < s5) {
            Util.arrayCopyNonAtomic(this.ram_buf, writeTagAndLen4, this.ram_buf, (short) ((writeTagAndLen4 + s5) - b), (short) (s5 - b));
            Util.arrayFillNonAtomic(this.ram_buf, writeTagAndLen4, b, (byte) 0);
        } else if (b > s5) {
            throw InvalidArgumentsException.getInstance();
        }
        short s6 = (short) (writeTagAndLen4 + s5);
        short s7 = (short) ((size * 2) + 1);
        short writeTagAndLen5 = (short) (UtilTLV.writeTagAndLen((short) 132, s7, this.ram_buf, s6) + s6);
        short g = eCPublicKey.getG(this.ram_buf, writeTagAndLen5);
        if (g < s7) {
            Util.arrayCopyNonAtomic(this.ram_buf, writeTagAndLen5, this.ram_buf, (short) ((writeTagAndLen5 + s7) - g), (short) (s7 - g));
            Util.arrayFillNonAtomic(this.ram_buf, writeTagAndLen5, g, (byte) 0);
        } else if (g > s7) {
            throw InvalidArgumentsException.getInstance();
        }
        short s8 = (short) (writeTagAndLen5 + s7);
        short s9 = size;
        short writeTagAndLen6 = (short) (UtilTLV.writeTagAndLen((short) 133, s9, this.ram_buf, s8) + s8);
        short r = eCPublicKey.getR(this.ram_buf, writeTagAndLen6);
        if (r < s9) {
            Util.arrayCopyNonAtomic(this.ram_buf, writeTagAndLen6, this.ram_buf, (short) ((writeTagAndLen6 + s9) - r), (short) (s9 - r));
            Util.arrayFillNonAtomic(this.ram_buf, writeTagAndLen6, r, (byte) 0);
        } else if (r > s9) {
            throw InvalidArgumentsException.getInstance();
        }
        short s10 = (short) (writeTagAndLen6 + s9);
        short s11 = (short) ((size * 2) + 1);
        short writeTagAndLen7 = (short) (UtilTLV.writeTagAndLen((short) 134, s11, this.ram_buf, s10) + s10);
        short w = eCPublicKey.getW(this.ram_buf, writeTagAndLen7);
        if (w < s11) {
            Util.arrayCopyNonAtomic(this.ram_buf, writeTagAndLen7, this.ram_buf, (short) ((writeTagAndLen7 + s11) - w), (short) (s11 - w));
            Util.arrayFillNonAtomic(this.ram_buf, writeTagAndLen7, w, (byte) 0);
        } else if (w > s11) {
            throw InvalidArgumentsException.getInstance();
        }
        short s12 = (short) (writeTagAndLen7 + s11);
        short writeTagAndLen8 = (short) (UtilTLV.writeTagAndLen((short) 135, (short) 2, this.ram_buf, s12) + s12);
        Util.setShort(this.ram_buf, writeTagAndLen8, eCPublicKey.getK());
        apdu.setOutgoing();
        sendLargeData(apdu, (short) 0, (short) (writeTagAndLen8 + 2));
    }

    private void sendLargeData(APDU apdu, short s, short s2) {
        if (s2 <= 0) {
            this.ram_chaining_cache[0] = 0;
            this.ram_chaining_cache[1] = 0;
            ISOException.throwIt(ISO7816.SW_NO_ERROR);
        }
        if (((short) (s + s2)) > 660) {
            ISOException.throwIt(ISO7816.SW_UNKNOWN);
        }
        short s3 = s2 > 256 ? (short) 256 : s2;
        apdu.setOutgoingLength(s3);
        apdu.sendBytesLong(this.ram_buf, s, s3);
        short s4 = (short) (s2 - s3);
        if (s4 > 0) {
            this.ram_chaining_cache[0] = s4;
            this.ram_chaining_cache[1] = (short) (s + s3);
            ISOException.throwIt((short) ((s4 > 256 ? (short) 256 : s4) | ISO7816.SW_BYTES_REMAINING_00));
        } else {
            this.ram_chaining_cache[0] = 0;
            this.ram_chaining_cache[1] = 0;
            ISOException.throwIt(ISO7816.SW_NO_ERROR);
        }
    }

    private void sendRSAPublicKey(APDU apdu, RSAPublicKey rSAPublicKey) {
        apdu.setOutgoing();
        short s = (short) 1;
        this.ram_buf[0] = Byte.MAX_VALUE;
        short s2 = (short) (s + 1);
        this.ram_buf[s] = 73;
        short s3 = (short) (s2 + 1);
        this.ram_buf[s2] = ISO7816.INS_EXTERNAL_AUTHENTICATE;
        short s4 = (short) (s3 + 1);
        this.ram_buf[s3] = 1;
        short s5 = (short) (s4 + 1);
        this.ram_buf[s4] = 9;
        short s6 = (short) (s5 + 1);
        this.ram_buf[s5] = -127;
        short s7 = (short) (s6 + 1);
        this.ram_buf[s6] = ISO7816.INS_EXTERNAL_AUTHENTICATE;
        short s8 = (short) (s7 + 1);
        this.ram_buf[s7] = 1;
        short s9 = (short) (s8 + 1);
        this.ram_buf[s8] = 0;
        short modulus = (short) (rSAPublicKey.getModulus(this.ram_buf, s9) + s9);
        short s10 = (short) (modulus + 1);
        this.ram_buf[modulus] = ISO7816.INS_EXTERNAL_AUTHENTICATE;
        short s11 = (short) (s10 + 1);
        this.ram_buf[s10] = 3;
        sendLargeData(apdu, (short) 0, (short) (rSAPublicKey.getExponent(this.ram_buf, s11) + s11));
    }

    @Override // javacard.framework.Applet
    public void deselect() {
        this.pin.reset();
        this.puk.reset();
        this.fs.setUserAuthenticated(false);
    }

    @Override // javacard.framework.Applet
    public void process(APDU apdu) {
        byte[] buffer = apdu.getBuffer();
        short s = buffer[1];
        if (selectingApplet()) {
            buffer[0] = 0;
            buffer[1] = 6;
            buffer[2] = this.api_features;
            apdu.setOutgoingAndSend((short) 0, (short) 3);
            return;
        }
        if (apdu.isSecureMessagingCLA()) {
            ISOException.throwIt(ISO7816.SW_SECURE_MESSAGING_NOT_SUPPORTED);
        }
        if (this.ram_chaining_cache[2] != 0 || isCommandChainingCLA(apdu)) {
            short s2 = Util.getShort(buffer, (short) 2);
            if (s != 42 && s != 70 && s != -37) {
                ISOException.throwIt((short) 26756);
            }
            if (this.ram_chaining_cache[2] == 0 && this.ram_chaining_cache[3] == 0) {
                if (s == 0) {
                    ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
                }
                this.ram_chaining_cache[2] = s;
                this.ram_chaining_cache[3] = s2;
            } else if (this.ram_chaining_cache[2] != s || this.ram_chaining_cache[3] != s2) {
                ISOException.throwIt((short) 26880);
            } else if (!isCommandChainingCLA(apdu)) {
                this.ram_chaining_cache[2] = 0;
                this.ram_chaining_cache[3] = 0;
            }
        }
        if (this.ram_chaining_cache[0] > 0 && s != -64) {
            ISOException.throwIt((short) 26880);
        }
        if (!apdu.isISOInterindustryCLA()) {
            ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
            return;
        }
        switch (s) {
            case -124:
                processGetChallenge(apdu);
                return;
            case -92:
                this.fs.processSelectFile(apdu);
                return;
            case -80:
                this.fs.processReadBinary(apdu);
                return;
            case -64:
                processGetResponse(apdu);
                return;
            case -42:
                this.fs.processUpdateBinary(apdu);
                return;
            case -37:
                processPutData(apdu);
                return;
            case -32:
                this.fs.processCreateFile(apdu);
                return;
            case -28:
                this.fs.processDeleteFile(apdu);
                return;
            case 32:
                processVerify(apdu);
                return;
            case 34:
                processManageSecurityEnvironment(apdu);
                return;
            case 36:
                processChangeReferenceData(apdu);
                return;
            case 42:
                processPerformSecurityOperation(apdu);
                return;
            case 44:
                processResetRetryCounter(apdu);
                return;
            case 70:
                processGenerateAsymmetricKeypair(apdu);
                return;
            default:
                ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
                return;
        }
    }

    public void processGenerateAsymmetricKeypair(APDU apdu) throws ISOException {
        byte[] buffer = apdu.getBuffer();
        byte b = buffer[2];
        byte b2 = buffer[3];
        short s = this.currentPrivateKeyRef[0];
        KeyPair keyPair = null;
        ECPrivateKey eCPrivateKey = null;
        ECPublicKey eCPublicKey = null;
        if (!this.pin.isValidated()) {
            ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
        }
        switch (this.currentAlgorithmRef[0]) {
            case -20:
                if (b != 0 || b2 != 0) {
                    ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
                }
                short doChainingOrExtAPDU = doChainingOrExtAPDU(apdu);
                short s2 = 0;
                try {
                    s2 = UtilTLV.findTag(this.ram_buf, (short) 0, doChainingOrExtAPDU, (byte) -127);
                } catch (InvalidArgumentsException e) {
                    ISOException.throwIt(ISO7816.SW_DATA_INVALID);
                } catch (NotFoundException e2) {
                    ISOException.throwIt(ISO7816.SW_DATA_INVALID);
                }
                short s3 = 0;
                try {
                    s3 = UtilTLV.decodeLengthField(this.ram_buf, (short) (s2 + 1));
                } catch (InvalidArgumentsException e3) {
                    ISOException.throwIt(ISO7816.SW_DATA_INVALID);
                }
                short ecFpFieldLength = getEcFpFieldLength(s3);
                try {
                    eCPrivateKey = (ECPrivateKey) KeyBuilder.buildKey((byte) 12, ecFpFieldLength, false);
                    eCPublicKey = (ECPublicKey) KeyBuilder.buildKey((byte) 11, ecFpFieldLength, false);
                    keyPair = new KeyPair(eCPublicKey, eCPrivateKey);
                } catch (CryptoException e4) {
                    if (e4.getReason() == 3) {
                        ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
                    }
                    ISOException.throwIt(ISO7816.SW_UNKNOWN);
                }
                try {
                    initEcParams(this.ram_buf, (short) 0, doChainingOrExtAPDU, eCPublicKey);
                    initEcParams(this.ram_buf, (short) 0, doChainingOrExtAPDU, eCPrivateKey);
                } catch (InvalidArgumentsException e5) {
                    ISOException.throwIt(ISO7816.SW_DATA_INVALID);
                } catch (NotFoundException e6) {
                    ISOException.throwIt(ISO7816.SW_DATA_INVALID);
                }
                try {
                    keyPair.genKeyPair();
                } catch (CryptoException e7) {
                    if (e7.getReason() == 1) {
                        ISOException.throwIt(ISO7816.SW_DATA_INVALID);
                    }
                }
                if (this.keys[s] != null) {
                    this.keys[s].clearKey();
                }
                this.keys[s] = eCPrivateKey;
                if (JCSystem.isObjectDeletionSupported()) {
                    JCSystem.requestObjectDeletion();
                }
                Util.arrayFillNonAtomic(this.ram_buf, (short) 0, RAM_BUF_SIZE, (byte) 0);
                this.ram_chaining_cache[1] = 0;
                try {
                    sendECPublicKey(apdu, eCPublicKey);
                    return;
                } catch (InvalidArgumentsException e8) {
                    ISOException.throwIt(ISO7816.SW_UNKNOWN);
                    return;
                } catch (NotEnoughSpaceException e9) {
                    ISOException.throwIt(ISO7816.SW_UNKNOWN);
                    return;
                }
            case -13:
                if (b != 66 || b2 != 0) {
                    ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
                }
                if (isCommandChainingCLA(apdu)) {
                    ISOException.throwIt((short) 26756);
                }
                try {
                    keyPair = new KeyPair((byte) 2, (short) 2048);
                } catch (CryptoException e10) {
                    if (e10.getReason() == 3) {
                        ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
                    }
                    ISOException.throwIt(ISO7816.SW_UNKNOWN);
                }
                keyPair.genKeyPair();
                if (this.keys[s] != null) {
                    this.keys[s].clearKey();
                }
                this.keys[s] = keyPair.getPrivate();
                if (JCSystem.isObjectDeletionSupported()) {
                    JCSystem.requestObjectDeletion();
                }
                sendRSAPublicKey(apdu, (RSAPublicKey) keyPair.getPublic());
                return;
            default:
                ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
                return;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:67:0x008a, code lost:
    
        if (r1[r7] >= 16) goto L28;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void processManageSecurityEnvironment(javacard.framework.APDU r12) throws javacard.framework.ISOException {
        /*
            Method dump skipped, instructions count: 346
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: net.pwendland.javacard.pki.isoapplet.IsoApplet.processManageSecurityEnvironment(javacard.framework.APDU):void");
    }

    public void processResetRetryCounter(APDU apdu) throws ISOException {
        byte[] buffer = apdu.getBuffer();
        byte b = buffer[2];
        byte b2 = buffer[3];
        if (this.state != 5) {
            ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED);
        }
        short incomingAndReceive = apdu.setIncomingAndReceive();
        if (incomingAndReceive != apdu.getIncomingLength()) {
            ISOException.throwIt((short) 26368);
        }
        short offsetCdata = apdu.getOffsetCdata();
        if (incomingAndReceive < 20 || incomingAndReceive > 32) {
            ISOException.throwIt((short) 26368);
        }
        if (b != 0 || b2 != 1) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
        }
        if (!this.puk.check(buffer, offsetCdata, (byte) 16)) {
            ISOException.throwIt((short) (this.puk.getTriesRemaining() | 25536));
        }
        Util.arrayFillNonAtomic(buffer, (short) (offsetCdata + incomingAndReceive), (short) (32 - incomingAndReceive), (byte) 0);
        this.pin.update(buffer, (short) (offsetCdata + 16), (byte) 16);
        this.pin.resetAndUnblock();
    }

    @Override // javacard.framework.Applet
    public boolean select() {
        if (this.state == 0 || this.state == 1) {
            this.fs.setUserAuthenticated(true);
        } else {
            this.fs.setUserAuthenticated(false);
        }
        return true;
    }
}
