package net.cooperi.pivapplet;

import javacard.framework.APDU;
import javacard.framework.Applet;
import javacard.framework.ISO7816;
import javacard.framework.ISOException;
import javacard.framework.JCSystem;
import javacard.framework.OwnerPIN;
import javacard.framework.Util;
import javacard.security.CryptoException;
import javacard.security.DESKey;
import javacard.security.ECPrivateKey;
import javacard.security.ECPublicKey;
import javacard.security.KeyAgreement;
import javacard.security.KeyBuilder;
import javacard.security.KeyPair;
import javacard.security.RSAPrivateCrtKey;
import javacard.security.RSAPublicKey;
import javacard.security.RandomData;
import javacard.security.Signature;
import javacardx.crypto.Cipher;
import pkgYkneoOath.YkneoOath;

/* loaded from: classes.dex */
public class PivApplet extends Applet {
    private static final byte ALG_EC_SVDP_DHC_PLAIN = 4;
    private static final byte ALG_EC_SVDP_DH_PLAIN = 3;
    private static final byte ALG_RSA_SHA_256_PKCS1 = 40;
    private static final byte ASN1_APP_0 = -96;
    private static final byte ASN1_APP_3 = -93;
    private static final byte ASN1_BITSTRING = 3;
    private static final byte ASN1_GENTIME = 24;
    private static final byte ASN1_INTEGER = 2;
    private static final byte ASN1_NULL = 5;
    private static final byte ASN1_OCTETSTRING = 4;
    private static final byte ASN1_OID = 6;
    private static final byte ASN1_SEQ = 48;
    private static final byte ASN1_UTF8STRING = 12;
    private static final byte GA_TAG_CHALLENGE = -127;
    private static final byte GA_TAG_EXP = -123;
    private static final byte GA_TAG_RESPONSE = -126;
    private static final byte GA_TAG_WITNESS = Byte.MIN_VALUE;
    private static final byte INS_ATTEST = -7;
    private static final byte INS_CHANGE_PIN = 36;
    private static final byte INS_GEN_ASYM = 71;
    private static final byte INS_GEN_AUTH = -121;
    private static final byte INS_GET_DATA = -53;
    private static final byte INS_GET_RESPONSE = -64;
    private static final byte INS_GET_SERIAL = -8;
    private static final byte INS_GET_VER = -3;
    private static final byte INS_IMPORT_ASYM = -2;
    private static final byte INS_PUT_DATA = -37;
    private static final byte INS_RESET = -5;
    private static final byte INS_RESET_PIN = 44;
    private static final byte INS_SET_MGMT = -1;
    private static final byte INS_SET_PIN_RETRIES = -6;
    private static final byte INS_SG_DEBUG = -32;
    private static final byte INS_VERIFY = 32;
    private static final byte MAX_HIST_SLOT = -116;
    private static final byte MAX_SLOTS = 17;
    private static final byte MIN_HIST_SLOT = -126;
    private static final byte PIV_ALG_3DES = 3;
    private static final byte PIV_ALG_AES128 = 8;
    private static final byte PIV_ALG_AES192 = 10;
    private static final byte PIV_ALG_AES256 = 12;
    private static final byte PIV_ALG_DEFAULT = 0;
    private static final byte PIV_ALG_ECCP256 = 17;
    private static final byte PIV_ALG_ECCP256_SHA1 = -16;
    private static final byte PIV_ALG_ECCP256_SHA256 = -15;
    private static final byte PIV_ALG_ECCP384 = 20;
    private static final byte PIV_ALG_RSA1024 = 6;
    private static final byte PIV_ALG_RSA2048 = 7;
    private static final byte SLOT_82 = 5;
    private static final byte SLOT_8C = 15;
    private static final byte SLOT_9A = 0;
    private static final byte SLOT_9B = 1;
    private static final byte SLOT_9C = 2;
    private static final byte SLOT_9D = 3;
    private static final byte SLOT_9E = 4;
    private static final byte SLOT_F9 = 16;
    private static final byte SLOT_MIN_HIST = 5;
    protected static final short SW_BAD_REWRITE = 28516;
    protected static final short SW_DATA_END_ASSERT = 28515;
    protected static final short SW_RESERVE_FAILURE = 28513;
    protected static final short SW_SKIPPED_OVER_WPTR = 28514;
    protected static final short SW_TAG_END_ASSERT = 28512;
    private static final byte TAG_CARDCAP = 7;
    private static final byte TAG_CERT_82 = 13;
    private static final byte TAG_CERT_8C = 23;
    private static final byte TAG_CERT_9A = 5;
    private static final byte TAG_CERT_9C = 10;
    private static final byte TAG_CERT_9D = 11;
    private static final byte TAG_CERT_9E = 1;
    private static final byte TAG_CHUID = 2;
    private static final byte TAG_FACE = 8;
    private static final byte TAG_FINGERPRINTS = 3;
    private static final byte TAG_KEYHIST = 12;
    private static final byte TAG_MAX = 23;
    private static final byte TAG_PRINTED_INFO = 9;
    private static final byte TAG_SECOBJ = 6;
    private static final byte TAG_YK_ATTEST = 1;
    private static final byte TAG_YK_PIVMAN = 0;
    private static final boolean USE_EXT_LEN = false;
    private static final byte YK_TAG_MAX = 1;
    private static final boolean useResetMem = false;
    private APDUStream apduStream;
    private byte[] cardId;
    private byte[] certSerial;
    private byte[] challenge;
    private KeyAgreement ecdh;
    private KeyAgreement ecdhSha;
    private Signature ecdsaP256Sha;
    private Signature ecdsaP256Sha256;
    private byte[] expiry;
    private byte[] fascn;
    private File[] files;
    private byte[] guid;
    private SGList incoming;
    private byte[] iv;
    private Buffer outBuf;
    private SGList outgoing;
    private OwnerPIN pivPin;
    private OwnerPIN pukPin;
    private RandomData randData;
    private byte retiredKeys = 0;
    private Cipher rsaPkcs1;
    private Signature rsaSha;
    private Signature rsaSha256;
    private byte[] serial;
    private PivSlot[] slots;
    private Buffer tempBuf;
    private TlvReader tlv;
    private Cipher tripleDes;
    private TlvWriter wtlv;
    private File[] ykFiles;
    private static final byte[] PIV_AID = {-96, 0, 0, 3, 8, 0, 0, 16, 0, 1, 0};
    private static final byte[] APP_NAME = {80, 105, YkneoOath.T_RESPONSE_TAG, 65, 112, 112, 108, 101, YkneoOath.CHALLENGE_TAG};
    private static final byte[] DEFAULT_ADMIN_KEY = {1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8};
    private static final byte ASN1_SET = 49;
    private static final byte[] DEFAULT_PIN = {ASN1_SET, 50, 51, 52, 53, 54, -1, -1};
    private static final byte[] DEFAULT_PUK = {ASN1_SET, 50, 51, 52, 53, 54, 55, 56};
    private static final byte[] CARD_ID_FIXED = {-96, 0, 0, 1, 22, -1, 2};
    private static final byte[] YKPIV_VERSION = {5, 0, 0};
    private static final byte[] OID_RSA = {42, -122, 72, -122, -9, 13, 1, 1, 1};
    private static final byte[] OID_RSA_SHA = {42, -122, 72, -122, -9, 13, 1, 1, 5};
    private static final byte[] OID_RSA_SHA256 = {42, -122, 72, -122, -9, 13, 1, 1, 11};
    private static final byte[] OID_ECDSA_SHA = {42, -122, 72, -50, 61, 4, 1};
    private static final byte[] OID_ECDSA_SHA256 = {42, -122, 72, -50, 61, 4, 3, 2};
    private static final byte[] OID_CN = {85, 4, 3};
    private static final byte[] OID_ECPUBKEY = {42, -122, 72, -50, 61, 2, 1};
    private static final byte[] OID_SECP256 = {42, -122, 72, -50, 61, 3, 1, 7};
    private static final byte[] OID_YUBICOX = {Signature.ALG_RSA_SHA_224_PKCS1_PSS, 6, 1, 4, 1, ISO7816.INS_EXTERNAL_AUTHENTICATE, -60, 10, 3};
    private static final byte[] X509_NOTBEFORE = {50, 48, ASN1_SET, 56, 48, ASN1_SET, 48, ASN1_SET, 48, 48, 48, 48, 48, 48, 90};
    private static final byte[] X509_NOTAFTER = {50, 48, 53, 48, 48, ASN1_SET, 48, ASN1_SET, 48, 48, 48, 48, 48, 48, 90};
    private static final byte[] CN_STRING = {80, 73, 86, 65, 112, 112, 108, 101, YkneoOath.CHALLENGE_TAG, 32, 65, YkneoOath.CHALLENGE_TAG, YkneoOath.CHALLENGE_TAG, 101, YkneoOath.KEY_TAG, YkneoOath.CHALLENGE_TAG, 97, YkneoOath.CHALLENGE_TAG, 105, 111, 110};

    protected PivApplet() {
        this.incoming = null;
        this.outgoing = null;
        this.apduStream = null;
        this.tempBuf = null;
        this.outBuf = null;
        this.challenge = null;
        this.iv = null;
        this.certSerial = null;
        this.guid = null;
        this.cardId = null;
        this.serial = null;
        this.fascn = null;
        this.expiry = null;
        this.tlv = null;
        this.wtlv = null;
        this.pivPin = null;
        this.pukPin = null;
        this.randData = null;
        this.tripleDes = null;
        this.rsaPkcs1 = null;
        this.ecdsaP256Sha = null;
        this.ecdsaP256Sha256 = null;
        this.rsaSha = null;
        this.rsaSha256 = null;
        this.ecdh = null;
        this.ecdhSha = null;
        this.slots = null;
        this.files = null;
        this.ykFiles = null;
        this.randData = RandomData.getInstance((byte) 2);
        this.tripleDes = Cipher.getInstance((byte) 1, false);
        this.rsaPkcs1 = Cipher.getInstance((byte) 12, false);
        try {
            this.rsaSha = Signature.getInstance((byte) 10, false);
        } catch (CryptoException e) {
            if (e.getReason() != 3) {
                throw e;
            }
        }
        try {
            this.rsaSha256 = Signature.getInstance((byte) 40, false);
        } catch (CryptoException e2) {
            if (e2.getReason() != 3) {
                throw e2;
            }
        }
        try {
            this.ecdh = KeyAgreement.getInstance((byte) 3, false);
        } catch (CryptoException e3) {
            if (e3.getReason() != 3) {
                throw e3;
            }
        }
        if (this.ecdh == null) {
            try {
                this.ecdh = KeyAgreement.getInstance((byte) 4, false);
            } catch (CryptoException e4) {
                if (e4.getReason() != 3) {
                    throw e4;
                }
            }
        }
        if (this.ecdh == null) {
            try {
                this.ecdhSha = KeyAgreement.getInstance((byte) 1, false);
            } catch (CryptoException e5) {
                if (e5.getReason() != 3) {
                    throw e5;
                }
            }
        }
        try {
            this.ecdsaP256Sha = Signature.getInstance((byte) 17, false);
        } catch (CryptoException e6) {
            if (e6.getReason() != 3) {
                throw e6;
            }
        }
        try {
            this.ecdsaP256Sha256 = Signature.getInstance((byte) 33, false);
        } catch (CryptoException e7) {
            if (e7.getReason() != 3) {
                throw e7;
            }
        }
        this.challenge = JCSystem.makeTransientByteArray((short) 16, (byte) 2);
        this.iv = JCSystem.makeTransientByteArray((short) 16, (byte) 2);
        this.guid = new byte[16];
        this.randData.generateData(this.guid, (short) 0, (short) 16);
        this.cardId = new byte[21];
        Util.arrayCopy(CARD_ID_FIXED, (short) 0, this.cardId, (short) 0, (short) CARD_ID_FIXED.length);
        this.randData.generateData(this.cardId, (short) CARD_ID_FIXED.length, (short) (21 - ((short) CARD_ID_FIXED.length)));
        this.serial = new byte[4];
        this.randData.generateData(this.serial, (short) 0, (short) 4);
        byte[] bArr = this.serial;
        bArr[0] = (byte) (bArr[0] | Byte.MIN_VALUE);
        this.certSerial = new byte[16];
        this.fascn = new byte[25];
        this.expiry = new byte[]{50, 48, 53, 48, 48, ASN1_SET, 48, ASN1_SET};
        this.slots = new PivSlot[17];
        for (byte b = 0; b <= 4; b = (byte) (b + 1)) {
            this.slots[b] = new PivSlot((byte) (b - 102));
        }
        for (byte b2 = 5; b2 <= 15; b2 = (byte) (b2 + 1)) {
            this.slots[b2] = new PivSlot((byte) (b2 + ISO7816.INS_EXTERNAL_AUTHENTICATE));
        }
        this.slots[16] = new PivSlot(INS_ATTEST);
        this.files = new File[24];
        this.ykFiles = new File[2];
        this.incoming = new SGList();
        this.outgoing = new SGList();
        this.apduStream = new APDUStream();
        this.tempBuf = new Buffer();
        this.outBuf = new Buffer();
        this.tlv = new TlvReader();
        this.wtlv = new TlvWriter(this.incoming);
        DESKey dESKey = (DESKey) KeyBuilder.buildKey((byte) 3, (short) 192, false);
        this.slots[1].sym = dESKey;
        dESKey.setKey(DEFAULT_ADMIN_KEY, (short) 0);
        this.slots[1].symAlg = (byte) 3;
        this.slots[1].pinPolicy = (byte) 1;
        this.pivPin = new OwnerPIN((byte) 5, (byte) 8);
        this.pivPin.update(DEFAULT_PIN, (short) 0, (byte) 8);
        this.pukPin = new OwnerPIN((byte) 3, (byte) 8);
        this.pukPin.update(DEFAULT_PUK, (short) 0, (byte) 8);
        this.files[5] = new File();
        this.slots[0].cert = this.files[5];
        this.files[10] = new File();
        this.slots[2].cert = this.files[10];
        this.slots[2].pinPolicy = (byte) 3;
        this.files[11] = new File();
        this.slots[3].cert = this.files[11];
        this.files[1] = new File();
        this.slots[4].cert = this.files[1];
        this.slots[4].pinPolicy = (byte) 1;
        this.files[3] = new File();
        this.files[3].contact = (byte) 1;
        this.files[8] = new File();
        this.files[8].contact = (byte) 1;
        this.files[9] = new File();
        this.files[9].contact = (byte) 1;
        this.ykFiles[1] = new File();
        this.slots[16].cert = this.ykFiles[1];
        this.files[5].contactless = (byte) 2;
        this.files[10].contactless = (byte) 2;
        this.files[11].contactless = (byte) 2;
        this.files[3].contactless = (byte) 2;
        this.files[9].contactless = (byte) 1;
        this.files[8].contactless = (byte) 1;
        initCARDCAP();
        initCHUID();
        initKEYHIST();
        initAttestation();
    }

    private void continueResponse(APDU apdu) {
        sendOutgoing(apdu);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void initAttestation() {
        PivSlot pivSlot = this.slots[16];
        if (this.ecdsaP256Sha == null && this.ecdsaP256Sha256 == null) {
            return;
        }
        pivSlot.asymAlg = (byte) 17;
        ECPrivateKey eCPrivateKey = (ECPrivateKey) KeyBuilder.buildKey((byte) 12, (short) 256, false);
        ECPublicKey eCPublicKey = (ECPublicKey) KeyBuilder.buildKey((byte) 11, (short) 256, false);
        pivSlot.asym = new KeyPair(eCPublicKey, eCPrivateKey);
        ECParams.setCurveParameters(eCPrivateKey);
        ECParams.setCurveParameters(eCPublicKey);
        pivSlot.asym.genKeyPair();
        pivSlot.imported = false;
        try {
            writeAttestationCert(pivSlot);
            int available = this.outgoing.available();
            File file = pivSlot.cert;
            if (file.data == null || file.data.length < available) {
                file.data = new byte[available];
            }
            file.len = this.outgoing.read(file.data, (short) 0, available);
            this.outgoing.reset();
            this.incoming.reset();
            this.incoming.cullNonTransient();
        } catch (Exception e) {
            this.outgoing.reset();
            this.incoming.reset();
            this.incoming.cullNonTransient();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void initCARDCAP() {
        this.outgoing.reset();
        this.wtlv.start(this.outgoing);
        this.wtlv.push((byte) -16);
        this.wtlv.write(this.cardId, (short) 0, (short) this.cardId.length);
        this.wtlv.pop();
        this.wtlv.push(PIV_ALG_ECCP256_SHA256);
        this.wtlv.writeByte((byte) 33);
        this.wtlv.pop();
        this.wtlv.push((byte) -14);
        this.wtlv.writeByte((byte) 33);
        this.wtlv.pop();
        this.wtlv.push((byte) -13);
        this.wtlv.pop();
        this.wtlv.push((byte) -12);
        this.wtlv.pop();
        this.wtlv.push((byte) -11);
        this.wtlv.writeByte((byte) 16);
        this.wtlv.pop();
        this.wtlv.push((byte) -10);
        this.wtlv.pop();
        this.wtlv.push((byte) -9);
        this.wtlv.pop();
        this.wtlv.push(INS_SET_PIN_RETRIES);
        this.wtlv.pop();
        this.wtlv.push(INS_RESET);
        this.wtlv.pop();
        this.wtlv.push((byte) -4);
        this.wtlv.pop();
        this.wtlv.push((byte) -3);
        this.wtlv.pop();
        this.wtlv.push((byte) -2);
        this.wtlv.pop();
        this.wtlv.end();
        int available = this.outgoing.available();
        if (this.files[7] == null) {
            this.files[7] = new File();
        }
        File file = this.files[7];
        file.len = available;
        if (file.data == null || file.data.length < available) {
            file.data = new byte[available];
        }
        this.outgoing.read(file.data, (short) 0, available);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void initCHUID() {
        this.outgoing.reset();
        this.wtlv.start(this.outgoing);
        this.wtlv.push((byte) 48);
        this.wtlv.write(this.fascn, (short) 0, (short) this.fascn.length);
        this.wtlv.pop();
        this.wtlv.push((byte) 52);
        this.wtlv.write(this.guid, (short) 0, (short) this.guid.length);
        this.wtlv.pop();
        this.wtlv.push((byte) 53);
        this.wtlv.write(this.expiry, (short) 0, (short) this.expiry.length);
        this.wtlv.pop();
        this.wtlv.push((byte) 62);
        this.wtlv.pop();
        this.wtlv.push((byte) -2);
        this.wtlv.pop();
        this.wtlv.end();
        int available = this.outgoing.available();
        if (this.files[2] == null) {
            this.files[2] = new File();
        }
        File file = this.files[2];
        file.len = available;
        if (file.data == null || file.data.length < available) {
            file.data = new byte[available];
        }
        this.outgoing.read(file.data, (short) 0, available);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void initKEYHIST() {
        this.outgoing.reset();
        this.wtlv.start(this.outgoing);
        this.wtlv.push((byte) -63);
        this.wtlv.writeByte(this.retiredKeys);
        this.wtlv.pop();
        this.wtlv.push((byte) -62);
        this.wtlv.writeByte((byte) 0);
        this.wtlv.pop();
        this.wtlv.push((byte) -2);
        this.wtlv.pop();
        this.wtlv.end();
        int available = this.outgoing.available();
        if (this.files[12] == null) {
            this.files[12] = new File();
        }
        File file = this.files[12];
        file.len = available;
        if (file.data == null || file.data.length < available) {
            file.data = new byte[available];
        }
        this.outgoing.read(file.data, (short) 0, available);
    }

    public static void install(byte[] bArr, short s, byte b) {
        new PivApplet().register();
    }

    private boolean isContact() {
        byte protocol = (byte) (APDU.getProtocol() & (-16));
        return protocol == 0 || protocol == -96;
    }

    private void lockPINAlwaysSlots() {
        for (short s = 0; s < 17; s = (short) (s + 1)) {
            PivSlot pivSlot = this.slots[s];
            if (pivSlot != null && pivSlot.pinPolicy == 3) {
                if (pivSlot.flags[0] && pivSlot.flags[1]) {
                    pivSlot.flags[0] = false;
                } else if (pivSlot.flags[0]) {
                    pivSlot.flags[1] = true;
                }
            }
        }
    }

    private void processAttest(APDU apdu) {
        PivSlot pivSlot;
        byte[] buffer = apdu.getBuffer();
        byte b = buffer[2];
        if (b >= -102 && b <= -98) {
            pivSlot = this.slots[(byte) (b + 102)];
        } else if (b < -126 || b > -116) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
            return;
        } else {
            pivSlot = this.slots[(byte) (((byte) (b + 126)) + 5)];
        }
        if (pivSlot == null) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
        } else if (buffer[3] != 0) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
        } else {
            writeAttestationCert(pivSlot);
            sendOutgoing(apdu);
        }
    }

    private void processChangePin(APDU apdu) {
        OwnerPIN ownerPIN;
        byte[] buffer = apdu.getBuffer();
        if (buffer[2] != 0) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
            return;
        }
        switch (buffer[3]) {
            case Byte.MIN_VALUE:
                ownerPIN = this.pivPin;
                break;
            case -127:
                ownerPIN = this.pukPin;
                break;
            default:
                ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
                return;
        }
        short incomingAndReceive = apdu.setIncomingAndReceive();
        if (incomingAndReceive != apdu.getIncomingLength()) {
            ISOException.throwIt((short) 26368);
            return;
        }
        if (incomingAndReceive != 16) {
            ISOException.throwIt((short) 26368);
            return;
        }
        if (!ownerPIN.isValidated() && !ownerPIN.check(buffer, (short) 5, (byte) 8)) {
            ISOException.throwIt((short) (ownerPIN.getTriesRemaining() | 25536));
            return;
        }
        short s = (short) 13;
        short s2 = s;
        while (s2 < ((short) (s + 6))) {
            if (buffer[s2] < 48 || buffer[s2] > 57) {
                ISOException.throwIt((short) 26368);
                return;
            }
            s2 = (short) (s2 + 1);
        }
        while (s2 < ((short) (s + 8))) {
            if (buffer[s2] != -1 && (buffer[s2] < 48 || buffer[s2] > 57)) {
                ISOException.throwIt((short) 26368);
                return;
            }
            s2 = (short) (s2 + 1);
        }
        ownerPIN.update(buffer, s, (byte) 8);
    }

    private void processGenAsym(APDU apdu) {
        PivSlot pivSlot;
        byte[] buffer = apdu.getBuffer();
        byte b = -1;
        if (buffer[2] != 0) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
            return;
        }
        byte b2 = buffer[3];
        if (b2 >= -102 && b2 <= -98) {
            pivSlot = this.slots[(byte) (b2 + 102)];
        } else if (b2 >= -126 && b2 <= -116) {
            pivSlot = this.slots[(byte) (((byte) (b2 + 126)) + 5)];
        } else {
            if (b2 != -7) {
                ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
                return;
            }
            pivSlot = this.slots[16];
        }
        if (pivSlot == null) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
            return;
        }
        if (!this.slots[1].flags[0]) {
            ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
            return;
        }
        short incomingAndReceive = apdu.setIncomingAndReceive();
        if (incomingAndReceive != apdu.getIncomingLength()) {
            ISOException.throwIt((short) 26368);
            return;
        }
        this.apduStream.reset((short) 5, incomingAndReceive);
        this.tlv.start(this.apduStream);
        if (this.tlv.readTag() != -84) {
            ISOException.throwIt((short) 26368);
            return;
        }
        while (!this.tlv.atEnd()) {
            switch (this.tlv.readTag()) {
                case Byte.MIN_VALUE:
                    if (this.tlv.tagLength() == 1) {
                        b = this.tlv.readByte();
                        this.tlv.end();
                        break;
                    } else {
                        ISOException.throwIt((short) 26368);
                        return;
                    }
                case -127:
                    this.tlv.skip();
                    break;
                case -86:
                    if (this.tlv.tagLength() == 1) {
                        byte readByte = this.tlv.readByte();
                        switch (readByte) {
                            case 0:
                                if (b2 != -98) {
                                    if (b2 != -100) {
                                        pivSlot.pinPolicy = (byte) 2;
                                        break;
                                    } else {
                                        pivSlot.pinPolicy = (byte) 3;
                                        break;
                                    }
                                } else {
                                    pivSlot.pinPolicy = (byte) 1;
                                    break;
                                }
                            case 1:
                            case 2:
                            case 3:
                                pivSlot.pinPolicy = readByte;
                                break;
                            default:
                                ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
                                return;
                        }
                        this.tlv.end();
                        break;
                    } else {
                        ISOException.throwIt((short) 26368);
                        return;
                    }
                case -85:
                    if (this.tlv.tagLength() != 1) {
                        ISOException.throwIt((short) 26368);
                        return;
                    }
                    byte readByte2 = this.tlv.readByte();
                    if (readByte2 != 0 && readByte2 != 1) {
                        ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
                        return;
                    } else {
                        this.tlv.end();
                        break;
                    }
            }
        }
        this.tlv.end();
        if (b == -1) {
            ISOException.throwIt((short) 26368);
            return;
        }
        switch (b) {
            case 6:
                if (pivSlot.asym == null || pivSlot.asymAlg != b) {
                    pivSlot.asym = new KeyPair((byte) 2, (short) 1024);
                }
                pivSlot.asymAlg = b;
                break;
            case 7:
                if (pivSlot.asym == null || pivSlot.asymAlg != b) {
                    pivSlot.asym = new KeyPair((byte) 2, (short) 2048);
                }
                pivSlot.asymAlg = b;
                break;
            case 17:
                if (this.ecdsaP256Sha != null || this.ecdsaP256Sha256 != null) {
                    if (pivSlot.asym == null || pivSlot.asymAlg != b) {
                        ECPrivateKey eCPrivateKey = (ECPrivateKey) KeyBuilder.buildKey((byte) 12, (short) 256, false);
                        ECPublicKey eCPublicKey = (ECPublicKey) KeyBuilder.buildKey((byte) 11, (short) 256, false);
                        pivSlot.asym = new KeyPair(eCPublicKey, eCPrivateKey);
                        ECParams.setCurveParameters(eCPrivateKey);
                        ECParams.setCurveParameters(eCPublicKey);
                    }
                    pivSlot.asymAlg = b;
                    break;
                } else {
                    ISOException.throwIt((short) 26368);
                    return;
                }
                break;
            default:
                ISOException.throwIt((short) 26368);
                return;
        }
        pivSlot.asym.genKeyPair();
        pivSlot.imported = false;
        this.outgoing.reset();
        this.wtlv.start(this.outgoing);
        switch (b) {
            case 6:
            case 7:
                RSAPublicKey rSAPublicKey = (RSAPublicKey) pivSlot.asym.getPublic();
                this.wtlv.push64k((short) 32585);
                this.wtlv.push64k(GA_TAG_CHALLENGE);
                this.wtlv.startReserve((short) 257, this.tempBuf);
                this.wtlv.endReserve(rSAPublicKey.getModulus(this.tempBuf.data, this.tempBuf.offset()));
                this.wtlv.pop();
                this.wtlv.push(ISO7816.INS_EXTERNAL_AUTHENTICATE);
                this.wtlv.startReserve((short) 9, this.tempBuf);
                this.wtlv.endReserve(rSAPublicKey.getExponent(this.tempBuf.data, this.tempBuf.offset()));
                this.wtlv.pop();
                break;
            case 17:
                ECPublicKey eCPublicKey2 = (ECPublicKey) pivSlot.asym.getPublic();
                this.wtlv.push((short) 32585);
                this.wtlv.push((byte) -122);
                this.wtlv.startReserve((short) 33, this.tempBuf);
                this.wtlv.endReserve(eCPublicKey2.getW(this.tempBuf.data, this.tempBuf.offset()));
                this.wtlv.pop();
                break;
            default:
                return;
        }
        this.wtlv.pop();
        this.wtlv.end();
        sendOutgoing(apdu);
    }

    private void processGeneralAuth(APDU apdu) {
        PivSlot pivSlot;
        short s;
        Cipher cipher;
        Signature signature;
        short sign;
        KeyAgreement keyAgreement;
        byte[] buffer = apdu.getBuffer();
        byte b = 0;
        byte b2 = buffer[2];
        byte b3 = buffer[3];
        if (b3 >= -102 && b3 <= -98) {
            pivSlot = this.slots[(byte) (b3 + 102)];
        } else if (b3 < -126 || b3 > -116) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
            return;
        } else {
            pivSlot = this.slots[(byte) (((byte) (b3 + 126)) + 5)];
        }
        if (pivSlot == null) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
            return;
        }
        if (pivSlot.pinPolicy != 1 && !pivSlot.flags[0]) {
            ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
            return;
        }
        if (!isContact() && pivSlot.cert != null && pivSlot.cert.contactless == 2) {
            ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
            return;
        }
        if (receiveChain(apdu)) {
            this.tlv.start(this.incoming);
            if (this.tlv.readTag() != 124) {
                this.tlv.abort();
                ISOException.throwIt((short) 26368);
                return;
            }
            switch (b2) {
                case -16:
                case -15:
                    if (pivSlot.asymAlg == 17 && pivSlot.asym != null) {
                        s = 0;
                        break;
                    } else {
                        this.tlv.abort();
                        ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
                        return;
                    }
                case 0:
                case 3:
                    b2 = 3;
                    if (pivSlot.symAlg == 3 && pivSlot.sym != null) {
                        s = 8;
                        break;
                    } else {
                        this.tlv.abort();
                        ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
                        return;
                    }
                    break;
                case 6:
                case 7:
                case 17:
                    if (pivSlot.asymAlg == b2 && pivSlot.asym != null) {
                        s = 0;
                        break;
                    } else {
                        this.tlv.abort();
                        ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
                        return;
                    }
                case 8:
                    if (pivSlot.symAlg == b2 && pivSlot.sym != null) {
                        s = 16;
                        break;
                    } else {
                        this.tlv.abort();
                        ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
                        return;
                    }
                default:
                    this.tlv.abort();
                    ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
                    return;
            }
            switch (b2) {
                case 3:
                    cipher = this.tripleDes;
                    break;
                case 4:
                case 5:
                default:
                    cipher = null;
                    break;
                case 6:
                case 7:
                    cipher = this.rsaPkcs1;
                    if (cipher == null) {
                        this.tlv.abort();
                        ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
                        return;
                    }
                    break;
            }
            while (true) {
                if (!this.tlv.atEnd()) {
                    byte readTag = this.tlv.readTag();
                    if (this.tlv.tagLength() == 0) {
                        b = readTag;
                    } else {
                        this.tlv.skip();
                    }
                }
            }
            this.tlv.rewind();
            this.tlv.readTag();
            byte readTag2 = this.tlv.readTag();
            if (readTag2 == b) {
                this.tlv.skip();
                if (!this.tlv.atEnd()) {
                    readTag2 = this.tlv.readTag();
                }
            }
            if (b == 0) {
                if (b3 != -101) {
                    this.tlv.abort();
                    ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
                    return;
                }
                byte b4 = -1;
                if (readTag2 == -126) {
                    cipher.init(pivSlot.sym, (byte) 1, this.iv, (short) 0, s);
                    this.tlv.read(this.tempBuf, s);
                    this.incoming.startReserve(s, this.outBuf);
                    short doFinal = cipher.doFinal(this.tempBuf.data, this.tempBuf.offset(), s, this.outBuf.data, this.outBuf.offset());
                    if (this.tlv.tagLength() == 0) {
                        b4 = Util.arrayCompare(this.outBuf.data, this.outBuf.offset(), this.challenge, (short) 0, doFinal);
                        this.tlv.end();
                    }
                } else if (readTag2 != Byte.MIN_VALUE) {
                    this.tlv.abort();
                    ISOException.throwIt((short) 26368);
                    return;
                } else if (this.tlv.tagLength() == s) {
                    this.tlv.read(this.tempBuf, s);
                    b4 = Util.arrayCompare(this.tempBuf.data, this.tempBuf.offset(), this.challenge, (short) 0, s);
                    this.tlv.end();
                }
                if (b4 != 0) {
                    this.tlv.abort();
                    ISOException.throwIt((short) 26368);
                    return;
                }
                pivSlot.flags[0] = true;
                if (this.tlv.atEnd()) {
                    this.tlv.end();
                    this.tlv.finish();
                    ISOException.throwIt(ISO7816.SW_NO_ERROR);
                    return;
                } else {
                    readTag2 = this.tlv.readTag();
                    if (readTag2 == -127) {
                        b = ISO7816.INS_EXTERNAL_AUTHENTICATE;
                    }
                }
            }
            switch (b) {
                case Byte.MIN_VALUE:
                    if (b3 == -101) {
                        this.outgoing.reset();
                        this.wtlv.start(this.outgoing);
                        this.randData.generateData(this.challenge, (short) 0, s);
                        this.wtlv.push((byte) 124);
                        this.wtlv.push(Byte.MIN_VALUE);
                        cipher.init(pivSlot.sym, (byte) 2, this.iv, (short) 0, s);
                        this.wtlv.startReserve(s, this.tempBuf);
                        this.wtlv.endReserve(cipher.doFinal(this.challenge, (short) 0, s, this.tempBuf.data, this.tempBuf.offset()));
                        this.wtlv.pop();
                        this.wtlv.pop();
                        this.wtlv.end();
                        sendOutgoing(apdu);
                        break;
                    } else {
                        this.tlv.abort();
                        ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
                        return;
                    }
                case -127:
                    if (b3 == -101) {
                        this.outgoing.reset();
                        this.wtlv.start(this.outgoing);
                        this.randData.generateData(this.challenge, (short) 0, s);
                        this.wtlv.push((byte) 124);
                        this.wtlv.push(GA_TAG_CHALLENGE);
                        this.wtlv.write(this.challenge, (short) 0, s);
                        this.wtlv.pop();
                        this.wtlv.pop();
                        this.wtlv.end();
                        sendOutgoing(apdu);
                        break;
                    } else {
                        this.tlv.abort();
                        ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
                        return;
                    }
                case -126:
                    if (readTag2 != -123) {
                        if (readTag2 == -127) {
                            short tagLength = this.tlv.tagLength();
                            short tagLength2 = this.tlv.tagLength();
                            switch (b2) {
                                case -16:
                                case -15:
                                case 17:
                                    tagLength2 = 256;
                                    break;
                                case 6:
                                    tagLength2 = 128;
                                    break;
                                case 7:
                                    tagLength2 = 256;
                                    break;
                            }
                            this.incoming.steal(tagLength2, this.outBuf);
                            if (pivSlot.symAlg == b2) {
                                this.tlv.read(this.tempBuf, tagLength);
                                this.tlv.end();
                                cipher.init(pivSlot.sym, (byte) 2, this.iv, (short) 0, s);
                                sign = cipher.doFinal(this.tempBuf.data, this.tempBuf.offset(), tagLength, this.outBuf.data, this.outBuf.offset());
                            } else if (pivSlot.asymAlg == b2 && (b2 == 6 || b2 == 7)) {
                                this.tlv.read(this.tempBuf, tagLength);
                                this.tlv.end();
                                cipher.init(pivSlot.asym.getPrivate(), (byte) 2);
                                sign = cipher.doFinal(this.tempBuf.data, this.tempBuf.offset(), tagLength, this.outBuf.data, this.outBuf.offset());
                            } else {
                                if (pivSlot.asymAlg != 17) {
                                    this.tlv.abort();
                                    ISOException.throwIt((short) 26368);
                                    return;
                                }
                                switch (b2) {
                                    case -16:
                                        signature = this.ecdsaP256Sha;
                                        break;
                                    case -15:
                                        signature = this.ecdsaP256Sha256;
                                        break;
                                    default:
                                        this.tlv.abort();
                                        ISOException.throwIt((short) 26368);
                                        return;
                                }
                                signature.init(pivSlot.asym.getPrivate(), (byte) 1);
                                short s2 = 0;
                                while (s2 < tagLength) {
                                    short readPartial = this.tlv.readPartial(this.tempBuf, tagLength);
                                    signature.update(this.tempBuf.data, this.tempBuf.offset(), readPartial);
                                    s2 = (short) (s2 + readPartial);
                                }
                                this.tlv.end();
                                sign = signature.sign(null, (short) 0, (short) 0, this.outBuf.data, this.outBuf.offset());
                            }
                            this.outgoing.reset();
                            this.wtlv.start(this.outgoing);
                            this.wtlv.push((byte) 124, (short) (sign + 4));
                            this.wtlv.push(ISO7816.INS_EXTERNAL_AUTHENTICATE, sign);
                            this.wtlv.write(this.outBuf.data, this.outBuf.offset(), sign);
                            this.wtlv.pop();
                            this.wtlv.pop();
                            this.wtlv.end();
                            sendOutgoing(apdu);
                            break;
                        } else {
                            this.tlv.abort();
                            ISOException.throwIt((short) 26368);
                            return;
                        }
                    } else {
                        if (b2 == -16) {
                            keyAgreement = this.ecdhSha;
                        } else {
                            if (b2 != 17) {
                                this.tlv.abort();
                                ISOException.throwIt((short) 26368);
                                return;
                            }
                            keyAgreement = this.ecdh;
                        }
                        if (keyAgreement != null) {
                            this.incoming.steal((short) 257, this.outBuf);
                            short read = this.tlv.read(this.tempBuf, this.tlv.tagLength());
                            this.tlv.end();
                            keyAgreement.init(pivSlot.asym.getPrivate());
                            short generateSecret = keyAgreement.generateSecret(this.tempBuf.data, this.tempBuf.offset(), read, this.outBuf.data, this.outBuf.offset());
                            this.outgoing.reset();
                            this.wtlv.start(this.outgoing);
                            this.wtlv.push((byte) 124, (short) (generateSecret + 4));
                            this.wtlv.push(ISO7816.INS_EXTERNAL_AUTHENTICATE, generateSecret);
                            this.wtlv.write(this.outBuf.data, this.outBuf.offset(), generateSecret);
                            this.wtlv.pop();
                            this.wtlv.pop();
                            this.wtlv.end();
                            sendOutgoing(apdu);
                            break;
                        } else {
                            this.tlv.abort();
                            ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
                            return;
                        }
                    }
                    break;
                default:
                    this.tlv.abort();
                    ISOException.throwIt((short) 26368);
                    return;
            }
            this.tlv.end();
            this.tlv.finish();
        }
    }

    private void processGetData(APDU apdu) {
        byte[] buffer = apdu.getBuffer();
        if (buffer[2] != 63 || buffer[3] != -1) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
            return;
        }
        short incomingAndReceive = apdu.setIncomingAndReceive();
        if (incomingAndReceive != apdu.getIncomingLength()) {
            ISOException.throwIt((short) 26368);
            return;
        }
        this.apduStream.reset((short) 5, incomingAndReceive);
        this.tlv.start(this.apduStream);
        if (this.tlv.readTag() != 92) {
            this.tlv.abort();
            ISOException.throwIt((short) 26368);
            return;
        }
        short tagLength = this.tlv.tagLength();
        if (tagLength != 3) {
            if (tagLength != 1 || this.tlv.readByte() != 126) {
                this.tlv.abort();
                ISOException.throwIt(ISO7816.SW_FILE_NOT_FOUND);
                return;
            } else {
                this.tlv.end();
                this.tlv.finish();
                sendDiscoveryObject(apdu);
                return;
            }
        }
        byte readByte = this.tlv.readByte();
        byte readByte2 = this.tlv.readByte();
        byte readByte3 = this.tlv.readByte();
        if (readByte != 95) {
            ISOException.throwIt(ISO7816.SW_FILE_NOT_FOUND);
            return;
        }
        File file = readByte2 == -1 ? (readByte3 < 0 || readByte3 > 1) ? null : this.ykFiles[readByte3] : readByte2 == -63 ? (readByte3 < 0 || readByte3 > 23) ? null : this.files[readByte3] : null;
        this.tlv.end();
        this.tlv.finish();
        if (file == null || file.data == null || file.len == 0) {
            ISOException.throwIt(ISO7816.SW_FILE_NOT_FOUND);
            return;
        }
        byte b = isContact() ? file.contact : file.contactless;
        if (b == 2) {
            ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
            return;
        }
        if (b == 1 && !this.pivPin.isValidated()) {
            ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
            return;
        }
        this.outgoing.reset();
        this.wtlv.start(this.outgoing);
        this.wtlv.push((byte) 83, file.len);
        this.wtlv.write(file.data, (short) 0, file.len);
        this.wtlv.pop();
        this.wtlv.end();
        sendOutgoing(apdu);
    }

    private void processGetSerial(APDU apdu) {
        byte[] buffer = apdu.getBuffer();
        short outgoing = apdu.setOutgoing();
        short s = (short) 1;
        buffer[0] = this.serial[0];
        short s2 = (short) (s + 1);
        buffer[s] = this.serial[1];
        short s3 = (short) (s2 + 1);
        buffer[s2] = this.serial[2];
        short s4 = (short) (s3 + 1);
        buffer[s3] = this.serial[3];
        if (outgoing > 0 && outgoing <= s4) {
            s4 = outgoing;
        }
        apdu.setOutgoingLength(s4);
        apdu.sendBytes((short) 0, s4);
    }

    private void processGetVersion(APDU apdu) {
        byte[] buffer = apdu.getBuffer();
        short outgoing = apdu.setOutgoing();
        short s = (short) 1;
        buffer[0] = YKPIV_VERSION[0];
        short s2 = (short) (s + 1);
        buffer[s] = YKPIV_VERSION[1];
        short s3 = (short) (s2 + 1);
        buffer[s2] = YKPIV_VERSION[2];
        short s4 = outgoing > 0 ? outgoing > s3 ? s3 : outgoing : s3;
        apdu.setOutgoingLength(s4);
        apdu.sendBytes((short) 0, s4);
    }

    private void processImportAsym(APDU apdu) {
        PivSlot pivSlot;
        byte[] buffer = apdu.getBuffer();
        byte b = buffer[2];
        byte b2 = buffer[3];
        if (!this.slots[1].flags[0]) {
            ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
            return;
        }
        if (b2 >= -102 && b2 <= -98) {
            pivSlot = this.slots[(byte) (b2 + 102)];
        } else if (b2 < -126 || b2 > -116) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
            return;
        } else {
            pivSlot = this.slots[(byte) (((byte) (b2 + 126)) + 5)];
        }
        if (pivSlot == null) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
            return;
        }
        if (receiveChain(apdu)) {
            this.tlv.start(this.incoming);
            switch (b) {
                case 6:
                    if (pivSlot.asym == null || pivSlot.asymAlg != b) {
                        pivSlot.asym = new KeyPair((byte) 2, (short) 1024);
                    }
                    pivSlot.asymAlg = b;
                    break;
                case 7:
                    if (pivSlot.asym == null || pivSlot.asymAlg != b) {
                        pivSlot.asym = new KeyPair((byte) 2, (short) 2048);
                    }
                    pivSlot.asymAlg = b;
                    break;
                case 17:
                    if (this.ecdsaP256Sha != null || this.ecdsaP256Sha256 != null) {
                        if (pivSlot.asym == null || pivSlot.asymAlg != b) {
                            ECPrivateKey eCPrivateKey = (ECPrivateKey) KeyBuilder.buildKey((byte) 12, (short) 256, false);
                            ECPublicKey eCPublicKey = (ECPublicKey) KeyBuilder.buildKey((byte) 11, (short) 256, false);
                            pivSlot.asym = new KeyPair(eCPublicKey, eCPrivateKey);
                            ECParams.setCurveParameters(eCPrivateKey);
                            ECParams.setCurveParameters(eCPublicKey);
                        }
                        pivSlot.asymAlg = b;
                        break;
                    } else {
                        this.tlv.abort();
                        ISOException.throwIt((short) 26368);
                        return;
                    }
                    break;
                default:
                    this.tlv.abort();
                    ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
                    return;
            }
            pivSlot.imported = true;
            switch (b) {
                case 6:
                case 7:
                    RSAPublicKey rSAPublicKey = (RSAPublicKey) pivSlot.asym.getPublic();
                    RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) pivSlot.asym.getPrivate();
                    rSAPublicKey.clearKey();
                    rSAPrivateCrtKey.clearKey();
                    while (!this.tlv.atEnd()) {
                        byte readTag = this.tlv.readTag();
                        short tagLength = this.tlv.tagLength();
                        switch (readTag) {
                            case -86:
                                if (this.tlv.tagLength() != 1) {
                                    this.tlv.abort();
                                    ISOException.throwIt((short) 26368);
                                    return;
                                }
                                byte readByte = this.tlv.readByte();
                                this.tlv.end();
                                switch (readByte) {
                                    case 0:
                                        if (b2 != -98) {
                                            if (b2 != -100) {
                                                pivSlot.pinPolicy = (byte) 2;
                                                break;
                                            } else {
                                                pivSlot.pinPolicy = (byte) 3;
                                                break;
                                            }
                                        } else {
                                            pivSlot.pinPolicy = (byte) 1;
                                            break;
                                        }
                                    case 1:
                                    case 2:
                                    case 3:
                                        pivSlot.pinPolicy = readByte;
                                        break;
                                    default:
                                        this.tlv.abort();
                                        ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
                                        return;
                                }
                            case -85:
                                if (this.tlv.tagLength() != 1) {
                                    this.tlv.abort();
                                    ISOException.throwIt((short) 26368);
                                    return;
                                }
                                byte readByte2 = this.tlv.readByte();
                                this.tlv.end();
                                if (readByte2 != 0 && readByte2 != 1) {
                                    this.tlv.abort();
                                    ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
                                    return;
                                }
                                break;
                            case 1:
                                this.tlv.read(this.tempBuf, tagLength);
                                rSAPrivateCrtKey.setP(this.tempBuf.data, this.tempBuf.offset(), tagLength);
                                this.tlv.end();
                                break;
                            case 2:
                                this.tlv.read(this.tempBuf, tagLength);
                                rSAPrivateCrtKey.setQ(this.tempBuf.data, this.tempBuf.offset(), tagLength);
                                this.tlv.end();
                                break;
                            case 3:
                                this.tlv.read(this.tempBuf, tagLength);
                                rSAPrivateCrtKey.setDP1(this.tempBuf.data, this.tempBuf.offset(), tagLength);
                                this.tlv.end();
                                break;
                            case 4:
                                this.tlv.read(this.tempBuf, tagLength);
                                rSAPrivateCrtKey.setDQ1(this.tempBuf.data, this.tempBuf.offset(), tagLength);
                                this.tlv.end();
                                break;
                            case 5:
                                this.tlv.read(this.tempBuf, tagLength);
                                rSAPrivateCrtKey.setPQ(this.tempBuf.data, this.tempBuf.offset(), tagLength);
                                this.tlv.end();
                                break;
                            default:
                                this.tlv.abort();
                                ISOException.throwIt((short) 26368);
                                return;
                        }
                    }
                    break;
                case 17:
                    ECPublicKey eCPublicKey2 = (ECPublicKey) pivSlot.asym.getPublic();
                    ECPrivateKey eCPrivateKey2 = (ECPrivateKey) pivSlot.asym.getPrivate();
                    eCPublicKey2.clearKey();
                    eCPrivateKey2.clearKey();
                    while (!this.tlv.atEnd()) {
                        byte readTag2 = this.tlv.readTag();
                        short tagLength2 = this.tlv.tagLength();
                        switch (readTag2) {
                            case -86:
                                if (this.tlv.tagLength() != 1) {
                                    this.tlv.abort();
                                    ISOException.throwIt((short) 26368);
                                    return;
                                }
                                byte readByte3 = this.tlv.readByte();
                                this.tlv.end();
                                switch (readByte3) {
                                    case 0:
                                        if (b2 != -98) {
                                            if (b2 != -100) {
                                                pivSlot.pinPolicy = (byte) 2;
                                                break;
                                            } else {
                                                pivSlot.pinPolicy = (byte) 3;
                                                break;
                                            }
                                        } else {
                                            pivSlot.pinPolicy = (byte) 1;
                                            break;
                                        }
                                    case 1:
                                    case 2:
                                    case 3:
                                        pivSlot.pinPolicy = readByte3;
                                        break;
                                    default:
                                        this.tlv.abort();
                                        ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
                                        return;
                                }
                            case -85:
                                if (this.tlv.tagLength() != 1) {
                                    this.tlv.abort();
                                    ISOException.throwIt((short) 26368);
                                    return;
                                }
                                byte readByte4 = this.tlv.readByte();
                                this.tlv.end();
                                if (readByte4 != 0 && readByte4 != 1) {
                                    this.tlv.abort();
                                    ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
                                    return;
                                }
                                break;
                            case 6:
                                this.tlv.read(this.tempBuf, tagLength2);
                                eCPrivateKey2.setS(this.tempBuf.data, this.tempBuf.offset(), tagLength2);
                                this.tlv.end();
                                break;
                            default:
                                this.tlv.abort();
                                ISOException.throwIt((short) 26368);
                                return;
                        }
                    }
                    break;
                default:
                    this.tlv.abort();
                    ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
                    return;
            }
            this.tlv.finish();
            if (pivSlot.asym.getPrivate().isInitialized()) {
                return;
            }
            pivSlot.asym.getPrivate().clearKey();
            ISOException.throwIt((short) 26368);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void processPutData(APDU apdu) {
        File file;
        byte[] buffer = apdu.getBuffer();
        if (buffer[2] != 63 || buffer[3] != -1) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
            return;
        }
        if (receiveChain(apdu)) {
            this.tlv.start(this.incoming);
            if (this.tlv.readTag() != 92) {
                this.tlv.abort();
                ISOException.throwIt((short) 26368);
                return;
            }
            if (!this.slots[1].flags[0]) {
                this.tlv.abort();
                ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
                return;
            }
            if (this.tlv.tagLength() != 3) {
                this.tlv.abort();
                ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
                return;
            }
            byte readByte = this.tlv.readByte();
            byte readByte2 = this.tlv.readByte();
            byte readByte3 = this.tlv.readByte();
            if (readByte != 95) {
                ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
                return;
            }
            if (readByte2 == -1) {
                if (readByte3 < 0 || readByte3 > 1) {
                    file = null;
                } else {
                    if (this.ykFiles[readByte3] == null) {
                        this.ykFiles[readByte3] = new File();
                    }
                    file = this.ykFiles[readByte3];
                }
            } else if (readByte2 != -63) {
                file = null;
            } else if (readByte3 < 0 || readByte3 > 23) {
                file = null;
            } else {
                if (this.files[readByte3] == null) {
                    this.files[readByte3] = new File();
                }
                file = this.files[readByte3];
            }
            this.tlv.end();
            if (file == null) {
                ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
                return;
            }
            if (this.tlv.readTag() != 83) {
                this.tlv.abort();
                ISOException.throwIt((short) 26368);
                return;
            }
            boolean z = false;
            int tagLength = this.tlv.tagLength();
            if (file.data == null) {
                file.data = new byte[tagLength];
            }
            if (file.data.length < tagLength) {
                file.data = new byte[tagLength];
                z = true;
            }
            file.len = this.tlv.read(file.data, (short) 0, tagLength);
            this.tlv.end();
            this.tlv.finish();
            if (z && !this.incoming.gcBlewUp) {
                try {
                    JCSystem.requestObjectDeletion();
                } catch (Exception e) {
                    this.incoming.gcBlewUp = true;
                }
            }
            this.incoming.cullNonTransient();
        }
    }

    private void processReset(APDU apdu) {
        if (this.pivPin.getTriesRemaining() > 0 || this.pukPin.getTriesRemaining() > 0) {
            ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
            return;
        }
        for (byte b = 0; b < 17; b = (byte) (b + 1)) {
            PivSlot pivSlot = this.slots[b];
            if (pivSlot != null) {
                if (pivSlot.asym != null) {
                    pivSlot.asym.getPrivate().clearKey();
                }
                pivSlot.asymAlg = (byte) -1;
                pivSlot.imported = false;
                if (pivSlot.cert != null) {
                    pivSlot.cert.len = (short) 0;
                }
            }
        }
        for (byte b2 = 0; b2 < 23; b2 = (byte) (b2 + 1)) {
            File file = this.files[b2];
            if (file != null) {
                file.len = (short) 0;
            }
        }
        ((DESKey) this.slots[1].sym).setKey(DEFAULT_ADMIN_KEY, (short) 0);
        this.pivPin = new OwnerPIN((byte) 5, (byte) 8);
        this.pivPin.update(DEFAULT_PIN, (short) 0, (byte) 8);
        this.pukPin = new OwnerPIN((byte) 3, (byte) 8);
        this.pukPin.update(DEFAULT_PUK, (short) 0, (byte) 8);
        this.randData.generateData(this.guid, (short) 0, (short) 16);
        this.randData.generateData(this.cardId, (short) CARD_ID_FIXED.length, (short) (21 - ((short) CARD_ID_FIXED.length)));
        this.randData.generateData(this.serial, (short) 0, (short) 4);
        byte[] bArr = this.serial;
        bArr[0] = (byte) (bArr[0] | Byte.MIN_VALUE);
        initCARDCAP();
        initCHUID();
        initKEYHIST();
        initAttestation();
        try {
            JCSystem.requestObjectDeletion();
        } catch (Exception e) {
            this.incoming.gcBlewUp = true;
        }
    }

    private void processResetPin(APDU apdu) {
        byte[] buffer = apdu.getBuffer();
        if (buffer[2] != 0) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
            return;
        }
        switch (buffer[3]) {
            case Byte.MIN_VALUE:
                OwnerPIN ownerPIN = this.pivPin;
                short incomingAndReceive = apdu.setIncomingAndReceive();
                if (incomingAndReceive != apdu.getIncomingLength()) {
                    ISOException.throwIt((short) 26368);
                    return;
                }
                if (incomingAndReceive != 16) {
                    ISOException.throwIt((short) 26368);
                    return;
                }
                if (!this.pukPin.isValidated() && !this.pukPin.check(buffer, (short) 5, (byte) 8)) {
                    ISOException.throwIt((short) (this.pukPin.getTriesRemaining() | 25536));
                    return;
                }
                short s = (short) 13;
                short s2 = s;
                while (s2 < ((short) (s + 6))) {
                    if (buffer[s2] < 48 || buffer[s2] > 57) {
                        ISOException.throwIt((short) 26368);
                        return;
                    }
                    s2 = (short) (s2 + 1);
                }
                while (s2 < ((short) (s + 8))) {
                    if (buffer[s2] != -1 && (buffer[s2] < 48 || buffer[s2] > 57)) {
                        ISOException.throwIt((short) 26368);
                        return;
                    }
                    s2 = (short) (s2 + 1);
                }
                ownerPIN.update(buffer, s, (byte) 8);
                ownerPIN.resetAndUnblock();
                return;
            default:
                ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
                return;
        }
    }

    private void processSGDebug(APDU apdu) {
        short s;
        byte[] buffer = apdu.getBuffer();
        short outgoing = apdu.setOutgoing();
        short s2 = Util.setShort(buffer, Util.setShort(buffer, (short) 0, this.incoming.state[0]), this.incoming.state[1]);
        short s3 = 0;
        while (true) {
            s = s2;
            if (s3 >= 16 || this.incoming.buffers[s3].data == null) {
                break;
            }
            short s4 = (short) (s + 1);
            buffer[s] = (byte) s3;
            byte b = this.incoming.buffers[s3].isDynamic ? (byte) 1 : (byte) 0;
            if (this.incoming.buffers[s3].isTransient) {
                b = (byte) (b | 2);
            }
            buffer[s4] = b;
            s2 = Util.setShort(buffer, Util.setShort(buffer, Util.setShort(buffer, (short) (s4 + 1), (short) this.incoming.buffers[s3].data.length), this.incoming.buffers[s3].state[0]), this.incoming.buffers[s3].state[1]);
            s3 = (short) (s3 + 1);
        }
        short s5 = outgoing > 0 ? outgoing > s ? s : outgoing : s;
        apdu.setOutgoingLength(s5);
        apdu.sendBytes((short) 0, s5);
    }

    private void processSetMgmtKey(APDU apdu) {
        byte[] buffer = apdu.getBuffer();
        if (buffer[2] != -1 || buffer[3] != -1) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
            return;
        }
        if (!this.slots[1].flags[0]) {
            ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
            return;
        }
        short incomingAndReceive = apdu.setIncomingAndReceive();
        if (incomingAndReceive != apdu.getIncomingLength()) {
            ISOException.throwIt((short) 26368);
            return;
        }
        if (incomingAndReceive != 27) {
            ISOException.throwIt((short) 26368);
            return;
        }
        short s = (short) 6;
        byte b = buffer[5];
        short s2 = (short) (s + 1);
        byte b2 = buffer[s];
        short s3 = (short) (s2 + 1);
        byte b3 = buffer[s2];
        if (b == 3 && b2 == -101 && b3 == 24) {
            ((DESKey) this.slots[1].sym).setKey(buffer, s3);
        } else {
            ISOException.throwIt((short) 26368);
        }
    }

    private void processSetPinRetries(APDU apdu) {
        byte[] buffer = apdu.getBuffer();
        byte b = buffer[2];
        byte b2 = buffer[3];
        if (!this.slots[1].flags[0]) {
            ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
            return;
        }
        if (!this.pivPin.isValidated()) {
            ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
            return;
        }
        this.pivPin = new OwnerPIN(b, (byte) 8);
        this.pivPin.update(DEFAULT_PIN, (short) 0, (byte) 8);
        this.pukPin = new OwnerPIN(b2, (byte) 8);
        this.pukPin.update(DEFAULT_PUK, (short) 0, (byte) 8);
    }

    private void processVerify(APDU apdu) {
        OwnerPIN ownerPIN;
        byte[] buffer = apdu.getBuffer();
        if (buffer[2] != 0 && buffer[2] != -1) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
            return;
        }
        switch (buffer[3]) {
            case Byte.MIN_VALUE:
                ownerPIN = this.pivPin;
                break;
            case -127:
                ownerPIN = this.pukPin;
                break;
            default:
                ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
                return;
        }
        short incomingAndReceive = apdu.setIncomingAndReceive();
        if (incomingAndReceive != apdu.getIncomingLength()) {
            ISOException.throwIt((short) 26368);
            return;
        }
        if (incomingAndReceive == 0 && ownerPIN.isValidated()) {
            ISOException.throwIt(ISO7816.SW_NO_ERROR);
            return;
        }
        if (incomingAndReceive == 0) {
            ISOException.throwIt((short) (ownerPIN.getTriesRemaining() | 25536));
            return;
        }
        if (incomingAndReceive != 8) {
            ISOException.throwIt((short) 26368);
            return;
        }
        if (ownerPIN.check(buffer, (short) 5, (byte) 8)) {
            for (short s = 0; s < 17; s = (short) (s + 1)) {
                PivSlot pivSlot = this.slots[s];
                if (pivSlot != null && s != 1) {
                    pivSlot.flags[0] = true;
                    pivSlot.flags[1] = false;
                }
            }
            return;
        }
        if (this.pukPin.getTriesRemaining() == 0) {
            for (short s2 = 0; s2 < 17; s2 = (short) (s2 + 1)) {
                PivSlot pivSlot2 = this.slots[s2];
                if (pivSlot2 != null && pivSlot2.asym != null) {
                    pivSlot2.asym.getPrivate().clearKey();
                }
            }
        }
        ISOException.throwIt((short) (ownerPIN.getTriesRemaining() | 25536));
    }

    private boolean receiveChain(APDU apdu) {
        byte[] buffer = apdu.getBuffer();
        byte b = (byte) (buffer[0] & 16);
        if (this.incoming.atEnd()) {
            this.incoming.reset();
        }
        short incomingAndReceive = apdu.setIncomingAndReceive();
        while (incomingAndReceive > 0) {
            this.incoming.write(buffer, (short) 5, incomingAndReceive);
            incomingAndReceive = apdu.receiveBytes((short) 5);
        }
        if (b == 0) {
            return true;
        }
        ISOException.throwIt(ISO7816.SW_NO_ERROR);
        return false;
    }

    private void sendDiscoveryObject(APDU apdu) {
        this.outgoing.reset();
        this.wtlv.start(this.outgoing);
        this.wtlv.push((byte) 126);
        this.wtlv.push((byte) 79);
        this.wtlv.write(PIV_AID, (short) 0, (short) PIV_AID.length);
        this.wtlv.pop();
        this.wtlv.push((short) 24367);
        this.wtlv.writeByte((byte) 64);
        this.wtlv.writeByte((byte) 0);
        this.wtlv.pop();
        this.wtlv.pop();
        this.wtlv.end();
        sendOutgoing(apdu);
    }

    private void sendOutgoing(APDU apdu) {
        short available = this.outgoing.available();
        if (available < 1) {
            ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
            return;
        }
        short outgoing = apdu.setOutgoing();
        byte[] buffer = apdu.getBuffer();
        short s = available;
        if (outgoing > 0 && s > outgoing) {
            s = outgoing;
        }
        if (s > 255) {
            s = 255;
        }
        short s2 = (short) (available - s);
        byte b = s2 > 255 ? (byte) -1 : (byte) s2;
        apdu.setOutgoingLength(s);
        this.outgoing.read(buffer, (short) 0, s);
        apdu.sendBytes((short) 0, s);
        if (s2 > 0) {
            ISOException.throwIt((short) ((b & 255) | 24832));
        } else {
            ISOException.throwIt(ISO7816.SW_NO_ERROR);
        }
    }

    private void sendSelectResponse(APDU apdu) {
        this.outgoing.reset();
        this.wtlv.start(this.outgoing);
        this.wtlv.push((byte) 97);
        this.wtlv.push((byte) 79);
        this.wtlv.write(PIV_AID, (short) 0, (short) PIV_AID.length);
        this.wtlv.pop();
        this.wtlv.push(YkneoOath.VERSION_TAG);
        this.wtlv.push((byte) 79);
        this.wtlv.write(PIV_AID, (short) 0, (short) PIV_AID.length);
        this.wtlv.pop();
        this.wtlv.pop();
        this.wtlv.push((byte) 80);
        this.wtlv.write(APP_NAME, (short) 0, (short) APP_NAME.length);
        this.wtlv.pop();
        this.wtlv.push((byte) -84);
        this.wtlv.push(Byte.MIN_VALUE);
        this.wtlv.writeByte((byte) 3);
        this.wtlv.pop();
        this.wtlv.push(Byte.MIN_VALUE);
        this.wtlv.writeByte((byte) 6);
        this.wtlv.pop();
        this.wtlv.push(Byte.MIN_VALUE);
        this.wtlv.writeByte((byte) 7);
        this.wtlv.pop();
        if (this.ecdsaP256Sha != null || this.ecdsaP256Sha256 != null) {
            this.wtlv.push(Byte.MIN_VALUE);
            this.wtlv.writeByte((byte) 17);
            this.wtlv.pop();
        }
        if (this.ecdsaP256Sha != null) {
            this.wtlv.push(Byte.MIN_VALUE);
            this.wtlv.writeByte((byte) -16);
            this.wtlv.pop();
        }
        if (this.ecdsaP256Sha256 != null) {
            this.wtlv.push(Byte.MIN_VALUE);
            this.wtlv.writeByte(PIV_ALG_ECCP256_SHA256);
            this.wtlv.pop();
        }
        this.wtlv.push((byte) 6);
        this.wtlv.pop();
        this.wtlv.pop();
        this.wtlv.pop();
        this.wtlv.end();
        sendOutgoing(apdu);
    }

    private void writeAttestationCert(PivSlot pivSlot) {
        Signature signature;
        PivSlot pivSlot2 = this.slots[16];
        if (pivSlot2.asymAlg == 6 || pivSlot2.asymAlg == 7) {
            signature = this.rsaSha256 != null ? this.rsaSha256 : this.rsaSha;
        } else {
            if (pivSlot2.asymAlg != 17) {
                ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
                return;
            }
            signature = this.ecdsaP256Sha256 != null ? this.ecdsaP256Sha256 : this.ecdsaP256Sha;
        }
        if (signature == null) {
            ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
            return;
        }
        this.randData.generateData(this.certSerial, (short) 0, (short) this.certSerial.length);
        this.certSerial[0] = (byte) (this.certSerial[0] & Byte.MAX_VALUE);
        this.outgoing.reset();
        this.wtlv.start(this.outgoing);
        writeX509CertInfo(pivSlot);
        this.wtlv.end();
        signature.init(pivSlot2.asym.getPrivate(), (byte) 1);
        short available = this.outgoing.available();
        while (available > 0) {
            short readPartial = this.outgoing.readPartial(this.tempBuf, available);
            signature.update(this.tempBuf.data, this.tempBuf.offset(), readPartial);
            available = (short) (available - readPartial);
        }
        this.outgoing.reset();
        this.wtlv.start(this.outgoing);
        if (pivSlot.id == -7) {
            this.wtlv.push64k((byte) 112);
        }
        this.wtlv.push64k((byte) 48);
        writeX509CertInfo(pivSlot);
        this.wtlv.push((byte) 48);
        if (pivSlot2.asymAlg == 6 || pivSlot2.asymAlg == 7) {
            this.wtlv.push((byte) 6);
            if (this.rsaSha256 != null) {
                this.wtlv.write(OID_RSA_SHA256, (short) 0, (short) OID_RSA_SHA256.length);
            } else if (this.rsaSha != null) {
                this.wtlv.write(OID_RSA_SHA, (short) 0, (short) OID_RSA_SHA.length);
            }
            this.wtlv.pop();
            this.wtlv.push((byte) 5);
            this.wtlv.pop();
        } else if (pivSlot2.asymAlg == 17) {
            this.wtlv.push((byte) 6);
            if (this.ecdsaP256Sha256 != null) {
                this.wtlv.write(OID_ECDSA_SHA256, (short) 0, (short) OID_ECDSA_SHA256.length);
            } else if (this.ecdsaP256Sha != null) {
                this.wtlv.write(OID_ECDSA_SHA, (short) 0, (short) OID_ECDSA_SHA.length);
            }
            this.wtlv.pop();
        }
        this.wtlv.pop();
        this.wtlv.push64k((byte) 3);
        this.wtlv.writeByte((byte) 0);
        this.wtlv.startReserve((short) 257, this.tempBuf);
        this.wtlv.endReserve(signature.sign(null, (short) 0, (short) 0, this.tempBuf.data, this.tempBuf.offset()));
        this.wtlv.pop();
        this.wtlv.pop();
        if (pivSlot.id == -7) {
            this.wtlv.pop();
        }
        this.wtlv.end();
    }

    private void writeHex(byte b) {
        byte b2 = (byte) (b & 15);
        byte b3 = (byte) (((byte) (b >> 4)) & 15);
        byte b4 = b2 <= 9 ? (byte) (b2 + 48) : (byte) (((byte) (b2 - 10)) + 65);
        this.wtlv.writeByte(b3 <= 9 ? (byte) (b3 + 48) : (byte) (((byte) (b3 - 10)) + 65));
        this.wtlv.writeByte(b4);
    }

    private void writeX509CertInfo(PivSlot pivSlot) {
        PivSlot pivSlot2 = this.slots[16];
        this.wtlv.push64k((byte) 48);
        this.wtlv.push((byte) -96);
        this.wtlv.push((byte) 2);
        this.wtlv.writeByte((byte) 2);
        this.wtlv.pop();
        this.wtlv.pop();
        this.wtlv.push((byte) 2);
        this.wtlv.write(this.certSerial, (short) 0, (short) this.certSerial.length);
        this.wtlv.pop();
        this.wtlv.push((byte) 48);
        if (pivSlot2.asymAlg == 6 || pivSlot2.asymAlg == 7) {
            this.wtlv.push((byte) 6);
            if (this.rsaSha256 != null) {
                this.wtlv.write(OID_RSA_SHA256, (short) 0, (short) OID_RSA_SHA256.length);
            } else if (this.rsaSha != null) {
                this.wtlv.write(OID_RSA_SHA, (short) 0, (short) OID_RSA_SHA.length);
            }
            this.wtlv.pop();
            this.wtlv.push((byte) 5);
            this.wtlv.pop();
        }
        if (pivSlot2.asymAlg == 17) {
            this.wtlv.push((byte) 6);
            if (this.ecdsaP256Sha256 != null) {
                this.wtlv.write(OID_ECDSA_SHA256, (short) 0, (short) OID_ECDSA_SHA256.length);
            } else if (this.ecdsaP256Sha != null) {
                this.wtlv.write(OID_ECDSA_SHA, (short) 0, (short) OID_ECDSA_SHA.length);
            }
            this.wtlv.pop();
        }
        this.wtlv.pop();
        this.wtlv.push((byte) 48);
        this.wtlv.push(ASN1_SET);
        this.wtlv.push((byte) 48);
        this.wtlv.push((byte) 6);
        this.wtlv.write(OID_CN, (short) 0, (short) OID_CN.length);
        this.wtlv.pop();
        this.wtlv.push((byte) 12);
        this.wtlv.write(CN_STRING, (short) 0, (short) CN_STRING.length);
        this.wtlv.pop();
        this.wtlv.pop();
        this.wtlv.pop();
        this.wtlv.pop();
        this.wtlv.push((byte) 48);
        this.wtlv.push((byte) 24);
        this.wtlv.write(X509_NOTBEFORE, (short) 0, (short) X509_NOTBEFORE.length);
        this.wtlv.pop();
        this.wtlv.push((byte) 24);
        this.wtlv.write(X509_NOTAFTER, (short) 0, (short) X509_NOTAFTER.length);
        this.wtlv.pop();
        this.wtlv.pop();
        this.wtlv.push((byte) 48);
        this.wtlv.push(ASN1_SET);
        this.wtlv.push((byte) 48);
        this.wtlv.push((byte) 6);
        this.wtlv.write(OID_CN, (short) 0, (short) OID_CN.length);
        this.wtlv.pop();
        this.wtlv.push((byte) 12);
        this.wtlv.write(CN_STRING, (short) 0, (short) CN_STRING.length);
        if (pivSlot.id != -7) {
            this.wtlv.writeByte((byte) 32);
            writeHex(pivSlot.id);
        }
        this.wtlv.pop();
        this.wtlv.pop();
        this.wtlv.pop();
        this.wtlv.pop();
        if (pivSlot.asymAlg == 17) {
            ECPublicKey eCPublicKey = (ECPublicKey) pivSlot.asym.getPublic();
            this.wtlv.push((byte) 48);
            this.wtlv.push((byte) 48);
            this.wtlv.push((byte) 6);
            this.wtlv.write(OID_ECPUBKEY, (short) 0, (short) OID_ECPUBKEY.length);
            this.wtlv.pop();
            this.wtlv.push((byte) 6);
            this.wtlv.write(OID_SECP256, (short) 0, (short) OID_SECP256.length);
            this.wtlv.pop();
            this.wtlv.pop();
            this.wtlv.push((byte) 3);
            this.wtlv.writeByte((byte) 0);
            this.wtlv.startReserve((short) 33, this.tempBuf);
            this.wtlv.endReserve(eCPublicKey.getW(this.tempBuf.data, this.tempBuf.offset()));
            this.wtlv.pop();
        }
        if (pivSlot.asymAlg == 6 || pivSlot.asymAlg == 7) {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) pivSlot.asym.getPublic();
            this.wtlv.push64k((byte) 48);
            this.wtlv.push((byte) 48);
            this.wtlv.push((byte) 6);
            this.wtlv.write(OID_RSA, (short) 0, (short) OID_RSA.length);
            this.wtlv.pop();
            this.wtlv.push((byte) 5);
            this.wtlv.pop();
            this.wtlv.pop();
            this.wtlv.push64k((byte) 3);
            this.wtlv.writeByte((byte) 0);
            this.wtlv.push64k((byte) 48);
            this.wtlv.push64k((byte) 2);
            this.wtlv.startReserve((short) 257, this.tempBuf);
            this.wtlv.endReserve(rSAPublicKey.getModulus(this.tempBuf.data, this.tempBuf.offset()));
            this.wtlv.pop();
            this.wtlv.push((byte) 2);
            this.wtlv.startReserve((short) 9, this.tempBuf);
            this.wtlv.endReserve(rSAPublicKey.getExponent(this.tempBuf.data, this.tempBuf.offset()));
            this.wtlv.pop();
            this.wtlv.pop();
            this.wtlv.pop();
        }
        this.wtlv.pop();
        this.wtlv.push((byte) -93);
        this.wtlv.push((byte) 48);
        this.wtlv.push((byte) 48);
        this.wtlv.push((byte) 6);
        this.wtlv.write(OID_YUBICOX, (short) 0, (short) OID_YUBICOX.length);
        this.wtlv.writeByte((byte) 3);
        this.wtlv.pop();
        this.wtlv.push((byte) 4);
        this.wtlv.writeByte(YKPIV_VERSION[0]);
        this.wtlv.writeByte(YKPIV_VERSION[1]);
        this.wtlv.writeByte(YKPIV_VERSION[2]);
        this.wtlv.pop();
        this.wtlv.pop();
        this.wtlv.push((byte) 48);
        this.wtlv.push((byte) 6);
        this.wtlv.write(OID_YUBICOX, (short) 0, (short) OID_YUBICOX.length);
        this.wtlv.writeByte((byte) 8);
        this.wtlv.pop();
        this.wtlv.push((byte) 4);
        this.wtlv.writeByte(pivSlot.pinPolicy);
        this.wtlv.writeByte((byte) 1);
        this.wtlv.pop();
        this.wtlv.pop();
        this.wtlv.pop();
        this.wtlv.pop();
        this.wtlv.pop();
    }

    @Override // javacard.framework.Applet
    public void process(APDU apdu) {
        byte[] buffer = apdu.getBuffer();
        byte b = buffer[1];
        byte b2 = (byte) (buffer[0] & 16);
        if (!apdu.isISOInterindustryCLA()) {
            ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
            return;
        }
        if (selectingApplet()) {
            sendSelectResponse(apdu);
            return;
        }
        if (b2 == 0) {
            lockPINAlwaysSlots();
        }
        switch (b) {
            case -121:
                processGeneralAuth(apdu);
                return;
            case -64:
                continueResponse(apdu);
                return;
            case -53:
                processGetData(apdu);
                return;
            case -37:
                processPutData(apdu);
                return;
            case -32:
                processSGDebug(apdu);
                return;
            case -8:
                processGetSerial(apdu);
                return;
            case -7:
                processAttest(apdu);
                return;
            case -6:
                processSetPinRetries(apdu);
                return;
            case -5:
                processReset(apdu);
                return;
            case -3:
                processGetVersion(apdu);
                return;
            case -2:
                processImportAsym(apdu);
                return;
            case -1:
                processSetMgmtKey(apdu);
                return;
            case 32:
                processVerify(apdu);
                return;
            case 36:
                processChangePin(apdu);
                return;
            case 44:
                processResetPin(apdu);
                return;
            case 71:
                processGenAsym(apdu);
                return;
            default:
                ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
                return;
        }
    }
}
