package nl.innovalor.mrtd;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.KeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.TreeMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.KeyAgreement;
import net.sf.scuba.smartcards.CardFileInputStream;
import net.sf.scuba.smartcards.CardService;
import net.sf.scuba.smartcards.CardServiceException;
import net.sf.scuba.smartcards.CommandAPDU;
import net.sf.scuba.smartcards.ResponseAPDU;
import net.sf.scuba.util.Hex;
import nl.innovalor.euedl.lds.DG11File;
import nl.innovalor.euedl.lds.DG12File;
import nl.innovalor.euedl.lds.DG13File;
import nl.innovalor.euedl.lds.DG1File;
import nl.innovalor.euedl.lds.DG5File;
import nl.innovalor.euedl.lds.DrivingLicenseFile;
import nl.innovalor.euedl.service.BAPKeySpec;
import nl.innovalor.euedl.service.DrivingLicenseService;
import nl.innovalor.logging.JavaUtilLogger;
import nl.innovalor.logging.Loggable;
import nl.innovalor.logging.data.Action;
import nl.innovalor.mrtd.model.AAConfig;
import nl.innovalor.mrtd.model.AccessControlStatus;
import nl.innovalor.mrtd.model.AccessControlType;
import nl.innovalor.mrtd.model.ActiveAuthenticationResult;
import nl.innovalor.mrtd.model.DocumentType;
import nl.innovalor.mrtd.model.VerificationStatus;
import org.jmrtd.BACDeniedException;
import org.jmrtd.BACKeySpec;
import org.jmrtd.JMRTDSecurityProvider;
import org.jmrtd.PassportService;
import org.jmrtd.Util;
import org.jmrtd.cert.CVCPrincipal;
import org.jmrtd.lds.ActiveAuthenticationInfo;
import org.jmrtd.lds.CVCAFile;
import org.jmrtd.lds.CardAccessFile;
import org.jmrtd.lds.CardSecurityFile;
import org.jmrtd.lds.ChipAuthenticationInfo;
import org.jmrtd.lds.ChipAuthenticationPublicKeyInfo;
import org.jmrtd.lds.LDSFileUtil;
import org.jmrtd.lds.PACEDomainParameterInfo;
import org.jmrtd.lds.PACEInfo;
import org.jmrtd.lds.SODFile;
import org.jmrtd.lds.SecurityInfo;
import org.jmrtd.lds.TerminalAuthenticationInfo;
import org.jmrtd.lds.icao.COMFile;
import org.jmrtd.lds.icao.DG14File;
import org.jmrtd.lds.icao.DG15File;
import org.jmrtd.lds.icao.DG2File;
import org.jmrtd.lds.icao.DG3File;
import org.jmrtd.lds.icao.DG4File;
import org.jmrtd.lds.icao.DG7File;
import org.jmrtd.protocol.CAResult;
import org.jmrtd.protocol.PACEResult;

/* loaded from: classes.dex */
public class MRTDReader {
    private static final int EDL_DG_NUMBER_FOR_AA_PUBLIC_KEY_DATAGROUP = 13;
    private static final int ICAO_DG_NUMBER_FOR_AA_PUBLIC_KEY_DATAGROUP = 15;
    private static final String LOGGER_CATEGORY = "NFC";
    private static final int REPORT_DG_PROGRESS_CHUNK_SIZE = 1234;
    private MRTDCallback callback;
    private CardAccessFile cardAccessFile;
    private CardSecurityFile cardSecurityFile;
    private List<KeyStore> cvcaKeyStores;
    private Loggable innovalorLogger;
    private AsyncMRTDVerifier mrtdVerifier;
    private Random random;
    private CardService service;
    private volatile ReaderStatus state;
    private static final Logger LOGGER = Logger.getLogger("nl.innovalor");
    private static final Provider BC_PROVIDER = JMRTDSecurityProvider.getBouncyCastleProvider();
    private static final Collection<Integer> ICAO_LONG_DG_NUMBERS = Arrays.asList(2, 3, 4);
    private static final Collection<Integer> EDL_LONG_DG_NUMBERS = Arrays.asList(6);
    private static final Collection<Integer> ICAO_PROTECTED_DG_NUMBERS = Arrays.asList(3, 4);
    private static final Collection<Integer> ICAO_UNPROTECTED_DG_NUMBERS_AFTER_CA = Arrays.asList(1, 2, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16);
    private static final Collection<Integer> EDL_PROTECTED_DG_NUMBERS = Collections.emptyList();
    private static final Collection<Integer> EDL_UNPROTECTED_DG_NUMBERS = Arrays.asList(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class InterpretationResult<R> {
        private R interpretedObject;
        private byte[] rawBytes;

        public InterpretationResult(byte[] bArr, R r) {
            this.rawBytes = bArr;
            this.interpretedObject = r;
        }

        public R getInterpretedObject() {
            return this.interpretedObject;
        }

        public byte[] getRawBytes() {
            return this.rawBytes;
        }
    }

    public MRTDReader(CardService cardService, MRTDVerifier mRTDVerifier) {
        this(cardService, mRTDVerifier, null, null);
    }

    public MRTDReader(CardService cardService, MRTDVerifier mRTDVerifier, Collection<KeyStore> collection) {
        this(cardService, mRTDVerifier, collection, null);
    }

    public MRTDReader(CardService cardService, MRTDVerifier mRTDVerifier, Collection<KeyStore> collection, Loggable loggable) {
        this.state = ReaderStatus.INIT;
        if (cardService instanceof PassportService) {
            this.service = cardService;
        } else if (cardService instanceof DrivingLicenseService) {
            this.service = cardService;
        } else {
            try {
                LOGGER.info("Defaulting to ICAO service");
                this.service = new PassportService(cardService);
            } catch (CardServiceException e) {
                LOGGER.log(Level.SEVERE, "Cannot create service", (Throwable) e);
                throw new IllegalArgumentException("Cannot create service");
            }
        }
        this.innovalorLogger = loggable == null ? new JavaUtilLogger(LOGGER) : loggable;
        if (collection == null) {
            this.cvcaKeyStores = null;
        } else {
            this.cvcaKeyStores = new ArrayList(collection);
        }
        this.random = new SecureRandom();
        if (mRTDVerifier == null) {
            this.mrtdVerifier = new AsyncMRTDVerifier(new DefaultMRTDVerifier());
        } else if (mRTDVerifier instanceof AsyncMRTDVerifier) {
            this.mrtdVerifier = (AsyncMRTDVerifier) mRTDVerifier;
        } else {
            this.mrtdVerifier = new AsyncMRTDVerifier(mRTDVerifier);
        }
    }

    public MRTDReader(CardService cardService, MRTDVerifier mRTDVerifier, Loggable loggable) {
        this(cardService, mRTDVerifier, null, loggable);
    }

    private byte[] bufferDataGroup(int i, InputStream inputStream, boolean z, int i2, int i3, int i4, int i5) throws IOException {
        int i6 = i4;
        if (!z) {
            return readBytes(inputStream);
        }
        int i7 = 0;
        byte[] bArr = new byte[i2];
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(i3);
        try {
            if (shouldStopReading(this.state)) {
                return byteArrayOutputStream.toByteArray();
            }
            while (true) {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    return byteArrayOutputStream.toByteArray();
                }
                byteArrayOutputStream.write(bArr, 0, read);
                i6 += read;
                i7 += read;
                this.callback.onDGProgress(i, i7, i3, i6, i5);
            }
        } finally {
            byteArrayOutputStream.close();
        }
    }

    private void bufferLDS(DocumentType documentType, List<Integer> list, Map<Integer, byte[]> map, int i, Map<Integer, CardFileInputStream> map2, AccessControlStatus accessControlStatus, VerificationStatus verificationStatus) {
        byte[] bArr;
        Iterator<Integer> it = list.iterator();
        while (it.hasNext()) {
            int intValue = it.next().intValue();
            CardFileInputStream cardFileInputStream = null;
            try {
                try {
                    this.callback.onDGStart(intValue);
                    cardFileInputStream = map2.get(Integer.valueOf(intValue));
                    if (map.containsKey(Integer.valueOf(intValue))) {
                        bArr = map.get(Integer.valueOf(intValue));
                    } else {
                        bArr = bufferDataGroup(intValue, cardFileInputStream, shouldReportProgress(documentType, intValue), REPORT_DG_PROGRESS_CHUNK_SIZE, cardFileInputStream.getLength(), 0, i);
                        map.put(Integer.valueOf(intValue), bArr);
                    }
                    this.callback.onDGFinished(intValue, interpretDataGroup(documentType, intValue, bArr), bArr, this.state);
                    if (this.state == ReaderStatus.FAILED_CAN_CONTINUE) {
                        this.state = ReaderStatus.READING;
                    }
                    if (cardFileInputStream != null) {
                        try {
                            cardFileInputStream.close();
                        } catch (IOException e) {
                            LOGGER.log(Level.FINEST, "Closing stream failed", (Throwable) e);
                        }
                    }
                } catch (Throwable th) {
                    this.callback.onDGFinished(intValue, null, null, this.state);
                    if (this.state == ReaderStatus.FAILED_CAN_CONTINUE) {
                        this.state = ReaderStatus.READING;
                    }
                    if (cardFileInputStream != null) {
                        try {
                            cardFileInputStream.close();
                        } catch (IOException e2) {
                            LOGGER.log(Level.FINEST, "Closing stream failed", (Throwable) e2);
                        }
                    }
                    throw th;
                }
            } catch (Exception e3) {
                LOGGER.log(Level.SEVERE, "Unhandled exception", (Throwable) e3);
                this.innovalorLogger.log(Level.SEVERE, e3);
                switch (this.state) {
                    case INIT:
                    case FAILED_CAN_CONTINUE:
                    case READING:
                        this.state = ReaderStatus.FAILED_CAN_CONTINUE;
                    case FAILED_FATAL:
                    case STOP_REQUESTED:
                    default:
                        if (isTagWasLostException(e3)) {
                            this.state = ReaderStatus.FAILED_FATAL;
                        }
                        this.callback.onDGFinished(intValue, null, null, this.state);
                        if (this.state == ReaderStatus.FAILED_CAN_CONTINUE) {
                            this.state = ReaderStatus.READING;
                        }
                        if (cardFileInputStream == null) {
                            break;
                        } else {
                            try {
                                cardFileInputStream.close();
                                break;
                            } catch (IOException e4) {
                                LOGGER.log(Level.FINEST, "Closing stream failed", (Throwable) e4);
                                break;
                            }
                        }
                }
            }
        }
    }

    private PACEInfo checkForPACESupport(PassportService passportService) {
        if (shouldStopReading(this.state)) {
            LOGGER.info("Not checking for PACE support, interrupted.");
            return null;
        }
        try {
            LOGGER.info("Inspecting card access file");
            this.cardAccessFile = new CardAccessFile(passportService.getInputStream((short) 284));
            ArrayList<PACEInfo> arrayList = new ArrayList(this.cardAccessFile.getPACEInfos());
            LOGGER.info("Found a card access file: paceInfos (" + arrayList.size() + ")");
            if (arrayList.isEmpty()) {
                LOGGER.info("No PACE support detected");
                return null;
            }
            List asList = Arrays.asList(PACEInfo.MappingType.GM);
            if (arrayList.size() > 1) {
                LOGGER.info("Found multiple PACEInfos: " + arrayList.size());
            }
            for (PACEInfo pACEInfo : arrayList) {
                if (asList.contains(PACEInfo.toMappingType(pACEInfo.getObjectIdentifier()))) {
                    return pACEInfo;
                }
            }
            return (PACEInfo) arrayList.get(0);
        } catch (Exception e) {
            LOGGER.log(Level.WARNING, "Failed checking PACE support", (Throwable) e);
            LOGGER.log(Level.INFO, "No PACE support detected");
            return null;
        }
    }

    private static boolean containsEACCASecurityInfo(Collection<SecurityInfo> collection) {
        if (collection == null) {
            return false;
        }
        for (SecurityInfo securityInfo : collection) {
            if (!(securityInfo instanceof ChipAuthenticationInfo) && !(securityInfo instanceof ChipAuthenticationPublicKeyInfo)) {
            }
            return true;
        }
        return false;
    }

    private static boolean containsEACTASecurityInfo(Collection<SecurityInfo> collection) {
        if (collection == null) {
            return false;
        }
        Iterator<SecurityInfo> it = collection.iterator();
        while (it.hasNext()) {
            if (it.next() instanceof TerminalAuthenticationInfo) {
                return true;
            }
        }
        return false;
    }

    private static boolean containsPACESecurityInfo(Collection<SecurityInfo> collection) {
        if (collection == null) {
            return false;
        }
        for (SecurityInfo securityInfo : collection) {
            if (!(securityInfo instanceof PACEInfo) && !(securityInfo instanceof PACEDomainParameterInfo)) {
            }
            return true;
        }
        return false;
    }

    private void detectFeatures(DocumentType documentType, Collection<Integer> collection, Collection<SecurityInfo> collection2, AccessControlStatus accessControlStatus, VerificationStatus verificationStatus) {
        updateStatusBasedOnSecurityInfos(documentType, collection, collection2, accessControlStatus, verificationStatus);
        updateVerificationStatusWithAAPresence(documentType, collection, verificationStatus);
    }

    private static AAConfig determineAAConfig(DG13File dG13File, VerificationStatus verificationStatus) {
        if (dG13File == null) {
            verificationStatus.setAA(VerificationStatus.Verdict.PRESENT_FAILED, VerificationStatus.ReasonCode.READ_ERROR_CONFIGURATION_FAILURE, null);
            return null;
        }
        try {
            PublicKey publicKey = dG13File.getPublicKey();
            if ("RSA".equals(publicKey.getAlgorithm())) {
                return new AAConfig(publicKey, "SHA1", "SHA1WithRSA/ISO9796-2");
            }
            throw new IllegalStateException("Only RSA supported for eDL Active Authentication for now");
        } catch (Exception e) {
            LOGGER.log(Level.SEVERE, "Unexpected exception", (Throwable) e);
            verificationStatus.setAA(VerificationStatus.Verdict.PRESENT_FAILED, VerificationStatus.ReasonCode.UNEXPECTED_EXCEPTION_FAILURE, null);
            return null;
        }
    }

    private static AAConfig determineAAConfig(DocumentType documentType, Map<Integer, byte[]> map, VerificationStatus verificationStatus) {
        AAConfig aAConfig = null;
        switch (documentType) {
            case ICAO_MRTD:
                try {
                    DG14File dG14File = getDG14File(map);
                    byte[] bArr = map.get(15);
                    aAConfig = determineAAConfig(bArr == null ? null : new DG15File(new ByteArrayInputStream(bArr)), dG14File, verificationStatus);
                    return aAConfig;
                } catch (IOException e) {
                    LOGGER.log(Level.SEVERE, "Unexpected exception reading EF.DG15", (Throwable) e);
                    return aAConfig;
                }
            case EU_EDL:
                try {
                    byte[] bArr2 = map.get(13);
                    if (bArr2 != null) {
                        return determineAAConfig(new DG13File(new ByteArrayInputStream(bArr2)), verificationStatus);
                    }
                    return null;
                } catch (IOException e2) {
                    LOGGER.log(Level.SEVERE, "Unexpected exception reading EF.DG13", (Throwable) e2);
                    return null;
                }
            default:
                throw new IllegalArgumentException("Unsupported document type " + documentType);
        }
    }

    private static AAConfig determineAAConfig(DG15File dG15File, DG14File dG14File, VerificationStatus verificationStatus) {
        if (dG15File == null) {
            verificationStatus.setAA(VerificationStatus.Verdict.PRESENT_FAILED, VerificationStatus.ReasonCode.READ_ERROR_CONFIGURATION_FAILURE, null);
            return null;
        }
        try {
            PublicKey publicKey = dG15File.getPublicKey();
            String algorithm = publicKey.getAlgorithm();
            if ("RSA".equals(algorithm)) {
                return new AAConfig(publicKey, "SHA1", "SHA1WithRSA/ISO9796-2");
            }
            if (!"EC".equals(algorithm) && !"ECDSA".equals(algorithm)) {
                LOGGER.log(Level.SEVERE, "Unsupported public key algorithm " + algorithm);
                verificationStatus.setAA(VerificationStatus.Verdict.PRESENT_FAILED, VerificationStatus.ReasonCode.UNEXPECTED_EXCEPTION_FAILURE, null);
                return null;
            }
            if (dG14File == null) {
                verificationStatus.setAA(VerificationStatus.Verdict.PRESENT_FAILED, VerificationStatus.ReasonCode.READ_ERROR_CONFIGURATION_FAILURE, null);
                return null;
            }
            List<ActiveAuthenticationInfo> activeAuthenticationInfos = dG14File.getActiveAuthenticationInfos();
            if (activeAuthenticationInfos == null || activeAuthenticationInfos.isEmpty()) {
                verificationStatus.setAA(VerificationStatus.Verdict.PRESENT_FAILED, VerificationStatus.ReasonCode.READ_ERROR_CONFIGURATION_FAILURE, null);
                return null;
            }
            int size = activeAuthenticationInfos.size();
            if (size > 1) {
                LOGGER.warning("Found " + size + " in EF.DG14, expected 1.");
            }
            String lookupMnemonicByOID = ActiveAuthenticationInfo.lookupMnemonicByOID(activeAuthenticationInfos.get(0).getSignatureAlgorithmOID());
            return new AAConfig(publicKey, Util.inferDigestAlgorithmFromSignatureAlgorithm(lookupMnemonicByOID), lookupMnemonicByOID);
        } catch (Exception e) {
            LOGGER.log(Level.SEVERE, "Unexpected exception", (Throwable) e);
            verificationStatus.setAA(VerificationStatus.Verdict.PRESENT_FAILED, VerificationStatus.ReasonCode.UNEXPECTED_EXCEPTION_FAILURE, null);
            return null;
        }
    }

    private void executeAA(DocumentType documentType, CardService cardService, AAConfig aAConfig, byte[] bArr, VerificationStatus verificationStatus) {
        byte[] sendAA;
        Action createAction = this.innovalorLogger.createAction(LOGGER_CATEGORY, "AA", aAConfig + ", challenge = " + Hex.bytesToHexString(bArr));
        LOGGER.info("Execute AA, challenge = " + Hex.bytesToHexString(bArr));
        if (aAConfig == null) {
            verificationStatus.setAA(VerificationStatus.Verdict.PRESENT_FAILED, VerificationStatus.ReasonCode.UNKNOWN, null);
            LOGGER.severe("Cannot execute AA with empty configuration");
            return;
        }
        if (cardService == null) {
            verificationStatus.setAA(VerificationStatus.Verdict.PRESENT_FAILED, VerificationStatus.ReasonCode.UNKNOWN, null);
            LOGGER.severe("Cannot execute AA with empty service");
            return;
        }
        try {
            switch (documentType) {
                case ICAO_MRTD:
                    sendAA = ((PassportService) cardService).doAA(aAConfig.getPublicKey(), aAConfig.getDigestAlgorithm(), aAConfig.getSignatureAlgorithm(), bArr).getResponse();
                    break;
                case EU_EDL:
                    sendAA = ((DrivingLicenseService) cardService).sendAA(aAConfig.getPublicKey(), bArr);
                    break;
                default:
                    throw new IllegalArgumentException("Unsupported document type " + documentType);
            }
            ActiveAuthenticationResult activeAuthenticationResult = new ActiveAuthenticationResult(aAConfig, bArr, sendAA);
            this.innovalorLogger.logSuccessAction(activeAuthenticationResult, createAction);
            verificationStatus.setAA(VerificationStatus.Verdict.PRESENT_NOT_CHECKED, VerificationStatus.ReasonCode.UNKNOWN, activeAuthenticationResult);
        } catch (Exception e) {
            LOGGER.log(Level.SEVERE, "Unexpected exception", (Throwable) e);
            this.innovalorLogger.logFailedAction(createAction);
            verificationStatus.setAA(VerificationStatus.Verdict.PRESENT_FAILED, VerificationStatus.ReasonCode.UNEXPECTED_EXCEPTION_FAILURE, null);
        }
    }

    private static byte[] getBytes(CardService cardService, short s) throws IOException, CardServiceException {
        byte[] bArr;
        DataInputStream dataInputStream;
        CardFileInputStream cardFileInputStream = null;
        DataInputStream dataInputStream2 = null;
        try {
            if (cardService instanceof PassportService) {
                cardFileInputStream = ((PassportService) cardService).getInputStream(s);
            } else {
                if (!(cardService instanceof DrivingLicenseService)) {
                    throw new IllegalArgumentException("Unsupported service, was expecting PassportService or DrivingLicenseService, found " + cardService.getClass().getCanonicalName());
                }
                cardFileInputStream = ((DrivingLicenseService) cardService).getInputStream(s);
            }
            bArr = new byte[cardFileInputStream.getLength()];
            dataInputStream = new DataInputStream(cardFileInputStream);
        } catch (Throwable th) {
            th = th;
        }
        try {
            dataInputStream.readFully(bArr);
            if (dataInputStream != null) {
                dataInputStream.close();
            }
            if (cardFileInputStream != null) {
                cardFileInputStream.close();
            }
            return bArr;
        } catch (Throwable th2) {
            th = th2;
            dataInputStream2 = dataInputStream;
            if (dataInputStream2 != null) {
                dataInputStream2.close();
            }
            if (cardFileInputStream != null) {
                cardFileInputStream.close();
            }
            throw th;
        }
    }

    private InterpretationResult<Object> getCOMFile(DocumentType documentType, CardService cardService) throws IOException, CardServiceException {
        switch (documentType) {
            case ICAO_MRTD:
                byte[] bytes = getBytes(cardService, PassportService.EF_COM);
                return new InterpretationResult<>(bytes, new COMFile(new ByteArrayInputStream(bytes)));
            case EU_EDL:
                byte[] bytes2 = getBytes(cardService, (short) 30);
                return new InterpretationResult<>(bytes2, new nl.innovalor.euedl.lds.COMFile(new ByteArrayInputStream(bytes2)));
            default:
                throw new IllegalArgumentException("Unsupported document type " + documentType);
        }
    }

    private static short getCVCAFID(DG14File dG14File) {
        int fileId;
        if (dG14File == null) {
            return (short) 284;
        }
        for (TerminalAuthenticationInfo terminalAuthenticationInfo : dG14File.getTerminalAuthenticationInfos()) {
            if (terminalAuthenticationInfo.getVersion() == 1 && (fileId = terminalAuthenticationInfo.getFileId()) >= 0) {
                return (short) fileId;
            }
        }
        return (short) 284;
    }

    private static CVCAFile getCVCAFile(PassportService passportService, DG14File dG14File) {
        if (dG14File == null) {
            try {
                LOGGER.warning("DEBUG: DG14 is null while determining CVCA file FID");
            } catch (IOException e) {
                LOGGER.log(Level.WARNING, "Could not read EF.DG14 or EF.CVCA, not attempting EAC", (Throwable) e);
                return null;
            } catch (CardServiceException e2) {
                LOGGER.log(Level.WARNING, "Could not read EF.DG14 or EF.CVCA, not attempting EAC", (Throwable) e2);
                return null;
            } catch (Exception e3) {
                LOGGER.log(Level.SEVERE, "Could not get CVCA file", (Throwable) e3);
                return null;
            }
        }
        return new CVCAFile(new ByteArrayInputStream(getBytes(passportService, getCVCAFID(dG14File))));
    }

    private CardSecurityFile getCardSecurityFile(PassportService passportService) throws IOException, CardServiceException {
        LOGGER.info("Inspecting card security file");
        if (!shouldStopReading(this.state)) {
            return new CardSecurityFile(passportService.getInputStream((short) 285));
        }
        LOGGER.info("Not reading EF.CardSecurity, interrupted");
        return null;
    }

    private static ChipAuthenticationInfo getChipAuthenticationInfo(BigInteger bigInteger, List<ChipAuthenticationInfo> list) {
        Iterator<ChipAuthenticationInfo> it = list.iterator();
        while (it.hasNext()) {
            ChipAuthenticationInfo next = it.next();
            LOGGER.info("DEBUG: chipAuthenticationInfo.getKeyId() == " + next.getKeyId());
            if (bigInteger == null || bigInteger.equals(next.getKeyId())) {
                return next;
            }
        }
        LOGGER.warning("No ChipAuthenticationInfo found for keyId " + bigInteger);
        return null;
    }

    private static DG14File getDG14File(Map<Integer, byte[]> map) throws IOException {
        byte[] bArr = map.get(14);
        if (bArr == null) {
            return null;
        }
        return new DG14File(new ByteArrayInputStream(bArr));
    }

    private static List<Integer> getDGList(DocumentType documentType, Object obj) {
        switch (documentType) {
            case ICAO_MRTD:
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(toDataGroupList(((COMFile) obj).getTagList()));
                Collections.sort(arrayList);
                return arrayList;
            case EU_EDL:
                return ((nl.innovalor.euedl.lds.COMFile) obj).getDGNumbers();
            default:
                throw new IllegalArgumentException("Unsupported document type " + documentType);
        }
    }

    private static List<Integer> getDGList(SODFile sODFile) {
        ArrayList arrayList = new ArrayList();
        if (sODFile != null) {
            arrayList.addAll(sODFile.getDataGroupHashes().keySet());
            Collections.sort(arrayList);
        }
        return arrayList;
    }

    private Map<Integer, Integer> getDataGroupLengths(Map<Integer, CardFileInputStream> map) {
        TreeMap treeMap = new TreeMap();
        for (Map.Entry<Integer, CardFileInputStream> entry : map.entrySet()) {
            int intValue = entry.getKey().intValue();
            CardFileInputStream value = entry.getValue();
            treeMap.put(Integer.valueOf(intValue), Integer.valueOf(value == null ? 0 : value.getLength()));
        }
        return treeMap;
    }

    private static EACCredentials getEACCredentials(CVCPrincipal cVCPrincipal, KeyStore keyStore) throws GeneralSecurityException {
        ArrayList<String> list = Collections.list(keyStore.aliases());
        LOGGER.info("CVCA store has " + list.size() + " aliases");
        for (String str : list) {
            if (keyStore.isKeyEntry(str)) {
                Security.insertProviderAt(BC_PROVIDER, 0);
                Key key = keyStore.getKey(str, "".toCharArray());
                if (key instanceof PrivateKey) {
                    return new EACCredentials((PrivateKey) key, keyStore.getCertificateChain(str));
                }
                LOGGER.warning("Skipping non-private key \"" + str + "\" in CVCA store");
            } else {
                LOGGER.warning("Skipping non-key entry \"" + str + "\" in CVCA store");
            }
        }
        LOGGER.severe("No EAC credentials");
        return null;
    }

    private static EACCredentials getEACCredentials(CVCPrincipal cVCPrincipal, List<KeyStore> list) throws GeneralSecurityException {
        Iterator<KeyStore> it = list.iterator();
        while (it.hasNext()) {
            EACCredentials eACCredentials = getEACCredentials(cVCPrincipal, it.next());
            if (eACCredentials != null) {
                return eACCredentials;
            }
        }
        return null;
    }

    private static CardFileInputStream getInputStream(DocumentType documentType, CardService cardService, short s) throws CardServiceException {
        switch (documentType) {
            case ICAO_MRTD:
                return ((PassportService) cardService).getInputStream(s);
            case EU_EDL:
                return ((DrivingLicenseService) cardService).getInputStream(s);
            default:
                throw new IllegalArgumentException("Unsupported document type " + documentType);
        }
    }

    private Map<Integer, CardFileInputStream> getInputStreams(DocumentType documentType, CardService cardService, List<Integer> list, Map<Integer, byte[]> map, AccessControlStatus accessControlStatus, VerificationStatus verificationStatus) {
        TreeMap treeMap = new TreeMap();
        Iterator<Integer> it = list.iterator();
        while (it.hasNext()) {
            int intValue = it.next().intValue();
            try {
                this.innovalorLogger.log(intValue, true);
                treeMap.put(Integer.valueOf(intValue), getInputStream(documentType, cardService, lookupFIDByDataGroupNumber(documentType, intValue)));
            } catch (Exception e) {
                LOGGER.log(Level.WARNING, "Exception while determining datagroup length of EF.DG" + intValue, (Throwable) e);
                this.innovalorLogger.log(Level.WARNING, e);
            }
        }
        return treeMap;
    }

    private int getLDSLength(Map<Integer, Integer> map) {
        int i = 0;
        Iterator<Map.Entry<Integer, Integer>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            Integer value = it.next().getValue();
            i += value == null ? 0 : value.intValue();
        }
        return i;
    }

    private static List<Integer> getOnlyAllowedDGs(DocumentType documentType, List<Integer> list, List<Short> list2) {
        if (list2 == null) {
            return list;
        }
        ArrayList arrayList = new ArrayList(list.size());
        Iterator<Integer> it = list.iterator();
        while (it.hasNext()) {
            int intValue = it.next().intValue();
            if (list2.contains(Short.valueOf(lookupFIDByDataGroupNumber(documentType, intValue)))) {
                arrayList.add(Integer.valueOf(intValue));
            }
        }
        return arrayList;
    }

    private static List<Integer> getProtectedDataGroupNumbers(DocumentType documentType, List<Integer> list) {
        switch (documentType) {
            case ICAO_MRTD:
                ArrayList arrayList = new ArrayList(ICAO_PROTECTED_DG_NUMBERS);
                if (list == null) {
                    return arrayList;
                }
                arrayList.retainAll(list);
                return arrayList;
            case EU_EDL:
                ArrayList arrayList2 = new ArrayList(EDL_PROTECTED_DG_NUMBERS);
                if (list != null) {
                    arrayList2.retainAll(list);
                }
                return arrayList2;
            default:
                throw new IllegalArgumentException("Unsupported document type " + documentType);
        }
    }

    private InterpretationResult<SODFile> getSODFile(DocumentType documentType, CardService cardService) throws IOException, CardServiceException {
        switch (documentType) {
            case ICAO_MRTD:
                byte[] bytes = getBytes(cardService, (short) 285);
                return new InterpretationResult<>(bytes, new SODFile(new ByteArrayInputStream(bytes)));
            case EU_EDL:
                byte[] bytes2 = getBytes(cardService, (short) 29);
                return new InterpretationResult<>(bytes2, new SODFile(new ByteArrayInputStream(bytes2)));
            default:
                throw new IllegalStateException("Unsupported document type " + documentType);
        }
    }

    private static List<Integer> getUnprotectedDataGroupNumbers(DocumentType documentType, List<Integer> list) {
        switch (documentType) {
            case ICAO_MRTD:
                ArrayList arrayList = new ArrayList(ICAO_UNPROTECTED_DG_NUMBERS_AFTER_CA);
                if (list == null) {
                    return arrayList;
                }
                arrayList.retainAll(list);
                return arrayList;
            case EU_EDL:
                ArrayList arrayList2 = new ArrayList(EDL_UNPROTECTED_DG_NUMBERS);
                if (list != null) {
                    arrayList2.retainAll(list);
                }
                return arrayList2;
            default:
                throw new IllegalArgumentException("Unsupported document type " + documentType);
        }
    }

    private void handleAA(DocumentType documentType, AAConfig aAConfig, byte[] bArr, VerificationStatus verificationStatus) {
        try {
            executeAA(documentType, this.service, aAConfig, bArr, verificationStatus);
        } catch (Exception e) {
            LOGGER.log(Level.WARNING, "AA failed, verification status = " + verificationStatus.getAA() + ", verification status reason = " + verificationStatus.getAAReason(), (Throwable) e);
        }
    }

    private Object interpretDataGroup(DocumentType documentType, int i, byte[] bArr) throws IOException {
        switch (documentType) {
            case ICAO_MRTD:
                return interpretICAODataGroup(i, bArr);
            case EU_EDL:
                return interpretEDLDataGroup(i, bArr);
            default:
                throw new IllegalArgumentException("Unsupported document type " + documentType);
        }
    }

    private static Object interpretEDLDataGroup(int i, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        switch (i) {
            case 1:
                return new DG1File(byteArrayInputStream);
            case 2:
            case 3:
            case 4:
            case 7:
            case 8:
            case 9:
            case 10:
            default:
                return bArr;
            case 5:
                return new DG5File(byteArrayInputStream);
            case 6:
                return new DG2File(byteArrayInputStream);
            case 11:
                return new DG11File(byteArrayInputStream);
            case 12:
                return new DG12File(byteArrayInputStream);
            case 13:
                return new DG13File(byteArrayInputStream);
        }
    }

    private Object interpretICAODataGroup(int i, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        long currentTimeMillis = System.currentTimeMillis();
        switch (i) {
            case 1:
                org.jmrtd.lds.icao.DG1File dG1File = new org.jmrtd.lds.icao.DG1File(byteArrayInputStream);
                this.innovalorLogger.log(dG1File, currentTimeMillis);
                return dG1File;
            case 2:
                DG2File dG2File = new DG2File(byteArrayInputStream);
                this.innovalorLogger.log(dG2File, currentTimeMillis);
                return dG2File;
            case 3:
                DG3File dG3File = new DG3File(byteArrayInputStream);
                this.innovalorLogger.log(dG3File, currentTimeMillis);
                return dG3File;
            case 4:
                DG4File dG4File = new DG4File(byteArrayInputStream);
                this.innovalorLogger.log(dG4File, currentTimeMillis);
                return dG4File;
            case 5:
            case 6:
            case 8:
            case 9:
            case 10:
            case 13:
            default:
                return bArr;
            case 7:
                DG7File dG7File = new DG7File(byteArrayInputStream);
                this.innovalorLogger.log(dG7File, currentTimeMillis);
                return dG7File;
            case 11:
                org.jmrtd.lds.icao.DG11File dG11File = new org.jmrtd.lds.icao.DG11File(byteArrayInputStream);
                this.innovalorLogger.log(dG11File, currentTimeMillis);
                return dG11File;
            case 12:
                org.jmrtd.lds.icao.DG12File dG12File = new org.jmrtd.lds.icao.DG12File(byteArrayInputStream);
                this.innovalorLogger.log(dG12File, currentTimeMillis);
                return dG12File;
            case 14:
                DG14File dG14File = new DG14File(byteArrayInputStream);
                this.innovalorLogger.log(dG14File, currentTimeMillis);
                return dG14File;
            case 15:
                DG15File dG15File = new DG15File(byteArrayInputStream);
                this.innovalorLogger.log(dG15File, currentTimeMillis);
                return dG15File;
        }
    }

    private boolean isTagWasLostException(Exception exc) {
        String message = exc == null ? "" : exc.getMessage();
        return message != null && message.toLowerCase().contains("tag was lost");
    }

    private static short lookupFIDByDataGroupNumber(DocumentType documentType, int i) {
        switch (documentType) {
            case ICAO_MRTD:
                return LDSFileUtil.lookupFIDByDataGroupNumber(i);
            case EU_EDL:
                return DrivingLicenseFile.lookupFIDByDataGroupNumber(i);
            default:
                throw new IllegalArgumentException("Unsupported document type " + documentType);
        }
    }

    private void performPrimaryAccessControl(CardService cardService, KeySpec keySpec, ReaderConfig readerConfig, AccessControlStatus accessControlStatus, VerificationStatus verificationStatus) {
        switch (readerConfig.getDocumentType()) {
            case ICAO_MRTD:
                performPrimaryAccessControlICAO((PassportService) cardService, keySpec, readerConfig.isPACEEnabled(), readerConfig.isBACByDefaultEnabled(), accessControlStatus, verificationStatus);
                return;
            case EU_EDL:
                performPrimaryAccessControlEDL((DrivingLicenseService) cardService, keySpec, accessControlStatus);
                return;
            default:
                throw new IllegalArgumentException("Unknown document type");
        }
    }

    private void performPrimaryAccessControlEDL(DrivingLicenseService drivingLicenseService, KeySpec keySpec, AccessControlStatus accessControlStatus) {
        this.callback.onAccessControlStart(AccessControlType.BAP, keySpec);
        try {
            tryToDoBAP(drivingLicenseService, keySpec, accessControlStatus);
        } catch (Exception e) {
            LOGGER.log(Level.WARNING, "", (Throwable) e);
            this.state = ReaderStatus.FAILED_FATAL;
        } finally {
            this.callback.onAccessControlFinished(AccessControlType.BAP, keySpec, this.state);
        }
    }

    private void performPrimaryAccessControlICAO(PassportService passportService, KeySpec keySpec, boolean z, boolean z2, AccessControlStatus accessControlStatus, VerificationStatus verificationStatus) {
        PACEInfo pACEInfo = null;
        if (z) {
            synchronized (this) {
                this.cardAccessFile = null;
                this.cardSecurityFile = null;
                pACEInfo = checkForPACESupport(passportService);
            }
        }
        if (pACEInfo != null) {
            accessControlStatus.setPACE(AccessControlStatus.Verdict.PRESENT_NOT_PERFORMED, AccessControlStatus.ReasonCode.PRESENCE_DETECTED, pACEInfo, keySpec);
        }
        if (accessControlStatus.isPACEPresent() && z) {
            this.callback.onAccessControlStart(AccessControlType.PACE, keySpec);
            try {
                PACEResult tryToDoPACE = tryToDoPACE(passportService, pACEInfo, keySpec, accessControlStatus);
                if (PACEInfo.MappingType.CAM.equals(tryToDoPACE.getMappingType())) {
                    byte[] chipAuthenticationData = tryToDoPACE.getChipAuthenticationData();
                    if (chipAuthenticationData == null) {
                        LOGGER.severe("PACE-CAM found and executed, but no decrypted Chip Authentication data found");
                    }
                    this.cardSecurityFile = getCardSecurityFile(passportService);
                    verifyPACECAMChipAuthenticationData(chipAuthenticationData, this.cardSecurityFile, (ECParameterSpec) tryToDoPACE.getStaticParams());
                }
            } catch (Exception e) {
                LOGGER.log(Level.INFO, "PACE failed, falling back to BAC", (Throwable) e);
                accessControlStatus.setPACE(AccessControlStatus.Verdict.PRESENT_FAILED, AccessControlStatus.ReasonCode.UNEXPECTED_EXCEPTION_FAILURE, pACEInfo, keySpec);
                this.state = ReaderStatus.FAILED_CAN_CONTINUE;
            } finally {
                this.callback.onAccessControlFinished(AccessControlType.PACE, keySpec, this.state);
            }
        }
        try {
            LOGGER.info("DEBUG: calling select applet, status = " + accessControlStatus);
            passportService.sendSelectApplet(accessControlStatus.isPACESucceeded());
        } catch (CardServiceException e2) {
            stopReading();
            LOGGER.log(Level.SEVERE, "Cannot select ICAO applet", (Throwable) e2);
        }
        if (!(accessControlStatus.isPACEPresent() && accessControlStatus.isPACESucceeded()) && shouldDoBAC(passportService, keySpec, z2, accessControlStatus)) {
            this.callback.onAccessControlStart(AccessControlType.BAC, keySpec);
            try {
                tryToDoBAC(passportService, keySpec, accessControlStatus);
            } catch (BACDeniedException e3) {
                this.state = ReaderStatus.FAILED_FATAL;
                LOGGER.log(Level.INFO, "Access control (BAC) denied", (Throwable) e3);
                this.innovalorLogger.log(Level.FINE, e3);
            } catch (Exception e4) {
                this.state = ReaderStatus.FAILED_FATAL;
                LOGGER.log(Level.WARNING, "Exception during access control (BAC)", (Throwable) e4);
                this.innovalorLogger.log(Level.WARNING, e4);
            } finally {
                this.callback.onAccessControlFinished(AccessControlType.BAC, keySpec, this.state);
            }
        }
    }

    private void performSecondaryAccessControl(KeySpec keySpec, ReaderConfig readerConfig, CAResult cAResult, Map<Integer, byte[]> map, AccessControlStatus accessControlStatus, VerificationStatus verificationStatus) throws IOException {
        tryToDoEACTA((PassportService) this.service, cAResult, getDG14File(map), ((BACKeySpec) keySpec).getDocumentNumber(), this.cvcaKeyStores, accessControlStatus);
    }

    private byte[] readBytes(InputStream inputStream) throws IOException {
        return readBytes(inputStream, 16384);
    }

    private byte[] readBytes(InputStream inputStream, int i) throws IOException {
        byte[] byteArray;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byte[] bArr = new byte[i];
            while (true) {
                int read = inputStream.read(bArr, 0, bArr.length);
                if (read == -1) {
                    byteArrayOutputStream.flush();
                    byteArray = byteArrayOutputStream.toByteArray();
                    break;
                }
                if (shouldStopReading(this.state)) {
                    byteArray = byteArrayOutputStream.toByteArray();
                    break;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
            return byteArray;
        } finally {
            byteArrayOutputStream.close();
        }
    }

    private boolean shouldDoBAC(PassportService passportService, KeySpec keySpec, boolean z, AccessControlStatus accessControlStatus) {
        if (z) {
            return true;
        }
        if (accessControlStatus.isPACESucceeded()) {
            accessControlStatus.setBAC(AccessControlStatus.Verdict.UNKNOWN, AccessControlStatus.ReasonCode.USING_ALTERNATIVE_CONTROL, keySpec);
            return false;
        }
        try {
            LOGGER.info("DEBUG: reading first byte of EF.COM");
            passportService.getInputStream(PassportService.EF_COM).read();
            accessControlStatus.setBAC(AccessControlStatus.Verdict.NOT_PRESENT, AccessControlStatus.ReasonCode.NOT_SUPPORTED, keySpec);
            return false;
        } catch (Exception e) {
            LOGGER.log(Level.INFO, "Attempt to read EF.COM before BAC failed with (expected) exception", (Throwable) e);
            accessControlStatus.setBAC(AccessControlStatus.Verdict.PRESENT_NOT_PERFORMED, AccessControlStatus.ReasonCode.INSUFFICIENT_CREDENTIALS, keySpec);
            return true;
        }
    }

    private static boolean shouldReportProgress(DocumentType documentType, int i) {
        switch (documentType) {
            case ICAO_MRTD:
                return ICAO_LONG_DG_NUMBERS.contains(Integer.valueOf(i));
            case EU_EDL:
                return EDL_LONG_DG_NUMBERS.contains(Integer.valueOf(i));
            default:
                return false;
        }
    }

    private static boolean shouldStopReading(ReaderStatus readerStatus) {
        switch (readerStatus) {
            case INIT:
            case FAILED_CAN_CONTINUE:
            case READING:
                return false;
            case FAILED_FATAL:
            case STOP_REQUESTED:
            default:
                return true;
        }
    }

    private static List<Integer> toDataGroupList(int[] iArr) {
        if (iArr == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(iArr.length);
        for (int i : iArr) {
            try {
                arrayList.add(Integer.valueOf(LDSFileUtil.lookupDataGroupNumberByTag(i)));
            } catch (NumberFormatException e) {
                LOGGER.log(Level.WARNING, "Could not find DG number for tag: " + Integer.toHexString(i), (Throwable) e);
            }
        }
        return arrayList;
    }

    private void tryToDoBAC(PassportService passportService, KeySpec keySpec, AccessControlStatus accessControlStatus) throws BACDeniedException {
        if (!(keySpec instanceof BACKeySpec)) {
            throw new IllegalArgumentException("Unsupported key spec, was expecting BAC key spec");
        }
        if (shouldStopReading(this.state)) {
            LOGGER.info("Not performing BAC, interrupted");
            return;
        }
        BACKeySpec bACKeySpec = (BACKeySpec) keySpec;
        Action createAction = this.innovalorLogger.createAction(LOGGER_CATEGORY, "BAC", null);
        try {
            try {
                passportService.doBAC(bACKeySpec);
                accessControlStatus.setBAC(AccessControlStatus.Verdict.PRESENT_SUCCEEDED, AccessControlStatus.ReasonCode.SUCCEEDED, bACKeySpec);
                this.innovalorLogger.logSuccessAction(null, createAction);
            } catch (CardServiceException e) {
                LOGGER.log(Level.INFO, "BAC failed with card service exception", (Throwable) e);
                accessControlStatus.setBAC(AccessControlStatus.Verdict.PRESENT_FAILED, AccessControlStatus.ReasonCode.INSUFFICIENT_CREDENTIALS, bACKeySpec);
                this.innovalorLogger.logFailedAction(createAction);
                throw new BACDeniedException("Basic Access denied!", bACKeySpec, e.getSW());
            } catch (Exception e2) {
                LOGGER.log(Level.INFO, "BAC failed with exception", (Throwable) e2);
                accessControlStatus.setBAC(AccessControlStatus.Verdict.PRESENT_FAILED, AccessControlStatus.ReasonCode.INSUFFICIENT_CREDENTIALS, bACKeySpec);
                this.innovalorLogger.logFailedAction(createAction);
                throw new BACDeniedException("Basic Access denied!", bACKeySpec, -1);
            }
        } finally {
            this.innovalorLogger.stopAction(createAction);
        }
    }

    private void tryToDoBAP(DrivingLicenseService drivingLicenseService, KeySpec keySpec, AccessControlStatus accessControlStatus) throws CardServiceException {
        if (!(keySpec instanceof BAPKeySpec)) {
            throw new IllegalArgumentException("Unsupported key spec, was expecting BAP key spec");
        }
        if (shouldStopReading(this.state)) {
            LOGGER.info("Not performing BAP, interrupted");
            return;
        }
        try {
            drivingLicenseService.doBAP(keySpec);
            accessControlStatus.setBAC(AccessControlStatus.Verdict.PRESENT_SUCCEEDED, AccessControlStatus.ReasonCode.SUCCEEDED, keySpec);
        } catch (CardServiceException e) {
            LOGGER.log(Level.INFO, "BAP failed with card service exception", (Throwable) e);
            accessControlStatus.setBAC(AccessControlStatus.Verdict.PRESENT_FAILED, AccessControlStatus.ReasonCode.INSUFFICIENT_CREDENTIALS, keySpec);
            throw new CardServiceException("Basic Access denied!", e.getSW());
        } catch (Exception e2) {
            LOGGER.log(Level.INFO, "BAP failed with exception", (Throwable) e2);
            this.innovalorLogger.log(Level.INFO, e2);
            accessControlStatus.setBAC(AccessControlStatus.Verdict.PRESENT_FAILED, AccessControlStatus.ReasonCode.INSUFFICIENT_CREDENTIALS, keySpec);
            throw new CardServiceException("Basic Access denied!", -1);
        }
    }

    private CAResult tryToDoChipAuthentication(CardService cardService, DG14File dG14File, Map<Integer, byte[]> map, VerificationStatus verificationStatus) {
        if (shouldStopReading(this.state)) {
            LOGGER.info("Not trying Chip Authentication, interrupted");
            return null;
        }
        if (!(cardService instanceof PassportService)) {
            LOGGER.info("Not trying Chip Authentication on " + cardService.getClass().getCanonicalName());
            return null;
        }
        if (dG14File == null) {
            LOGGER.warning("Not executing Chip Authentication, unable to read EF.DG14");
            return null;
        }
        List<ChipAuthenticationInfo> chipAuthenticationInfos = dG14File.getChipAuthenticationInfos();
        Action createAction = this.innovalorLogger.createAction(LOGGER_CATEGORY, "EAC-CA", chipAuthenticationInfos);
        try {
            for (ChipAuthenticationPublicKeyInfo chipAuthenticationPublicKeyInfo : dG14File.getChipAuthenticationPublicKeyInfos()) {
                BigInteger keyId = chipAuthenticationPublicKeyInfo.getKeyId();
                String objectIdentifier = chipAuthenticationPublicKeyInfo.getObjectIdentifier();
                PublicKey subjectPublicKey = chipAuthenticationPublicKeyInfo.getSubjectPublicKey();
                LOGGER.info("DEBUG: chipAuthenticationPublicKeyInfo = " + chipAuthenticationPublicKeyInfo);
                LOGGER.info("DEBUG: keyId = " + keyId);
                ChipAuthenticationInfo chipAuthenticationInfo = getChipAuthenticationInfo(keyId, chipAuthenticationInfos);
                if (keyId == null) {
                    LOGGER.info("DEBUG: keyId is null");
                }
                if (chipAuthenticationInfo == null) {
                    LOGGER.info("DEBUG: chipAuthentication is null for keyId " + keyId);
                }
                try {
                    CAResult doCA = ((PassportService) cardService).doCA(keyId, chipAuthenticationInfo != null ? chipAuthenticationInfo.getObjectIdentifier() : null, objectIdentifier, subjectPublicKey);
                    this.innovalorLogger.logSuccessAction(doCA, createAction);
                    verificationStatus.setEACCA(VerificationStatus.Verdict.PRESENT_SUCCEEDED, VerificationStatus.ReasonCode.SUCCEEDED, doCA);
                    return doCA;
                } catch (Exception e) {
                    LOGGER.log(Level.WARNING, "Exception during chip authentication, continuing", (Throwable) e);
                }
            }
            LOGGER.info("DEBUG: Chip Authentication failed");
            this.innovalorLogger.logFailedAction(createAction);
            verificationStatus.setEACCA(VerificationStatus.Verdict.PRESENT_FAILED, VerificationStatus.ReasonCode.UNKNOWN, null);
            return null;
        } finally {
            this.innovalorLogger.stopAction(createAction);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:19:0x00a8, code lost:
    
        r5 = r12.getPrivateKey();
        r11 = r12.getChain();
        r4 = new java.util.ArrayList(r11.length);
        r6 = r11.length;
        r2 = 0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:20:0x00b8, code lost:
    
        if (r2 >= r6) goto L35;
     */
    /* JADX WARN: Code restructure failed: missing block: B:21:0x00ba, code lost:
    
        r4.add((org.jmrtd.cert.CardVerifiableCertificate) r11[r2]);
        r2 = r2 + 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x00c4, code lost:
    
        r17 = r20.doTA(r3, r4, r5, null, r21, r23);
        r19.innovalorLogger.logSuccessAction(r17, r13);
        r25.setEACTA(nl.innovalor.mrtd.model.AccessControlStatus.Verdict.PRESENT_SUCCEEDED, nl.innovalor.mrtd.model.AccessControlStatus.ReasonCode.SUCCEEDED, r17);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void tryToDoEACTA(org.jmrtd.PassportService r20, org.jmrtd.protocol.CAResult r21, org.jmrtd.lds.CVCAFile r22, java.lang.String r23, java.util.List<java.security.KeyStore> r24, nl.innovalor.mrtd.model.AccessControlStatus r25) throws java.security.GeneralSecurityException, net.sf.scuba.smartcards.CardServiceException {
        /*
            Method dump skipped, instructions count: 245
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: nl.innovalor.mrtd.MRTDReader.tryToDoEACTA(org.jmrtd.PassportService, org.jmrtd.protocol.CAResult, org.jmrtd.lds.CVCAFile, java.lang.String, java.util.List, nl.innovalor.mrtd.model.AccessControlStatus):void");
    }

    private void tryToDoEACTA(PassportService passportService, CAResult cAResult, DG14File dG14File, String str, List<KeyStore> list, AccessControlStatus accessControlStatus) {
        if (shouldStopReading(this.state)) {
            LOGGER.info("Not performing Terminal Authentication, interrupted");
            return;
        }
        try {
            CVCAFile cVCAFile = getCVCAFile(passportService, dG14File);
            if (cVCAFile == null) {
                LOGGER.warning("DEBUG: CVCA file not found");
            } else {
                LOGGER.info("DEBUG: CVCA file was found: " + cVCAFile);
            }
            tryToDoEACTA(passportService, cAResult, cVCAFile, str, list, accessControlStatus);
        } catch (Exception e) {
            LOGGER.log(Level.WARNING, "EAC failed with exception", (Throwable) e);
            this.innovalorLogger.log(Level.WARNING, e);
        }
    }

    private PACEResult tryToDoPACE(PassportService passportService, PACEInfo pACEInfo, KeySpec keySpec, AccessControlStatus accessControlStatus) throws CardServiceException {
        if (shouldStopReading(this.state)) {
            LOGGER.info("Not performing PACE, interrupted");
            return null;
        }
        LOGGER.info("DEBUG: attempting doPACE with PACEInfo " + pACEInfo);
        Action createAction = this.innovalorLogger.createAction(LOGGER_CATEGORY, "PACE", pACEInfo);
        try {
            PACEResult doPACE = passportService.doPACE(keySpec, pACEInfo.getObjectIdentifier(), PACEInfo.toParameterSpec(pACEInfo.getParameterId()));
            this.innovalorLogger.logSuccessAction(doPACE, createAction);
            accessControlStatus.setPACE(AccessControlStatus.Verdict.PRESENT_SUCCEEDED, AccessControlStatus.ReasonCode.SUCCEEDED, pACEInfo, keySpec);
            return doPACE;
        } finally {
            this.innovalorLogger.stopAction(createAction);
        }
    }

    private static void updateStatusBasedOnSecurityInfos(DocumentType documentType, Collection<Integer> collection, Collection<SecurityInfo> collection2, AccessControlStatus accessControlStatus, VerificationStatus verificationStatus) {
        switch (documentType) {
            case ICAO_MRTD:
                if (!collection.contains(14)) {
                    accessControlStatus.setEACTA(AccessControlStatus.Verdict.NOT_PRESENT, AccessControlStatus.ReasonCode.NOT_SUPPORTED, null);
                    verificationStatus.setEACCA(VerificationStatus.Verdict.NOT_PRESENT, VerificationStatus.ReasonCode.NOT_SUPPORTED, null);
                    return;
                }
                if (!containsEACTASecurityInfo(collection2)) {
                    accessControlStatus.setEACTA(AccessControlStatus.Verdict.NOT_PRESENT, AccessControlStatus.ReasonCode.NOT_SUPPORTED, null);
                } else if (accessControlStatus.getEACTA() == AccessControlStatus.Verdict.UNKNOWN) {
                    accessControlStatus.setEACTA(AccessControlStatus.Verdict.PRESENT_NOT_PERFORMED, AccessControlStatus.ReasonCode.PRESENCE_DETECTED, null);
                }
                if (!containsEACCASecurityInfo(collection2)) {
                    verificationStatus.setEACCA(VerificationStatus.Verdict.NOT_PRESENT, VerificationStatus.ReasonCode.NOT_SUPPORTED, null);
                } else if (verificationStatus.getEACCA() == VerificationStatus.Verdict.UNKNOWN) {
                    verificationStatus.setEACCA(VerificationStatus.Verdict.PRESENT_NOT_CHECKED, VerificationStatus.ReasonCode.PRESENCE_DETECTED, null);
                }
                if (!containsPACESecurityInfo(collection2)) {
                    accessControlStatus.setPACE(AccessControlStatus.Verdict.NOT_PRESENT, AccessControlStatus.ReasonCode.NOT_SUPPORTED, null, null);
                    return;
                } else {
                    if (accessControlStatus.getPACE() == AccessControlStatus.Verdict.UNKNOWN) {
                        accessControlStatus.setPACE(AccessControlStatus.Verdict.PRESENT_NOT_PERFORMED, AccessControlStatus.ReasonCode.PRESENCE_DETECTED, null, null);
                        return;
                    }
                    return;
                }
            case EU_EDL:
                accessControlStatus.setEACTA(AccessControlStatus.Verdict.NOT_PRESENT, AccessControlStatus.ReasonCode.NOT_SUPPORTED, null);
                verificationStatus.setEACCA(VerificationStatus.Verdict.NOT_PRESENT, VerificationStatus.ReasonCode.NOT_SUPPORTED, null);
                return;
            default:
                accessControlStatus.setEACTA(AccessControlStatus.Verdict.UNKNOWN, AccessControlStatus.ReasonCode.UNKNOWN, null);
                verificationStatus.setEACCA(VerificationStatus.Verdict.NOT_PRESENT, VerificationStatus.ReasonCode.NOT_SUPPORTED, null);
                return;
        }
    }

    private static void updateVerificationStatusWithAAPresence(DocumentType documentType, Collection<Integer> collection, VerificationStatus verificationStatus) {
        switch (documentType) {
            case ICAO_MRTD:
                if (collection.contains(15)) {
                    verificationStatus.setAA(VerificationStatus.Verdict.PRESENT_NOT_CHECKED, VerificationStatus.ReasonCode.PRESENCE_DETECTED, null);
                    return;
                } else {
                    verificationStatus.setAA(VerificationStatus.Verdict.NOT_PRESENT, VerificationStatus.ReasonCode.NOT_SUPPORTED, null);
                    return;
                }
            case EU_EDL:
                if (collection.contains(13)) {
                    verificationStatus.setAA(VerificationStatus.Verdict.PRESENT_NOT_CHECKED, VerificationStatus.ReasonCode.PRESENCE_DETECTED, null);
                    return;
                } else {
                    verificationStatus.setAA(VerificationStatus.Verdict.NOT_PRESENT, VerificationStatus.ReasonCode.NOT_SUPPORTED, null);
                    return;
                }
            default:
                verificationStatus.setAA(VerificationStatus.Verdict.NOT_PRESENT, VerificationStatus.ReasonCode.NOT_SUPPORTED, null);
                return;
        }
    }

    private void verify(ReaderConfig readerConfig, Object obj, Map<Integer, byte[]> map, SODFile sODFile, List<Integer> list, VerificationStatus verificationStatus) {
        verifyActive(readerConfig, map, verificationStatus);
        if (readerConfig.isDSCSVerificationEnabled()) {
            this.mrtdVerifier.asyncVerifyDSCS(sODFile, map, list, verificationStatus);
            this.mrtdVerifier.waitForVerificationResult();
        }
    }

    private void verifyActive(ReaderConfig readerConfig, Map<Integer, byte[]> map, VerificationStatus verificationStatus) {
        if (shouldStopReading(this.state)) {
            LOGGER.info("Not exchanging AA challenge/response or performing EAC-CA, interrupted");
            return;
        }
        if (!readerConfig.isAAProtocolEnabled() && !readerConfig.isCABackupForAA()) {
            LOGGER.info("Not exchanging AA challenge/response or performing EAC-CA, not requested");
            return;
        }
        if (readerConfig.isAAProtocolEnabled() && verificationStatus.isAAPresent()) {
            DocumentType documentType = readerConfig.getDocumentType();
            AAConfig determineAAConfig = determineAAConfig(documentType, map, verificationStatus);
            byte[] aAChallenge = readerConfig.getAAChallenge();
            if (aAChallenge == null) {
                aAChallenge = new byte[8];
                this.random.nextBytes(aAChallenge);
            }
            handleAA(documentType, determineAAConfig, aAChallenge, verificationStatus);
            if (!readerConfig.isAAVerificationEnabled()) {
                LOGGER.info("Not verifying AA locally, not requested");
                return;
            }
            ActiveAuthenticationResult aAResult = verificationStatus.getAAResult();
            LOGGER.info("Verifying AA locally: " + aAResult);
            this.mrtdVerifier.asyncVerifyAA(documentType, aAResult, verificationStatus);
            return;
        }
        LOGGER.info("Not exchanging AA challenge/response, not requested/present");
        if (!readerConfig.isCABackupForAA()) {
            LOGGER.info("Not falling back to EAC-CA, not requested");
            return;
        }
        if (!verificationStatus.isEACCAPresent()) {
            LOGGER.info("Not falling back to EAC-CA, not present");
        }
        try {
            CAResult tryToDoChipAuthentication = tryToDoChipAuthentication(this.service, new DG14File(new ByteArrayInputStream(map.get(14))), map, verificationStatus);
            if (tryToDoChipAuthentication == null || tryToDoChipAuthentication.getWrapper() == null) {
                LOGGER.info("Fallback to EAC-CA has failed.");
                return;
            }
            ResponseAPDU responseAPDU = null;
            ResponseAPDU responseAPDU2 = null;
            try {
                responseAPDU = this.service.transmit(tryToDoChipAuthentication.getWrapper().wrap(new CommandAPDU(0, -92, 2, 12, new byte[]{1, 30}, 0)));
                responseAPDU2 = tryToDoChipAuthentication.getWrapper().unwrap(responseAPDU);
            } catch (IllegalStateException e) {
                LOGGER.log(Level.WARNING, "Fallback to EAC-CA has failed.", (Throwable) e);
            } catch (CardServiceException e2) {
                LOGGER.log(Level.WARNING, "Fallback to EAC-CA has failed.", (Throwable) e2);
            }
            this.mrtdVerifier.asyncVerifyEACCA(readerConfig.getDocumentType(), tryToDoChipAuthentication, responseAPDU, responseAPDU2, verificationStatus);
        } catch (IOException e3) {
            LOGGER.log(Level.WARNING, "Not falling back to EAC-CA, parsing DG14 has failed", (Throwable) e3);
        }
    }

    private static void verifyPACECAMChipAuthenticationData(byte[] bArr, CardSecurityFile cardSecurityFile, ECParameterSpec eCParameterSpec) throws GeneralSecurityException {
        if (cardSecurityFile == null) {
            throw new IllegalArgumentException("Cannot verify PACE CAM, no EF.CardSecurity");
        }
        KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
        KeyFactory keyFactory = KeyFactory.getInstance("EC");
        PublicKey subjectPublicKey = ((ChipAuthenticationPublicKeyInfo) new ArrayList(cardSecurityFile.getChipAuthenticationPublicKeyInfos()).get(0)).getSubjectPublicKey();
        keyAgreement.init(keyFactory.generatePrivate(new ECPrivateKeySpec(Util.os2i(bArr), eCParameterSpec)), eCParameterSpec);
        keyAgreement.doPhase(subjectPublicKey, true);
        LOGGER.info("DEBUG: newSecret = " + Hex.bytesToHexString(keyAgreement.generateSecret()));
    }

    public void read(KeySpec keySpec, ReaderConfig readerConfig, MRTDCallback mRTDCallback) {
        if (this.state != ReaderStatus.INIT) {
            throw new IllegalStateException("Cannot start a new read while state is " + this.state);
        }
        if (readerConfig == null) {
            throw new IllegalStateException("Cannot read when config not set");
        }
        if (mRTDCallback == null) {
            throw new IllegalStateException("Cannot read when callback not set");
        }
        if (this.service == null) {
            throw new IllegalArgumentException("Service cannot be null");
        }
        Action createAction = this.innovalorLogger.createAction(LOGGER_CATEGORY, "readTime", null);
        this.state = ReaderStatus.READING;
        this.callback = mRTDCallback;
        AccessControlStatus accessControlStatus = new AccessControlStatus();
        VerificationStatus verificationStatus = new VerificationStatus();
        Map<Integer, byte[]> treeMap = new TreeMap<>();
        DocumentType documentType = readerConfig.getDocumentType();
        long currentTimeMillis = System.currentTimeMillis();
        mRTDCallback.onDocumentStart(documentType);
        try {
            if (!this.service.isOpen()) {
                this.service.open();
            }
            performPrimaryAccessControl(this.service, keySpec, readerConfig, accessControlStatus, verificationStatus);
            if (shouldStopReading(this.state)) {
                mRTDCallback.onDocumentFinished(documentType, treeMap, accessControlStatus, verificationStatus, this.state);
                return;
            }
            InterpretationResult<Object> cOMFile = getCOMFile(documentType, this.service);
            long currentTimeMillis2 = System.currentTimeMillis();
            InterpretationResult<SODFile> interpretationResult = null;
            try {
                interpretationResult = getSODFile(documentType, this.service);
            } catch (Exception e) {
                LOGGER.log(Level.SEVERE, "Error reading EF.SOd", (Throwable) e);
            }
            if (interpretationResult == null || interpretationResult.getInterpretedObject() == null) {
                verificationStatus.setHT(VerificationStatus.Verdict.PRESENT_FAILED, VerificationStatus.ReasonCode.READ_ERROR_CONFIGURATION_FAILURE, null);
                verificationStatus.setDS(VerificationStatus.Verdict.PRESENT_FAILED, VerificationStatus.ReasonCode.READ_ERROR_CONFIGURATION_FAILURE);
                verificationStatus.setCS(VerificationStatus.Verdict.PRESENT_FAILED, VerificationStatus.ReasonCode.READ_ERROR_CONFIGURATION_FAILURE, null);
            } else {
                this.innovalorLogger.log(interpretationResult.getInterpretedObject(), currentTimeMillis2);
            }
            List<Integer> dGList = getDGList(interpretationResult.getInterpretedObject());
            Iterator<Integer> it = dGList.iterator();
            while (it.hasNext()) {
                this.innovalorLogger.log(it.next().intValue(), true);
            }
            List<Integer> dGList2 = getDGList(documentType, cOMFile.getInterpretedObject());
            LOGGER.info("DEBUG: dgNumbers = " + dGList);
            if (!dGList.equals(dGList2)) {
                LOGGER.warning("Datagroup list reported in document index is different from datagroup list reported in security object, document index is reporting " + dGList2 + ", security object is reporting " + dGList);
            }
            List<Integer> onlyAllowedDGs = getOnlyAllowedDGs(documentType, dGList, readerConfig.getAllowedFileList());
            List<Integer> unprotectedDataGroupNumbers = getUnprotectedDataGroupNumbers(documentType, onlyAllowedDGs);
            LOGGER.info("DEBUG: unProtectedDGNumbers = " + unprotectedDataGroupNumbers);
            Collection<? extends Integer> protectedDataGroupNumbers = getProtectedDataGroupNumbers(documentType, onlyAllowedDGs);
            LOGGER.info("DEBUG: protectedDGNumbers = " + protectedDataGroupNumbers);
            ArrayList arrayList = new ArrayList();
            DG14File dG14File = null;
            if (DocumentType.ICAO_MRTD.equals(documentType) && unprotectedDataGroupNumbers.contains(14)) {
                CardFileInputStream inputStream = getInputStream(documentType, this.service, lookupFIDByDataGroupNumber(documentType, 14));
                treeMap.put(14, bufferDataGroup(14, inputStream, false, inputStream.getLength(), inputStream.getLength(), 0, inputStream.getLength()));
                try {
                    dG14File = getDG14File(treeMap);
                    if (dG14File != null) {
                        arrayList.addAll(dG14File.getSecurityInfos());
                    }
                } catch (IOException e2) {
                    LOGGER.log(Level.WARNING, "Exception", (Throwable) e2);
                }
            }
            detectFeatures(documentType, onlyAllowedDGs, arrayList, accessControlStatus, verificationStatus);
            CAResult cAResult = null;
            if (dG14File != null && readerConfig.isEACCAProtocolEnabled()) {
                cAResult = tryToDoChipAuthentication(this.service, dG14File, treeMap, verificationStatus);
            }
            if (DocumentType.ICAO_MRTD.equals(documentType) && accessControlStatus.isEACTAPresent() && this.cvcaKeyStores != null && !this.cvcaKeyStores.isEmpty() && readerConfig.isEACTAProtocolEnabled()) {
                LOGGER.info("DEBUG: performing secondary access control");
                performSecondaryAccessControl(keySpec, readerConfig, cAResult, treeMap, accessControlStatus, verificationStatus);
                unprotectedDataGroupNumbers.addAll(protectedDataGroupNumbers);
            }
            Map<Integer, CardFileInputStream> inputStreams = getInputStreams(documentType, this.service, unprotectedDataGroupNumbers, treeMap, accessControlStatus, verificationStatus);
            Map<Integer, Integer> dataGroupLengths = getDataGroupLengths(inputStreams);
            int lDSLength = getLDSLength(dataGroupLengths);
            mRTDCallback.onLDSStart(dataGroupLengths, lDSLength, cOMFile.getRawBytes(), cOMFile.getInterpretedObject(), interpretationResult.getRawBytes(), interpretationResult.getInterpretedObject(), accessControlStatus, verificationStatus);
            try {
                try {
                    bufferLDS(documentType, unprotectedDataGroupNumbers, treeMap, lDSLength, inputStreams, accessControlStatus, verificationStatus);
                } catch (Exception e3) {
                    LOGGER.log(Level.SEVERE, "Unexpected exception during buffering", (Throwable) e3);
                    this.innovalorLogger.log(Level.SEVERE, e3);
                    this.state = ReaderStatus.FAILED_FATAL;
                    mRTDCallback.onLDSFinished(treeMap, this.state);
                }
                try {
                    mRTDCallback.onVerificationStart();
                    try {
                        verify(readerConfig, cOMFile.getInterpretedObject(), treeMap, interpretationResult.getInterpretedObject(), onlyAllowedDGs, verificationStatus);
                        this.innovalorLogger.logSuccessAction(null, createAction);
                    } catch (Exception e4) {
                        LOGGER.log(Level.SEVERE, "Unexpected exception during verification", (Throwable) e4);
                        this.innovalorLogger.log(Level.SEVERE, e4);
                        this.state = ReaderStatus.FAILED_FATAL;
                        mRTDCallback.onVerificationFinished(verificationStatus, this.state);
                    }
                } finally {
                    mRTDCallback.onVerificationFinished(verificationStatus, this.state);
                }
            } finally {
                mRTDCallback.onLDSFinished(treeMap, this.state);
            }
        } catch (Exception e5) {
            this.state = ReaderStatus.FAILED_FATAL;
            LOGGER.log(Level.SEVERE, "Unexpected exception", (Throwable) e5);
            this.innovalorLogger.log(Level.SEVERE, e5);
        } finally {
            this.innovalorLogger.logNFCReadTime(System.currentTimeMillis() - currentTimeMillis);
            this.innovalorLogger.stopAction(createAction);
            mRTDCallback.onDocumentFinished(documentType, treeMap, accessControlStatus, verificationStatus, this.state);
            this.state = ReaderStatus.INIT;
        }
    }

    @Deprecated
    public void read(ReaderConfig readerConfig, MRTDCallback mRTDCallback) {
        if (readerConfig == null) {
            throw new IllegalStateException("Cannot read when config not set");
        }
        read(readerConfig.getAccessKey(), readerConfig, mRTDCallback);
    }

    public synchronized void stopReading() {
        switch (this.state) {
            case FAILED_CAN_CONTINUE:
            case READING:
                this.state = ReaderStatus.STOP_REQUESTED;
        }
    }
}
