package jumio.nv.nfc;

import android.graphics.Bitmap;
import android.graphics.BitmapFactory;
import android.nfc.tech.IsoDep;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import com.jumio.commons.utils.IOUtils;
import java.io.DataInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.TreeSet;
import javax.crypto.Cipher;
import net.sf.scuba.smartcards.CardServiceException;
import net.sf.scuba.util.Hex;
import org.jmrtd.BACKey;
import org.jmrtd.PACEKeySpec;
import org.jmrtd.PassportService;
import org.jmrtd.Util;
import org.jmrtd.lds.ActiveAuthenticationInfo;
import org.jmrtd.lds.CardAccessFile;
import org.jmrtd.lds.ImageInfo;
import org.jmrtd.lds.LDSFileUtil;
import org.jmrtd.lds.PACEInfo;
import org.jmrtd.lds.SODFile;
import org.jmrtd.lds.SecurityInfo;
import org.jmrtd.lds.icao.DG15File;
import org.jmrtd.lds.icao.DG1File;
import org.jmrtd.lds.iso19794.FaceImageInfo;
import org.jmrtd.lds.iso19794.FaceInfo;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1Integer;
import org.spongycastle.asn1.DERSequence;
import org.spongycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

/* compiled from: NfcPassportReader.java */
/* loaded from: classes3.dex */
public class i implements k {
    static final /* synthetic */ boolean a = true;
    private final String b;
    private final BACKey c;
    private final PassportService d;
    private c f;
    private IsoDep i;
    private final SecureRandom e = new SecureRandom();
    private boolean h = false;
    private boolean j = false;
    private Collection<Integer> g = new TreeSet();

    public i(PassportService passportService, String str, Date date, Date date2, String str2) throws CardServiceException, GeneralSecurityException {
        this.b = str2;
        this.c = new BACKey(str, date, date2);
        this.d = passportService;
    }

    private MessageDigest a(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
        return Security.getAlgorithms("MessageDigest").contains(str) ? MessageDigest.getInstance(str) : MessageDigest.getInstance(str, Util.getBouncyCastleProvider());
    }

    private o a(int i) {
        InputStream inputStream;
        j();
        short lookupFIDByTag = LDSFileUtil.lookupFIDByTag(LDSFileUtil.lookupTagByDataGroupNumber(i));
        try {
            SODFile b = this.f.b();
            byte[] bArr = b.getDataGroupHashes().get(Integer.valueOf(i));
            String digestAlgorithm = b.getDigestAlgorithm();
            try {
                MessageDigest a2 = a(digestAlgorithm);
                if (lookupFIDByTag == 259 || lookupFIDByTag == 260) {
                    return new o(p.PASSIVE_AUTH_HASH_CHECK, q.NOT_AVAILABLE, new Throwable("Skipping DG" + i + " during HT verification because EAC not yet implemented."));
                }
                try {
                    int a3 = this.f.a(lookupFIDByTag);
                    byte[] bArr2 = null;
                    if (a3 > 0) {
                        bArr2 = new byte[a3];
                        inputStream = this.f.c(lookupFIDByTag);
                        DataInputStream dataInputStream = new DataInputStream(inputStream);
                        dataInputStream.readFully(bArr2);
                        IOUtils.closeQuietly(dataInputStream);
                    } else {
                        inputStream = null;
                    }
                    if (inputStream == null) {
                        String str = "Skipping DG" + i + " during HT verification because file could not be read.";
                        f.a("PassportReader", str);
                        return new o(p.PASSIVE_AUTH_HASH_CHECK, q.NOT_AVAILABLE, new Throwable(str));
                    }
                    try {
                        boolean equals = Arrays.equals(bArr, a2.digest(bArr2));
                        StringBuilder sb = new StringBuilder();
                        sb.append("hash check for DG");
                        sb.append(i);
                        sb.append(": ");
                        sb.append(equals ? " -- MATCH -- " : " -- MISMATCH -- ");
                        f.a("PassportReader", sb.toString());
                        return new o(p.PASSIVE_AUTH_HASH_CHECK, equals ? q.SUCCESSFUL : q.FAILED);
                    } catch (Exception e) {
                        f.a("PassportReader", "exception computing hash " + e);
                        return new o(p.PASSIVE_AUTH_HASH_CHECK, q.ERROR, (Throwable) e);
                    }
                } catch (Exception e2) {
                    f.a("PassportReader", "#### error reading DG" + i + " hash: " + e2.getMessage());
                    return new o(p.PASSIVE_AUTH_HASH_CHECK, q.ERROR, (Throwable) e2);
                }
            } catch (NoSuchAlgorithmException e3) {
                f.a("PassportReader", "Unsupported algorithm \"" + digestAlgorithm + "\"");
                return new o(p.PASSIVE_AUTH_HASH_CHECK, q.FAILED, (Throwable) e3);
            } catch (NoSuchProviderException e4) {
                f.a("PassportReader", "Unsupported provider for algorithm \"" + digestAlgorithm + "\"");
                return new o(p.PASSIVE_AUTH_HASH_CHECK, q.FAILED, (Throwable) e4);
            }
        } catch (Exception e5) {
            return new o(p.PASSIVE_AUTH_HASH_CHECK, q.ERROR, new Throwable("DG" + i + " failed, could not get stored hash" + e5.getMessage()));
        }
    }

    private o a(PublicKey publicKey, String str, String str2, byte[] bArr, byte[] bArr2) throws CardServiceException {
        try {
            String algorithm = publicKey.getAlgorithm();
            if ("RSA".equals(algorithm)) {
                MessageDigest messageDigest = MessageDigest.getInstance(str);
                Signature signature = Signature.getInstance(str2, Util.getBouncyCastleProvider());
                Cipher cipher = Cipher.getInstance("RSA/NONE/NoPadding");
                RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
                cipher.init(2, rSAPublicKey);
                signature.initVerify(rSAPublicKey);
                int digestLength = messageDigest.getDigestLength();
                if (!a && digestLength != 20) {
                    throw new AssertionError();
                }
                signature.update(Util.recoverMessage(digestLength, cipher.doFinal(bArr2)));
                signature.update(bArr);
                return new o(p.ACTIVE_AUTH_CHECK, signature.verify(bArr2) ? q.SUCCESSFUL : q.FAILED);
            }
            if (!"EC".equals(algorithm) && !"ECDSA".equals(algorithm)) {
                String str3 = "Unsupported AA public key type " + publicKey.getClass().getSimpleName();
                f.a("PassportReader", str3);
                return new o(p.ACTIVE_AUTH_CHECK, q.FAILED, new Throwable(str3));
            }
            ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
            Signature signature2 = Signature.getInstance("SHA256withECDSA", Util.getBouncyCastleProvider());
            MessageDigest messageDigest2 = MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA256);
            if (signature2 == null || (str2 != null && !str2.equals(signature2.getAlgorithm()))) {
                f.a("PassportReader", "Re-initializing ecdsaAASignature with signature algorithm " + str2);
                signature2 = Signature.getInstance(str2);
            }
            if (messageDigest2 == null || (str != null && !str.equals(messageDigest2.getAlgorithm()))) {
                f.a("PassportReader", "Re-initializing ecdsaAADigest with digest algorithm " + str);
                MessageDigest.getInstance(str);
            }
            signature2.initVerify(eCPublicKey);
            if (bArr2.length % 2 != 0) {
                f.a("PassportReader", "Active Authentication response is not of even length");
            }
            int length = bArr2.length / 2;
            BigInteger os2i = Util.os2i(bArr2, 0, length);
            BigInteger os2i2 = Util.os2i(bArr2, length, length);
            signature2.update(bArr);
            try {
                return new o(p.ACTIVE_AUTH_CHECK, signature2.verify(new DERSequence(new ASN1Encodable[]{new ASN1Integer(os2i), new ASN1Integer(os2i2)}).getEncoded()) ? q.SUCCESSFUL : q.FAILED);
            } catch (IOException e) {
                f.a("PassportReader", "Unexpected exception during AA signature verification with ECDSA");
                e.printStackTrace();
                return new o(p.ACTIVE_AUTH_CHECK, q.ERROR, (Throwable) e);
            }
        } catch (IllegalArgumentException | GeneralSecurityException e2) {
            throw new CardServiceException(e2.toString());
        }
    }

    private o a(X509Certificate x509Certificate) {
        j();
        o oVar = new o(p.PASSIVE_AUTH_ROOT_CERT_CHECK);
        try {
            this.f.b().getDocSigningCertificate().verify(x509Certificate.getPublicKey());
            oVar.a(q.SUCCESSFUL);
        } catch (Exception e) {
            oVar.a(q.FAILED, e);
        }
        return oVar;
    }

    private boolean a(SODFile sODFile, Certificate certificate) throws GeneralSecurityException {
        String str;
        Signature signature;
        MessageDigest messageDigest;
        byte[] eContent = sODFile.getEContent();
        byte[] encryptedDigest = sODFile.getEncryptedDigest();
        try {
            str = sODFile.getDigestEncryptionAlgorithm();
        } catch (Exception unused) {
            str = null;
        }
        if (str == null) {
            String signerInfoDigestAlgorithm = sODFile.getSignerInfoDigestAlgorithm();
            try {
                messageDigest = MessageDigest.getInstance(signerInfoDigestAlgorithm);
            } catch (Exception unused2) {
                messageDigest = MessageDigest.getInstance(signerInfoDigestAlgorithm, Util.getBouncyCastleProvider());
            }
            messageDigest.update(eContent);
            return Arrays.equals(messageDigest.digest(), encryptedDigest);
        }
        if ("SSAwithRSA/PSS".equals(str)) {
            str = sODFile.getSignerInfoDigestAlgorithm().replace("-", "") + "withRSA/PSS";
        }
        if ("RSA".equals(str)) {
            str = sODFile.getSignerInfoDigestAlgorithm().replace("-", "") + "withRSA";
        }
        try {
            signature = Signature.getInstance(str);
        } catch (Exception unused3) {
            signature = Signature.getInstance(str, Util.getBouncyCastleProvider());
        }
        signature.initVerify(certificate);
        signature.update(eContent);
        return signature.verify(encryptedDigest);
    }

    private void j() {
        if (!this.h || this.f == null || this.g.isEmpty()) {
            throw new IllegalStateException("call open() and readLDS() before performing any other operations!");
        }
    }

    @Override // jumio.nv.nfc.k
    @NonNull
    public o a() throws CardServiceException {
        Collection<SecurityInfo> securityInfos;
        o oVar = new o(p.INIT);
        f.a("PassportReader", "passport service created");
        this.d.open();
        this.j = false;
        try {
            securityInfos = new CardAccessFile(this.d.getInputStream((short) 284)).getSecurityInfos();
        } catch (Exception e) {
            f.c("PassportReader", e.getMessage());
        }
        if (securityInfos == null || securityInfos.size() <= 0) {
            this.j = false;
            f.a("PassportReader", "passport service opened");
            this.d.sendSelectApplet(this.j);
            f.a("PassportReader", "select applet done");
            oVar.a(q.SUCCESSFUL);
            this.h = true;
            return oVar;
        }
        while (true) {
            if (!securityInfos.iterator().hasNext()) {
                break;
            }
            SecurityInfo next = securityInfos.iterator().next();
            if (next instanceof PACEInfo) {
                this.d.doPACE(PACEKeySpec.createMRZKey(this.c), next.getObjectIdentifier(), PACEInfo.toParameterSpec(((PACEInfo) next).getParameterId()));
                break;
            }
        }
        this.j = true;
        f.a("PassportReader", "passport service opened");
        this.d.sendSelectApplet(this.j);
        f.a("PassportReader", "select applet done");
        oVar.a(q.SUCCESSFUL);
        this.h = true;
        return oVar;
    }

    @NonNull
    public o a(d dVar, boolean z) {
        o a2 = dVar.a(this.d, this.g, z);
        this.f = (c) a2.g();
        return new o(p.READ_LDS, a2.b());
    }

    @Override // jumio.nv.nfc.k
    @NonNull
    public o a(h hVar) {
        o oVar = new o(p.PASSIVE_AUTH_ROOT_CERT_CHECK);
        oVar.a(q.NOT_AVAILABLE);
        for (X509Certificate x509Certificate : hVar.b(this.b)) {
            o a2 = a(x509Certificate);
            if (a2.d()) {
                a2.a((o) ("SN=" + x509Certificate.getSerialNumber()));
                return a2;
            }
            oVar = a2;
        }
        return oVar;
    }

    @Override // jumio.nv.nfc.k
    @NonNull
    public o a(boolean z) throws CardServiceException {
        return a(new b(), z);
    }

    public void a(IsoDep isoDep) {
        this.i = isoDep;
    }

    @Override // jumio.nv.nfc.k
    @NonNull
    public o b() {
        f.a("PassportReader", "performing BAC");
        o oVar = new o(p.BAC_CHECK);
        if (this.j) {
            oVar.a(q.SUCCESSFUL);
            return oVar;
        }
        int timeout = this.i.getTimeout();
        this.i.setTimeout(10000);
        if (this.d.isOpen()) {
            try {
                this.d.doBAC(this.c);
                oVar.a(q.SUCCESSFUL);
            } catch (CardServiceException e) {
                oVar.a(q.ERROR, e);
            }
        }
        if (timeout < 1000) {
            timeout = 1000;
        }
        this.i.setTimeout(timeout);
        return oVar;
    }

    @Override // jumio.nv.nfc.k
    @NonNull
    public List<o> c() throws IOException {
        j();
        Map<Integer, byte[]> dataGroupHashes = this.f.b().getDataGroupHashes();
        ArrayList arrayList = new ArrayList();
        Iterator<Integer> it = dataGroupHashes.keySet().iterator();
        while (it.hasNext()) {
            int intValue = it.next().intValue();
            o a2 = a(intValue);
            a2.a((o) Integer.valueOf(intValue));
            arrayList.add(a2);
        }
        return arrayList;
    }

    @Override // jumio.nv.nfc.k
    @NonNull
    public o d() {
        SODFile b;
        j();
        o oVar = new o(p.PASSIVE_AUTH_DSC_CHECK);
        try {
            b = this.f.b();
        } catch (Exception e) {
            f.a("PassportReader", "#### error in Passive Authentication: " + e);
            oVar.a(q.ERROR, e);
        }
        if (b == null) {
            return new o(p.PASSIVE_AUTH_DSC_CHECK, q.FAILED);
        }
        X509Certificate docSigningCertificate = b.getDocSigningCertificate();
        docSigningCertificate.checkValidity();
        if (a(b, docSigningCertificate)) {
            oVar.a(q.SUCCESSFUL);
        } else {
            oVar.a(q.FAILED);
        }
        return oVar;
    }

    @Override // jumio.nv.nfc.k
    @NonNull
    public o e() {
        j();
        try {
            return new o(p.ACTIVE_AUTH_CHECK, this.f.b().getDataGroupHashes().keySet().contains(15) ? q.SUCCESSFUL : q.NOT_AVAILABLE);
        } catch (IOException e) {
            e.printStackTrace();
            return new o(p.ACTIVE_AUTH_CHECK, q.FAILED);
        }
    }

    @Override // jumio.nv.nfc.k
    @NonNull
    public o f() {
        String str;
        String inferDigestAlgorithmFromSignatureAlgorithm;
        j();
        f.a("PassportReader", "perform active auth");
        o oVar = new o(p.ACTIVE_AUTH_CHECK);
        try {
            DG15File h = this.f.h();
            if (h == null) {
                f.a("PassportReader", "active auth not available, DG15 not present");
                return new o(p.ACTIVE_AUTH_CHECK, q.NOT_AVAILABLE);
            }
            new DG15File(this.d.getInputStream(PassportService.EF_DG15)).getEncoded();
            PublicKey publicKey = h.getPublicKey();
            String algorithm = publicKey.getAlgorithm();
            if (!"EC".equals(algorithm) && !"ECDSA".equals(algorithm)) {
                inferDigestAlgorithmFromSignatureAlgorithm = "SHA1";
                str = "SHA1WithRSA/ISO9796-2";
                byte[] bArr = new byte[8];
                this.e.nextBytes(bArr);
                f.a("PassportReader", "AA challenge: " + Hex.bytesToHexString(bArr));
                byte[] response = this.d.doAA(publicKey, inferDigestAlgorithmFromSignatureAlgorithm, str, bArr).getResponse();
                f.a("PassportReader", "AA response: " + Hex.bytesToHexString(response));
                return a(publicKey, inferDigestAlgorithmFromSignatureAlgorithm, str, bArr, response);
            }
            List<ActiveAuthenticationInfo> activeAuthenticationInfos = this.f.g().getActiveAuthenticationInfos();
            int size = activeAuthenticationInfos == null ? 0 : activeAuthenticationInfos.size();
            if (size < 1) {
                f.a("PassportReader", "Found no active authentication info in EF.DG14");
                return new o(p.ACTIVE_AUTH_CHECK, q.NOT_AVAILABLE, new Throwable("Found no active authentication info in EF.DG14"));
            }
            if (size > 1) {
                f.a("PassportReader", "Found " + size + " in EF.DG14, expected 1.");
            }
            String lookupMnemonicByOID = ActiveAuthenticationInfo.lookupMnemonicByOID(activeAuthenticationInfos.get(0).getSignatureAlgorithmOID());
            str = lookupMnemonicByOID;
            inferDigestAlgorithmFromSignatureAlgorithm = Util.inferDigestAlgorithmFromSignatureAlgorithm(lookupMnemonicByOID);
            byte[] bArr2 = new byte[8];
            this.e.nextBytes(bArr2);
            f.a("PassportReader", "AA challenge: " + Hex.bytesToHexString(bArr2));
            byte[] response2 = this.d.doAA(publicKey, inferDigestAlgorithmFromSignatureAlgorithm, str, bArr2).getResponse();
            f.a("PassportReader", "AA response: " + Hex.bytesToHexString(response2));
            return a(publicKey, inferDigestAlgorithmFromSignatureAlgorithm, str, bArr2, response2);
        } catch (IOException e) {
            f.a("PassportReader", "#### error reading DG15 " + e);
            oVar.a(q.ERROR, e);
            return oVar;
        } catch (NoSuchAlgorithmException e2) {
            f.a("PassportReader", "#### algorithm not found: " + e2);
            oVar.a(q.ERROR, e2);
            return oVar;
        } catch (CardServiceException e3) {
            f.a("PassportReader", "### card service error: " + e3);
            oVar.a(q.ERROR, e3);
            return oVar;
        }
    }

    @Override // jumio.nv.nfc.k
    @NonNull
    public o g() {
        j();
        f.a("PassportReader", "downloading image");
        o oVar = new o(p.FACE_IMAGE);
        try {
            Iterator<FaceInfo> it = this.f.d().getFaceInfos().iterator();
            while (it.hasNext()) {
                for (FaceImageInfo faceImageInfo : it.next().getFaceImageInfos()) {
                    int imageLength = faceImageInfo.getImageLength();
                    String mimeType = faceImageInfo.getMimeType();
                    InputStream imageInputStream = faceImageInfo.getImageInputStream();
                    f.a("PassportReader", String.format("Image mime: %s, len = %d", mimeType, Integer.valueOf(imageLength)));
                    if (!mimeType.equals(ImageInfo.JPEG_MIME_TYPE) && !mimeType.equals("image/png")) {
                        if (!mimeType.equals(ImageInfo.JPEG2000_MIME_TYPE) && !mimeType.equals("mime/jpx")) {
                            oVar.a(q.NOT_AVAILABLE);
                            oVar.a((o) mimeType);
                            oVar.a(q.NOT_AVAILABLE);
                            oVar.a((o) mimeType);
                        }
                        byte[] byteArray = IOUtils.toByteArray(imageInputStream);
                        dt dtVar = new dt();
                        String[][] b = cf.b();
                        for (int length = b.length - 1; length >= 0; length--) {
                            if (b[length][3] != null) {
                                dtVar.put(b[length][0], b[length][3]);
                            }
                        }
                        Bitmap a2 = new cf(new dt(dtVar)).a(byteArray);
                        oVar.a(a2 != null ? q.SUCCESSFUL : q.FAILED);
                        oVar.a((o) a2);
                    }
                    Bitmap decodeStream = BitmapFactory.decodeStream(imageInputStream);
                    StringBuilder sb = new StringBuilder();
                    sb.append("Bitmap decoding ");
                    sb.append(decodeStream != null ? "succssful" : "failed");
                    f.a("PassportReader", sb.toString());
                    oVar.a(decodeStream != null ? q.SUCCESSFUL : q.FAILED);
                    oVar.a((o) decodeStream);
                }
            }
        } catch (IOException e) {
            e.printStackTrace();
            oVar.a(q.FAILED);
        }
        return oVar;
    }

    @Override // jumio.nv.nfc.k
    @NonNull
    public o h() {
        f.a("PassportReader", "read passport details");
        o oVar = new o(p.ADDITIONAL_DATA);
        n nVar = new n();
        try {
            DG1File c = this.f.c();
            if (c != null) {
                nVar.a(c.getMRZInfo());
            }
            int[] tagList = this.f.a().getTagList();
            ArrayList arrayList = new ArrayList();
            for (int i : tagList) {
                arrayList.add(Integer.valueOf(LDSFileUtil.lookupDataGroupNumberByTag(i)));
            }
            if (arrayList.contains(11)) {
                f.a("PassportReader", "read DG11 - personal details");
                nVar.a(new m(this.f.e()));
            }
            if (arrayList.contains(12)) {
                f.a("PassportReader", "read DG12 - document details");
                nVar.a(new l(this.f.f()));
            }
            oVar.a(q.SUCCESSFUL);
            oVar.a((o) nVar);
        } catch (Exception e) {
            oVar.a(q.ERROR, e);
        }
        return oVar;
    }

    @Override // jumio.nv.nfc.k
    @Nullable
    public String i() {
        j();
        try {
            return this.f.c().getMRZInfo().toString();
        } catch (IOException e) {
            f.b("PassportReader", "error reading DG1", e);
            return null;
        }
    }
}
