package de.governikus.bea.beaToolkit.crypto.handler.smartcard;

import de.bos_bremen.basecard.common.crypto.Algorithm;
import de.bos_bremen.basecard.common.crypto.UsageRelated;
import de.bos_bremen.gov2.jca_provider.CipherPINInputCancelledException;
import de.bos_bremen.gov2.jca_provider.CipherRetryCounterExpiredException;
import de.bos_bremen.gov2.jca_provider.CipherWrongPINException;
import de.bos_bremen.gov2.jca_provider.OCFPrivateKey;
import de.bos_bremen.gov2.jca_provider.ocf.cards.GovCS;
import de.governikus.bea.beaToolkit.BeaToolkitContext;
import de.governikus.bea.beaToolkit.crypto.LocalCryptoInformation;
import de.governikus.bea.beaToolkit.crypto.handler.RSAHandler;
import de.governikus.bea.beaToolkit.crypto.worker.CipherWorker;
import de.governikus.bea.beaToolkit.ui.ConfirmKey;
import de.governikus.bea.beaToolkit.ui.DialogFactory;
import de.governikus.bea.beaToolkit.ui.DialogResult;
import de.governikus.bea.beaToolkit.ui.StartType;
import de.governikus.bea.beaToolkit.util.McardErrorCodeUtil;
import java.awt.Toolkit;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.util.Iterator;
import javafx.scene.control.Alert;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:de/governikus/bea/beaToolkit/crypto/handler/smartcard/RSAHandlerSmartcard.class */
public class RSAHandlerSmartcard extends RSAHandler {
    private static final Logger LOG = LogManager.getLogger(RSAHandlerSmartcard.class);
    private Cipher decryptCipher;
    private boolean useLocalErrorDialogs;

    public RSAHandlerSmartcard(LocalCryptoInformation localCryptoInformation) {
        super(localCryptoInformation);
        this.useLocalErrorDialogs = true;
    }

    public RSAHandlerSmartcard(LocalCryptoInformation localCryptoInformation, boolean z) {
        this(localCryptoInformation);
        this.useLocalErrorDialogs = z;
    }

    @Override // de.governikus.bea.beaToolkit.crypto.CryptoHandler
    public byte[] decrypt(byte[] bArr) throws GeneralSecurityException {
        byte[] bArr2 = null;
        boolean z = true;
        do {
            try {
                CipherWorker cipherWorker = this.cryptoInformation.getCipherWorker();
                OCFPrivateKey oCFPrivateKey = (PrivateKey) cipherWorker.getKeyStore().getKey(this.cryptoInformation.getCryptoAlias(), cipherWorker.getPassword());
                GovCS cardService = oCFPrivateKey.getCardService();
                cardService.setKeyboardAllowed(false);
                LOG.info("CardTerminalName: " + cardService.getCardTerminal().getName());
                Cipher decryptCipher = getDecryptCipher();
                decryptCipher.init(2, (Key) oCFPrivateKey);
                bArr2 = decryptCipher.doFinal(bArr);
                z = false;
            } catch (CipherRetryCounterExpiredException e) {
                LOG.error("pin expired");
                throw e;
            } catch (GeneralSecurityException e2) {
                throw e2;
            } catch (CipherWrongPINException e3) {
                LOG.error("wrong pin");
                if (!this.useLocalErrorDialogs) {
                    LOG.warn("wrong pin entered");
                    throw e3;
                }
                Toolkit.getDefaultToolkit().beep();
                if (DialogFactory.getInstance().popConfirmationAlertOkCancel(StartType.IN_NEW_THREAD, ConfirmKey.RSAHANDLER_ALERT_WRONG_PING_MSG, Alert.AlertType.ERROR).getReason() == DialogResult.Reason.CMD_CANCEL) {
                    z = false;
                    bArr2 = null;
                }
            } catch (CipherPINInputCancelledException e4) {
                if (e4.getErrorCode() != 26368) {
                    LOG.warn("pin input cancelled");
                    throw e4;
                }
                if (!this.useLocalErrorDialogs) {
                    LOG.warn("wrong pin entered");
                    throw new CipherWrongPINException(e4.getPasswordName(), e4.getErrorCode(), e4.getMessage(), e4);
                }
                if (DialogFactory.getInstance().popConfirmationAlertOkCancel(StartType.IN_NEW_THREAD, McardErrorCodeUtil.getWarningKey(e4.getErrorCode()).getTitle(), McardErrorCodeUtil.getWarningKey(e4.getErrorCode()).getMessage(), Alert.AlertType.ERROR).getReason() == DialogResult.Reason.CMD_CANCEL) {
                    z = false;
                    bArr2 = null;
                }
            }
        } while (z);
        return bArr2;
    }

    protected Cipher getDecryptCipher() {
        if (this.decryptCipher == null) {
            try {
                OCFPrivateKey oCFPrivateKey = (PrivateKey) this.cryptoInformation.getCipherWorker().getKeyStore().getKey(this.cryptoInformation.getCryptoAlias(), null);
                String algorithm = oCFPrivateKey.getAlgorithm();
                if (BeaToolkitContext.getInstance().getAsymmetricSessionKeyAlgorithmJCEJCA().equals("RSA/ECB/OAEPPadding")) {
                    Iterator it = oCFPrivateKey.getAlgorithms(UsageRelated.Usage.CIPHER).iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        Algorithm algorithm2 = (Algorithm) it.next();
                        if (algorithm2.getAlgorithmName().contains("OAEP")) {
                            algorithm = algorithm2.getAlgorithmName();
                            break;
                        }
                    }
                }
                LOG.info("algo: " + algorithm);
                this.decryptCipher = Cipher.getInstance(algorithm, "OCF");
            } catch (KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableKeyException | NoSuchPaddingException e) {
                LOG.error("", e);
            }
        }
        return this.decryptCipher;
    }
}
