package com.ftsafe.skapi;

import android.os.Handler;
import android.os.Looper;
import com.ftsafe.skapi.communication.TransportAPDU;
import com.ftsafe.skapi.piv.CertSlot;
import com.ftsafe.skapi.piv.KeyType;
import com.ftsafe.skapi.piv.PinPolicy;
import com.ftsafe.skapi.piv.PivCertManager;
import com.ftsafe.skapi.piv.PivPinManager;
import com.ftsafe.skapi.piv.TouchPolicy;
import com.ftsafe.skapi.utils.Aid;
import com.ftsafe.skapi.utils.Def;
import com.ftsafe.skapi.utils.SKCallback;
import com.ftsafe.skapi.utils.SKError;
import com.ftsafe.skapi.utils.SKException;
import com.ftsafe.skapi.utils.Transmit;
import java.io.Serializable;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;

/* loaded from: classes.dex */
public class PivManager implements Serializable {
    private static final String TAG = "PivManager";
    private static PivCertManager m_PivCertManager;
    private static volatile PivManager m_PivManagerInstance;
    private static PivPinManager m_PivPinManager;
    private final ExecutorService m_ExecutorService = Executors.newSingleThreadExecutor();
    private Handler m_handler;

    public static PivManager getInstance() {
        if (m_PivManagerInstance == null) {
            synchronized (SKManager.class) {
                if (m_PivManagerInstance == null) {
                    m_PivManagerInstance = new PivManager();
                    m_PivPinManager = new PivPinManager();
                    m_PivCertManager = new PivCertManager();
                }
            }
        }
        return m_PivManagerInstance;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void selectPIV() throws SKException {
        if (TransportAPDU.getInstance().getMonitorType() == Transmit.HID) {
            TransportAPDU.getInstance().changeMonitorType(Transmit.CCID);
        }
        if (!TransportAPDU.getInstance().connectFido()) {
            throw new SKException(SKError.ERR_DEVICE_DISCONNECT);
        }
        short statusCode = TransportAPDU.getInstance().SelectAppletByAID(Aid.PIV).statusCode();
        if (-28672 != statusCode) {
            throw new SKException(statusCode);
        }
        this.m_handler.sendEmptyMessage(Def.STATE_WAITING);
    }

    public void changePIN(final String str, final String str2, final SKCallback sKCallback) {
        this.m_ExecutorService.execute(new Runnable() { // from class: com.ftsafe.skapi.PivManager.2
            @Override // java.lang.Runnable
            public void run() {
                try {
                    try {
                        PivManager.this.selectPIV();
                        PivManager.m_PivPinManager.changePIN(str, str2);
                        sKCallback.onSuccess(Def.SUCCESS, null);
                    } catch (SKException e) {
                        sKCallback.onError(e.getMessage());
                    }
                } finally {
                    PivManager.this.m_handler.sendEmptyMessage(Def.STATE_FINISHED);
                }
            }
        });
    }

    public void changePUK(final String str, final String str2, final SKCallback sKCallback) {
        this.m_ExecutorService.execute(new Runnable() { // from class: com.ftsafe.skapi.PivManager.3
            @Override // java.lang.Runnable
            public void run() {
                try {
                    try {
                        PivManager.this.selectPIV();
                        PivManager.m_PivPinManager.changePUK(str, str2);
                        sKCallback.onSuccess(Def.SUCCESS, null);
                    } catch (SKException e) {
                        sKCallback.onError(e.getMessage());
                    }
                } finally {
                    PivManager.this.m_handler.sendEmptyMessage(Def.STATE_FINISHED);
                }
            }
        });
    }

    public void decrypt(final CertSlot certSlot, final byte[] bArr, final Cipher cipher, final SKCallback sKCallback) {
        this.m_ExecutorService.execute(new Runnable() { // from class: com.ftsafe.skapi.PivManager.14
            @Override // java.lang.Runnable
            public void run() {
                byte[] bArr2;
                try {
                    try {
                        bArr2 = bArr;
                    } catch (SKException e) {
                        sKCallback.onError(e.getMessage());
                    }
                    if (bArr2 != null && bArr2.length != 0) {
                        PivManager.this.selectPIV();
                        byte[] decrypt = PivManager.m_PivCertManager.decrypt(certSlot, bArr, cipher);
                        if (decrypt != null) {
                            sKCallback.onSuccess(Def.SUCCESS, decrypt);
                        } else {
                            sKCallback.onError("Decrypt error.");
                        }
                        return;
                    }
                    sKCallback.onError("The data to be decrypt is empty.");
                } finally {
                    PivManager.this.m_handler.sendEmptyMessage(Def.STATE_FINISHED);
                }
            }
        });
    }

    public void deleteCertificate(final String str, final byte[] bArr, final CertSlot certSlot, final SKCallback sKCallback) {
        this.m_ExecutorService.execute(new Runnable() { // from class: com.ftsafe.skapi.PivManager.10
            @Override // java.lang.Runnable
            public void run() {
                try {
                    try {
                        PivManager.this.selectPIV();
                        PivManager.m_PivCertManager.deleteCertificate(str, bArr, certSlot);
                        sKCallback.onSuccess(Def.SUCCESS, null);
                    } catch (SKException e) {
                        sKCallback.onError(e.getMessage());
                    }
                } finally {
                    PivManager.this.m_handler.sendEmptyMessage(Def.STATE_FINISHED);
                }
            }
        });
    }

    public void encrypt(final CertSlot certSlot, final byte[] bArr, final Cipher cipher, final SKCallback sKCallback) {
        this.m_ExecutorService.execute(new Runnable() { // from class: com.ftsafe.skapi.PivManager.13
            @Override // java.lang.Runnable
            public void run() {
                byte[] bArr2;
                try {
                    try {
                        bArr2 = bArr;
                    } finally {
                        PivManager.this.m_handler.sendEmptyMessage(Def.STATE_FINISHED);
                    }
                } catch (SKException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
                    sKCallback.onError(e.getMessage());
                }
                if (bArr2 != null && bArr2.length != 0) {
                    PivManager.this.selectPIV();
                    X509Certificate readCertificate = PivManager.m_PivCertManager.readCertificate(certSlot);
                    if (readCertificate == null) {
                        sKCallback.onError("There is no certificate for the current slot.");
                    }
                    cipher.init(1, readCertificate.getPublicKey());
                    byte[] doFinal = cipher.doFinal(bArr);
                    if (doFinal != null) {
                        sKCallback.onSuccess(Def.SUCCESS, doFinal);
                    } else {
                        sKCallback.onError("Encrypt error.");
                    }
                    return;
                }
                sKCallback.onError("The data to be encrypted is empty.");
            }
        });
    }

    public void generateKey(final String str, final byte[] bArr, final CertSlot certSlot, final KeyType keyType, final PinPolicy pinPolicy, final TouchPolicy touchPolicy, final SKCallback sKCallback) {
        this.m_ExecutorService.execute(new Runnable() { // from class: com.ftsafe.skapi.PivManager.7
            @Override // java.lang.Runnable
            public void run() {
                PublicKey generateKey;
                try {
                    try {
                        PivManager.this.selectPIV();
                        generateKey = PivManager.m_PivCertManager.generateKey(str, bArr, certSlot, keyType, pinPolicy, touchPolicy);
                    } catch (SKException e) {
                        sKCallback.onError(e.getMessage());
                    }
                    if (generateKey == null) {
                        sKCallback.onError("Failed to generate key pair.");
                    } else {
                        sKCallback.onSuccess(Def.SUCCESS, generateKey);
                    }
                } finally {
                    PivManager.this.m_handler.sendEmptyMessage(Def.STATE_FINISHED);
                }
            }
        });
    }

    public void generateSelfSignCertificate(final String str, final byte[] bArr, final CertSlot certSlot, final KeyType keyType, final String str2, final int i, final PinPolicy pinPolicy, final TouchPolicy touchPolicy, final SKCallback sKCallback) {
        this.m_ExecutorService.execute(new Runnable() { // from class: com.ftsafe.skapi.PivManager.8
            @Override // java.lang.Runnable
            public void run() {
                KeyPair generateEcKey;
                try {
                    try {
                        PivManager.this.selectPIV();
                        if (keyType == KeyType.RSA1024) {
                            generateEcKey = PivCertManager.generateRsaKey(1024);
                        } else if (keyType == KeyType.RSA2048) {
                            generateEcKey = PivCertManager.generateRsaKey(2048);
                        } else if (keyType == KeyType.ECCP256) {
                            generateEcKey = PivCertManager.generateEcKey(256);
                        } else {
                            if (keyType != KeyType.ECCP384) {
                                sKCallback.onError("The algorithm is not supported.");
                                return;
                            }
                            generateEcKey = PivCertManager.generateEcKey(384);
                        }
                    } catch (SKException e) {
                        sKCallback.onError(e.getMessage());
                    }
                    if (generateEcKey == null) {
                        sKCallback.onError("Generate key pair error.");
                        return;
                    }
                    PivManager.m_PivCertManager.importKey(str, bArr, certSlot, generateEcKey.getPrivate(), pinPolicy, touchPolicy);
                    PivManager.m_PivCertManager.importCertificate(str, bArr, certSlot, PivManager.m_PivCertManager.createCertificate(str, bArr, certSlot, keyType, generateEcKey.getPublic(), generateEcKey.getPrivate(), str2, i));
                    sKCallback.onSuccess(Def.SUCCESS, null);
                } finally {
                    PivManager.this.m_handler.sendEmptyMessage(Def.STATE_FINISHED);
                }
            }
        });
    }

    public void importCertificate(final String str, final byte[] bArr, final CertSlot certSlot, final X509Certificate x509Certificate, final SKCallback sKCallback) {
        this.m_ExecutorService.execute(new Runnable() { // from class: com.ftsafe.skapi.PivManager.9
            @Override // java.lang.Runnable
            public void run() {
                try {
                    try {
                        PivManager.this.selectPIV();
                        PivManager.m_PivCertManager.importCertificate(str, bArr, certSlot, x509Certificate);
                        sKCallback.onSuccess(Def.SUCCESS, null);
                    } catch (SKException e) {
                        sKCallback.onError(e.getMessage());
                    }
                } finally {
                    PivManager.this.m_handler.sendEmptyMessage(Def.STATE_FINISHED);
                }
            }
        });
    }

    public void init(Handler handler) {
        if (handler == null) {
            handler = new Handler(Looper.getMainLooper());
        }
        this.m_handler = handler;
    }

    public void readCertificate(final CertSlot certSlot, final SKCallback sKCallback) {
        this.m_ExecutorService.execute(new Runnable() { // from class: com.ftsafe.skapi.PivManager.6
            @Override // java.lang.Runnable
            public void run() {
                try {
                    try {
                        PivManager.this.selectPIV();
                        sKCallback.onSuccess(Def.SUCCESS, PivManager.m_PivCertManager.readCertificate(certSlot));
                    } catch (SKException e) {
                        sKCallback.onError(e.getMessage());
                    }
                } finally {
                    PivManager.this.m_handler.sendEmptyMessage(Def.STATE_FINISHED);
                }
            }
        });
    }

    public void reset(final SKCallback sKCallback) {
        this.m_ExecutorService.execute(new Runnable() { // from class: com.ftsafe.skapi.PivManager.5
            @Override // java.lang.Runnable
            public void run() {
                try {
                    try {
                        PivManager.this.selectPIV();
                        PivManager.m_PivPinManager.reset(sKCallback);
                        sKCallback.onSuccess(Def.SUCCESS, null);
                    } catch (SKException e) {
                        sKCallback.onError(e.getMessage());
                    }
                } finally {
                    PivManager.this.m_handler.sendEmptyMessage(Def.STATE_FINISHED);
                }
            }
        });
    }

    public void setManagementKey(final String str, final byte[] bArr, final byte[] bArr2, final SKCallback sKCallback) {
        this.m_ExecutorService.execute(new Runnable() { // from class: com.ftsafe.skapi.PivManager.4
            @Override // java.lang.Runnable
            public void run() {
                try {
                    try {
                        PivManager.this.selectPIV();
                        PivManager.m_PivPinManager.setManagementKey(str, bArr, bArr2);
                        sKCallback.onSuccess(Def.SUCCESS, null);
                    } catch (SKException e) {
                        sKCallback.onError(e.getMessage());
                    }
                } finally {
                    PivManager.this.m_handler.sendEmptyMessage(Def.STATE_FINISHED);
                }
            }
        });
    }

    public void sign(final String str, final byte[] bArr, final CertSlot certSlot, final KeyType keyType, final byte[] bArr2, final Signature signature, final SKCallback sKCallback) {
        this.m_ExecutorService.execute(new Runnable() { // from class: com.ftsafe.skapi.PivManager.11
            @Override // java.lang.Runnable
            public void run() {
                byte[] bArr3;
                try {
                    try {
                        bArr3 = bArr2;
                    } catch (SKException e) {
                        sKCallback.onError(e.getMessage());
                    }
                    if (bArr3 != null && bArr3.length != 0) {
                        PivManager.this.selectPIV();
                        byte[] sign = PivManager.m_PivCertManager.sign(str, bArr, certSlot, keyType, bArr2, signature);
                        if (sign != null) {
                            sKCallback.onSuccess(Def.SUCCESS, sign);
                        } else {
                            sKCallback.onError("Signature error.");
                        }
                        return;
                    }
                    sKCallback.onError("The data to be signed is empty.");
                } finally {
                    PivManager.this.m_handler.sendEmptyMessage(Def.STATE_FINISHED);
                }
            }
        });
    }

    public void verify(final CertSlot certSlot, final byte[] bArr, final Signature signature, final byte[] bArr2, final SKCallback sKCallback) {
        this.m_ExecutorService.execute(new Runnable() { // from class: com.ftsafe.skapi.PivManager.12
            @Override // java.lang.Runnable
            public void run() {
                byte[] bArr3;
                try {
                    try {
                        bArr3 = bArr;
                    } finally {
                        PivManager.this.m_handler.sendEmptyMessage(Def.STATE_FINISHED);
                    }
                } catch (SKException | InvalidKeyException | SignatureException e) {
                    sKCallback.onError(e.getMessage());
                }
                if (bArr3 != null && bArr3.length != 0) {
                    byte[] bArr4 = bArr2;
                    if (bArr4 != null && bArr4.length != 0) {
                        PivManager.this.selectPIV();
                        X509Certificate readCertificate = PivManager.m_PivCertManager.readCertificate(certSlot);
                        if (readCertificate == null) {
                            sKCallback.onError("There is no certificate for the current slot.");
                        }
                        signature.initVerify(readCertificate.getPublicKey());
                        signature.update(bArr);
                        if (signature.verify(bArr2)) {
                            sKCallback.onSuccess(Def.SUCCESS, null);
                        } else {
                            sKCallback.onError("Signature verification failed.");
                        }
                        return;
                    }
                    sKCallback.onError("Signature data is empty.");
                }
                sKCallback.onError("The data to be signed is empty.");
            }
        });
    }

    public void verifyPIN(final String str, final SKCallback sKCallback) {
        this.m_ExecutorService.execute(new Runnable() { // from class: com.ftsafe.skapi.PivManager.1
            @Override // java.lang.Runnable
            public void run() {
                try {
                    try {
                        PivManager.this.selectPIV();
                        PivManager.m_PivPinManager.verifyPIN(str);
                        sKCallback.onSuccess(Def.SUCCESS, null);
                    } catch (SKException e) {
                        sKCallback.onError(e.getMessage());
                    }
                } finally {
                    PivManager.this.m_handler.sendEmptyMessage(Def.STATE_FINISHED);
                }
            }
        });
    }
}
