package org.jscep.client;

import java.io.IOException;
import java.net.URL;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.CertStore;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Objects;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.bouncycastle.cert.CertException;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.RuntimeOperatorException;
import org.jscep.client.e.e;
import org.jscep.message.f;
import org.jscep.message.g;
import org.jscep.message.j;
import org.jscep.message.k;
import org.jscep.transaction.Transaction;
import org.jscep.transport.TransportException;
import org.jscep.transport.TransportFactory;
import org.jscep.transport.response.Capability;

/* loaded from: classes.dex */
public final class b {

    /* renamed from: e, reason: collision with root package name */
    private static final e.d.b f2654e = e.d.c.f(b.class);

    /* renamed from: a, reason: collision with root package name */
    private final URL f2655a;

    /* renamed from: b, reason: collision with root package name */
    private final CallbackHandler f2656b;

    /* renamed from: c, reason: collision with root package name */
    private org.jscep.client.e.c f2657c = new e();

    /* renamed from: d, reason: collision with root package name */
    private TransportFactory f2658d = new org.jscep.transport.e();

    public b(URL url, org.jscep.client.f.a aVar) {
        this.f2655a = url;
        this.f2656b = new c(aVar);
        i();
    }

    private org.jscep.transport.b a(String str) {
        TransportFactory transportFactory;
        TransportFactory.Method method;
        if (c(str).h()) {
            transportFactory = this.f2658d;
            method = TransportFactory.Method.POST;
        } else {
            transportFactory = this.f2658d;
            method = TransportFactory.Method.GET;
        }
        return transportFactory.a(method, this.f2655a);
    }

    private j e(X509Certificate x509Certificate, PrivateKey privateKey, String str) {
        return new j(this.f2657c.a(d(str)).a(), new f(x509Certificate, privateKey));
    }

    private k f(X509Certificate x509Certificate, PrivateKey privateKey, String str) {
        CertStore d2 = d(str);
        org.jscep.transport.response.a c2 = c(str);
        return new k(privateKey, x509Certificate, new g(this.f2657c.a(d2).b(), c2.e()), c2.g());
    }

    private boolean g(X509Certificate x509Certificate) {
        try {
            org.bouncycastle.cert.jcajce.d dVar = new org.bouncycastle.cert.jcajce.d(x509Certificate);
            return dVar.g(new org.bouncycastle.operator.jcajce.b().d(dVar));
        } catch (RuntimeOperatorException e2) {
            if (!(e2.getCause() instanceof SignatureException)) {
                throw new ClientException(e2);
            }
            f2654e.h("SignatureException detected so we consider that the certificate is not self signed");
            return false;
        } catch (Exception e3) {
            throw new ClientException(e3);
        }
    }

    private d h(org.jscep.transaction.a aVar) {
        Transaction.State k = aVar.k();
        return k == Transaction.State.CERT_ISSUED ? new d(aVar.j(), aVar.e()) : k == Transaction.State.CERT_REQ_PENDING ? new d(aVar.j()) : new d(aVar.j(), aVar.f());
    }

    private void i() {
        URL url = this.f2655a;
        Objects.requireNonNull(url, "URL should not be null");
        if (!url.getProtocol().matches("^https?$")) {
            throw new IllegalArgumentException("URL protocol should be HTTP or HTTPS");
        }
        if (this.f2655a.getRef() != null) {
            throw new IllegalArgumentException("URL should contain no reference");
        }
        if (this.f2655a.getQuery() != null) {
            throw new IllegalArgumentException("URL should contain no query string");
        }
        Objects.requireNonNull(this.f2656b, "Callback handler should not be null");
    }

    private void j(X509Certificate x509Certificate) {
        a aVar = new a(x509Certificate);
        try {
            e.d.b bVar = f2654e;
            bVar.f("Requesting certificate verification.");
            this.f2656b.handle(new Callback[]{aVar});
            if (aVar.b()) {
                bVar.f("Certificate verification passed.");
            } else {
                bVar.f("Certificate verification failed.");
                throw new ClientException("CA certificate fingerprint could not be verified.");
            }
        } catch (IOException e2) {
            throw new ClientException(e2);
        } catch (UnsupportedCallbackException e3) {
            f2654e.f("Certificate verification failed.");
            throw new ClientException(e3);
        }
    }

    private void k(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        e.d.b bVar = f2654e;
        bVar.f("Verifying signature of RA certificate");
        if (x509Certificate.equals(x509Certificate2)) {
            bVar.f("RA and CA are identical");
            return;
        }
        try {
            if (new org.bouncycastle.cert.jcajce.d(x509Certificate2).g(new org.bouncycastle.operator.jcajce.b().c(x509Certificate))) {
                bVar.f("Signature verification passed for RA.");
            } else {
                bVar.f("Signature verification failed for RA.");
                throw new ClientException("RA not issued by CA");
            }
        } catch (CertificateEncodingException e2) {
            throw new ClientException(e2);
        } catch (CertException e3) {
            throw new ClientException(e3);
        } catch (OperatorCreationException e4) {
            throw new ClientException(e4);
        }
    }

    public d b(X509Certificate x509Certificate, PrivateKey privateKey, org.bouncycastle.pkcs.a aVar, String str) {
        e.d.b bVar = f2654e;
        bVar.f("Enrolling certificate with CA");
        if (g(x509Certificate)) {
            bVar.f("Certificate is self-signed");
            if (!aVar.b().equals(e.c.a.c.a(x509Certificate.getSubjectX500Principal()))) {
                bVar.e("The self-signed certificate MUST use the same subject name as in the PKCS#10 request.");
            }
        }
        org.jscep.transaction.a aVar2 = new org.jscep.transaction.a(a(str), f(x509Certificate, privateKey, str), e(x509Certificate, privateKey, str), aVar);
        try {
            MessageDigest f = c(str).f();
            bVar.c("{} PKCS#10 Fingerprint: [{}]", f.getAlgorithm(), new String(e.a.a.a.b.c.b(f.digest(aVar.a()))));
        } catch (IOException e2) {
            f2654e.g("Error getting encoded CSR", e2);
        }
        return h(aVar2);
    }

    public org.jscep.transport.response.a c(String str) {
        f2654e.f("Determining capabilities of SCEP server");
        org.jscep.transport.request.a aVar = new org.jscep.transport.request.a(str);
        try {
            return (org.jscep.transport.response.a) this.f2658d.a(TransportFactory.Method.GET, this.f2655a).a(aVar, new org.jscep.transport.response.b());
        } catch (TransportException unused) {
            f2654e.h("AbstractTransport problem when determining capabilities.  Using empty capabilities.");
            return new org.jscep.transport.response.a(new Capability[0]);
        }
    }

    public CertStore d(String str) {
        f2654e.f("Retrieving current CA certificate");
        org.jscep.transport.request.b bVar = new org.jscep.transport.request.b(str);
        try {
            CertStore certStore = (CertStore) this.f2658d.a(TransportFactory.Method.GET, this.f2655a).a(bVar, new org.jscep.transport.response.c());
            org.jscep.client.e.b a2 = this.f2657c.a(certStore);
            j(a2.c());
            k(a2.c(), a2.b());
            k(a2.c(), a2.a());
            return certStore;
        } catch (TransportException e2) {
            throw new ClientException(e2);
        }
    }
}
