package com.cisco.cpm.util;

import android.os.Build;
import android.os.Environment;
import com.cisco.cpm.exception.SPWSCEPRequestPendingException;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.UUID;
import java.util.Vector;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLHandshakeException;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.DEROutputStream;
import org.spongycastle.asn1.DERPrintableString;
import org.spongycastle.asn1.DERSequence;
import org.spongycastle.asn1.DERSet;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.asn1.x509.GeneralNames;
import org.spongycastle.asn1.x509.X509Extension;
import org.spongycastle.asn1.x509.X509Extensions;
import org.spongycastle.asn1.x509.X509Name;
import org.spongycastle.jce.PKCS10CertificationRequest;
import org.spongycastle.util.encoders.Base64;

/* loaded from: classes.dex */
public class EnrollmentUtility {
    static final /* synthetic */ boolean $assertionsDisabled;
    private static final String EC_SIGN = "SHA256withECDSA";
    static final byte[] HEX_CHAR_TABLE;
    private static final String RSA_SIGN = "SHA256withRSA";
    private static boolean s_bESTLoggerInitialized;
    private String ESTSvrCAChain;
    private String GUID;
    private boolean bUseESTClient;
    private String certParametersString;
    private String challengePwd;
    private String curve;
    private SimpleDateFormat formater;
    private KeyPair keyPair;
    private int mInitialRetryCnt;
    private int mInitialRetryTime;
    private int mPendingRetryCnt;
    private int mPendingRetryTime;
    private boolean mValidateServerCert;
    private String macAddr;
    private String password;
    PKCS10CertificationRequest pkCS10request;
    private String serverName;
    private int serverPort;
    private String subject;
    private String transactionID;
    private String urlStr;
    private String userName;

    static {
        $assertionsDisabled = !EnrollmentUtility.class.desiredAssertionStatus();
        s_bESTLoggerInitialized = $assertionsDisabled;
        HEX_CHAR_TABLE = new byte[]{48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 97, 98, 99, 100, 101, 102};
    }

    public EnrollmentUtility(String str, String str2, String str3, String str4, KeyPair keyPair, String str5, String str6, String str7, int i, String str8, String str9) {
        this.urlStr = null;
        this.macAddr = null;
        this.GUID = null;
        this.mInitialRetryCnt = 3;
        this.mInitialRetryTime = 4;
        this.mPendingRetryCnt = 5;
        this.mPendingRetryTime = 4;
        this.mValidateServerCert = true;
        this.userName = null;
        this.password = null;
        this.serverName = null;
        this.serverPort = 0;
        this.curve = null;
        this.ESTSvrCAChain = null;
        this.bUseESTClient = $assertionsDisabled;
        this.formater = new SimpleDateFormat("yyyy.MM.dd HH:mm:ss");
        this.pkCS10request = null;
        this.subject = str;
        this.userName = str;
        this.password = str2;
        this.certParametersString = str3;
        this.keyPair = keyPair;
        this.challengePwd = str4;
        this.macAddr = str5;
        this.GUID = str6;
        this.serverName = str7;
        this.serverPort = i;
        this.curve = str8;
        this.bUseESTClient = true;
        this.ESTSvrCAChain = str9;
        System.loadLibrary("estwrap");
        initESTLogger();
    }

    public EnrollmentUtility(String str, String str2, String str3, String str4, KeyPair keyPair, String str5, String str6, String str7, String str8, String str9, String str10, boolean z) {
        this.urlStr = null;
        this.macAddr = null;
        this.GUID = null;
        this.mInitialRetryCnt = 3;
        this.mInitialRetryTime = 4;
        this.mPendingRetryCnt = 5;
        this.mPendingRetryTime = 4;
        this.mValidateServerCert = true;
        this.userName = null;
        this.password = null;
        this.serverName = null;
        this.serverPort = 0;
        this.curve = null;
        this.ESTSvrCAChain = null;
        this.bUseESTClient = $assertionsDisabled;
        this.formater = new SimpleDateFormat("yyyy.MM.dd HH:mm:ss");
        this.pkCS10request = null;
        this.subject = str;
        this.certParametersString = str2;
        this.urlStr = str4;
        this.keyPair = keyPair;
        this.challengePwd = str3;
        this.macAddr = str5;
        this.GUID = str6;
        this.mValidateServerCert = z;
        this.bUseESTClient = $assertionsDisabled;
        try {
            this.mInitialRetryCnt = Integer.parseInt(str7);
        } catch (NumberFormatException e) {
        }
        try {
            this.mInitialRetryTime = Integer.parseInt(str8);
        } catch (NumberFormatException e2) {
        }
        try {
            this.mPendingRetryCnt = Integer.parseInt(str9);
        } catch (NumberFormatException e3) {
        }
        try {
            this.mPendingRetryTime = Integer.parseInt(str10);
        } catch (NumberFormatException e4) {
        }
    }

    private native int enrollCert(String str, String str2, int i, String str3, String str4, byte[] bArr, byte[] bArr2);

    private PKCS10CertificationRequest generatePKCS10Request(KeyPair keyPair, String str, String str2, String str3) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
        Vector vector = new Vector();
        Vector vector2 = new Vector();
        if (this.GUID == null || this.GUID.isEmpty() || Build.VERSION.SDK_INT < 29) {
            GeneralNames generalNames = new GeneralNames(new GeneralName(1, this.macAddr));
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                new DEROutputStream(byteArrayOutputStream).writeObject(generalNames);
                vector.add(X509Extension.subjectAlternativeName);
                vector2.add(new X509Extension($assertionsDisabled, new DEROctetString(byteArrayOutputStream.toByteArray())));
            } catch (IOException e) {
                throw new IllegalArgumentException("error encoding value: " + e);
            }
        } else {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new GeneralName(1, this.macAddr));
            arrayList.add(new GeneralName(6, this.GUID));
            GeneralNames generalNames2 = new GeneralNames((GeneralName[]) arrayList.toArray(new GeneralName[0]));
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            try {
                new DEROutputStream(byteArrayOutputStream2).writeObject(generalNames2);
                vector.add(X509Extension.subjectAlternativeName);
                vector2.add(new X509Extension($assertionsDisabled, new DEROctetString(byteArrayOutputStream2.toByteArray())));
            } catch (IOException e2) {
                throw new IllegalArgumentException("error encoding value: " + e2);
            }
        }
        aSN1EncodableVector.add(new DERSet(new X509Extensions(vector, vector2)));
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector2.add(PKCSObjectIdentifiers.pkcs_9_at_challengePassword);
        ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
        aSN1EncodableVector3.add(new DERPrintableString(str2));
        aSN1EncodableVector2.add(new DERSet(aSN1EncodableVector3));
        ASN1EncodableVector aSN1EncodableVector4 = new ASN1EncodableVector();
        aSN1EncodableVector4.add(new DERSequence(aSN1EncodableVector));
        aSN1EncodableVector4.add(new DERSequence(aSN1EncodableVector2));
        DERSet dERSet = new DERSet(aSN1EncodableVector4);
        Vector vector3 = new Vector();
        vector3.add(X509Name.CN);
        Vector vector4 = new Vector();
        vector4.add(str);
        if (str3 == null || str3.length() == 0) {
            SPWLog.getLogger().i("SPW profile haven't recieved the certificate paramaters");
        } else {
            SPWLog.getLogger().i("SPW profile is having certificate parameters");
            String[] split = str3.split(",");
            String[] strArr = new String[split.length];
            for (int i = 0; i < split.length; i++) {
                if (split[i].startsWith("OU=")) {
                    strArr[i] = "OU";
                    vector3.add(X509Name.OU);
                    split[i] = split[i].substring(3, split[i].length());
                    vector4.add(split[i]);
                } else if (split[i].startsWith("O=")) {
                    strArr[i] = "O";
                    vector3.add(X509Name.O);
                    split[i] = split[i].substring(2, split[i].length());
                    vector4.add(split[i]);
                } else if (split[i].startsWith("L=")) {
                    strArr[i] = "L";
                    vector3.add(X509Name.L);
                    split[i] = split[i].substring(2, split[i].length());
                    vector4.add(split[i]);
                } else if (split[i].startsWith("ST=")) {
                    strArr[i] = "ST";
                    vector3.add(X509Name.ST);
                    split[i] = split[i].substring(3, split[i].length());
                    vector4.add(split[i]);
                } else if (split[i].startsWith("C=")) {
                    strArr[i] = "C";
                    vector3.add(X509Name.C);
                    split[i] = split[i].substring(2, split[i].length());
                    vector4.add(split[i]);
                }
            }
        }
        X509Name x509Name = new X509Name(vector3, vector4);
        if (this.keyPair.getPublic() instanceof RSAPublicKey) {
            return new PKCS10CertificationRequest(RSA_SIGN, x509Name, this.keyPair.getPublic(), dERSet, this.keyPair.getPrivate());
        }
        if (this.keyPair.getPublic() instanceof ECPublicKey) {
            return new PKCS10CertificationRequest(EC_SIGN, x509Name, this.keyPair.getPublic(), dERSet, this.keyPair.getPrivate());
        }
        throw new InvalidKeyException("Key pair must be either an RSA or an EC based key pair.");
    }

    private String getTransactionId() {
        try {
            return new String(Base64.encode(toHex(MessageDigest.getInstance("SHA-1").digest(this.keyPair.getPublic().getEncoded()))));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX WARN: Type inference failed for: r1v2, types: [com.cisco.cpm.util.EnrollmentUtility$1] */
    private void initESTLogger() {
        try {
            if (s_bESTLoggerInitialized) {
                return;
            }
            new Thread() { // from class: com.cisco.cpm.util.EnrollmentUtility.1
                @Override // java.lang.Thread, java.lang.Runnable
                public void run() {
                    File externalStorageDirectory = Environment.getExternalStorageDirectory();
                    File file = new File(externalStorageDirectory, Environment.DIRECTORY_DOWNLOADS);
                    if (!file.exists()) {
                        file = externalStorageDirectory;
                    }
                    File file2 = new File(file, "estlog.txt");
                    if (!file2.exists()) {
                        try {
                            file2.createNewFile();
                        } catch (IOException e) {
                            SPWLog.getLogger().e("Exception creating file: " + e.toString() + " Exception: " + e);
                        }
                    }
                    SPWLog.getLogger().i("Calling native logger init with : " + file2.getAbsolutePath());
                    EnrollmentUtility.this.setUpLogfile(file2.getAbsolutePath());
                }
            }.start();
            s_bESTLoggerInitialized = true;
        } catch (Exception e) {
            SPWLog.getLogger().e("EnrollmentUtility: Got exception while initializing logger for stderr " + e.toString() + " Exception: " + e);
        }
    }

    private X509Certificate makeInitalCertRequestCall(byte[] bArr) throws Exception, SPWSCEPRequestPendingException {
        HttpURLConnection httpURLConnection;
        int i = 0;
        X509Certificate x509Certificate = null;
        while (true) {
            if (i >= this.mInitialRetryCnt) {
                break;
            }
            URL url = new URL(this.urlStr);
            if (this.urlStr.startsWith("https")) {
                httpURLConnection = (HttpsURLConnection) url.openConnection();
                if (!this.mValidateServerCert) {
                    ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(new SPWSSLSocketFactory());
                }
                ((HttpsURLConnection) httpURLConnection).setInstanceFollowRedirects($assertionsDisabled);
            } else {
                httpURLConnection = (HttpURLConnection) url.openConnection();
                httpURLConnection.setInstanceFollowRedirects($assertionsDisabled);
            }
            httpURLConnection.setDoOutput(true);
            httpURLConnection.setRequestProperty("Content-Length", bArr.length + "");
            httpURLConnection.setRequestProperty("Content-Type", "application/x-pki-message");
            httpURLConnection.setRequestProperty("Operation", "CertReq");
            httpURLConnection.setRequestProperty("Trans-Id", this.transactionID);
            httpURLConnection.setRequestProperty("Sender-Nonce", UUID.randomUUID().toString());
            httpURLConnection.getOutputStream().write(bArr);
            if (httpURLConnection.getResponseCode() != 200) {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getErrorStream()));
                StringBuffer stringBuffer = new StringBuffer();
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    stringBuffer.append(readLine);
                }
                SPWLog.getLogger().i("Unable to make initial SCEP request:" + ((Object) stringBuffer));
                synchronized (this) {
                    wait(this.mInitialRetryTime * 1000);
                }
                i++;
            } else {
                String headerField = httpURLConnection.getHeaderField("Trans-Status");
                if (!"Issued".equalsIgnoreCase(headerField)) {
                    if ("Pending".equals(headerField)) {
                        throw new SPWSCEPRequestPendingException();
                    }
                    SPWLog.getLogger().e("Invalid status from SCEP server = " + headerField);
                    throw new Exception("Certifcate request failed");
                }
                x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "SC").generateCertificate(httpURLConnection.getInputStream());
                SPWLog.getLogger().i("Generated cert from SCEP server = " + x509Certificate.toString());
            }
        }
        if (x509Certificate != null) {
            return x509Certificate;
        }
        SPWLog.getLogger().e("Unable to make initial SCEP request after " + this.mInitialRetryTime + "counts. Bailing out");
        throw new Exception("Certificate request failed");
    }

    private X509Certificate makePendingCertRequestCall() throws Exception, SPWSCEPRequestPendingException {
        HttpURLConnection httpURLConnection;
        String headerField;
        int i = 0;
        X509Certificate x509Certificate = null;
        int length = this.pkCS10request.getCertificationRequestInfo().getSubject().getEncoded().length;
        do {
            if (i < this.mPendingRetryCnt) {
                i++;
                synchronized (this) {
                    wait(this.mPendingRetryTime * 1000);
                }
                URL url = new URL(this.urlStr);
                if (this.urlStr.startsWith("https")) {
                    httpURLConnection = (HttpsURLConnection) url.openConnection();
                    ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(new SPWSSLSocketFactory());
                } else {
                    httpURLConnection = (HttpURLConnection) url.openConnection();
                }
                httpURLConnection.setInstanceFollowRedirects($assertionsDisabled);
                httpURLConnection.setDoOutput(true);
                httpURLConnection.setRequestProperty("Content-Type", "application/x-pki-message");
                httpURLConnection.setRequestProperty("Content-Length", length + "");
                httpURLConnection.setRequestProperty("Operation", "CertQuery");
                httpURLConnection.setRequestProperty("Trans-Id", this.transactionID);
                httpURLConnection.setRequestProperty("Sender-Nonce", UUID.randomUUID().toString());
                httpURLConnection.getOutputStream().write(this.pkCS10request.getCertificationRequestInfo().getSubject().getEncoded());
                headerField = httpURLConnection.getHeaderField("Trans-Status");
                if ("Issued".equalsIgnoreCase(headerField)) {
                    x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(httpURLConnection.getInputStream());
                    SPWLog.getLogger().i("Generated cert from SCEP server = " + x509Certificate.toString());
                }
            }
            if (x509Certificate != null) {
                return x509Certificate;
            }
            SPWLog.getLogger().e("Cert is null after retry " + this.mPendingRetryCnt + " counts and " + this.mPendingRetryTime + "retry time. Bailing out");
            throw new Exception("Certificate request failed");
        } while ("Pending".equals(headerField));
        SPWLog.getLogger().e("Invalid status from SCEP server = " + headerField);
        throw new Exception("Certificate request failed");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public native void setUpLogfile(String str);

    public static byte[] toHex(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length * 2];
        int i = 0;
        for (byte b : bArr) {
            int i2 = b & 255;
            int i3 = i + 1;
            bArr2[i] = HEX_CHAR_TABLE[i2 >>> 4];
            i = i3 + 1;
            bArr2[i3] = HEX_CHAR_TABLE[i2 & 15];
        }
        return bArr2;
    }

    public X509Certificate getCertificate() throws Exception {
        return this.bUseESTClient ? getCertificateOverESTClient() : getCertificateOverHttp();
    }

    public X509Certificate getCertificateOverESTClient() throws Exception {
        SPWLog.getLogger().i("Going to call EST server with args: cn = " + this.userName + ", un= " + this.userName + ", sn= " + this.serverName + ", sp =" + this.serverPort + ", cur= " + this.curve + ", ca_certs length = " + this.ESTSvrCAChain.length());
        this.pkCS10request = generatePKCS10Request(this.keyPair, this.subject, this.challengePwd, this.certParametersString);
        byte[] bArr = new byte[16384];
        enrollCert(this.ESTSvrCAChain, this.serverName, this.serverPort, this.userName, this.password, this.pkCS10request.getEncoded(), bArr);
        SPWLog.getLogger().i("EnrollCert Native returned pem len = " + bArr.length);
        if (bArr == null) {
            SPWLog.getLogger().e("Unable to get certificate from EST server");
            throw new Exception("Certificate request failed");
        }
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
        SPWLog.getLogger().i("Generated cert from EST server = " + x509Certificate.toString());
        return x509Certificate;
    }

    public X509Certificate getCertificateOverHttp() throws Exception {
        if (!$assertionsDisabled && this.keyPair.getPublic() != null) {
            throw new AssertionError();
        }
        this.transactionID = getTransactionId();
        this.pkCS10request = generatePKCS10Request(this.keyPair, this.subject, this.challengePwd, this.certParametersString);
        try {
            return makeInitalCertRequestCall(this.pkCS10request.getEncoded());
        } catch (SPWSCEPRequestPendingException e) {
            SPWLog.getLogger().i("Cert request pending - Making pending  cert call");
            try {
                return makePendingCertRequestCall();
            } catch (SSLHandshakeException e2) {
                if (e2.getMessage().contains("CertPathValidatorException")) {
                    throw e2;
                }
                SPWLog.getLogger().e("Exception in pending cert call", e2);
                return null;
            } catch (Exception e3) {
                SPWLog.getLogger().e("Exception in pending cert call", e);
                return null;
            }
        } catch (SSLHandshakeException e4) {
            if (e4.getMessage().contains("CertPathValidatorException")) {
                throw e4;
            }
            SPWLog.getLogger().e("Exception in pending cert call", e4);
            return null;
        } catch (Exception e5) {
            SPWLog.getLogger().e("Cert call", e5);
            return null;
        }
    }
}
