package j.d.b;

import j.d.c.i;
import j.d.c.l;
import j.d.c.m;
import j.d.d.h;
import j.d.d.j;
import j.d.e.d;
import j.d.e.g;
import java.io.IOException;
import java.net.URL;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.CertStore;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.cert.CertException;
import org.spongycastle.cert.jcajce.JcaX509CertificateHolder;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.RuntimeOperatorException;
import org.spongycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.spongycastle.pkcs.PKCS10CertificationRequest;

/* compiled from: Client.java */
/* loaded from: classes2.dex */
public final class b {

    /* renamed from: g, reason: collision with root package name */
    private static final j.f.c f14837g = j.f.d.a((Class<?>) b.class);

    /* renamed from: a, reason: collision with root package name */
    private final URL f14838a;

    /* renamed from: b, reason: collision with root package name */
    private final CallbackHandler f14839b;

    /* renamed from: c, reason: collision with root package name */
    private j.d.b.f.c f14840c = new j.d.b.f.e();

    /* renamed from: d, reason: collision with root package name */
    private j.d.e.d f14841d = new g();

    /* renamed from: e, reason: collision with root package name */
    private Map<String, j.d.e.i.a> f14842e = new HashMap();

    /* renamed from: f, reason: collision with root package name */
    private Map<String, CertStore> f14843f = new HashMap();

    public b(URL url, CallbackHandler callbackHandler) {
        this.f14838a = url;
        this.f14839b = callbackHandler;
        b();
    }

    private e a(j.d.d.a aVar) {
        h.a e2 = aVar.e();
        return e2 == h.a.CERT_ISSUED ? new e(aVar.d(), aVar.a()) : e2 == h.a.CERT_REQ_PENDING ? new e(aVar.d()) : new e(aVar.d(), aVar.b());
    }

    private l a(X509Certificate x509Certificate, PrivateKey privateKey, String str) {
        return new l(this.f14840c.a(b(str)).a(), new j.d.c.h(x509Certificate, privateKey));
    }

    private void a(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        f14837g.s("Verifying signature of RA certificate");
        if (x509Certificate.equals(x509Certificate2)) {
            f14837g.s("RA and CA are identical");
            return;
        }
        try {
            if (new JcaX509CertificateHolder(x509Certificate2).isSignatureValid(new JcaContentVerifierProviderBuilder().build(x509Certificate))) {
                f14837g.s("Signature verification passed for RA.");
            } else {
                f14837g.s("Signature verification failed for RA.");
                throw new c("RA not issued by CA");
            }
        } catch (CertificateEncodingException e2) {
            throw new c(e2);
        } catch (CertException e3) {
            throw new c(e3);
        } catch (OperatorCreationException e4) {
            throw new c(e4);
        }
    }

    private boolean a(X509Certificate x509Certificate) {
        try {
            JcaX509CertificateHolder jcaX509CertificateHolder = new JcaX509CertificateHolder(x509Certificate);
            return jcaX509CertificateHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().build(jcaX509CertificateHolder));
        } catch (RuntimeOperatorException e2) {
            if (!(e2.getCause() instanceof SignatureException)) {
                throw new c(e2);
            }
            f14837g.u("SignatureException detected so we consider that the certificate is not self signed");
            return false;
        } catch (Exception e3) {
            throw new c(e3);
        }
    }

    private m b(X509Certificate x509Certificate, PrivateKey privateKey, String str) {
        CertStore b2 = b(str);
        j.d.e.i.a a2 = a(str);
        return new m(privateKey, x509Certificate, new i(this.f14840c.a(b2).getRecipient(), a2.a()), a2.c());
    }

    private void b() {
        URL url = this.f14838a;
        if (url == null) {
            throw new NullPointerException("URL should not be null");
        }
        if (!url.getProtocol().matches("^https?$")) {
            throw new IllegalArgumentException("URL protocol should be HTTP or HTTPS");
        }
        if (this.f14838a.getRef() != null) {
            throw new IllegalArgumentException("URL should contain no reference");
        }
        if (this.f14838a.getQuery() != null) {
            throw new IllegalArgumentException("URL should contain no query string");
        }
        if (this.f14839b == null) {
            throw new NullPointerException("Callback handler should not be null");
        }
    }

    private void b(X509Certificate x509Certificate) {
        a aVar = new a(x509Certificate);
        try {
            f14837g.s("Requesting certificate verification.");
            this.f14839b.handle(new Callback[]{aVar});
            if (aVar.b()) {
                f14837g.s("Certificate verification passed.");
            } else {
                f14837g.s("Certificate verification failed.");
                throw new c("CA certificate fingerprint could not be verified.");
            }
        } catch (IOException e2) {
            throw new c(e2);
        } catch (UnsupportedCallbackException e3) {
            f14837g.s("Certificate verification failed.");
            throw new c(e3);
        }
    }

    private j.d.e.b c(String str) {
        return a(str).d() ? this.f14841d.a(d.a.POST, this.f14838a) : this.f14841d.a(d.a.GET, this.f14838a);
    }

    private String d(String str) {
        if (str == null) {
            return "defaultProfile";
        }
        return str + "-key";
    }

    public e a(X509Certificate x509Certificate, PrivateKey privateKey, X500Principal x500Principal, j jVar) {
        return a(x509Certificate, privateKey, x500Principal, jVar, null);
    }

    public e a(X509Certificate x509Certificate, PrivateKey privateKey, X500Principal x500Principal, j jVar, String str) {
        return a(new j.d.d.a(c(str), b(x509Certificate, privateKey, str), a(x509Certificate, privateKey, str), new j.d.a.a(j.d.f.c.a(this.f14840c.a(b(str)).getIssuer().getSubjectX500Principal()), j.d.f.c.a(x500Principal)), jVar));
    }

    public e a(X509Certificate x509Certificate, PrivateKey privateKey, PKCS10CertificationRequest pKCS10CertificationRequest) {
        return a(x509Certificate, privateKey, pKCS10CertificationRequest, (String) null);
    }

    public e a(X509Certificate x509Certificate, PrivateKey privateKey, PKCS10CertificationRequest pKCS10CertificationRequest, String str) {
        f14837g.s("Enrolling certificate with CA");
        if (a(x509Certificate)) {
            f14837g.s("Certificate is self-signed");
            if (!pKCS10CertificationRequest.getSubject().equals(j.d.f.c.a(x509Certificate.getSubjectX500Principal()))) {
                f14837g.q("The self-signed certificate MUST use the same subject name as in the PKCS#10 request.");
            }
        }
        j.d.d.a aVar = new j.d.d.a(c(str), b(x509Certificate, privateKey, str), a(x509Certificate, privateKey, str), pKCS10CertificationRequest);
        try {
            MessageDigest b2 = a(str).b();
            f14837g.a("{} PKCS#10 Fingerprint: [{}]", b2.getAlgorithm(), new String(j.a.a.a.e.c.b(b2.digest(pKCS10CertificationRequest.getEncoded()))));
        } catch (IOException e2) {
            f14837g.a("Error getting encoded CSR", (Throwable) e2);
        }
        return a(aVar);
    }

    public j.d.e.i.a a() {
        return a((String) null);
    }

    public j.d.e.i.a a(String str) {
        String d2 = d(str);
        if (this.f14842e.containsKey(d2)) {
            return this.f14842e.get(d2);
        }
        f14837g.s("Determining capabilities of SCEP server");
        j.d.e.h.a aVar = new j.d.e.h.a(str);
        try {
            j.d.e.i.a aVar2 = (j.d.e.i.a) this.f14841d.a(d.a.GET, this.f14838a).a(aVar, new j.d.e.i.d());
            this.f14842e.put(d2, aVar2);
            return aVar2;
        } catch (j.d.e.c unused) {
            f14837g.u("AbstractTransport problem when determining capabilities.  Using empty capabilities.");
            return new j.d.e.i.a(new j.d.e.i.b[0]);
        }
    }

    public CertStore b(String str) {
        f14837g.s("Retrieving current CA certificate");
        String d2 = d(str);
        if (this.f14843f.containsKey(d2)) {
            return this.f14843f.get(d2);
        }
        j.d.e.h.b bVar = new j.d.e.h.b(str);
        try {
            CertStore certStore = (CertStore) this.f14841d.a(d.a.GET, this.f14838a).a(bVar, new j.d.e.i.e());
            this.f14843f.put(d2, certStore);
            j.d.b.f.b a2 = this.f14840c.a(certStore);
            b(a2.getIssuer());
            a(a2.getIssuer(), a2.getRecipient());
            a(a2.getIssuer(), a2.a());
            return certStore;
        } catch (j.d.e.c e2) {
            throw new c(e2);
        }
    }
}
