package org.jscep.client;

import java.io.IOException;
import java.net.URL;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.CertStore;
import java.security.cert.X509Certificate;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.jscep.client.e.e;
import org.jscep.message.f;
import org.jscep.message.g;
import org.jscep.message.j;
import org.jscep.message.k;
import org.jscep.transaction.Transaction;
import org.jscep.transaction.TransactionException;
import org.jscep.transport.TransportException;
import org.jscep.transport.TransportFactory;
import org.jscep.transport.response.Capability;
import org.spongycastle.cert.jcajce.JcaX509CertificateHolder;
import org.spongycastle.operator.RuntimeOperatorException;
import org.spongycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.spongycastle.pkcs.PKCS10CertificationRequest;

/* loaded from: classes2.dex */
public final class b {

    /* renamed from: e, reason: collision with root package name */
    private static final com.sophos.jsceplib.c f13301e = com.sophos.jsceplib.c.a((Class<?>) b.class);

    /* renamed from: a, reason: collision with root package name */
    private final URL f13302a;

    /* renamed from: b, reason: collision with root package name */
    private final CallbackHandler f13303b;

    /* renamed from: c, reason: collision with root package name */
    private org.jscep.client.e.c f13304c = new e();

    /* renamed from: d, reason: collision with root package name */
    private TransportFactory f13305d = new org.jscep.transport.e();

    public b(URL url, CallbackHandler callbackHandler) {
        this.f13302a = url;
        this.f13303b = callbackHandler;
        a();
    }

    private d a(org.jscep.transaction.a aVar) throws TransactionException {
        Transaction.State e2 = aVar.e();
        return e2 == Transaction.State.CERT_ISSUED ? new d(aVar.d(), aVar.a()) : e2 == Transaction.State.CERT_REQ_PENDING ? new d(aVar.d()) : new d(aVar.d(), aVar.b());
    }

    private j a(X509Certificate x509Certificate, PrivateKey privateKey, String str) throws ClientException {
        return new j(this.f13304c.a(b(str)).a(), new f(x509Certificate, privateKey));
    }

    private void a() {
        URL url = this.f13302a;
        if (url == null) {
            throw new NullPointerException("URL should not be null");
        }
        if (!url.getProtocol().matches("^https?$")) {
            throw new IllegalArgumentException("URL protocol should be HTTP or HTTPS");
        }
        if (this.f13302a.getRef() != null) {
            throw new IllegalArgumentException("URL should contain no reference");
        }
        if (this.f13302a.getQuery() != null) {
            throw new IllegalArgumentException("URL should contain no query string");
        }
        if (this.f13303b == null) {
            throw new NullPointerException("Callback handler should not be null");
        }
    }

    private boolean a(X509Certificate x509Certificate) throws ClientException {
        try {
            JcaX509CertificateHolder jcaX509CertificateHolder = new JcaX509CertificateHolder(x509Certificate);
            return jcaX509CertificateHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().build(jcaX509CertificateHolder));
        } catch (RuntimeOperatorException e2) {
            if (!(e2.getCause() instanceof SignatureException)) {
                throw new ClientException(e2);
            }
            f13301e.c("SignatureException detected so we consider that the certificate is not self signed");
            return false;
        } catch (Exception e3) {
            throw new ClientException(e3);
        }
    }

    private k b(X509Certificate x509Certificate, PrivateKey privateKey, String str) throws ClientException {
        CertStore b2 = b(str);
        org.jscep.transport.response.a a2 = a(str);
        return new k(privateKey, x509Certificate, new g(this.f13304c.a(b2).b(), a2.a()), a2.c());
    }

    private void b(X509Certificate x509Certificate) throws ClientException {
        a aVar = new a(x509Certificate);
        try {
            f13301e.a("Requesting certificate verification.");
            this.f13303b.handle(new Callback[]{aVar});
            if (aVar.b()) {
                f13301e.a("Certificate verification passed.");
            } else {
                f13301e.a("Certificate verification failed.");
                throw new ClientException("CA certificate fingerprint could not be verified.");
            }
        } catch (IOException e2) {
            throw new ClientException(e2);
        } catch (UnsupportedCallbackException e3) {
            f13301e.a("Certificate verification failed.");
            throw new ClientException(e3);
        }
    }

    private org.jscep.transport.b c(String str) {
        return a(str).d() ? this.f13305d.a(TransportFactory.Method.POST, this.f13302a) : this.f13305d.a(TransportFactory.Method.GET, this.f13302a);
    }

    public d a(X509Certificate x509Certificate, PrivateKey privateKey, PKCS10CertificationRequest pKCS10CertificationRequest, String str) throws ClientException, TransactionException {
        f13301e.a("Enrolling certificate with CA");
        if (a(x509Certificate)) {
            f13301e.a("Certificate is self-signed");
            if (!pKCS10CertificationRequest.getSubject().equals(g.a.a.c.a(x509Certificate.getSubjectX500Principal()))) {
                f13301e.b("The self-signed certificate MUST use the same subject name as in the PKCS#10 request.");
            }
        }
        org.jscep.transaction.a aVar = new org.jscep.transaction.a(c(str), b(x509Certificate, privateKey, str), a(x509Certificate, privateKey, str), pKCS10CertificationRequest);
        try {
            a(str).b().digest(pKCS10CertificationRequest.getEncoded());
        } catch (IOException e2) {
            f13301e.a("Error getting encoded CSR", e2);
        }
        return a(aVar);
    }

    public org.jscep.transport.response.a a(String str) {
        f13301e.a("Determining capabilities of SCEP server");
        org.jscep.transport.request.a aVar = new org.jscep.transport.request.a(str);
        try {
            return (org.jscep.transport.response.a) this.f13305d.a(TransportFactory.Method.GET, this.f13302a).a(aVar, new org.jscep.transport.response.b());
        } catch (TransportException unused) {
            f13301e.c("AbstractTransport problem when determining capabilities.  Using empty capabilities.");
            return new org.jscep.transport.response.a(new Capability[0]);
        }
    }

    public CertStore b(String str) throws ClientException {
        f13301e.a("Retrieving current CA certificate");
        org.jscep.transport.request.b bVar = new org.jscep.transport.request.b(str);
        try {
            CertStore certStore = (CertStore) this.f13305d.a(TransportFactory.Method.GET, this.f13302a).a(bVar, new org.jscep.transport.response.c());
            b(this.f13304c.a(certStore).getIssuer());
            return certStore;
        } catch (TransportException e2) {
            throw new ClientException(e2);
        }
    }
}
