package org.jscep.client;

import java.io.IOException;
import java.net.URL;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.CertStore;
import java.security.cert.X509Certificate;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.jscep.client.a.e;
import org.jscep.message.f;
import org.jscep.message.g;
import org.jscep.message.j;
import org.jscep.message.k;
import org.jscep.transaction.Transaction;
import org.jscep.transaction.TransactionException;
import org.jscep.transport.TransportException;
import org.jscep.transport.TransportFactory;
import org.jscep.transport.response.Capability;
import org.spongycastle.cert.jcajce.JcaX509CertificateHolder;
import org.spongycastle.operator.RuntimeOperatorException;
import org.spongycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.spongycastle.pkcs.PKCS10CertificationRequest;

/* loaded from: classes2.dex */
public final class b {

    /* renamed from: a, reason: collision with root package name */
    private static final com.sophos.jsceplib.c f4146a = com.sophos.jsceplib.c.a((Class<?>) b.class);
    private final URL b;
    private final CallbackHandler c;
    private org.jscep.client.a.c d = new e();
    private TransportFactory e = new org.jscep.transport.e();

    public b(URL url, CallbackHandler callbackHandler) {
        this.b = url;
        this.c = callbackHandler;
        a();
    }

    private d a(org.jscep.transaction.a aVar) throws TransactionException {
        Transaction.State b = aVar.b();
        return b == Transaction.State.CERT_ISSUED ? new d(aVar.a(), aVar.d()) : b == Transaction.State.CERT_REQ_PENDING ? new d(aVar.a()) : new d(aVar.a(), aVar.c());
    }

    private k a(X509Certificate x509Certificate, PrivateKey privateKey, String str) throws ClientException {
        CertStore b = b(str);
        org.jscep.transport.response.a a2 = a(str);
        return new k(privateKey, x509Certificate, new g(this.d.a(b).d(), a2.b()), a2.d());
    }

    private void a() {
        URL url = this.b;
        if (url == null) {
            throw new NullPointerException("URL should not be null");
        }
        if (!url.getProtocol().matches("^https?$")) {
            throw new IllegalArgumentException("URL protocol should be HTTP or HTTPS");
        }
        if (this.b.getRef() != null) {
            throw new IllegalArgumentException("URL should contain no reference");
        }
        if (this.b.getQuery() != null) {
            throw new IllegalArgumentException("URL should contain no query string");
        }
        if (this.c == null) {
            throw new NullPointerException("Callback handler should not be null");
        }
    }

    private boolean a(X509Certificate x509Certificate) throws ClientException {
        try {
            JcaX509CertificateHolder jcaX509CertificateHolder = new JcaX509CertificateHolder(x509Certificate);
            return jcaX509CertificateHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().build(jcaX509CertificateHolder));
        } catch (RuntimeOperatorException e) {
            if (!(e.getCause() instanceof SignatureException)) {
                throw new ClientException(e);
            }
            f4146a.b("SignatureException detected so we consider that the certificate is not self signed");
            return false;
        } catch (Exception e2) {
            throw new ClientException(e2);
        }
    }

    private j b(X509Certificate x509Certificate, PrivateKey privateKey, String str) throws ClientException {
        return new j(this.d.a(b(str)).c(), new f(x509Certificate, privateKey));
    }

    private void b(X509Certificate x509Certificate) throws ClientException {
        a aVar = new a(x509Certificate);
        try {
            f4146a.a("Requesting certificate verification.");
            this.c.handle(new Callback[]{aVar});
            if (aVar.b()) {
                f4146a.a("Certificate verification passed.");
            } else {
                f4146a.a("Certificate verification failed.");
                throw new ClientException("CA certificate fingerprint could not be verified.");
            }
        } catch (IOException e) {
            throw new ClientException(e);
        } catch (UnsupportedCallbackException e2) {
            f4146a.a("Certificate verification failed.");
            throw new ClientException(e2);
        }
    }

    private org.jscep.transport.b c(String str) {
        return a(str).a() ? this.e.a(TransportFactory.Method.POST, this.b) : this.e.a(TransportFactory.Method.GET, this.b);
    }

    public d a(X509Certificate x509Certificate, PrivateKey privateKey, PKCS10CertificationRequest pKCS10CertificationRequest, String str) throws ClientException, TransactionException {
        f4146a.a("Enrolling certificate with CA");
        if (a(x509Certificate)) {
            f4146a.a("Certificate is self-signed");
            if (!pKCS10CertificationRequest.getSubject().equals(org.jscep.a.c.a(x509Certificate.getSubjectX500Principal()))) {
                f4146a.c("The self-signed certificate MUST use the same subject name as in the PKCS#10 request.");
            }
        }
        org.jscep.transaction.a aVar = new org.jscep.transaction.a(c(str), a(x509Certificate, privateKey, str), b(x509Certificate, privateKey, str), pKCS10CertificationRequest);
        try {
            a(str).c().digest(pKCS10CertificationRequest.getEncoded());
        } catch (IOException e) {
            f4146a.a("Error getting encoded CSR", e);
        }
        return a(aVar);
    }

    public org.jscep.transport.response.a a(String str) {
        f4146a.a("Determining capabilities of SCEP server");
        org.jscep.transport.request.a aVar = new org.jscep.transport.request.a(str);
        try {
            return (org.jscep.transport.response.a) this.e.a(TransportFactory.Method.GET, this.b).a(aVar, new org.jscep.transport.response.b());
        } catch (TransportException unused) {
            f4146a.b("AbstractTransport problem when determining capabilities.  Using empty capabilities.");
            return new org.jscep.transport.response.a(new Capability[0]);
        }
    }

    public CertStore b(String str) throws ClientException {
        f4146a.a("Retrieving current CA certificate");
        org.jscep.transport.request.b bVar = new org.jscep.transport.request.b(str);
        try {
            CertStore certStore = (CertStore) this.e.a(TransportFactory.Method.GET, this.b).a(bVar, new org.jscep.transport.response.c());
            b(this.d.a(certStore).e());
            return certStore;
        } catch (TransportException e) {
            throw new ClientException(e);
        }
    }
}
