package com.sophos.jsceplib;

import android.content.Context;
import java.io.IOException;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.lang3.time.DateUtils;
import org.jscep.client.ClientException;
import org.jscep.transaction.TransactionException;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.DERIA5String;
import org.spongycastle.asn1.DERObjectIdentifier;
import org.spongycastle.asn1.DERPrintableString;
import org.spongycastle.asn1.DERSequence;
import org.spongycastle.asn1.DERTaggedObject;
import org.spongycastle.asn1.DERUTF8String;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.ExtensionsGenerator;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.asn1.x509.KeyUsage;
import org.spongycastle.asn1.x509.X509Extension;
import org.spongycastle.jce.X509Principal;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.spongycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.spongycastle.x509.X509V3CertificateGenerator;

/* loaded from: classes2.dex */
public class b {
    private static a n;

    /* renamed from: a, reason: collision with root package name */
    private org.jscep.client.b f2679a;
    private final String b;
    private final String c;
    private final String d;
    private final String e;
    private final Context f;
    private String g = null;
    private String h = null;
    private String i = null;
    private String j = null;
    private String k = null;
    private int l = 192;
    private int m = 2048;

    public b(Context context, String str, String str2, String str3, String str4) {
        this.b = str;
        this.c = str2;
        this.d = str3;
        this.f = context;
        this.e = str4;
    }

    public static a a() {
        return n;
    }

    private org.jscep.client.d a(String str, String str2, KeyPair keyPair) throws ScepException {
        try {
            X509Certificate a2 = a(str2, keyPair);
            PKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Principal(str2), keyPair.getPublic());
            if (this.l != 0) {
                KeyUsage keyUsage = new KeyUsage(this.l);
                com.sophos.smsec.core.smsectrace.d.e("SCEP", "enroll certifcate with key usage: " + keyUsage.toString());
                jcaPKCS10CertificationRequestBuilder.addAttribute(X509Extension.keyUsage, keyUsage);
            }
            jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(str));
            a(jcaPKCS10CertificationRequestBuilder);
            return this.f2679a.a(a2, keyPair.getPrivate(), jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate())), this.g);
        } catch (ClientException e) {
            throw new ScepException(e);
        } catch (TransactionException e2) {
            throw new ScepException(e2);
        } catch (Exception e3) {
            throw new ScepException(e3);
        }
    }

    public static void a(a aVar) {
        n = aVar;
    }

    private void a(PKCS10CertificationRequestBuilder pKCS10CertificationRequestBuilder) throws IOException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        try {
            if (this.h != null && this.h.length() > 0) {
                com.sophos.smsec.core.smsectrace.d.e("SCEP", "add PrincipalName : " + this.h);
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                aSN1EncodableVector2.add(new DERObjectIdentifier("1.3.6.1.4.1.311.20.2.3"));
                aSN1EncodableVector2.add(new DERTaggedObject(true, 0, new DERUTF8String(this.h)));
                aSN1EncodableVector.add(new DERTaggedObject(false, 0, new DERSequence(aSN1EncodableVector2)));
            }
            if (this.i != null && this.i.length() > 0) {
                com.sophos.smsec.core.smsectrace.d.e("SCEP", "add DnsName : " + this.i);
                aSN1EncodableVector.add(new GeneralName(2, new DERIA5String(this.i)));
            }
            if (this.j != null && this.j.length() > 0) {
                com.sophos.smsec.core.smsectrace.d.e("SCEP", "add Rfc822Name : " + this.j);
                aSN1EncodableVector.add(new GeneralName(1, new DERIA5String(this.j)));
            }
            if (this.k != null && this.k.length() > 0) {
                com.sophos.smsec.core.smsectrace.d.e("SCEP", "add UniformResourceIdentifier : " + this.k);
                aSN1EncodableVector.add(new GeneralName(6, new DERIA5String(this.k)));
            }
            if (aSN1EncodableVector.size() > 0) {
                ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
                extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, (ASN1Encodable) new DERSequence(aSN1EncodableVector));
                pKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
            }
        } catch (Exception e) {
            com.sophos.smsec.core.smsectrace.d.c("SCEP", "cannot add SubjectAltName.", e);
        }
    }

    private KeyPair c() throws ScepException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(this.m);
            return keyPairGenerator.genKeyPair();
        } catch (Exception e) {
            throw new ScepException(e);
        }
    }

    public X509Certificate a(String str, KeyPair keyPair) throws InvalidKeyException, SignatureException {
        Security.addProvider(new BouncyCastleProvider());
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
        x509V3CertificateGenerator.setIssuerDN(new X509Principal(str));
        x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis() - DateUtils.MILLIS_PER_DAY));
        x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + DateUtils.MILLIS_PER_DAY));
        x509V3CertificateGenerator.setSubjectDN(new X509Principal(str));
        x509V3CertificateGenerator.setPublicKey(keyPair.getPublic());
        x509V3CertificateGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption");
        return x509V3CertificateGenerator.generateX509Certificate(keyPair.getPrivate());
    }

    public void a(int i) {
        this.l = i;
    }

    public boolean a(String str) throws ScepException {
        if (this.f2679a == null) {
            throw new ScepException("No connect called!");
        }
        String format = String.format("CN=%s, O=%s", this.c, this.d);
        KeyPair c = c();
        org.jscep.client.d a2 = a(str, format, c);
        if (a2 == null) {
            return false;
        }
        if (a2.a()) {
            new d(this.f, this.c, this.d, this.e).a(a2.b(), c.getPrivate());
        }
        return a2.a();
    }

    public void b() throws ScepException {
        try {
            this.f2679a = new org.jscep.client.b(new URL(this.b), new org.jscep.client.c(new org.jscep.client.b.b()));
        } catch (MalformedURLException e) {
            throw new ScepException(e);
        }
    }
}
