package y5;

import B5.f;
import B5.g;
import B5.j;
import B5.k;
import java.io.IOException;
import java.net.URL;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.CertStore;
import java.security.cert.X509Certificate;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.operator.RuntimeOperatorException;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.jscep.client.ClientException;
import org.jscep.transaction.Transaction;
import org.jscep.transaction.TransactionException;
import org.jscep.transport.TransportException;
import org.jscep.transport.TransportFactory;
import org.jscep.transport.response.Capability;
import z5.e;

/* loaded from: classes3.dex */
public final class b {

    /* renamed from: e, reason: collision with root package name */
    private static final V2.a f31663e = V2.b.a(b.class);

    /* renamed from: a, reason: collision with root package name */
    private final URL f31664a;

    /* renamed from: b, reason: collision with root package name */
    private final CallbackHandler f31665b;

    /* renamed from: c, reason: collision with root package name */
    private z5.c f31666c = new e();

    /* renamed from: d, reason: collision with root package name */
    private TransportFactory f31667d = new org.jscep.transport.c();

    public b(URL url, CallbackHandler callbackHandler) {
        this.f31664a = url;
        this.f31665b = callbackHandler;
        i();
    }

    private D5.b a(String str) {
        return c(str).h() ? this.f31667d.a(TransportFactory.Method.POST, this.f31664a) : this.f31667d.a(TransportFactory.Method.GET, this.f31664a);
    }

    private j e(X509Certificate x509Certificate, PrivateKey privateKey, String str) throws ClientException {
        return new j(this.f31666c.a(d(str)).a(), new f(x509Certificate, privateKey));
    }

    private k f(X509Certificate x509Certificate, PrivateKey privateKey, String str) throws ClientException {
        CertStore d6 = d(str);
        F5.a c6 = c(str);
        return new k(privateKey, x509Certificate, new g(this.f31666c.a(d6).b(), c6.e()), c6.g());
    }

    private boolean g(X509Certificate x509Certificate) throws ClientException {
        try {
            JcaX509CertificateHolder jcaX509CertificateHolder = new JcaX509CertificateHolder(x509Certificate);
            return jcaX509CertificateHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().build(jcaX509CertificateHolder));
        } catch (RuntimeOperatorException e6) {
            if (!(e6.getCause() instanceof SignatureException)) {
                throw new ClientException(e6);
            }
            f31663e.f("SignatureException detected so we consider that the certificate is not self signed", new Object[0]);
            return false;
        } catch (Exception e7) {
            throw new ClientException(e7);
        }
    }

    private d h(org.jscep.transaction.a aVar) throws TransactionException {
        Transaction.State k6 = aVar.k();
        return k6 == Transaction.State.CERT_ISSUED ? new d(aVar.j(), aVar.e()) : k6 == Transaction.State.CERT_REQ_PENDING ? new d(aVar.j()) : new d(aVar.j(), aVar.f());
    }

    private void i() {
        URL url = this.f31664a;
        if (url == null) {
            throw new NullPointerException("URL should not be null");
        }
        if (!url.getProtocol().matches("^https?$")) {
            throw new IllegalArgumentException("URL protocol should be HTTP or HTTPS");
        }
        if (this.f31664a.getRef() != null) {
            throw new IllegalArgumentException("URL should contain no reference");
        }
        if (this.f31664a.getQuery() != null) {
            throw new IllegalArgumentException("URL should contain no query string");
        }
        if (this.f31665b == null) {
            throw new NullPointerException("Callback handler should not be null");
        }
    }

    private void j(X509Certificate x509Certificate) throws ClientException {
        a aVar = new a(x509Certificate);
        try {
            V2.a aVar2 = f31663e;
            aVar2.a("Requesting certificate verification.", new Object[0]);
            this.f31665b.handle(new Callback[]{aVar});
            if (aVar.b()) {
                aVar2.a("Certificate verification passed.", new Object[0]);
            } else {
                aVar2.a("Certificate verification failed.", new Object[0]);
                throw new ClientException("CA certificate fingerprint could not be verified.");
            }
        } catch (IOException e6) {
            throw new ClientException(e6);
        } catch (UnsupportedCallbackException e7) {
            f31663e.a("Certificate verification failed.", new Object[0]);
            throw new ClientException(e7);
        }
    }

    public d b(X509Certificate x509Certificate, PrivateKey privateKey, PKCS10CertificationRequest pKCS10CertificationRequest, String str) throws ClientException, TransactionException {
        V2.a aVar = f31663e;
        aVar.a("Enrolling certificate with CA", new Object[0]);
        if (g(x509Certificate)) {
            aVar.a("Certificate is self-signed", new Object[0]);
            if (!pKCS10CertificationRequest.getSubject().equals(G5.c.a(x509Certificate.getSubjectX500Principal()))) {
                aVar.b("The self-signed certificate MUST use the same subject name as in the PKCS#10 request.");
            }
        }
        org.jscep.transaction.a aVar2 = new org.jscep.transaction.a(a(str), f(x509Certificate, privateKey, str), e(x509Certificate, privateKey, str), pKCS10CertificationRequest);
        try {
            c(str).f().digest(pKCS10CertificationRequest.getEncoded());
        } catch (IOException e6) {
            f31663e.c("Error getting encoded CSR", e6);
        }
        return h(aVar2);
    }

    public F5.a c(String str) {
        f31663e.a("Determining capabilities of SCEP server", new Object[0]);
        E5.a aVar = new E5.a(str);
        try {
            return (F5.a) this.f31667d.a(TransportFactory.Method.GET, this.f31664a).a(aVar, new F5.b());
        } catch (TransportException unused) {
            f31663e.f("AbstractTransport problem when determining capabilities.  Using empty capabilities.", new Object[0]);
            return new F5.a(new Capability[0]);
        }
    }

    public CertStore d(String str) throws ClientException {
        f31663e.a("Retrieving current CA certificate", new Object[0]);
        E5.b bVar = new E5.b(str);
        try {
            CertStore certStore = (CertStore) this.f31667d.a(TransportFactory.Method.GET, this.f31664a).a(bVar, new F5.c());
            j(this.f31666c.a(certStore).getIssuer());
            return certStore;
        } catch (TransportException e6) {
            throw new ClientException(e6);
        }
    }
}
