package net.pulsesecure.g.c;

import android.text.TextUtils;
import j.d.d.i;
import j.d.d.j;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import net.pulsesecure.g.c.d;
import net.pulsesecure.infra.q;
import net.pulsesecure.modules.proto.CertificateScepResponseMsg;
import org.spongycastle.asn1.DERPrintableString;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.pkcs.PKCS10CertificationRequest;
import org.spongycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;

/* compiled from: ScepProtoImpl.java */
/* loaded from: classes2.dex */
public class f extends net.pulsesecure.infra.c<d.a> implements d {

    /* renamed from: a, reason: collision with root package name */
    private static j.f.c f15280a = q.b();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ScepProtoImpl.java */
    /* loaded from: classes2.dex */
    public class a implements j.d.b.g.b {
        a(f fVar) {
        }

        @Override // j.d.b.g.b
        public boolean a(X509Certificate x509Certificate) {
            f.f15280a.t("Issuer DN :" + x509Certificate.getIssuerDN());
            f.f15280a.t("Version :" + x509Certificate.getVersion());
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ScepProtoImpl.java */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class b {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f15281a = new int[c.values().length];

        static {
            try {
                f15281a[c.enroll.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f15281a[c.renew.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f15281a[c.poll.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    /* compiled from: ScepProtoImpl.java */
    /* loaded from: classes2.dex */
    private enum c {
        enroll,
        renew,
        poll
    }

    private X509Certificate a(KeyPair keyPair, X500Principal x500Principal, String str) {
        try {
            PublicKey publicKey = keyPair.getPublic();
            PrivateKey privateKey = keyPair.getPrivate();
            Calendar calendar = Calendar.getInstance();
            calendar.add(5, -1);
            Date time = calendar.getTime();
            calendar.add(5, 2);
            return new JcaX509CertificateConverter().getCertificate(new JcaX509v3CertificateBuilder(x500Principal, BigInteger.ONE, time, calendar.getTime(), x500Principal, publicKey).build(new JcaContentSignerBuilder(str).build(privateKey)));
        } catch (CertificateException | OperatorCreationException e2) {
            f15280a.a("Error while creating a self-signed ephemeral certificate", e2);
            return null;
        }
    }

    private X500Principal a(CertificateScepResponseMsg certificateScepResponseMsg) {
        StringBuilder sb = new StringBuilder();
        sb.append("CN = " + certificateScepResponseMsg.subject_cn);
        if (!TextUtils.isEmpty(certificateScepResponseMsg.subject_o)) {
            sb.append(", O = " + certificateScepResponseMsg.subject_o);
        }
        if (!TextUtils.isEmpty(certificateScepResponseMsg.subject_email)) {
            sb.append(", EMAILADDRESS = " + certificateScepResponseMsg.subject_email);
        }
        return new X500Principal(sb.toString());
    }

    private g a(c cVar, KeyPair keyPair, CertificateScepResponseMsg certificateScepResponseMsg, X509Certificate x509Certificate, j jVar, net.pulsesecure.g.c.c cVar2) {
        f15280a.d("Doing certificate {} from SCEP server", cVar.name());
        try {
            j.d.b.b l2 = l(certificateScepResponseMsg.scep_url);
            String c2 = (TextUtils.isEmpty(certificateScepResponseMsg.ca_name) ? l2.a() : l2.a(certificateScepResponseMsg.ca_name)).c();
            PrivateKey privateKey = keyPair.getPrivate();
            X500Principal a2 = cVar2 != null ? cVar2.a(certificateScepResponseMsg) : a(certificateScepResponseMsg);
            X509Certificate a3 = x509Certificate == null ? a(keyPair, a2, c2) : x509Certificate;
            PKCS10CertificationRequest a4 = a(keyPair, a2, c2, certificateScepResponseMsg, cVar2);
            if (a3 == null || a4 == null) {
                return null;
            }
            int i2 = b.f15281a[cVar.ordinal()];
            if (i2 == 1 || i2 == 2) {
                return new g(TextUtils.isEmpty(certificateScepResponseMsg.ca_name) ? l2.a(a3, privateKey, a4) : l2.a(a3, privateKey, a4, certificateScepResponseMsg.ca_name), a3);
            }
            if (i2 != 3) {
                return null;
            }
            return new g(TextUtils.isEmpty(certificateScepResponseMsg.ca_name) ? l2.a(a3, keyPair.getPrivate(), a2, jVar) : l2.a(a3, keyPair.getPrivate(), a2, jVar, certificateScepResponseMsg.ca_name), a3);
        } catch (j.d.b.c | i | MalformedURLException e2) {
            f15280a.a(String.format("Error while doing certificate '%1$s'", cVar.name()), e2);
            return null;
        }
    }

    private PKCS10CertificationRequest a(KeyPair keyPair, X500Principal x500Principal, String str, CertificateScepResponseMsg certificateScepResponseMsg, net.pulsesecure.g.c.c cVar) {
        try {
            PublicKey publicKey = keyPair.getPublic();
            PrivateKey privateKey = keyPair.getPrivate();
            JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(x500Principal, publicKey);
            jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(certificateScepResponseMsg.challenge == null ? "" : certificateScepResponseMsg.challenge));
            if (cVar != null) {
                cVar.a(jcaPKCS10CertificationRequestBuilder, certificateScepResponseMsg);
            }
            return jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder(str).build(privateKey));
        } catch (OperatorCreationException e2) {
            f15280a.a("Error while generating CSR", (Throwable) e2);
            return null;
        }
    }

    private j.d.b.b l(String str) {
        return new j.d.b.b(new URL(str), new j.d.b.d(new j.d.b.g.a(new a(this))));
    }

    @Override // net.pulsesecure.g.c.d
    public KeyPair a(int i2, String str) {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
        keyPairGenerator.initialize(i2);
        return keyPairGenerator.genKeyPair();
    }

    @Override // net.pulsesecure.g.c.d
    public g a(KeyPair keyPair, CertificateScepResponseMsg certificateScepResponseMsg) {
        return a(c.enroll, keyPair, certificateScepResponseMsg, null, null, null);
    }

    @Override // net.pulsesecure.g.c.d
    public g a(KeyPair keyPair, CertificateScepResponseMsg certificateScepResponseMsg, net.pulsesecure.g.c.c cVar) {
        return a(c.enroll, keyPair, certificateScepResponseMsg, null, null, cVar);
    }

    @Override // net.pulsesecure.g.c.d
    public g a(X509Certificate x509Certificate, KeyPair keyPair, j jVar, CertificateScepResponseMsg certificateScepResponseMsg) {
        return a(c.poll, keyPair, certificateScepResponseMsg, x509Certificate, jVar, null);
    }

    @Override // net.pulsesecure.g.c.d
    public g a(X509Certificate x509Certificate, KeyPair keyPair, j jVar, CertificateScepResponseMsg certificateScepResponseMsg, net.pulsesecure.g.c.c cVar) {
        return a(c.poll, keyPair, certificateScepResponseMsg, x509Certificate, jVar, cVar);
    }

    @Override // net.pulsesecure.g.c.d
    public g a(X509Certificate x509Certificate, KeyPair keyPair, CertificateScepResponseMsg certificateScepResponseMsg) {
        return a(c.renew, keyPair, certificateScepResponseMsg, x509Certificate, null, null);
    }

    @Override // net.pulsesecure.g.c.d
    public g a(X509Certificate x509Certificate, KeyPair keyPair, CertificateScepResponseMsg certificateScepResponseMsg, net.pulsesecure.g.c.c cVar) {
        return a(c.renew, keyPair, certificateScepResponseMsg, x509Certificate, null, cVar);
    }
}
