package a.b.b;

import a.b.c.k;
import a.b.c.n;
import a.b.c.o;
import a.b.d.i;
import a.b.e.h;
import java.io.IOException;
import java.net.URL;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.CertStore;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.cert.CertException;
import org.spongycastle.cert.jcajce.JcaX509CertificateHolder;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.spongycastle.pkcs.PKCS10CertificationRequest;

/* loaded from: classes.dex */
public final class b {

    /* renamed from: a, reason: collision with root package name */
    private static final Logger f153a = LoggerFactory.getLogger(b.class);
    private final URL b;
    private final CallbackHandler c;
    private a.b.b.a.c d = new a.b.b.a.e();
    private a.b.e.d e = new h();

    public b(URL url, CallbackHandler callbackHandler) {
        this.b = url;
        this.c = callbackHandler;
        if (this.b == null) {
            throw new NullPointerException("URL should not be null");
        }
        if (!this.b.getProtocol().matches("^https?$")) {
            throw new IllegalArgumentException("URL protocol should be HTTP or HTTPS");
        }
        if (this.b.getRef() != null) {
            throw new IllegalArgumentException("URL should contain no reference");
        }
        if (this.b.getQuery() != null) {
            throw new IllegalArgumentException("URL should contain no query string");
        }
        if (this.c == null) {
            throw new NullPointerException("Callback handler should not be null");
        }
    }

    private static void a(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        f153a.debug("Verifying signature of RA certificate");
        if (x509Certificate.equals(x509Certificate2)) {
            f153a.debug("RA and CA are identical");
            return;
        }
        try {
            if (new JcaX509CertificateHolder(x509Certificate2).isSignatureValid(new JcaContentVerifierProviderBuilder().build(x509Certificate))) {
                f153a.debug("Signature verification passed for RA.");
            } else {
                f153a.debug("Signature verification failed for RA.");
            }
        } catch (CertificateEncodingException e) {
            throw new c(e);
        } catch (CertException e2) {
            throw new c(e2);
        } catch (OperatorCreationException e3) {
            throw new c(e3);
        }
    }

    private static boolean a(X509Certificate x509Certificate) {
        try {
            JcaX509CertificateHolder jcaX509CertificateHolder = new JcaX509CertificateHolder(x509Certificate);
            return jcaX509CertificateHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().build(jcaX509CertificateHolder));
        } catch (Exception e) {
            throw new c(e);
        }
    }

    private a.b.e.b.a b(String str) {
        f153a.debug("Determining capabilities of SCEP server");
        a.b.e.a.a aVar = new a.b.e.a.a(str);
        try {
            return (a.b.e.b.a) this.e.a(a.b.e.e.GET, this.b).a(aVar, new a.b.e.b.d());
        } catch (a.b.e.c e) {
            f153a.warn("AbstractTransport problem when determining capabilities.  Using empty capabilities.");
            return new a.b.e.b.a(new a.b.e.b.b[0]);
        }
    }

    public final e a(X509Certificate x509Certificate, PrivateKey privateKey, PKCS10CertificationRequest pKCS10CertificationRequest, String str) {
        f153a.debug("Enrolling certificate with CA");
        if (a(x509Certificate)) {
            f153a.debug("Certificate is self-signed");
            if (!pKCS10CertificationRequest.getSubject().equals(X500Name.getInstance(x509Certificate.getSubjectX500Principal().getEncoded()))) {
                f153a.error("The self-signed certificate MUST use the same subject name as in the PKCS#10 request.");
            }
        }
        a.b.e.b a2 = b(str).a() ? this.e.a(a.b.e.e.POST, this.b) : this.e.a(a.b.e.e.GET, this.b);
        CertStore a3 = a(str);
        a.b.e.b.a b = b(str);
        a.b.d.a aVar = new a.b.d.a(a2, new o(privateKey, x509Certificate, new k(this.d.a(a3).e(), b.b()), b.d()), new n(this.d.a(a(str)).d(), new a.b.c.h(x509Certificate, privateKey)), pKCS10CertificationRequest);
        try {
            MessageDigest c = b(str).c();
            f153a.info("{} PKCS#10 Fingerprint: [{}]", c.getAlgorithm(), a.a.a.a.a.d.a(c.digest(pKCS10CertificationRequest.getEncoded())));
        } catch (IOException e) {
            f153a.error("Error getting encoded CSR", (Throwable) e);
        }
        i b2 = aVar.b();
        return b2 == i.CERT_ISSUED ? new e(aVar.a(), aVar.d()) : b2 == i.CERT_REQ_PENDING ? new e(aVar.a()) : new e(aVar.a(), aVar.c());
    }

    public final CertStore a(String str) {
        f153a.debug("Retrieving current CA certificate");
        try {
            CertStore certStore = (CertStore) this.e.a(a.b.e.e.GET, this.b).a(new a.b.e.a.b(str), new a.b.e.b.e());
            a.b.b.a.b a2 = this.d.a(certStore);
            a aVar = new a(a2.f());
            try {
                f153a.debug("Requesting certificate verification.");
                this.c.handle(new Callback[]{aVar});
                if (!aVar.b()) {
                    f153a.debug("Certificate verification failed.");
                    throw new c("CA certificate fingerprint could not be verified.");
                }
                f153a.debug("Certificate verification passed.");
                a(a2.f(), a2.e());
                a(a2.f(), a2.d());
                return certStore;
            } catch (IOException e) {
                throw new c(e);
            } catch (UnsupportedCallbackException e2) {
                f153a.debug("Certificate verification failed.");
                throw new c(e2);
            }
        } catch (a.b.e.c e3) {
            throw new c(e3);
        }
    }
}
