package com.microsoft.omadm.platforms.android.certmgr.data;

import com.microsoft.identity.common.java.platform.AbstractDevicePopManager;
import com.microsoft.intune.common.xml.XMLUtils;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.platforms.android.certmgr.CertOperation;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Iterator;
import javax.security.auth.x500.X500Principal;
import javax.xml.namespace.NamespaceContext;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.xpath.XPathExpressionException;
import org.w3c.dom.DOMException;
import org.xml.sax.SAXException;

/* loaded from: classes3.dex */
public final class ScepRenewCertificateRequest extends ScepCertificateRequest {
    static final String XP_RP = "//CertificateRequest/RenewParameters/";
    static final String XP_RP_CERTIFICATEHASH = "//CertificateRequest/RenewParameters/CertificateHash";
    static final String XP_RP_NDESURL = "//CertificateRequest/RenewParameters/NDESUrl";

    private ScepRenewCertificateRequest(String str, Long l) {
        super(str, l);
    }

    public static ScepCertificateRequest generateRequest(ScepCertificateEnrollState scepCertificateEnrollState) throws OMADMException {
        if (scepCertificateEnrollState.opType != CertOperation.CERT_RENEW) {
            throw new OMADMException("Bad Enrollment type.");
        }
        ScepRenewCertificateRequest scepRenewCertificateRequest = new ScepRenewCertificateRequest(scepCertificateEnrollState.requestId, scepCertificateEnrollState.user);
        scepRenewCertificateRequest.buildRequest(scepCertificateEnrollState);
        return scepRenewCertificateRequest;
    }

    public static ScepCertificateRequest generateRequest(String str, String str2, String str3, String str4, byte[] bArr, Long l) throws SAXException, IOException, ParserConfigurationException, DOMException, XPathExpressionException, OMADMException {
        XMLUtils xMLUtils = new XMLUtils(str2, new NamespaceContext() { // from class: com.microsoft.omadm.platforms.android.certmgr.data.ScepRenewCertificateRequest.1
            @Override // javax.xml.namespace.NamespaceContext
            public String getNamespaceURI(String str5) {
                if ("cp".equals(str5)) {
                    return "http://schemas.microsoft.com/SystemCenterConfigurationManager/2012/03/07/CertificateEnrollment/ConfigurationParameters";
                }
                return null;
            }

            @Override // javax.xml.namespace.NamespaceContext
            public String getPrefix(String str5) {
                return null;
            }

            @Override // javax.xml.namespace.NamespaceContext
            public Iterator getPrefixes(String str5) {
                return null;
            }
        });
        ScepRenewCertificateRequest scepRenewCertificateRequest = new ScepRenewCertificateRequest(str, l);
        if (!xMLUtils.getNodeStringContent(XP_RP_CERTIFICATEHASH).equalsIgnoreCase(str4)) {
            throw new OMADMException("Certificate Renew: GW sent certificate thumbprint and device generated thumbprint does not match");
        }
        scepRenewCertificateRequest.ndesUrls = xMLUtils.getNodeStringContent(XP_RP_NDESURL).split(";");
        scepRenewCertificateRequest.alias = str3;
        scepRenewCertificateRequest.certificateHash = str4;
        try {
            try {
                scepRenewCertificateRequest.privateKey = KeyFactory.getInstance(AbstractDevicePopManager.KeyPairGeneratorAlgorithms.RSA).generatePrivate(new PKCS8EncodedKeySpec(bArr));
                scepRenewCertificateRequest.configParameters = xMLUtils.getNodeStringContent("//CertificateRequest/ConfigurationParametersDocument");
                XMLUtils configurationDocument = getConfigurationDocument(scepRenewCertificateRequest.configParameters);
                scepRenewCertificateRequest.validityPeriod = configurationDocument.getNodeLongContent("//cp:ConfigurationParameters/cp:ValidityPeriod");
                scepRenewCertificateRequest.validityPeriodUnit = configurationDocument.getNodeStringContent("//cp:ConfigurationParameters/cp:ValidityPeriodUnit");
                try {
                    scepRenewCertificateRequest.caThumbPrint = configurationDocument.getNodeStringContent("//cp:ConfigurationParameters/cp:CAThumbprint");
                    scepRenewCertificateRequest.retryCount = configurationDocument.getNodeLongContent("//cp:ConfigurationParameters/cp:RetryCount");
                    scepRenewCertificateRequest.retryDelay = configurationDocument.getNodeLongContent("//cp:ConfigurationParameters/cp:RetryDelay");
                } catch (DOMException e) {
                    scepRenewCertificateRequest.retryCount = 0L;
                    scepRenewCertificateRequest.retryDelay = 0L;
                    if (scepRenewCertificateRequest.caThumbPrint == null) {
                        throw new OMADMException("Couldn't extract CA Thumbprint from the renew request", e);
                    }
                }
                return scepRenewCertificateRequest;
            } catch (InvalidKeySpecException e2) {
                throw new OMADMException("PrivateKey is not in a valid PKCS8 format", e2);
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new OMADMException("KeyFactory could find RSA algorithm", e3);
        }
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateRequest
    public void buildRequest(ScepCertificateEnrollState scepCertificateEnrollState) throws OMADMException {
        super.buildRequest(scepCertificateEnrollState);
        this.alias = scepCertificateEnrollState.alias;
        this.certificateHash = scepCertificateEnrollState.thumbprint;
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateRequest
    public String getAlias() {
        return this.alias;
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateRequest
    public X500Principal getSubjectPrincipal() {
        return this.pendingCertificate.getSubjectX500Principal();
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateRequest
    public boolean isRenewRequest() {
        return true;
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateRequest
    public boolean isReplaceRequest() {
        return false;
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateRequest
    public ScepCertificateEnrollState toState() throws OMADMException {
        return toState(null);
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateRequest
    public ScepCertificateEnrollState toState(Long l) throws OMADMException {
        ScepCertificateEnrollState state = super.toState(l);
        state.thumbprint = this.certificateHash;
        state.opType = CertOperation.CERT_RENEW;
        return state;
    }
}
