package j1;

import android.content.Context;
import com.samsung.android.knox.keystore.CEPConstants;
import com.sophos.jsceplib.ScepException;
import com.sophos.smsec.core.smsectrace.SMSecTrace;
import java.io.IOException;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Collection;
import java.util.Iterator;
import java.util.Locale;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.jscep.client.ClientException;
import org.jscep.transaction.TransactionException;

/* renamed from: j1.b, reason: case insensitive filesystem */
/* loaded from: classes3.dex */
public class C1118b {

    /* renamed from: n, reason: collision with root package name */
    private static InterfaceC1117a f17058n;

    /* renamed from: a, reason: collision with root package name */
    private N2.b f17059a;

    /* renamed from: b, reason: collision with root package name */
    private final String f17060b;

    /* renamed from: c, reason: collision with root package name */
    private final String f17061c;

    /* renamed from: d, reason: collision with root package name */
    private final String f17062d;

    /* renamed from: e, reason: collision with root package name */
    private final String f17063e;

    /* renamed from: f, reason: collision with root package name */
    private final Context f17064f;

    /* renamed from: g, reason: collision with root package name */
    private String f17065g;

    /* renamed from: h, reason: collision with root package name */
    private String f17066h;

    /* renamed from: i, reason: collision with root package name */
    private String f17067i;

    /* renamed from: j, reason: collision with root package name */
    private String f17068j;

    /* renamed from: k, reason: collision with root package name */
    private String f17069k;

    /* renamed from: l, reason: collision with root package name */
    private int f17070l;

    /* renamed from: m, reason: collision with root package name */
    private int f17071m;

    public C1118b(Context context, String str) {
        this.f17065g = null;
        this.f17066h = null;
        this.f17067i = null;
        this.f17068j = null;
        this.f17069k = null;
        this.f17070l = 192;
        this.f17071m = 2048;
        this.f17060b = str;
        this.f17061c = "";
        this.f17062d = "";
        this.f17063e = "";
        this.f17064f = context;
    }

    public C1118b(Context context, String str, String str2, String str3, String str4) {
        this.f17065g = null;
        this.f17066h = null;
        this.f17067i = null;
        this.f17068j = null;
        this.f17069k = null;
        this.f17070l = 192;
        this.f17071m = 2048;
        this.f17060b = str;
        this.f17061c = str2;
        this.f17062d = str3;
        this.f17064f = context;
        this.f17063e = str4;
    }

    private void a(PKCS10CertificationRequestBuilder pKCS10CertificationRequestBuilder) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        try {
            String str = this.f17066h;
            if (str != null && str.length() > 0) {
                SMSecTrace.d(CEPConstants.CERT_PROFILE_TYPE_SCEP, "add PrincipalName : " + this.f17066h);
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                aSN1EncodableVector2.add(new ASN1ObjectIdentifier("1.3.6.1.4.1.311.20.2.3"));
                aSN1EncodableVector2.add(new DERTaggedObject(true, 0, (ASN1Encodable) new DERUTF8String(this.f17066h)));
                aSN1EncodableVector.add(new DERTaggedObject(false, 0, (ASN1Encodable) new DERSequence(aSN1EncodableVector2)));
            }
            String str2 = this.f17067i;
            if (str2 != null && str2.length() > 0) {
                SMSecTrace.d(CEPConstants.CERT_PROFILE_TYPE_SCEP, "add DnsName : " + this.f17067i);
                aSN1EncodableVector.add(new GeneralName(2, new DERIA5String(this.f17067i)));
            }
            String str3 = this.f17068j;
            if (str3 != null && str3.length() > 0) {
                SMSecTrace.d(CEPConstants.CERT_PROFILE_TYPE_SCEP, "add Rfc822Name : " + this.f17068j);
                aSN1EncodableVector.add(new GeneralName(1, new DERIA5String(this.f17068j)));
            }
            String str4 = this.f17069k;
            if (str4 != null && str4.length() > 0) {
                SMSecTrace.d(CEPConstants.CERT_PROFILE_TYPE_SCEP, "add UniformResourceIdentifier : " + this.f17069k);
                aSN1EncodableVector.add(new GeneralName(6, new DERIA5String(this.f17069k)));
            }
            if (aSN1EncodableVector.size() > 0) {
                ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
                extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, (ASN1Encodable) new DERSequence(aSN1EncodableVector));
                pKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
            }
        } catch (Exception e3) {
            SMSecTrace.e(CEPConstants.CERT_PROFILE_TYPE_SCEP, "cannot add SubjectAltName.", e3);
        }
    }

    private N2.d f(String str, String str2, KeyPair keyPair) throws ScepException {
        try {
            X509Certificate b3 = b(str2, keyPair);
            PKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Principal(str2), keyPair.getPublic());
            int i3 = this.f17070l;
            if (i3 != 0) {
                KeyUsage keyUsage = new KeyUsage(i3);
                SMSecTrace.d(CEPConstants.CERT_PROFILE_TYPE_SCEP, "enroll certifcate with key usage: " + keyUsage.toString());
                jcaPKCS10CertificationRequestBuilder.addAttribute(Extension.keyUsage, keyUsage);
            }
            jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(str));
            a(jcaPKCS10CertificationRequestBuilder);
            return this.f17059a.b(b3, keyPair.getPrivate(), jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate())), this.f17065g);
        } catch (ClientException e3) {
            throw new ScepException(e3);
        } catch (TransactionException e4) {
            throw new ScepException(e4);
        } catch (Exception e5) {
            throw new ScepException(e5);
        }
    }

    public static InterfaceC1117a h() {
        return f17058n;
    }

    private N2.d j(X509Certificate x509Certificate, PrivateKey privateKey) throws ScepException {
        Security.addProvider(new BouncyCastleProvider());
        try {
            PKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(x509Certificate.getSubjectX500Principal(), x509Certificate.getPublicKey());
            int i3 = this.f17070l;
            if (i3 != 0) {
                KeyUsage keyUsage = new KeyUsage(i3);
                SMSecTrace.d(CEPConstants.CERT_PROFILE_TYPE_SCEP, "enroll certifcate with key usage: " + keyUsage.toString());
                jcaPKCS10CertificationRequestBuilder.addAttribute(Extension.keyUsage, keyUsage);
            }
            jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(""));
            a(jcaPKCS10CertificationRequestBuilder);
            return this.f17059a.b(x509Certificate, privateKey, jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(privateKey)), this.f17065g);
        } catch (ClientException e3) {
            throw new ScepException(e3);
        } catch (TransactionException e4) {
            throw new ScepException(e4);
        } catch (Exception e5) {
            throw new ScepException(e5);
        }
    }

    public static void n(InterfaceC1117a interfaceC1117a) {
        f17058n = interfaceC1117a;
    }

    public X509Certificate b(String str, KeyPair keyPair) throws InvalidKeyException, SignatureException, OperatorCreationException, IOException, CertificateException {
        Security.addProvider(new BouncyCastleProvider());
        Calendar calendar = Calendar.getInstance();
        calendar.add(5, -1);
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(5, 1);
        return new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(new X509v3CertificateBuilder(new X500Name(str), BigInteger.valueOf(System.currentTimeMillis()), calendar.getTime(), calendar2.getTime(), Locale.getDefault(), new X500Name(str), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())).build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(new BouncyCastleProvider()).build(keyPair.getPrivate())));
    }

    public boolean c(String str) throws ScepException {
        String c3;
        if (str == null || str.length() <= 0) {
            return true;
        }
        SMSecTrace.d(CEPConstants.CERT_PROFILE_TYPE_SCEP, "expected CA Certificate hash: " + str);
        try {
            CertStore d3 = this.f17059a.d(this.f17065g);
            if (d3 == null) {
                return false;
            }
            try {
                Collection<? extends Certificate> certificates = d3.getCertificates(null);
                if (certificates == null) {
                    return false;
                }
                Iterator<? extends Certificate> it = certificates.iterator();
                while (it.hasNext()) {
                    X509Certificate x509Certificate = (X509Certificate) it.next();
                    try {
                        c3 = C1119c.c(x509Certificate.getEncoded());
                        SMSecTrace.d(CEPConstants.CERT_PROFILE_TYPE_SCEP, "try hash for: " + x509Certificate.getSubjectDN() + " Hash: " + c3);
                    } catch (CertificateEncodingException unused) {
                    }
                    if (c3.equals(str)) {
                        return true;
                    }
                }
                return false;
            } catch (CertStoreException e3) {
                throw new ScepException(e3);
            }
        } catch (ClientException e4) {
            throw new ScepException(e4);
        }
    }

    public void d() throws ScepException {
        try {
            this.f17059a = new N2.b(new URL(this.f17060b), new N2.c(new P2.b()));
        } catch (MalformedURLException e3) {
            throw new ScepException(e3);
        }
    }

    public boolean e(String str) throws ScepException {
        if (this.f17059a == null) {
            throw new ScepException("No connect called!");
        }
        String format = String.format("CN=%s, O=%s", this.f17061c, this.f17062d);
        KeyPair l3 = l();
        N2.d f3 = f(str, format, l3);
        if (f3 == null) {
            return false;
        }
        if (f3.b()) {
            new C1120d(this.f17064f, this.f17061c, this.f17062d, this.f17063e).k(f3.a(), l3.getPrivate());
        }
        return f3.b();
    }

    public boolean g(String str, String str2, String str3, String str4, String str5) throws ScepException {
        if (this.f17059a == null) {
            throw new ScepException("No connect called!");
        }
        KeyPair l3 = l();
        N2.d f3 = f(str, str2, l3);
        if (f3 == null) {
            return false;
        }
        if (f3.b()) {
            new C1119c(this.f17064f, str3, str5).g(str4, f3.a(), l3.getPrivate());
        }
        return f3.b();
    }

    public boolean i() {
        return this.f17059a.c(this.f17065g).i();
    }

    public boolean k(String str, String str2, String str3) throws ScepException {
        if (this.f17059a == null) {
            throw new ScepException("No connect called!");
        }
        C1119c c1119c = new C1119c(this.f17064f, str, str3);
        X509Certificate d3 = c1119c.d(str2);
        PrivateKey f3 = c1119c.f(str2);
        N2.d j3 = j(d3, f3);
        if (j3 == null) {
            return false;
        }
        if (j3.b()) {
            new C1119c(this.f17064f, str, str3).g(str2, j3.a(), f3);
        }
        return j3.b();
    }

    public KeyPair l() throws ScepException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(this.f17071m);
            return keyPairGenerator.genKeyPair();
        } catch (Exception e3) {
            throw new ScepException(e3);
        }
    }

    public void m(String str) {
        this.f17065g = str;
    }

    public void o(String str) {
        this.f17067i = str;
    }

    public void p(int i3) {
        this.f17071m = i3;
    }

    public void q(int i3) {
        this.f17070l = i3;
    }

    public void r(String str) {
        this.f17066h = str;
    }

    public void s(String str) {
        this.f17068j = str;
    }

    public void t(String str) {
        this.f17069k = str;
    }
}
