package t4;

import android.util.Base64;
import androidx.fragment.app.h0;
import com.microsoft.identity.common.internal.platform.DevicePopManager;
import com.samsung.android.knox.keystore.CertificateProvisioning;
import g5.u;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.crypto.tls.CipherSuite;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import pd.f;
import v7.e;
import z7.d0;

/* compiled from: ScepClient.java */
/* loaded from: classes.dex */
public class c {

    /* renamed from: a, reason: collision with root package name */
    public u f10130a;

    /* renamed from: b, reason: collision with root package name */
    public String f10131b;

    /* renamed from: c, reason: collision with root package name */
    public String f10132c;

    /* renamed from: d, reason: collision with root package name */
    public String f10133d;

    /* renamed from: e, reason: collision with root package name */
    public int f10134e;

    /* renamed from: f, reason: collision with root package name */
    public String f10135f;

    /* renamed from: g, reason: collision with root package name */
    public Integer f10136g;

    /* renamed from: h, reason: collision with root package name */
    public String f10137h;

    /* renamed from: i, reason: collision with root package name */
    public String f10138i;

    /* renamed from: j, reason: collision with root package name */
    public boolean f10139j;

    /* renamed from: k, reason: collision with root package name */
    public boolean f10140k;

    /* renamed from: l, reason: collision with root package name */
    public Certificate[] f10141l;

    /* renamed from: m, reason: collision with root package name */
    public String f10142m = "KEYSTORE.pfx";

    /* renamed from: n, reason: collision with root package name */
    public String f10143n;

    public c(x6.b bVar, u uVar) {
        this.f10139j = false;
        this.f10140k = false;
        this.f10130a = uVar;
        this.f10131b = bVar.f11697a;
        this.f10132c = bVar.f11698b;
        this.f10134e = Integer.parseInt(bVar.f11702f);
        this.f10138i = bVar.f11701e;
        this.f10136g = bVar.f11699c;
        this.f10137h = bVar.f11700d;
        this.f10133d = bVar.f11703g;
        int intValue = bVar.f11704h.intValue();
        if (intValue == 1) {
            this.f10139j = true;
        } else if (intValue == 4) {
            this.f10140k = true;
        } else if (intValue == 5) {
            this.f10139j = true;
            this.f10140k = true;
        }
        this.f10135f = x6.b.f11696j;
        this.f10143n = Integer.toString(Math.abs(new SecureRandom().nextInt()));
        try {
            String str = bVar.f11705i;
            if (str == null || str.isEmpty()) {
                this.f10141l = null;
                return;
            }
            Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(Base64.decode(bVar.f11705i, 0)));
            ArrayList arrayList = new ArrayList();
            if (generateCertificates.isEmpty()) {
                this.f10141l = null;
                return;
            }
            Iterator<? extends Certificate> it = generateCertificates.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
            this.f10141l = (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]);
        } catch (Exception unused) {
            this.f10141l = null;
            d0.t("SCEP Client: Error while converting base64 to certificate for SCEP.");
        }
    }

    public final void a(h0 h0Var, PrivateKey privateKey) {
        try {
            ArrayList arrayList = new ArrayList(h0Var.l().getCertificates(null));
            Certificate[] certificateArr = new Certificate[arrayList.size()];
            for (int i10 = 0; i10 < arrayList.size(); i10++) {
                certificateArr[i10] = (Certificate) arrayList.get(i10);
            }
            String file = new File(e.T().U(), this.f10142m).toString();
            d(certificateArr, privateKey, file);
            c(file, ((X509Certificate) certificateArr[0]).getNotAfter().toString());
        } catch (IOException e10) {
            e = e10;
            d0.u("SCEP Client: Unable to store the keystore to local storage: ", e);
            throw e;
        } catch (KeyStoreException e11) {
            e = e11;
            d0.u("SCEP Client: Unable to store the keystore to local storage: ", e);
            throw e;
        } catch (NoSuchAlgorithmException e12) {
            e = e12;
            d0.u("SCEP Client: Unable to store the keystore to local storage: ", e);
            throw e;
        } catch (NoSuchProviderException e13) {
            e = e13;
            d0.u("SCEP Client: Unable to store the keystore to local storage: ", e);
            throw e;
        } catch (CertStoreException e14) {
            d0.u("SCEP Client: Enrollment success, but exception while retrieving the certificate from cert store: ", e14);
            throw e14;
        } catch (CertificateException e15) {
            e = e15;
            d0.u("SCEP Client: Unable to store the keystore to local storage: ", e);
            throw e;
        }
    }

    public int b() {
        String str;
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(DevicePopManager.KeyPairGeneratorAlgorithms.RSA);
        keyPairGenerator.initialize(this.f10134e);
        d0.w("SCEP Client: Keypair generated");
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        try {
            JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(this.f10132c), genKeyPair.getPublic());
            String str2 = this.f10138i;
            if (str2 != null && !str2.isEmpty()) {
                jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(this.f10138i));
                d0.w("SCEP Client: Enrollment passcode added");
            }
            ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
            if (this.f10136g.intValue() > 0 && (str = this.f10137h) != null && !str.isEmpty()) {
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                aSN1EncodableVector2.add(new ASN1ObjectIdentifier("1.3.6.1.4.1.311.20.2.3"));
                aSN1EncodableVector2.add(new DERTaggedObject(true, 0, new DERUTF8String(this.f10137h)));
                aSN1EncodableVector.add(new DERTaggedObject(false, 0, new DERSequence(aSN1EncodableVector2)));
                d0.w("SCEP Client: Subject Alternative name added");
                extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, (ASN1Encodable) new DERSequence(aSN1EncodableVector));
            }
            boolean z10 = this.f10140k;
            if (z10 && this.f10139j) {
                extensionsGenerator.addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(CipherSuite.TLS_DH_RSA_WITH_AES_128_GCM_SHA256));
                d0.w("SCEP Client: Key usage added");
            } else if (z10) {
                extensionsGenerator.addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(32));
                d0.w("SCEP Client: Key usage added");
                d0.w("SCEP Client: Key usage- Key encipherment added");
            } else if (this.f10139j) {
                extensionsGenerator.addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(128));
                d0.w("SCEP Client: Key usage- Digital signature added");
            }
            jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
            d0.w("SCEP Client: Certificate signing request generated");
            PKCS10CertificationRequest build = jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(genKeyPair.getPrivate()));
            try {
                d0.w("SCEP Client: Generating self-signed certificate");
                X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(new JcaX509v3CertificateBuilder(new X500Name(this.f10132c), BigInteger.valueOf(1L), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + 864000000), new X500Name(this.f10132c), genKeyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256withRSA").build(genKeyPair.getPrivate())));
                d0.w("SCEP Client: Self-signed generated successfully");
                md.b bVar = new md.b(new URL(this.f10131b), new z.e(4));
                Certificate[] certificateArr = this.f10141l;
                if (certificateArr != null && certificateArr.length > 0) {
                    d0.w("SCEP Client: Adding custom ssl context");
                    try {
                        try {
                            try {
                                KeyStore keyStore = KeyStore.getInstance(CertificateProvisioning.TYPE_PKCS12, BouncyCastleProvider.PROVIDER_NAME);
                                keyStore.load(null, null);
                                for (Certificate certificate2 : this.f10141l) {
                                    keyStore.setCertificateEntry(IETFUtils.valueToString(new JcaX509CertificateHolder((X509Certificate) certificate2).getSubject().getRDNs(BCStyle.CN)[0].getFirst().getValue()), certificate2);
                                }
                                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                                trustManagerFactory.init(keyStore);
                                SSLContext sSLContext = SSLContext.getInstance("TLS");
                                sSLContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
                                d0.w("SCEP Client: SSL context created successfully");
                                qd.e eVar = new qd.e(sSLContext.getSocketFactory());
                                synchronized (bVar) {
                                    bVar.f7480d = eVar;
                                }
                            } catch (NoSuchProviderException e10) {
                                e = e10;
                                d0.t("SCEP Client: NoSuchAlgorithmException: " + e);
                                throw e;
                            }
                        } catch (IOException e11) {
                            d0.u("SCEP Client: Exception while retrieving zoho ca certificate from local storage: ", e11);
                            throw e11;
                        } catch (NoSuchProviderException e12) {
                            d0.t("SCEP Client: NoSuchAlgorithmException: " + e12);
                            throw e12;
                        }
                    } catch (KeyManagementException e13) {
                        d0.t("SCEP Client: NoSuchAlgorithmException: " + e13);
                        throw e13;
                    } catch (KeyStoreException e14) {
                        d0.t("SCEP Client: NoSuchAlgorithmException: " + e14);
                        throw e14;
                    } catch (NoSuchAlgorithmException e15) {
                        e = e15;
                        d0.t("SCEP Client: NoSuchAlgorithmException: " + e);
                        throw e;
                    } catch (CertificateException e16) {
                        d0.t("SCEP Client: NoSuchAlgorithmException: " + e16);
                        throw e16;
                    }
                }
                try {
                    d0.w("SCEP Client: Initiating communication with the SCEP server");
                    h0 a10 = bVar.a(certificate, genKeyPair.getPrivate(), build, this.f10133d);
                    if (!(((pd.b) a10.f1718a) != null)) {
                        if (!(((CertStore) a10.f1719b) != null)) {
                            return -1;
                        }
                        d0.w("SCEP Client: Enrollment succeeded");
                        a(a10, genKeyPair.getPrivate());
                        return 100;
                    }
                    d0.w("SCEP Client: Enrollment failed");
                    pd.b bVar2 = (pd.b) a10.f1718a;
                    if (!(bVar2 != null)) {
                        throw new IllegalStateException();
                    }
                    int i10 = bVar2.f8880a;
                    d0.w("SCEP Client: Enrollment failed. Fail value : " + i10);
                    if (i10 == 2) {
                        d0.w("SCEP Client: Enrollment failed. Bad request");
                        return i10;
                    }
                    if (i10 != 3) {
                        return i10;
                    }
                    d0.w("SCEP Client: The signingTime attribute from the PKCS#7 signedAttributes was not sufficiently close to the system time.");
                    return i10;
                } catch (md.c e17) {
                    d0.u("SCEP Client: Problem in the client side ", e17);
                    throw e17;
                } catch (f e18) {
                    d0.u("SCEP Client: Error occurred during SCEP transaction ", e18);
                    throw e18;
                }
            } catch (CertificateException | OperatorCreationException e19) {
                d0.u("SCEP Client: Exception occurred while generating self signed certificate: ", e19);
                throw e19;
            }
        } catch (IOException e20) {
            d0.u("SCEP Client: Error while generating CSR: ", e20);
            throw e20;
        } catch (OperatorCreationException e21) {
            d0.u("SCEP Client: Error while generating CSR: ", e21);
            throw e21;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:28:0x01d3, code lost:
    
        if (r2 == null) goto L61;
     */
    /* JADX WARN: Failed to find 'out' block for switch in B:2:0x0021. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:13:0x00f4  */
    /* JADX WARN: Removed duplicated region for block: B:17:0x0134  */
    /* JADX WARN: Removed duplicated region for block: B:32:0x01e1  */
    /* JADX WARN: Removed duplicated region for block: B:50:0x0082  */
    /* JADX WARN: Removed duplicated region for block: B:75:0x01e9  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void c(java.lang.String r27, java.lang.String r28) {
        /*
            Method dump skipped, instructions count: 500
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: t4.c.c(java.lang.String, java.lang.String):void");
    }

    public final void d(Certificate[] certificateArr, PrivateKey privateKey, String str) {
        FileOutputStream fileOutputStream;
        try {
            d0.w("SCEP Client: Storing the keystore in local storage temporarily.");
            KeyStore keyStore = KeyStore.getInstance(CertificateProvisioning.TYPE_PKCS12, BouncyCastleProvider.PROVIDER_NAME);
            keyStore.load(null, null);
            keyStore.setKeyEntry(this.f10135f, privateKey, this.f10143n.toCharArray(), certificateArr);
            for (int i10 = 0; i10 < certificateArr.length; i10++) {
                keyStore.setCertificateEntry("cert_" + i10, certificateArr[i10]);
            }
            File file = new File(str);
            FileOutputStream fileOutputStream2 = new FileOutputStream(file);
            try {
                try {
                    fileOutputStream = new FileOutputStream(file);
                } catch (Throwable th) {
                    th = th;
                    fileOutputStream = fileOutputStream2;
                }
            } catch (FileNotFoundException e10) {
                e = e10;
            } catch (KeyStoreException e11) {
                e = e11;
            } catch (CertificateException e12) {
                e = e12;
            }
            try {
                keyStore.store(fileOutputStream, this.f10143n.toCharArray());
                d0.w("SCEP Client: Keystore successfully saved");
                fileOutputStream.close();
            } catch (FileNotFoundException e13) {
                e = e13;
                d0.t("SCEP Client: Unable to store the keystore in storage " + e);
                throw e;
            } catch (KeyStoreException e14) {
                e = e14;
                d0.t("SCEP Client: Unable to store the keystore in storage " + e);
                throw e;
            } catch (CertificateException e15) {
                e = e15;
                d0.t("SCEP Client: Unable to store the keystore in storage " + e);
                throw e;
            } catch (Throwable th2) {
                th = th2;
                fileOutputStream.close();
                throw th;
            }
        } catch (IOException e16) {
            e = e16;
            d0.t("SCEP Client: NoSuchAlgorithmException: " + e);
            throw e;
        } catch (KeyStoreException e17) {
            e = e17;
            d0.t("SCEP Client: KeyStoreException: " + e);
            throw e;
        } catch (NoSuchAlgorithmException e18) {
            e = e18;
            d0.t("SCEP Client: NoSuchAlgorithmException: " + e);
            throw e;
        } catch (NoSuchProviderException e19) {
            e = e19;
            d0.t("SCEP Client: KeyStoreException: " + e);
            throw e;
        } catch (CertificateException e20) {
            d0.t("SCEP Client: CertificateException: " + e20);
            throw e20;
        }
    }
}
