package com.cisco.cpm.util;

import com.cisco.cpm.exception.SPWSCEPRequestPendingException;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.UUID;
import java.util.Vector;
import javax.net.ssl.HttpsURLConnection;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.ASN1OctetString;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.DEROutputStream;
import org.spongycastle.asn1.DERPrintableString;
import org.spongycastle.asn1.DERSequence;
import org.spongycastle.asn1.DERSet;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.asn1.x509.GeneralNames;
import org.spongycastle.asn1.x509.X509Extension;
import org.spongycastle.asn1.x509.X509Extensions;
import org.spongycastle.asn1.x509.X509Name;
import org.spongycastle.jce.PKCS10CertificationRequest;
import org.spongycastle.util.encoders.Base64;

/* loaded from: classes.dex */
public class SCEPUtility {
    static final /* synthetic */ boolean $assertionsDisabled;
    static final byte[] HEX_CHAR_TABLE;
    private String challengePwd;
    private KeyPair keyPair;
    private int mInitialRetryCnt;
    private int mInitialRetryTime;
    private int mPendingRetryCnt;
    private int mPendingRetryTime;
    private String macAddr;
    PKCS10CertificationRequest pkCS10request = null;
    private String subject;
    private String transactionID;
    private String urlStr;

    static {
        $assertionsDisabled = !SCEPUtility.class.desiredAssertionStatus();
        HEX_CHAR_TABLE = new byte[]{48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 97, 98, 99, 100, 101, 102};
    }

    public SCEPUtility(String str, String str2, String str3, KeyPair keyPair, String str4, String str5, String str6, String str7, String str8) {
        this.urlStr = null;
        this.macAddr = null;
        this.mInitialRetryCnt = 3;
        this.mInitialRetryTime = 4;
        this.mPendingRetryCnt = 3;
        this.mPendingRetryTime = 4;
        this.subject = str;
        this.urlStr = str3;
        this.keyPair = keyPair;
        this.challengePwd = str2;
        this.macAddr = str4;
        try {
            this.mInitialRetryCnt = Integer.parseInt(str5);
        } catch (NumberFormatException e) {
        }
        try {
            this.mInitialRetryTime = Integer.parseInt(str6);
        } catch (NumberFormatException e2) {
        }
        try {
            this.mPendingRetryCnt = Integer.parseInt(str7);
        } catch (NumberFormatException e3) {
        }
        try {
            this.mPendingRetryTime = Integer.parseInt(str8);
        } catch (NumberFormatException e4) {
        }
    }

    private PKCS10CertificationRequest generatePKCS10Request(KeyPair keyPair, String str, String str2) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
        GeneralNames generalNames = new GeneralNames(new GeneralName(1, this.macAddr));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            new DEROutputStream(byteArrayOutputStream).writeObject(generalNames);
            Vector vector = new Vector();
            vector.add(X509Extension.subjectAlternativeName);
            Vector vector2 = new Vector();
            vector2.add(new X509Extension(false, (ASN1OctetString) new DEROctetString(byteArrayOutputStream.toByteArray())));
            aSN1EncodableVector.add(new DERSet(new X509Extensions(vector, vector2)));
            ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
            aSN1EncodableVector2.add(PKCSObjectIdentifiers.pkcs_9_at_challengePassword);
            ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
            aSN1EncodableVector3.add(new DERPrintableString(str2));
            aSN1EncodableVector2.add(new DERSet(aSN1EncodableVector3));
            ASN1EncodableVector aSN1EncodableVector4 = new ASN1EncodableVector();
            aSN1EncodableVector4.add(new DERSequence(aSN1EncodableVector));
            aSN1EncodableVector4.add(new DERSequence(aSN1EncodableVector2));
            DERSet dERSet = new DERSet(aSN1EncodableVector4);
            Vector vector3 = new Vector();
            vector3.add(X509Name.CN);
            Vector vector4 = new Vector();
            vector4.add(str);
            return new PKCS10CertificationRequest("SHA256withRSA", new X509Name(vector3, vector4), this.keyPair.getPublic(), dERSet, this.keyPair.getPrivate());
        } catch (IOException e) {
            throw new IllegalArgumentException("error encoding value: " + e);
        }
    }

    private String getTransactionId() {
        try {
            return new String(Base64.encode(toHex(MessageDigest.getInstance("SHA-1").digest(this.keyPair.getPublic().getEncoded()))));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private X509Certificate makeInitalCertRequestCall(byte[] bArr) throws Exception, SPWSCEPRequestPendingException {
        HttpURLConnection httpURLConnection;
        int i = 0;
        X509Certificate x509Certificate = null;
        while (true) {
            if (i >= this.mInitialRetryCnt) {
                break;
            }
            URL url = new URL(this.urlStr);
            if (this.urlStr.startsWith("https")) {
                httpURLConnection = (HttpsURLConnection) url.openConnection();
                ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(new SPWSSLSocketFactory());
                ((HttpsURLConnection) httpURLConnection).setInstanceFollowRedirects(false);
            } else {
                httpURLConnection = (HttpURLConnection) url.openConnection();
                httpURLConnection.setInstanceFollowRedirects(false);
            }
            httpURLConnection.setDoOutput(true);
            httpURLConnection.setRequestProperty("Content-Length", bArr.length + "");
            httpURLConnection.setRequestProperty("Content-Type", "application/x-pki-message");
            httpURLConnection.setRequestProperty("Operation", "CertReq");
            httpURLConnection.setRequestProperty("Trans-Id", this.transactionID);
            httpURLConnection.setRequestProperty("Sender-Nonce", UUID.randomUUID().toString());
            httpURLConnection.getOutputStream().write(bArr);
            if (httpURLConnection.getResponseCode() != 200) {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getErrorStream()));
                StringBuffer stringBuffer = new StringBuffer();
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    stringBuffer.append(readLine);
                }
                SPWLog.getLogger().i("Unable to make initial SCEP request:" + ((Object) stringBuffer));
                synchronized (this) {
                    wait(this.mInitialRetryTime * 1000);
                }
                i++;
            } else {
                String headerField = httpURLConnection.getHeaderField("Trans-Status");
                if (!"Issued".equalsIgnoreCase(headerField)) {
                    if ("Pending".equals(headerField)) {
                        throw new SPWSCEPRequestPendingException();
                    }
                    SPWLog.getLogger().e("Invalid status from SCEP server = " + headerField);
                    throw new Exception("Certifcate request failed");
                }
                x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "SC").generateCertificate(httpURLConnection.getInputStream());
                SPWLog.getLogger().i("Generated cert from SCEP server = " + x509Certificate.toString());
            }
        }
        if (x509Certificate != null) {
            return x509Certificate;
        }
        SPWLog.getLogger().e("Unable to make initial SCEP request after " + this.mInitialRetryTime + "counts. Bailing out");
        throw new Exception("Certificate request failed");
    }

    private X509Certificate makePendingCertRequestCall() throws Exception, SPWSCEPRequestPendingException {
        HttpURLConnection httpURLConnection;
        String headerField;
        int i = 0;
        X509Certificate x509Certificate = null;
        int length = this.pkCS10request.getCertificationRequestInfo().getSubject().getEncoded().length;
        do {
            if (i < this.mPendingRetryCnt) {
                i++;
                synchronized (this) {
                    wait(this.mPendingRetryTime * 1000);
                }
                URL url = new URL(this.urlStr);
                if (this.urlStr.startsWith("https")) {
                    httpURLConnection = (HttpsURLConnection) url.openConnection();
                    ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(new SPWSSLSocketFactory());
                } else {
                    httpURLConnection = (HttpURLConnection) url.openConnection();
                }
                httpURLConnection.setInstanceFollowRedirects(false);
                httpURLConnection.setDoOutput(true);
                httpURLConnection.setRequestProperty("Content-Type", "application/x-pki-message");
                httpURLConnection.setRequestProperty("Content-Length", length + "");
                httpURLConnection.setRequestProperty("Operation", "CertQuery");
                httpURLConnection.setRequestProperty("Trans-Id", this.transactionID);
                httpURLConnection.setRequestProperty("Sender-Nonce", UUID.randomUUID().toString());
                httpURLConnection.getOutputStream().write(this.pkCS10request.getCertificationRequestInfo().getSubject().getEncoded());
                headerField = httpURLConnection.getHeaderField("Trans-Status");
                if ("Issued".equalsIgnoreCase(headerField)) {
                    x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(httpURLConnection.getInputStream());
                    SPWLog.getLogger().i("Generated cert from SCEP server = " + x509Certificate.toString());
                }
            }
            if (x509Certificate != null) {
                return x509Certificate;
            }
            SPWLog.getLogger().e("cert is null after retry " + this.mPendingRetryCnt + "counts. Bailing out");
            throw new Exception("Certificate request failed");
        } while ("Pending".equals(headerField));
        SPWLog.getLogger().e("Invalid status from SCEP server = " + headerField);
        throw new Exception("Certificate request failed");
    }

    public static byte[] toHex(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length * 2];
        int i = 0;
        for (byte b : bArr) {
            int i2 = b & 255;
            int i3 = i + 1;
            bArr2[i] = HEX_CHAR_TABLE[i2 >>> 4];
            i = i3 + 1;
            bArr2[i3] = HEX_CHAR_TABLE[i2 & 15];
        }
        return bArr2;
    }

    public X509Certificate getCertificate() throws Exception {
        if (!$assertionsDisabled && this.keyPair.getPublic() != null) {
            throw new AssertionError();
        }
        this.transactionID = getTransactionId();
        this.pkCS10request = generatePKCS10Request(this.keyPair, this.subject, this.challengePwd);
        try {
            return makeInitalCertRequestCall(this.pkCS10request.getEncoded());
        } catch (SPWSCEPRequestPendingException e) {
            SPWLog.getLogger().i("Cert request pending - Making pending  cert call");
            try {
                return makePendingCertRequestCall();
            } catch (Exception e2) {
                SPWLog.getLogger().e("Exception in pending cert call", e);
                return null;
            }
        } catch (Exception e3) {
            SPWLog.getLogger().e("Cert call", e3);
            return null;
        }
    }
}
