package com.lankapay.justpay.util.jscep.client;

import com.andridx.ehTblMf5JWlVwtL8J1EF;
import com.andridx.fd0;
import com.andridx.id0;
import com.andridx.lj1;
import com.andridx.tr;
import com.andridx.tz;
import com.andridx.uj1;
import com.andridx.vz;
import com.lankapay.justpay.util.jscep.asn1.IssuerAndSubject;
import com.lankapay.justpay.util.jscep.client.verification.CertificateVerifier;
import com.lankapay.justpay.util.jscep.message.PkcsPkiEnvelopeDecoder;
import com.lankapay.justpay.util.jscep.message.PkcsPkiEnvelopeEncoder;
import com.lankapay.justpay.util.jscep.message.PkcsReq;
import com.lankapay.justpay.util.jscep.message.PkiMessageDecoder;
import com.lankapay.justpay.util.jscep.message.PkiMessageEncoder;
import com.lankapay.justpay.util.jscep.transaction.EnrollmentTransaction;
import com.lankapay.justpay.util.jscep.transaction.MessageType;
import com.lankapay.justpay.util.jscep.transaction.NonEnrollmentTransaction;
import com.lankapay.justpay.util.jscep.transaction.Nonce;
import com.lankapay.justpay.util.jscep.transaction.OperationFailureException;
import com.lankapay.justpay.util.jscep.transaction.Transaction;
import com.lankapay.justpay.util.jscep.transaction.TransactionException;
import com.lankapay.justpay.util.jscep.transaction.TransactionId;
import com.lankapay.justpay.util.jscep.transport.HttpGetTransport;
import com.lankapay.justpay.util.jscep.transport.HttpPostTransport;
import com.lankapay.justpay.util.jscep.transport.Transport;
import com.lankapay.justpay.util.jscep.transport.TransportException;
import com.lankapay.justpay.util.jscep.transport.request.GetCaCapsRequest;
import com.lankapay.justpay.util.jscep.transport.request.GetCaCertRequest;
import com.lankapay.justpay.util.jscep.transport.request.GetNextCaCertRequest;
import com.lankapay.justpay.util.jscep.transport.response.Capabilities;
import com.lankapay.justpay.util.jscep.transport.response.Capability;
import com.lankapay.justpay.util.jscep.transport.response.GetCaCapsResponseHandler;
import com.lankapay.justpay.util.jscep.transport.response.GetCaCertResponseHandler;
import com.lankapay.justpay.util.jscep.transport.response.GetNextCaCertResponseHandler;
import com.lankapay.justpay.util.jscep.x509.X509Util;
import java.io.IOException;
import java.io.StringReader;
import java.math.BigInteger;
import java.net.URL;
import java.security.PrivateKey;
import java.security.cert.CRL;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Objects;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public final class Client {
    private static final tz LOGGER = vz.LKTMoTMwSkmFt4rBdzL1(Client.class);
    private final CallbackHandler handler;
    private final URL url;

    public Client(URL url, CertificateVerifier certificateVerifier) {
        this.url = url;
        this.handler = new DefaultCallbackHandler(certificateVerifier);
        validateInput();
    }

    public Client(URL url, CallbackHandler callbackHandler) {
        this.url = url;
        this.handler = callbackHandler;
        validateInput();
    }

    private Transport createTransport(String str) {
        return getCaCapabilities(str).isPostSupported() ? new HttpPostTransport(this.url) : new HttpGetTransport(this.url);
    }

    private PkiMessageDecoder getDecoder(X509Certificate x509Certificate, PrivateKey privateKey, X509Certificate x509Certificate2) {
        return new PkiMessageDecoder(new PkcsPkiEnvelopeDecoder(x509Certificate, privateKey), x509Certificate2);
    }

    private PkiMessageEncoder getEncoder(X509Certificate x509Certificate, PrivateKey privateKey, String str) {
        return new PkiMessageEncoder(privateKey, x509Certificate, new PkcsPkiEnvelopeEncoder(getRecipientCertificate(str)));
    }

    private X509Certificate getRecipientCertificate(String str) {
        return selectRecipientCertificate(getCaCertificate(str));
    }

    private X509Certificate getSignerCertificate(String str) {
        return selectSignerCertificate(getCaCertificate(str));
    }

    private X509Certificate selectIssuerCertificate(CertStore certStore) {
        return CertStoreInspector.inspect(certStore).getIssuer();
    }

    private X509Certificate selectRecipientCertificate(CertStore certStore) {
        return CertStoreInspector.inspect(certStore).getRecipient();
    }

    private X509Certificate selectSignerCertificate(CertStore certStore) {
        return CertStoreInspector.inspect(certStore).getSigner();
    }

    private EnrollmentResponse send(EnrollmentTransaction enrollmentTransaction) {
        Transaction.State send = enrollmentTransaction.send();
        return send == Transaction.State.CERT_ISSUED ? new EnrollmentResponse(enrollmentTransaction.getId(), enrollmentTransaction.getCertStore()) : send == Transaction.State.CERT_REQ_PENDING ? new EnrollmentResponse(enrollmentTransaction.getId()) : new EnrollmentResponse(enrollmentTransaction.getId(), enrollmentTransaction.getFailInfo());
    }

    private String sendPoll(EnrollmentTransaction enrollmentTransaction) {
        return enrollmentTransaction.sendo();
    }

    private boolean supportsDistributionPoints(X509Certificate x509Certificate) {
        return x509Certificate.getExtensionValue(uj1.uBor0tZnDCFb8cUmOTf1.VPrhPH8w32nUS4qXlRFo()) != null;
    }

    private void validateInput() {
        URL url = this.url;
        Objects.requireNonNull(url, "URL should not be null");
        if (!url.getProtocol().matches("^https?$")) {
            throw new IllegalArgumentException("URL protocol should be HTTP or HTTPS");
        }
        if (this.url.getRef() != null) {
            throw new IllegalArgumentException("URL should contain no reference");
        }
        if (this.url.getQuery() != null) {
            throw new IllegalArgumentException("URL should contain no query string");
        }
        Objects.requireNonNull(this.handler, "Callback handler should not be null");
    }

    private void verifyCA(X509Certificate x509Certificate) {
        CertificateVerificationCallback certificateVerificationCallback = new CertificateVerificationCallback(x509Certificate);
        try {
            this.handler.handle(new Callback[]{certificateVerificationCallback});
            if (!certificateVerificationCallback.isVerified()) {
                throw new ClientException("CA certificate fingerprint could not be verified.");
            }
        } catch (IOException e) {
            throw new ClientException(e);
        } catch (UnsupportedCallbackException e2) {
            throw new ClientException(e2);
        }
    }

    public X509Certificate convertToX509(String str) {
        try {
            return (X509Certificate) new fd0(new StringReader(str)).readObject();
        } catch (Exception unused) {
            return null;
        }
    }

    public EnrollmentResponse enrol(X509Certificate x509Certificate, PrivateKey privateKey, id0 id0Var) {
        return enrol(x509Certificate, privateKey, id0Var, null);
    }

    public EnrollmentResponse enrol(X509Certificate x509Certificate, PrivateKey privateKey, id0 id0Var, String str) {
        Transport createTransport = createTransport(str);
        CertStore caCertificate = getCaCertificate(str);
        return send(new EnrollmentTransaction(createTransport, new PkiMessageEncoder(privateKey, x509Certificate, new PkcsPkiEnvelopeEncoder(selectRecipientCertificate(caCertificate))), getDecoder(x509Certificate, privateKey, selectSignerCertificate(caCertificate)), id0Var));
    }

    public ehTblMf5JWlVwtL8J1EF enroll(X509Certificate x509Certificate, PrivateKey privateKey, id0 id0Var, X509Certificate x509Certificate2) {
        try {
            return new PkiMessageEncoder(privateKey, x509Certificate, new PkcsPkiEnvelopeEncoder(x509Certificate2)).encode(new PkcsReq(TransactionId.createTransactionId(X509Util.getPublicKey(id0Var), "SHA-1"), Nonce.nextNonce(), id0Var));
        } catch (Exception unused) {
            return null;
        }
    }

    public Capabilities getCaCapabilities() {
        return getCaCapabilities(null);
    }

    public Capabilities getCaCapabilities(String str) {
        GetCaCapsRequest getCaCapsRequest = new GetCaCapsRequest(str);
        try {
            return (Capabilities) new HttpGetTransport(this.url).sendRequest(getCaCapsRequest, new GetCaCapsResponseHandler());
        } catch (TransportException unused) {
            return new Capabilities(new Capability[0]);
        }
    }

    public CertStore getCaCertificate() {
        return getCaCertificate(null);
    }

    public CertStore getCaCertificate(String str) {
        GetCaCertRequest getCaCertRequest = new GetCaCertRequest(str);
        try {
            CertStore certStore = (CertStore) new HttpGetTransport(this.url).sendRequest(getCaCertRequest, new GetCaCertResponseHandler());
            verifyCA(selectIssuerCertificate(certStore));
            return certStore;
        } catch (TransportException e) {
            throw new ClientException(e);
        }
    }

    public CertStore getCertificate(X509Certificate x509Certificate, PrivateKey privateKey, BigInteger bigInteger) {
        return getCertificate(x509Certificate, privateKey, bigInteger, null);
    }

    public CertStore getCertificate(X509Certificate x509Certificate, PrivateKey privateKey, BigInteger bigInteger, String str) {
        CertStore caCertificate = getCaCertificate(str);
        X509Certificate selectIssuerCertificate = selectIssuerCertificate(caCertificate);
        X509Certificate selectSignerCertificate = selectSignerCertificate(caCertificate);
        NonEnrollmentTransaction nonEnrollmentTransaction = new NonEnrollmentTransaction(createTransport(str), getEncoder(x509Certificate, privateKey, str), getDecoder(x509Certificate, privateKey, selectSignerCertificate), new tr(new lj1(selectIssuerCertificate.getIssuerX500Principal().toString()), bigInteger), MessageType.GET_CERT);
        try {
            Transaction.State send = nonEnrollmentTransaction.send();
            if (send == Transaction.State.CERT_ISSUED) {
                return nonEnrollmentTransaction.getCertStore();
            }
            if (send == Transaction.State.CERT_REQ_PENDING) {
                throw new IllegalStateException();
            }
            throw new OperationFailureException(nonEnrollmentTransaction.getFailInfo());
        } catch (TransactionException e) {
            throw new ClientException(e);
        }
    }

    public X509CRL getRevocationList(X509Certificate x509Certificate, PrivateKey privateKey, X500Principal x500Principal, BigInteger bigInteger) {
        return getRevocationList(x509Certificate, privateKey, x500Principal, bigInteger, null);
    }

    public X509CRL getRevocationList(X509Certificate x509Certificate, PrivateKey privateKey, X500Principal x500Principal, BigInteger bigInteger, String str) {
        CertStore caCertificate = getCaCertificate(str);
        X509Certificate selectIssuerCertificate = selectIssuerCertificate(caCertificate);
        X509Certificate selectSignerCertificate = selectSignerCertificate(caCertificate);
        if (supportsDistributionPoints(selectIssuerCertificate)) {
            throw new RuntimeException("Unimplemented");
        }
        NonEnrollmentTransaction nonEnrollmentTransaction = new NonEnrollmentTransaction(createTransport(str), getEncoder(x509Certificate, privateKey, str), getDecoder(x509Certificate, privateKey, selectSignerCertificate), new tr(new lj1(x500Principal.getName()), bigInteger), MessageType.GET_CRL);
        try {
            Transaction.State send = nonEnrollmentTransaction.send();
            if (send != Transaction.State.CERT_ISSUED) {
                if (send == Transaction.State.CERT_REQ_PENDING) {
                    throw new IllegalStateException();
                }
                throw new OperationFailureException(nonEnrollmentTransaction.getFailInfo());
            }
            try {
                Collection<? extends CRL> cRLs = nonEnrollmentTransaction.getCertStore().getCRLs(null);
                if (cRLs.size() == 0) {
                    return null;
                }
                return (X509CRL) cRLs.iterator().next();
            } catch (CertStoreException e) {
                throw new RuntimeException(e);
            }
        } catch (TransactionException e2) {
            throw new ClientException(e2);
        }
    }

    public CertStore getRolloverCertificate() {
        return getRolloverCertificate(null);
    }

    public CertStore getRolloverCertificate(String str) {
        if (!getCaCapabilities(str).isRolloverSupported()) {
            throw new UnsupportedOperationException();
        }
        X509Certificate signerCertificate = getSignerCertificate(str);
        try {
            return (CertStore) new HttpGetTransport(this.url).sendRequest(new GetNextCaCertRequest(str), new GetNextCaCertResponseHandler(signerCertificate));
        } catch (TransportException e) {
            throw new ClientException(e);
        }
    }

    public EnrollmentResponse poll(X509Certificate x509Certificate, PrivateKey privateKey, X500Principal x500Principal, TransactionId transactionId) {
        return poll(x509Certificate, privateKey, x500Principal, transactionId, null);
    }

    public EnrollmentResponse poll(X509Certificate x509Certificate, PrivateKey privateKey, X500Principal x500Principal, TransactionId transactionId, String str) {
        Transport createTransport = createTransport(str);
        CertStore caCertificate = getCaCertificate(str);
        X509Certificate selectRecipientCertificate = selectRecipientCertificate(caCertificate);
        X509Certificate selectIssuerCertificate = selectIssuerCertificate(caCertificate);
        return send(new EnrollmentTransaction(createTransport, new PkiMessageEncoder(privateKey, x509Certificate, new PkcsPkiEnvelopeEncoder(selectRecipientCertificate)), getDecoder(x509Certificate, privateKey, selectSignerCertificate(caCertificate)), new IssuerAndSubject(X509Util.toX509Name(selectIssuerCertificate.getIssuerX500Principal()), X509Util.toX509Name(x500Principal)), transactionId));
    }

    public String poller(X509Certificate x509Certificate, PrivateKey privateKey, X500Principal x500Principal, TransactionId transactionId, String str) {
        Transport createTransport = createTransport(str);
        CertStore caCertificate = getCaCertificate(str);
        X509Certificate selectRecipientCertificate = selectRecipientCertificate(caCertificate);
        X509Certificate selectIssuerCertificate = selectIssuerCertificate(caCertificate);
        return sendPoll(new EnrollmentTransaction(createTransport, new PkiMessageEncoder(privateKey, x509Certificate, new PkcsPkiEnvelopeEncoder(selectRecipientCertificate)), getDecoder(x509Certificate, privateKey, selectSignerCertificate(caCertificate)), new IssuerAndSubject(X509Util.toX509Name(selectIssuerCertificate.getIssuerX500Principal()), X509Util.toX509Name(x500Principal)), transactionId));
    }
}
