package com.manageengine.mdm.framework.certificate;

import android.content.Context;
import android.util.Base64;
import com.manageengine.mdm.framework.core.Request;
import com.manageengine.mdm.framework.db.SCEPPayloadTableHandler;
import com.manageengine.mdm.framework.logging.MDMProfileLogger;
import com.manageengine.mdm.framework.profile.scep.ScepConfig;
import com.manageengine.mdm.framework.utils.AgentUtil;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.crypto.tls.CipherSuite;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.jscep.client.Client;
import org.jscep.client.ClientException;
import org.jscep.client.EnrollmentResponse;
import org.jscep.client.verification.OptimisticCertificateVerifier;
import org.jscep.transaction.TransactionException;
import org.jscep.transport.UrlConnectionTransportFactory;

/* loaded from: classes.dex */
public class ScepClient {
    private String alias;
    private Certificate[] ca_certificates;
    private String certificate_authority;
    private Context context;
    private String enrollmentPassword;
    private String enrollmentURL;
    private String generatedPassword;
    private boolean isDigitalSignature;
    private boolean isKeyEncipherment;
    private int keyLength;
    private String keystoreName = "KEYSTORE.pfx";
    private Request request;
    private String subject;
    private Integer subjectAlternativeNameType;
    private String subjectAlternativeNameValue;

    public ScepClient(ScepConfig scepConfig, Request request) {
        this.isDigitalSignature = false;
        this.isKeyEncipherment = false;
        this.request = request;
        this.enrollmentURL = scepConfig.serverURL;
        this.subject = scepConfig.subject;
        this.keyLength = Integer.parseInt(scepConfig.keySize);
        this.enrollmentPassword = scepConfig.challengePassword;
        this.subjectAlternativeNameType = scepConfig.sanType;
        this.subjectAlternativeNameValue = scepConfig.sanValue;
        this.certificate_authority = scepConfig.caName;
        int intValue = scepConfig.keyUsage.intValue();
        if (intValue == 1) {
            this.isDigitalSignature = true;
        } else if (intValue == 4) {
            this.isKeyEncipherment = true;
        } else if (intValue == 5) {
            this.isDigitalSignature = true;
            this.isKeyEncipherment = true;
        }
        this.alias = ScepConfig.alias;
        this.generatedPassword = Integer.toString(Math.abs(new SecureRandom().nextInt()));
        try {
            if (scepConfig.ca_certificate == null || scepConfig.ca_certificate.isEmpty()) {
                this.ca_certificates = null;
                return;
            }
            Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(Base64.decode(scepConfig.ca_certificate, 0)));
            ArrayList arrayList = new ArrayList();
            if (generateCertificates.isEmpty()) {
                this.ca_certificates = null;
                return;
            }
            Iterator<? extends Certificate> it = generateCertificates.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
            this.ca_certificates = (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]);
        } catch (Exception unused) {
            this.ca_certificates = null;
            MDMProfileLogger.error("SCEP Client: Error while converting base64 to certificate for SCEP.");
        }
    }

    private KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(this.keyLength);
        MDMProfileLogger.info("SCEP Client: Keypair generated");
        return keyPairGenerator.genKeyPair();
    }

    private X509Certificate generateSelfSignedCertificate(KeyPair keyPair) throws OperatorCreationException, CertificateException {
        try {
            MDMProfileLogger.info("SCEP Client: Generating self-signed certificate");
            Date date = new Date(System.currentTimeMillis());
            Date date2 = new Date(System.currentTimeMillis() + 864000000);
            BigInteger valueOf = BigInteger.valueOf(1L);
            PublicKey publicKey = keyPair.getPublic();
            X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(new JcaX509v3CertificateBuilder(new X500Name(this.subject), valueOf, date, date2, new X500Name(this.subject), publicKey).build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate())));
            MDMProfileLogger.info("SCEP Client: Self-signed generated successfully");
            return certificate;
        } catch (CertificateException | OperatorCreationException e) {
            MDMProfileLogger.error("SCEP Client: Exception occurred while generating self signed certificate: ", e);
            throw e;
        }
    }

    private PKCS10CertificationRequest getCSR(KeyPair keyPair) throws IOException, OperatorCreationException {
        try {
            JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(this.subject), keyPair.getPublic());
            if (this.enrollmentPassword != null && !this.enrollmentPassword.isEmpty()) {
                jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(this.enrollmentPassword));
                MDMProfileLogger.info("SCEP Client: Enrollment passcode added");
            }
            ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
            if (this.subjectAlternativeNameType.intValue() > 0 && this.subjectAlternativeNameValue != null && !this.subjectAlternativeNameValue.isEmpty()) {
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                aSN1EncodableVector2.add(new ASN1ObjectIdentifier("1.3.6.1.4.1.311.20.2.3"));
                aSN1EncodableVector2.add(new DERTaggedObject(true, 0, new DERUTF8String(this.subjectAlternativeNameValue)));
                aSN1EncodableVector.add(new DERTaggedObject(false, 0, new DERSequence(aSN1EncodableVector2)));
                MDMProfileLogger.info("SCEP Client: Subject Alternative name added");
                extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, (ASN1Encodable) new DERSequence(aSN1EncodableVector));
            }
            if (this.isKeyEncipherment && this.isDigitalSignature) {
                extensionsGenerator.addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(CipherSuite.TLS_DH_RSA_WITH_AES_128_GCM_SHA256));
                MDMProfileLogger.info("SCEP Client: Key usage added");
            } else if (this.isKeyEncipherment) {
                extensionsGenerator.addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(32));
                MDMProfileLogger.info("SCEP Client: Key usage added");
                MDMProfileLogger.info("SCEP Client: Key usage- Key encipherment added");
            } else if (this.isDigitalSignature) {
                extensionsGenerator.addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(128));
                MDMProfileLogger.info("SCEP Client: Key usage- Digital signature added");
            }
            jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
            MDMProfileLogger.info("SCEP Client: Certificate signing request generated");
            return jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate()));
        } catch (IOException e) {
            MDMProfileLogger.error("SCEP Client: Error while generating CSR: ", (Exception) e);
            throw e;
        } catch (OperatorCreationException e2) {
            MDMProfileLogger.error("SCEP Client: Error while generating CSR: ", (Exception) e2);
            throw e2;
        }
    }

    private SSLSocketFactory getSSLSocketContext() throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException, KeyManagementException, NoSuchProviderException {
        try {
            try {
                try {
                    KeyStore keyStore = KeyStore.getInstance("PKCS12", BouncyCastleProvider.PROVIDER_NAME);
                    keyStore.load(null, null);
                    for (Certificate certificate : this.ca_certificates) {
                        keyStore.setCertificateEntry(IETFUtils.valueToString(new JcaX509CertificateHolder((X509Certificate) certificate).getSubject().getRDNs(BCStyle.CN)[0].getFirst().getValue()), certificate);
                    }
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(keyStore);
                    SSLContext sSLContext = SSLContext.getInstance("TLS");
                    sSLContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
                    MDMProfileLogger.info("SCEP Client: SSL context created successfully");
                    return sSLContext.getSocketFactory();
                } catch (NoSuchProviderException e) {
                    e = e;
                    MDMProfileLogger.error("SCEP Client: NoSuchAlgorithmException: " + e);
                    throw e;
                }
            } catch (IOException e2) {
                MDMProfileLogger.error("SCEP Client: Exception while retrieving zoho ca certificate from local storage: ", (Exception) e2);
                throw e2;
            } catch (NoSuchProviderException e3) {
                MDMProfileLogger.error("SCEP Client: NoSuchAlgorithmException: " + e3);
                throw e3;
            }
        } catch (KeyManagementException e4) {
            MDMProfileLogger.error("SCEP Client: NoSuchAlgorithmException: " + e4);
            throw e4;
        } catch (KeyStoreException e5) {
            MDMProfileLogger.error("SCEP Client: NoSuchAlgorithmException: " + e5);
            throw e5;
        } catch (NoSuchAlgorithmException e6) {
            e = e6;
            MDMProfileLogger.error("SCEP Client: NoSuchAlgorithmException: " + e);
            throw e;
        } catch (CertificateException e7) {
            MDMProfileLogger.error("SCEP Client: NoSuchAlgorithmException: " + e7);
            throw e7;
        }
    }

    private int handleEnrollmentFailure(EnrollmentResponse enrollmentResponse) {
        int value = enrollmentResponse.getFailInfo().getValue();
        MDMProfileLogger.info("SCEP Client: Enrollment failed. Fail value : " + value);
        if (value == 2) {
            MDMProfileLogger.info("SCEP Client: Enrollment failed. Bad request");
        } else if (value == 3) {
            MDMProfileLogger.info("SCEP Client: The signingTime attribute from the PKCS#7 signedAttributes was not sufficiently close to the system time.");
        }
        return value;
    }

    private void handleEnrollmetSuccess(EnrollmentResponse enrollmentResponse, PrivateKey privateKey) throws NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, IOException, CertStoreException, CertificateException {
        try {
            ArrayList arrayList = new ArrayList(enrollmentResponse.getCertStore().getCertificates(null));
            Certificate[] certificateArr = new Certificate[arrayList.size()];
            for (int i = 0; i < arrayList.size(); i++) {
                certificateArr[i] = (Certificate) arrayList.get(i);
            }
            String file = new File(AgentUtil.getInstance().getInternalAgentDirectory(), this.keystoreName).toString();
            storeKeystoreLocally(certificateArr, privateKey, file);
            saveKeystoreInfoInDB(file, ((X509Certificate) certificateArr[0]).getNotAfter().toString());
        } catch (IOException e) {
            e = e;
            MDMProfileLogger.error("SCEP Client: Unable to store the keystore to local storage: ", e);
            throw e;
        } catch (KeyStoreException e2) {
            e = e2;
            MDMProfileLogger.error("SCEP Client: Unable to store the keystore to local storage: ", e);
            throw e;
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
            MDMProfileLogger.error("SCEP Client: Unable to store the keystore to local storage: ", e);
            throw e;
        } catch (NoSuchProviderException e4) {
            e = e4;
            MDMProfileLogger.error("SCEP Client: Unable to store the keystore to local storage: ", e);
            throw e;
        } catch (CertStoreException e5) {
            MDMProfileLogger.error("SCEP Client: Enrollment success, but exception while retrieving the certificate from cert store: ", (Exception) e5);
            throw e5;
        } catch (CertificateException e6) {
            e = e6;
            MDMProfileLogger.error("SCEP Client: Unable to store the keystore to local storage: ", e);
            throw e;
        }
    }

    private void saveKeystoreInfoInDB(String str, String str2) {
        this.context = this.request.getContainer().getApplicationContext();
        new SCEPPayloadTableHandler(this.context).addOrUpdateSCEPPayload(this.alias, str, this.generatedPassword, str2);
        MDMProfileLogger.info("SCEP Client: Expiry date added in DB");
    }

    private void storeKeystoreLocally(Certificate[] certificateArr, PrivateKey privateKey, String str) throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException, NoSuchProviderException {
        FileOutputStream fileOutputStream;
        try {
            MDMProfileLogger.info("SCEP Client: Storing the keystore in local storage temporarily.");
            KeyStore keyStore = KeyStore.getInstance("PKCS12", BouncyCastleProvider.PROVIDER_NAME);
            keyStore.load(null, null);
            keyStore.setKeyEntry(this.alias, privateKey, this.generatedPassword.toCharArray(), certificateArr);
            for (int i = 0; i < certificateArr.length; i++) {
                keyStore.setCertificateEntry("cert_" + i, certificateArr[i]);
            }
            File file = new File(str);
            FileOutputStream fileOutputStream2 = new FileOutputStream(file);
            try {
                try {
                    fileOutputStream = new FileOutputStream(file);
                } catch (Throwable th) {
                    th = th;
                }
            } catch (FileNotFoundException e) {
                e = e;
            } catch (KeyStoreException e2) {
                e = e2;
            } catch (CertificateException e3) {
                e = e3;
            }
            try {
                keyStore.store(fileOutputStream, this.generatedPassword.toCharArray());
                MDMProfileLogger.info("SCEP Client: Keystore successfully saved");
                fileOutputStream.close();
            } catch (FileNotFoundException e4) {
                e = e4;
                MDMProfileLogger.error("SCEP Client: Unable to store the keystore in storage " + e);
                throw e;
            } catch (KeyStoreException e5) {
                e = e5;
                MDMProfileLogger.error("SCEP Client: Unable to store the keystore in storage " + e);
                throw e;
            } catch (CertificateException e6) {
                e = e6;
                MDMProfileLogger.error("SCEP Client: Unable to store the keystore in storage " + e);
                throw e;
            } catch (Throwable th2) {
                th = th2;
                fileOutputStream2 = fileOutputStream;
                fileOutputStream2.close();
                throw th;
            }
        } catch (IOException e7) {
            e = e7;
            MDMProfileLogger.error("SCEP Client: NoSuchAlgorithmException: " + e);
            throw e;
        } catch (KeyStoreException e8) {
            e = e8;
            MDMProfileLogger.error("SCEP Client: KeyStoreException: " + e);
            throw e;
        } catch (NoSuchAlgorithmException e9) {
            e = e9;
            MDMProfileLogger.error("SCEP Client: NoSuchAlgorithmException: " + e);
            throw e;
        } catch (NoSuchProviderException e10) {
            e = e10;
            MDMProfileLogger.error("SCEP Client: KeyStoreException: " + e);
            throw e;
        } catch (CertificateException e11) {
            MDMProfileLogger.error("SCEP Client: CertificateException: " + e11);
            throw e11;
        }
    }

    public int requestCertificate() throws NoSuchAlgorithmException, OperatorCreationException, CertificateException, IOException, KeyStoreException, KeyManagementException, NoSuchProviderException, CertStoreException, TransactionException, ClientException {
        KeyPair generateKeyPair = generateKeyPair();
        PKCS10CertificationRequest csr = getCSR(generateKeyPair);
        X509Certificate generateSelfSignedCertificate = generateSelfSignedCertificate(generateKeyPair);
        Client client = new Client(new URL(this.enrollmentURL), new OptimisticCertificateVerifier());
        Certificate[] certificateArr = this.ca_certificates;
        if (certificateArr != null && certificateArr.length > 0) {
            MDMProfileLogger.info("SCEP Client: Adding custom ssl context");
            client.setTransportFactory(new UrlConnectionTransportFactory(getSSLSocketContext()));
        }
        try {
            MDMProfileLogger.info("SCEP Client: Initiating communication with the SCEP server");
            EnrollmentResponse enrol = client.enrol(generateSelfSignedCertificate, generateKeyPair.getPrivate(), csr, this.certificate_authority);
            if (enrol.isFailure()) {
                MDMProfileLogger.info("SCEP Client: Enrollment failed");
                return handleEnrollmentFailure(enrol);
            }
            if (!enrol.isSuccess()) {
                return -1;
            }
            MDMProfileLogger.info("SCEP Client: Enrollment succeeded");
            handleEnrollmetSuccess(enrol, generateKeyPair.getPrivate());
            return 100;
        } catch (ClientException e) {
            MDMProfileLogger.error("SCEP Client: Problem in the client side ", (Exception) e);
            throw e;
        } catch (TransactionException e2) {
            MDMProfileLogger.error("SCEP Client: Error occurred during SCEP transaction ", (Exception) e2);
            throw e2;
        }
    }
}
