package defpackage;

import defpackage.bv8;
import defpackage.eu8;
import java.io.IOException;
import java.net.URL;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.CertStore;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

/* loaded from: classes3.dex */
public final class ty0 {
    public static final u75 e = w75.k(ty0.class);

    /* renamed from: a, reason: collision with root package name */
    public final URL f4214a;
    public final CallbackHandler b;
    public nq0 c = new ru1();
    public bv8 d = new k79();

    public ty0(URL url, CallbackHandler callbackHandler) {
        this.f4214a = url;
        this.b = callbackHandler;
        i();
    }

    public final wu8 a(String str) {
        return c(str).h() ? this.d.a(bv8.a.POST, this.f4214a) : this.d.a(bv8.a.GET, this.f4214a);
    }

    public ew2 b(X509Certificate x509Certificate, PrivateKey privateKey, eg6 eg6Var, String str) {
        u75 u75Var = e;
        u75Var.i("Enrolling certificate with CA");
        if (g(x509Certificate)) {
            u75Var.i("Certificate is self-signed");
            if (!eg6Var.b().equals(es9.a(x509Certificate.getSubjectX500Principal()))) {
                u75Var.e("The self-signed certificate MUST use the same subject name as in the PKCS#10 request.");
            }
        }
        fw2 fw2Var = new fw2(a(str), f(x509Certificate, privateKey, str), e(x509Certificate, privateKey, str), eg6Var);
        try {
            MessageDigest f = c(str).f();
            u75Var.c("{} PKCS#10 Fingerprint: [{}]", f.getAlgorithm(), new String(wv3.c(f.digest(eg6Var.a()))));
        } catch (IOException e2) {
            e.f("Error getting encoded CSR", e2);
        }
        return h(fw2Var);
    }

    public fo0 c(String str) {
        e.i("Determining capabilities of SCEP server");
        ko3 ko3Var = new ko3(str);
        try {
            return (fo0) this.d.a(bv8.a.GET, this.f4214a).a(ko3Var, new lo3());
        } catch (av8 unused) {
            e.n("AbstractTransport problem when determining capabilities.  Using empty capabilities.");
            return new fo0(new go0[0]);
        }
    }

    public CertStore d(String str) {
        e.i("Retrieving current CA certificate");
        mo3 mo3Var = new mo3(str);
        try {
            CertStore certStore = (CertStore) this.d.a(bv8.a.GET, this.f4214a).a(mo3Var, new no3());
            mq0 a2 = this.c.a(certStore);
            j(a2.c());
            k(a2.c(), a2.b());
            k(a2.c(), a2.a());
            return certStore;
        } catch (av8 e2) {
            throw new vy0(e2);
        }
    }

    public final ir6 e(X509Certificate x509Certificate, PrivateKey privateKey, String str) {
        return new ir6(this.c.a(d(str)).a(), new er6(x509Certificate, privateKey));
    }

    public final jr6 f(X509Certificate x509Certificate, PrivateKey privateKey, String str) {
        CertStore d = d(str);
        fo0 c = c(str);
        return new jr6(privateKey, x509Certificate, new fr6(this.c.a(d).b(), c.e()), c.g());
    }

    public final boolean g(X509Certificate x509Certificate) {
        try {
            dm4 dm4Var = new dm4(x509Certificate);
            return dm4Var.h(new tl4().e(dm4Var));
        } catch (oj7 e2) {
            if (!(e2.getCause() instanceof SignatureException)) {
                throw new vy0(e2);
            }
            e.n("SignatureException detected so we consider that the certificate is not self signed");
            return false;
        } catch (Exception e3) {
            throw new vy0(e3);
        }
    }

    public final ew2 h(fw2 fw2Var) {
        eu8.a k = fw2Var.k();
        return k == eu8.a.CERT_ISSUED ? new ew2(fw2Var.j(), fw2Var.e()) : k == eu8.a.CERT_REQ_PENDING ? new ew2(fw2Var.j()) : new ew2(fw2Var.j(), fw2Var.f());
    }

    public final void i() {
        URL url = this.f4214a;
        if (url == null) {
            throw new NullPointerException("URL should not be null");
        }
        if (!url.getProtocol().matches("^https?$")) {
            throw new IllegalArgumentException("URL protocol should be HTTP or HTTPS");
        }
        if (this.f4214a.getRef() != null) {
            throw new IllegalArgumentException("URL should contain no reference");
        }
        if (this.f4214a.getQuery() != null) {
            throw new IllegalArgumentException("URL should contain no query string");
        }
        if (this.b == null) {
            throw new NullPointerException("Callback handler should not be null");
        }
    }

    public final void j(X509Certificate x509Certificate) {
        uq0 uq0Var = new uq0(x509Certificate);
        try {
            u75 u75Var = e;
            u75Var.i("Requesting certificate verification.");
            this.b.handle(new Callback[]{uq0Var});
            if (uq0Var.b()) {
                u75Var.i("Certificate verification passed.");
            } else {
                u75Var.i("Certificate verification failed.");
                throw new vy0("CA certificate fingerprint could not be verified.");
            }
        } catch (IOException e2) {
            throw new vy0(e2);
        } catch (UnsupportedCallbackException e3) {
            e.i("Certificate verification failed.");
            throw new vy0(e3);
        }
    }

    public final void k(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        u75 u75Var = e;
        u75Var.i("Verifying signature of RA certificate");
        if (x509Certificate.equals(x509Certificate2)) {
            u75Var.i("RA and CA are identical");
            return;
        }
        try {
            if (new dm4(x509Certificate2).h(new tl4().g(x509Certificate))) {
                u75Var.i("Signature verification passed for RA.");
            } else {
                u75Var.i("Signature verification failed for RA.");
                throw new vy0("RA not issued by CA");
            }
        } catch (bd6 e2) {
            throw new vy0(e2);
        } catch (hq0 e3) {
            throw new vy0(e3);
        } catch (CertificateEncodingException e4) {
            throw new vy0(e4);
        }
    }
}
