package com.google.code.jscep.client;

import com.google.code.jscep.EnrollmentResult;
import com.google.code.jscep.PKIOperationFailureException;
import com.google.code.jscep.RequestPendingException;
import com.google.code.jscep.X509CertificateFactory;
import com.google.code.jscep.operations.GetCRL;
import com.google.code.jscep.operations.GetCert;
import com.google.code.jscep.request.GetCACaps;
import com.google.code.jscep.request.GetCACert;
import com.google.code.jscep.request.GetNextCACert;
import com.google.code.jscep.response.Capabilities;
import com.google.code.jscep.transaction.Transaction;
import com.google.code.jscep.transaction.TransactionFactory;
import com.google.code.jscep.transport.Transport;
import com.google.code.jscep.util.LoggingUtil;
import java.io.IOException;
import java.math.BigInteger;
import java.net.Proxy;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CRL;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:com/google/code/jscep/client/Client.class */
public class Client {
    private static Logger LOGGER = LoggingUtil.getLogger(Client.class);
    private URL url;
    private byte[] caDigest;
    private String digestAlgorithm;
    private Proxy proxy;
    private String caIdentifier;
    private KeyPair keyPair;
    private X509Certificate identity;

    public Client(ClientConfiguration clientConfiguration) throws IllegalStateException, IOException, GeneralSecurityException {
        this.url = clientConfiguration.getUrl();
        this.proxy = clientConfiguration.getProxy();
        this.caDigest = clientConfiguration.getCaDigest();
        this.caIdentifier = clientConfiguration.getCaIdentifier();
        this.keyPair = clientConfiguration.getKeyPair();
        this.identity = clientConfiguration.getIdentity();
        this.digestAlgorithm = clientConfiguration.getDigestAlgorithm();
        X500Principal subject = clientConfiguration.getSubject();
        X509Certificate caCertificate = clientConfiguration.getCaCertificate();
        if (!isValid(this.url)) {
            throw new IllegalStateException("Invalid URL");
        }
        if (caCertificate == null && this.caDigest == null) {
            throw new IllegalStateException("Need CA OR CA Digest.");
        }
        if (caCertificate != null && this.caDigest != null) {
            throw new IllegalStateException("Need CA OR CA Digest.");
        }
        if (this.identity == null && subject == null) {
            throw new IllegalStateException("Need Identity OR Subject");
        }
        if (this.identity != null && subject != null) {
            throw new IllegalStateException("Need Identity OR Subject");
        }
        if (this.digestAlgorithm == null) {
            this.digestAlgorithm = "MD5";
        }
        if (this.proxy == null) {
            this.proxy = Proxy.NO_PROXY;
        }
        if (this.keyPair == null) {
            this.keyPair = createKeyPair();
        }
        if (!isValid(this.keyPair)) {
            throw new IllegalStateException("Invalid KeyPair");
        }
        if (this.identity == null) {
            this.identity = createCertificate(subject);
        }
        if (!this.identity.getPublicKey().equals(this.keyPair.getPublic())) {
            throw new IllegalStateException("Public Key Mismatch");
        }
        LinkedList linkedList = new LinkedList();
        linkedList.add("MD5");
        linkedList.add("SHA-1");
        linkedList.add("SHA-256");
        linkedList.add("SHA-512");
        if (!linkedList.contains(this.digestAlgorithm)) {
            throw new IllegalStateException(this.digestAlgorithm + " is not a valid digest algorithm");
        }
        if (caCertificate != null) {
            this.caDigest = MessageDigest.getInstance(this.digestAlgorithm).digest(caCertificate.getTBSCertificate());
        } else {
            caCertificate = retrieveCA();
        }
        if (subject == null) {
            if (isSelfSigned(this.identity)) {
                LOGGER.fine("Certificate is self-signed.  This is not a renewal.");
                return;
            }
            if (this.identity.getIssuerX500Principal().equals(caCertificate.getSubjectX500Principal())) {
                LOGGER.fine("Certificate is signed by CA, so this is a renewal.");
            } else {
                LOGGER.fine("Certificate is signed by another CA, bit this is still a renewal.");
            }
            try {
                LOGGER.fine("Checking if the CA supports certificate renewal...");
                if (getCapabilities().isRenewalSupported()) {
                } else {
                    throw new IllegalStateException("Your CA does not support renewal");
                }
            } catch (IOException e) {
                throw new IllegalStateException("Your CA does not support renewal");
            }
        }
    }

    private boolean isSelfSigned(X509Certificate x509Certificate) {
        return x509Certificate.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal());
    }

    private boolean isValid(KeyPair keyPair) {
        return keyPair.getPrivate().getAlgorithm().equals("RSA") && keyPair.getPublic().getAlgorithm().equals("RSA");
    }

    private boolean isValid(URL url) {
        return url != null && url.getProtocol().matches("^https?$") && url.getPath().endsWith("pkiclient.exe") && url.getRef() == null && url.getQuery() == null;
    }

    private KeyPair createKeyPair() {
        LOGGER.fine("Creating RSA Key Pair");
        try {
            return KeyPairGenerator.getInstance("RSA").genKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private X509Certificate createCertificate(X500Principal x500Principal) {
        LOGGER.fine("Creating Self-Signed Certificate for " + x500Principal);
        try {
            return X509CertificateFactory.createEphemeralCertificate(x500Principal, this.keyPair);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private Transaction createTransaction() throws IOException {
        return TransactionFactory.createTransaction(createTransport(), retrieveSigningCertificate(), this.identity, this.keyPair, getCapabilities().getStrongestMessageDigest());
    }

    private Transport createTransport() throws IOException {
        LOGGER.entering(getClass().getName(), "createTransport");
        Transport createTransport = getCapabilities().isPostSupported() ? Transport.createTransport(Transport.Method.POST, this.url, this.proxy) : Transport.createTransport(Transport.Method.GET, this.url, this.proxy);
        LOGGER.exiting(getClass().getName(), "createTransport", createTransport);
        return createTransport;
    }

    public KeyPair getKeyPair() {
        return this.keyPair;
    }

    private Capabilities getCapabilities() throws IOException {
        return (Capabilities) Transport.createTransport(Transport.Method.GET, this.url, this.proxy).sendMessage(new GetCACaps(this.caIdentifier));
    }

    private List<X509Certificate> getCaCertificate() throws IOException {
        return (List) Transport.createTransport(Transport.Method.GET, this.url, this.proxy).sendMessage(new GetCACert(this.caIdentifier));
    }

    public List<X509Certificate> getNextCA() throws IOException {
        return (List) Transport.createTransport(Transport.Method.GET, this.url, this.proxy).sendMessage(new GetNextCACert(retrieveCA(), this.caIdentifier));
    }

    private X509Certificate retrieveCA() throws IOException {
        List<X509Certificate> caCertificate = getCaCertificate();
        try {
            try {
                if (Arrays.equals(this.caDigest, MessageDigest.getInstance(this.digestAlgorithm).digest(caCertificate.get(0).getEncoded()))) {
                    return caCertificate.get(0);
                }
                throw new IOException("CA Fingerprint Error");
            } catch (CertificateEncodingException e) {
                throw new IOException(e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }

    private X509Certificate retrieveSigningCertificate() throws IOException {
        List<X509Certificate> caCertificate = getCaCertificate();
        try {
            try {
                if (Arrays.equals(this.caDigest, MessageDigest.getInstance(this.digestAlgorithm).digest(caCertificate.get(0).getEncoded()))) {
                    return caCertificate.size() > 1 ? caCertificate.get(1) : caCertificate.get(0);
                }
                throw new IOException("CA Fingerprint Error");
            } catch (CertificateEncodingException e) {
                throw new IOException(e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }

    public List<X509CRL> getCrl() throws IOException {
        X509Certificate retrieveCA = retrieveCA();
        if (supportsDistributionPoints()) {
            return null;
        }
        try {
            try {
                return getCRLs(createTransaction().performOperation(new GetCRL(retrieveCA.getIssuerX500Principal(), retrieveCA.getSerialNumber())).getCRLs(null));
            } catch (CertStoreException e) {
                throw new IOException(e);
            }
        } catch (PKIOperationFailureException e2) {
            throw new RuntimeException((Throwable) e2);
        } catch (RequestPendingException e3) {
            throw new RuntimeException((Throwable) e3);
        }
    }

    private boolean supportsDistributionPoints() {
        return false;
    }

    public EnrollmentResult enroll(char[] cArr) throws IOException {
        return new InitialEnrollmentTask(createTransport(), retrieveSigningCertificate(), this.keyPair, this.identity, cArr, getCapabilities().getStrongestMessageDigest()).call();
    }

    public X509Certificate getCert(BigInteger bigInteger) throws IOException {
        try {
            try {
                return getCertificates(createTransaction().performOperation(new GetCert(retrieveCA().getIssuerX500Principal(), bigInteger)).getCertificates(null)).get(0);
            } catch (CertStoreException e) {
                throw new RuntimeException(e);
            }
        } catch (PKIOperationFailureException e2) {
            throw new RuntimeException((Throwable) e2);
        } catch (RequestPendingException e3) {
            throw new RuntimeException((Throwable) e3);
        }
    }

    private List<X509Certificate> getCertificates(Collection<? extends Certificate> collection) {
        ArrayList arrayList = new ArrayList();
        Iterator<? extends Certificate> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add((X509Certificate) it.next());
        }
        return arrayList;
    }

    private List<X509CRL> getCRLs(Collection<? extends CRL> collection) {
        ArrayList arrayList = new ArrayList();
        Iterator<? extends CRL> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add((X509CRL) it.next());
        }
        return arrayList;
    }
}
