package defpackage;

import defpackage.d46;
import defpackage.z46;
import java.io.IOException;
import java.net.URL;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.CertStore;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Objects;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

/* loaded from: classes3.dex */
public final class gh0 {
    public static final rj3 e = tj3.f(gh0.class);

    /* renamed from: a, reason: collision with root package name */
    public final URL f1247a;
    public final CallbackHandler b;
    public lc0 c = new b61();
    public z46 d = new bb6();

    public gh0(URL url, CallbackHandler callbackHandler) {
        this.f1247a = url;
        this.b = callbackHandler;
        i();
    }

    public final u46 a(String str) {
        return c(str).h() ? this.d.a(z46.a.POST, this.f1247a) : this.d.a(z46.a.GET, this.f1247a);
    }

    public xv1 b(X509Certificate x509Certificate, PrivateKey privateKey, ge4 ge4Var, String str) throws ih0, f46 {
        rj3 rj3Var = e;
        rj3Var.h("Enrolling certificate with CA");
        if (g(x509Certificate)) {
            rj3Var.h("Certificate is self-signed");
            if (!ge4Var.b().equals(ro6.a(x509Certificate.getSubjectX500Principal()))) {
                rj3Var.e("The self-signed certificate MUST use the same subject name as in the PKCS#10 request.");
            }
        }
        zv1 zv1Var = new zv1(a(str), f(x509Certificate, privateKey, str), e(x509Certificate, privateKey, str), ge4Var);
        try {
            MessageDigest f = c(str).f();
            rj3Var.c("{} PKCS#10 Fingerprint: [{}]", f.getAlgorithm(), new String(jm2.b(f.digest(ge4Var.a()))));
        } catch (IOException e2) {
            e.f("Error getting encoded CSR", e2);
        }
        return h(zv1Var);
    }

    public ab0 c(String str) {
        e.h("Determining capabilities of SCEP server");
        ig2 ig2Var = new ig2(str);
        try {
            return (ab0) this.d.a(z46.a.GET, this.f1247a).a(ig2Var, new jg2());
        } catch (y46 unused) {
            e.g("AbstractTransport problem when determining capabilities.  Using empty capabilities.");
            return new ab0(new bb0[0]);
        }
    }

    public CertStore d(String str) throws ih0 {
        e.h("Retrieving current CA certificate");
        kg2 kg2Var = new kg2(str);
        try {
            CertStore certStore = (CertStore) this.d.a(z46.a.GET, this.f1247a).a(kg2Var, new lg2());
            kc0 a2 = this.c.a(certStore);
            j(a2.c());
            k(a2.c(), a2.b());
            k(a2.c(), a2.a());
            return certStore;
        } catch (y46 e2) {
            throw new ih0(e2);
        }
    }

    public final nm4 e(X509Certificate x509Certificate, PrivateKey privateKey, String str) throws ih0 {
        return new nm4(this.c.a(d(str)).a(), new jm4(x509Certificate, privateKey));
    }

    public final om4 f(X509Certificate x509Certificate, PrivateKey privateKey, String str) throws ih0 {
        CertStore d = d(str);
        ab0 c = c(str);
        return new om4(privateKey, x509Certificate, new km4(this.c.a(d).b(), c.e()), c.g());
    }

    public final boolean g(X509Certificate x509Certificate) throws ih0 {
        try {
            f53 f53Var = new f53(x509Certificate);
            return f53Var.f(new v43().c(f53Var));
        } catch (Exception e2) {
            throw new ih0(e2);
        }
    }

    public final xv1 h(zv1 zv1Var) throws f46 {
        d46.a k = zv1Var.k();
        return k == d46.a.CERT_ISSUED ? new xv1(zv1Var.j(), zv1Var.e()) : k == d46.a.CERT_REQ_PENDING ? new xv1(zv1Var.j()) : new xv1(zv1Var.j(), zv1Var.f());
    }

    public final void i() {
        URL url = this.f1247a;
        Objects.requireNonNull(url, "URL should not be null");
        if (!url.getProtocol().matches("^https?$")) {
            throw new IllegalArgumentException("URL protocol should be HTTP or HTTPS");
        }
        if (this.f1247a.getRef() != null) {
            throw new IllegalArgumentException("URL should contain no reference");
        }
        if (this.f1247a.getQuery() != null) {
            throw new IllegalArgumentException("URL should contain no query string");
        }
        Objects.requireNonNull(this.b, "Callback handler should not be null");
    }

    public final void j(X509Certificate x509Certificate) throws ih0 {
        sc0 sc0Var = new sc0(x509Certificate);
        try {
            rj3 rj3Var = e;
            rj3Var.h("Requesting certificate verification.");
            this.b.handle(new Callback[]{sc0Var});
            if (sc0Var.b()) {
                rj3Var.h("Certificate verification passed.");
            } else {
                rj3Var.h("Certificate verification failed.");
                throw new ih0("CA certificate fingerprint could not be verified.");
            }
        } catch (IOException e2) {
            throw new ih0(e2);
        } catch (UnsupportedCallbackException e3) {
            e.h("Certificate verification failed.");
            throw new ih0(e3);
        }
    }

    public final void k(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws ih0 {
        rj3 rj3Var = e;
        rj3Var.h("Verifying signature of RA certificate");
        if (x509Certificate.equals(x509Certificate2)) {
            rj3Var.h("RA and CA are identical");
            return;
        }
        try {
            if (new f53(x509Certificate2).f(new v43().d(x509Certificate))) {
                rj3Var.h("Signature verification passed for RA.");
            } else {
                rj3Var.h("Signature verification failed for RA.");
                throw new ih0("RA not issued by CA");
            }
        } catch (gc0 e2) {
            throw new ih0(e2);
        } catch (CertificateEncodingException e3) {
            throw new ih0(e3);
        } catch (yb4 e4) {
            throw new ih0(e4);
        }
    }
}
