package com.novell.zapp.scep;

import com.novell.zapp.R;
import com.novell.zapp.ZENworksApp;
import com.novell.zapp.framework.ConfigManager;
import com.novell.zapp.framework.logging.ZENLogger;
import com.novell.zapp.framework.objects.RestResponseHolder;
import com.novell.zapp.framework.utility.Constants;
import com.novell.zapp.framework.utility.ErrorJSONResponse;
import com.novell.zapp.framework.utility.RestInvoker;
import com.novell.zapp.framework.utility.SignatureGenerator;
import com.novell.zapp.framework.utility.ZENToken;
import com.novell.zapp.framework.utility.ZENworksSignature;
import com.novell.zapp.framework.utility.ZenTrustStore;
import com.novell.zapp.plugins.ReversePlugin;
import com.novell.zenworks.scep.objects.SCEPConfigBean;
import java.math.BigInteger;
import java.net.URL;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Map;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.codehaus.jackson.map.DeserializationConfig;
import org.codehaus.jackson.map.ObjectMapper;
import org.jscep.client.Client;
import org.jscep.client.EnrollmentResponse;

/* loaded from: classes17.dex */
public class ZenSCEPclient {
    private static Object instancelockObj = new Object();
    X509Certificate identity;
    KeyPair requesterKeyPair;
    SCEPConfigBean scepConfig;
    String serverUri;
    private final String TAG = "ZenSCEPclient";
    SCEPconfigHandler scepConfigHandler = new SCEPconfigHandler();
    RestInvoker restInvoker = new RestInvoker();
    ObjectMapper mapper = new ObjectMapper();

    public ZenSCEPclient(String str) {
        this.serverUri = str;
    }

    private Client getClient() throws Exception {
        this.scepConfig = this.scepConfigHandler.getSCEPconfig(this.serverUri);
        String url = this.scepConfig.getUrl();
        ZENLogger.debug("ZenSCEPclient", "SCEP server url: {0}", url);
        return new Client(new URL(url), new SCEPCertVerifier(this.scepConfig));
    }

    private PKCS10CertificationRequest getCsr() throws Exception {
        JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(this.identity.getSubjectX500Principal(), this.requesterKeyPair.getPublic());
        jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(this.scepConfig.getChallengePassword()));
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(160));
        extensionsGenerator.addExtension(Extension.extendedKeyUsage, false, (ASN1Encodable) new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));
        jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
        return jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").build(this.requesterKeyPair.getPrivate()));
    }

    private X509Certificate getIdentity() throws Exception {
        if (this.requesterKeyPair == null) {
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
                keyPairGenerator.initialize(this.scepConfig.getKeyLength().intValue());
                this.requesterKeyPair = keyPairGenerator.generateKeyPair();
            } catch (NoSuchAlgorithmException e) {
                ZENLogger.debug("ZenSCEPclient", "Identity key pair generation failed", e, new Object[0]);
                throw e;
            }
        }
        String requesterSubject = getRequesterSubject();
        X500Principal x500Principal = new X500Principal(requesterSubject);
        BigInteger bigInteger = BigInteger.ONE;
        Calendar calendar = Calendar.getInstance();
        calendar.add(5, -1);
        Date time = calendar.getTime();
        calendar.add(5, 364);
        try {
            try {
                return new JcaX509CertificateConverter().getCertificate(new JcaX509v3CertificateBuilder(x500Principal, bigInteger, time, calendar.getTime(), new X500Principal(requesterSubject), this.requesterKeyPair.getPublic()).build(new JcaContentSignerBuilder("SHA1withRSA").build(this.requesterKeyPair.getPrivate())));
            } catch (CertificateException e2) {
                ZENLogger.debug("ZenSCEPclient", "Identity certification creation failed", e2, new Object[0]);
                throw e2;
            }
        } catch (OperatorCreationException e3) {
            ZENLogger.debug("ZenSCEPclient", "Identity signing failed", e3, new Object[0]);
            throw e3;
        }
    }

    private boolean getNewTokensBySCEPIdentity() {
        this.mapper.configure(DeserializationConfig.Feature.FAIL_ON_UNKNOWN_PROPERTIES, false);
        boolean z = false;
        try {
            try {
                String generateSignature = SignatureGenerator.generateSignature();
                if (generateSignature != null) {
                    ZENworksSignature zENworksSignature = new ZENworksSignature();
                    try {
                        zENworksSignature.setSignature(generateSignature);
                        zENworksSignature.setMobileUID(ConfigManager.getInstance().retrieveString(Constants.ANDROID_ID, null));
                        RestResponseHolder invoke = this.restInvoker.invoke(ZENworksApp.getInstance().getNewTokensBySCEPURI(), "POST", (Map<String, String>) null, this.mapper.writeValueAsString(zENworksSignature));
                        String responseBody = invoke.getResponseBody();
                        if (invoke.getHttpStatusCode() == 200) {
                            ZENToken zENToken = (ZENToken) this.mapper.readValue(responseBody, ZENToken.class);
                            ZENLogger.debug("ZenSCEPclient", "Got the new tokens by passing the scep identity certifiacte. updating the authtoken and sessionToken in preferences. ", new Object[0]);
                            z = true;
                            ConfigManager configManager = ConfigManager.getInstance();
                            configManager.setString(Constants.AUTH_TOKEN, zENToken.getAuthToken());
                            configManager.setString(Constants.SESSION_TOKEN, zENToken.getSessionToken());
                            configManager.setBoolean(Constants.CERT_TOKEN_MODE, true);
                        } else if (invoke.getHttpStatusCode() == 480 && Integer.parseInt(((ErrorJSONResponse) this.mapper.readValue(responseBody, ErrorJSONResponse.class)).getDetail().getErrorCode()) == 918) {
                            ZENLogger.debug("ZenSCEPclient", "Invalid App Signature.", new Object[0]);
                        }
                    } catch (Exception e) {
                        e = e;
                        ZENLogger.debug("ZenSCEPclient", "Retrieval of new tokens based on SCEP identity has failed: ", e, new Object[0]);
                        this.mapper = null;
                        return z;
                    } catch (Throwable th) {
                        th = th;
                        this.mapper = null;
                        throw th;
                    }
                }
                this.mapper = null;
            } catch (Exception e2) {
                e = e2;
            }
            return z;
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private String getRequesterSubject() {
        return this.scepConfig.getSubject();
    }

    private String getURIForMarkingMDMTrue() throws Exception {
        StringBuilder sb = new StringBuilder();
        String retrieveString = ConfigManager.getInstance().retrieveString(Constants.SERVERIP, null);
        if (retrieveString == null || retrieveString.isEmpty()) {
            ZENLogger.error("ZenSCEPclient", R.string.enroll_server_ip_null_or_empty, new Object[0]);
            throw new Exception("Enroll Server IP is null or empty");
        }
        if (!retrieveString.startsWith("http")) {
            sb.append(Constants.URL_BASEHTTPS);
        }
        sb.append(retrieveString);
        if (!retrieveString.endsWith("/")) {
            sb.append("/");
        }
        sb.append(Constants.URL_ENDPOINT).append("/").append(Constants.ENROLLMENT_ENDPOINT).append("/").append(ZENworksApp.getInstance().getEnrollDeviceGuid()).append("/").append(Constants.URL_MDM_COMPLETE);
        ZENLogger.debug("ZenSCEPclient", "URI for making MDM status as true :" + sb.toString(), new Object[0]);
        return sb.toString();
    }

    private void handleEnrollmentResponse(EnrollmentResponse enrollmentResponse) throws Exception {
        if (!enrollmentResponse.isSuccess()) {
            if (enrollmentResponse.isFailure()) {
                ZENLogger.debug("ZenSCEPclient", "Enrollment Response Failure. Reason is : {0}", enrollmentResponse.getFailInfo().toString());
                ReversePlugin.sendScepCertStatus(false);
                throw new Exception("Failed to get device certificate");
            }
            if (!enrollmentResponse.isPending()) {
                throw new Exception("Invalid Enrollment Response");
            }
            ZENLogger.debug("ZenSCEPclient", "Certificate Approval Pending. Started Polling", new Object[0]);
            throw new Exception("Certificate Approval Pending");
        }
        ZENLogger.debug("ZenSCEPclient", "Got the certificate", new Object[0]);
        ZENLogger.debug("ZenSCEPclient", "Certificate = {0}", enrollmentResponse.getCertStore().getCertStoreParameters());
        Collection<? extends Certificate> certificates = enrollmentResponse.getCertStore().getCertificates(null);
        ZenTrustStore.getInstance().addPrivateKeyEntry(Constants.SCEP_IDENTITY_ALIAS, this.requesterKeyPair.getPrivate(), (Certificate[]) certificates.toArray(new Certificate[certificates.size()]));
        if (!getNewTokensBySCEPIdentity() || !markMDMIdentityForDeviceAsTrue()) {
            ReversePlugin.sendScepCertStatus(false);
            ZENLogger.debug("ZenSCEPclient", "Failed to get new tokens using certificate", new Object[0]);
        } else {
            ZENLogger.debug("ZenSCEPclient", "Calling from ZENScepClient...", new Object[0]);
            ReversePlugin.sendScepCertStatus(true);
            ZENLogger.debug("ZenSCEPclient", "Got new tokens using certificate", new Object[0]);
        }
    }

    private boolean markMDMIdentityForDeviceAsTrue() {
        try {
            RestResponseHolder invoke = this.restInvoker.invoke(getURIForMarkingMDMTrue(), "POST", (Map<String, String>) null, (String) null);
            ZENLogger.debug("ZenSCEPclient", "Status code for marking mdmidentity :" + invoke.getHttpStatusCode(), new Object[0]);
            if (invoke.getHttpStatusCode() != 200) {
                if (invoke.getHttpStatusCode() != 204) {
                    return false;
                }
            }
            return true;
        } catch (Exception e) {
            ZENLogger.debug("ZenSCEPclient", "markMDMIdentityForDeviceAsTrue failed.", e, new Object[0]);
            return false;
        }
    }

    public boolean getSCEPCertificate() {
        try {
            ZENLogger.debug("ZenSCEPclient", "getSCEPCertificate started", new Object[0]);
            Client client = getClient();
            ZENLogger.debug("ZenSCEPclient", "Created client", new Object[0]);
            synchronized (instancelockObj) {
                if (this.identity == null) {
                    this.identity = getIdentity();
                }
            }
            ZENLogger.debug("ZenSCEPclient", "Got Identity", new Object[0]);
            PKCS10CertificationRequest csr = getCsr();
            ZENLogger.debug("ZenSCEPclient", "Got Csr", new Object[0]);
            EnrollmentResponse enrol = client.enrol(this.identity, this.requesterKeyPair.getPrivate(), csr);
            ZENLogger.debug("ZenSCEPclient", "Got enrollment response", new Object[0]);
            handleEnrollmentResponse(enrol);
            ZENLogger.debug("ZenSCEPclient", "getDeviceCertificate Completed Successfully", new Object[0]);
            return true;
        } catch (Exception e) {
            ZENLogger.debug("ZenSCEPclient", "getDeviceCertificate failed.", e, new Object[0]);
            return false;
        }
    }
}
