package com.microsoft.intune.usercerts.apicomponent.scep.implementation;

import com.microsoft.intune.cacert.domain.CaCertificate;
import com.microsoft.intune.cacert.domain.ICaCertRepo;
import com.microsoft.intune.common.domain.IBase64Encoding;
import com.microsoft.intune.common.domain.INtpClient;
import com.microsoft.intune.cryptography.domain.IMessageDigestFactory;
import com.microsoft.intune.cryptography.domain.ITrustedCertApi;
import com.microsoft.intune.network.datacomponent.implementation.SdlSslSocketFactory;
import com.microsoft.intune.usercerts.apicomponent.scep.implementation.PolicyCertificatesTrustManager;
import com.microsoft.intune.usercerts.domain.scep.IScepClient;
import com.microsoft.intune.usercerts.domain.scep.IScepClientFactory;
import com.microsoft.intune.usercerts.domain.scep.telemetry.IScepTelemetry;
import com.microsoft.intune.utils.LoggingExtensionsKt;
import io.reactivex.functions.Function;
import java.io.ByteArrayInputStream;
import java.net.URL;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.reflect.KClass;
import org.jscep.client.inspect.CertStoreInspector;
import org.jscep.client.inspect.CertStoreInspectorFactory;
import org.jscep.transport.TransportException;

/* compiled from: JscepClientFactory.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000H\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\b\u0002\u0018\u0000 \u00162\u00020\u0001:\u0001\u0016B7\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\t\u0012\u0006\u0010\n\u001a\u00020\u000b\u0012\u0006\u0010\f\u001a\u00020\r¢\u0006\u0002\u0010\u000eJ \u0010\u000f\u001a\u0004\u0018\u00010\u00102\u0006\u0010\u0011\u001a\u00020\u00122\f\u0010\u0013\u001a\b\u0012\u0004\u0012\u00020\u00150\u0014H\u0016R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\rX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u000bX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u0017"}, d2 = {"Lcom/microsoft/intune/usercerts/apicomponent/scep/implementation/JscepClientFactory;", "Lcom/microsoft/intune/usercerts/domain/scep/IScepClientFactory;", "trustedCertApi", "Lcom/microsoft/intune/cryptography/domain/ITrustedCertApi;", "caCertRepo", "Lcom/microsoft/intune/cacert/domain/ICaCertRepo;", "ntpClient", "Lcom/microsoft/intune/common/domain/INtpClient;", "decoder", "Lcom/microsoft/intune/common/domain/IBase64Encoding;", "scepTelemetry", "Lcom/microsoft/intune/usercerts/domain/scep/telemetry/IScepTelemetry;", "messageDigestFactory", "Lcom/microsoft/intune/cryptography/domain/IMessageDigestFactory;", "(Lcom/microsoft/intune/cryptography/domain/ITrustedCertApi;Lcom/microsoft/intune/cacert/domain/ICaCertRepo;Lcom/microsoft/intune/common/domain/INtpClient;Lcom/microsoft/intune/common/domain/IBase64Encoding;Lcom/microsoft/intune/usercerts/domain/scep/telemetry/IScepTelemetry;Lcom/microsoft/intune/cryptography/domain/IMessageDigestFactory;)V", "getClient", "Lcom/microsoft/intune/usercerts/domain/scep/IScepClient;", "caThumbprint", "", "ndesUrls", "", "Ljava/net/URL;", "Companion", "policy_userOfficialRelease"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes2.dex */
public final class JscepClientFactory implements IScepClientFactory {
    public static final String JSCEP_PROFILE_NAME = "ca";
    public final ICaCertRepo caCertRepo;
    public final IBase64Encoding decoder;
    public final IMessageDigestFactory messageDigestFactory;
    public final INtpClient ntpClient;
    public final IScepTelemetry scepTelemetry;
    public final ITrustedCertApi trustedCertApi;
    public static final Logger LOGGER = LoggingExtensionsKt.logger((KClass<?>) Reflection.getOrCreateKotlinClass(JscepClientFactory.class));

    public JscepClientFactory(ITrustedCertApi trustedCertApi, ICaCertRepo caCertRepo, INtpClient ntpClient, IBase64Encoding decoder, IScepTelemetry scepTelemetry, IMessageDigestFactory messageDigestFactory) {
        Intrinsics.checkNotNullParameter(trustedCertApi, "trustedCertApi");
        Intrinsics.checkNotNullParameter(caCertRepo, "caCertRepo");
        Intrinsics.checkNotNullParameter(ntpClient, "ntpClient");
        Intrinsics.checkNotNullParameter(decoder, "decoder");
        Intrinsics.checkNotNullParameter(scepTelemetry, "scepTelemetry");
        Intrinsics.checkNotNullParameter(messageDigestFactory, "messageDigestFactory");
        this.trustedCertApi = trustedCertApi;
        this.caCertRepo = caCertRepo;
        this.ntpClient = ntpClient;
        this.decoder = decoder;
        this.scepTelemetry = scepTelemetry;
        this.messageDigestFactory = messageDigestFactory;
    }

    @Override // com.microsoft.intune.usercerts.domain.scep.IScepClientFactory
    public IScepClient getClient(String caThumbprint, List<URL> ndesUrls) {
        Intrinsics.checkNotNullParameter(caThumbprint, "caThumbprint");
        Intrinsics.checkNotNullParameter(ndesUrls, "ndesUrls");
        final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        List<? extends Certificate> policyCaCerts = (List) this.caCertRepo.getAll().map(new Function<List<? extends CaCertificate>, List<? extends Certificate>>() { // from class: com.microsoft.intune.usercerts.apicomponent.scep.implementation.JscepClientFactory$getClient$policyCaCerts$1
            @Override // io.reactivex.functions.Function
            public /* bridge */ /* synthetic */ List<? extends Certificate> apply(List<? extends CaCertificate> list) {
                return apply2((List<CaCertificate>) list);
            }

            /* renamed from: apply, reason: avoid collision after fix types in other method */
            public final List<Certificate> apply2(List<CaCertificate> caCerts) {
                Logger logger;
                Logger logger2;
                Certificate certificate;
                IBase64Encoding iBase64Encoding;
                Intrinsics.checkNotNullParameter(caCerts, "caCerts");
                ArrayList arrayList = new ArrayList();
                for (CaCertificate caCertificate : caCerts) {
                    try {
                        CertificateFactory certificateFactory2 = certificateFactory;
                        iBase64Encoding = JscepClientFactory.this.decoder;
                        certificate = certificateFactory2.generateCertificate(new ByteArrayInputStream(iBase64Encoding.decode(caCertificate.getEncodedCertificate())));
                    } catch (Exception e) {
                        logger2 = JscepClientFactory.LOGGER;
                        logger2.log(Level.WARNING, "Could not get a certificate for a CA cert config item: " + caCertificate.getGuid(), (Throwable) e);
                        certificate = null;
                    }
                    if (certificate != null) {
                        arrayList.add(certificate);
                    }
                }
                logger = JscepClientFactory.LOGGER;
                logger.info(arrayList.size() + " valid CA certificates constructed for SCEP certificate verification");
                return arrayList;
            }
        }).blockingGet();
        PolicyCertificatesTrustManager.Companion companion = PolicyCertificatesTrustManager.INSTANCE;
        Intrinsics.checkNotNullExpressionValue(policyCaCerts, "policyCaCerts");
        ProxyAwareUrlConnectionTransportFactory proxyAwareUrlConnectionTransportFactory = new ProxyAwareUrlConnectionTransportFactory(new SdlSslSocketFactory(companion.getPolicyCertsSslContext(policyCaCerts)));
        CertificateChainVerifier certificateChainVerifier = new CertificateChainVerifier(caThumbprint, this.trustedCertApi, this.messageDigestFactory);
        JscepClientFactory$getClient$certStoreInspectorFactory$1 jscepClientFactory$getClient$certStoreInspectorFactory$1 = new CertStoreInspectorFactory() { // from class: com.microsoft.intune.usercerts.apicomponent.scep.implementation.JscepClientFactory$getClient$certStoreInspectorFactory$1
            @Override // org.jscep.client.inspect.CertStoreInspectorFactory
            public final CertStoreInspector getInstance(CertStore certStore) {
                Intrinsics.checkNotNullExpressionValue(certStore, "certStore");
                return new IntuneCertStoreInspector(certStore);
            }
        };
        for (URL url : ndesUrls) {
            try {
                return new JscepScepClient(NdesServer.INSTANCE.tryGetNdesServer(url, proxyAwareUrlConnectionTransportFactory), certificateChainVerifier, jscepClientFactory$getClient$certStoreInspectorFactory$1, proxyAwareUrlConnectionTransportFactory, this.ntpClient, this.scepTelemetry, this.messageDigestFactory);
            } catch (TransportException e) {
                LOGGER.log(Level.WARNING, "Connection to NDES server failed: " + url, (Throwable) e);
            }
        }
        LOGGER.warning("Could not connect to any NDES server");
        return null;
    }
}
