package com.microsoft.intune.usercerts.apicomponent.scep.implementation;

import com.microsoft.identity.common.internal.eststelemetry.SchemaConstants;
import com.microsoft.identity.common.internal.platform.DevicePopManager;
import com.microsoft.intune.common.domain.INtpClient;
import com.microsoft.intune.cryptography.domain.IMessageDigestFactory;
import com.microsoft.intune.usercerts.domain.scep.IScepClient;
import com.microsoft.intune.usercerts.domain.scep.SanType;
import com.microsoft.intune.usercerts.domain.scep.ScepCertConfigItem;
import com.microsoft.intune.usercerts.domain.scep.ScepEnrollmentResponse;
import com.microsoft.intune.usercerts.domain.scep.ScepFailureType;
import com.microsoft.intune.usercerts.domain.scep.SubjectAlternativeName;
import com.microsoft.intune.usercerts.domain.scep.telemetry.IScepTelemetry;
import com.microsoft.intune.utils.ArrayExtensionsKt;
import com.microsoft.intune.utils.LoggingExtensionsKt;
import io.reactivex.Single;
import io.reactivex.functions.Function;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.CertStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.TuplesKt;
import kotlin.Unit;
import kotlin.collections.CollectionsKt__IterablesKt;
import kotlin.collections.MapsKt__MapsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.reflect.KClass;
import kotlin.text.Charsets;
import kotlin.text.StringsKt__StringsKt;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERBMPString;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.microsoft.MicrosoftObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.encoders.Hex;
import org.jscep.client.Client;
import org.jscep.client.EnrollmentResponse;
import org.jscep.client.inspect.CertStoreInspectorFactory;
import org.jscep.client.verification.CertificateVerifier;
import org.jscep.transaction.FailInfo;
import org.jscep.transaction.TransactionId;
import org.jscep.transport.TransportException;
import org.jscep.transport.TransportFactory;

/* compiled from: JscepScepClient.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000°\u0001\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\b\n\u0000\n\u0002\u0010$\n\u0000\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018\u0000 >2\u00020\u0001:\u0001>B=\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\t\u0012\u0006\u0010\n\u001a\u00020\u000b\u0012\u0006\u0010\f\u001a\u00020\r\u0012\u0006\u0010\u000e\u001a\u00020\u000f¢\u0006\u0002\u0010\u0010J\u001e\u0010\u0013\u001a\b\u0012\u0004\u0012\u00020\u00150\u00142\u0006\u0010\u0016\u001a\u00020\u00172\u0006\u0010\u0018\u001a\u00020\u0019H\u0016Jj\u0010\u001a\u001a\u00020\u001b2\u0006\u0010\u001c\u001a\u00020\u001d2\u0006\u0010\u001e\u001a\u00020\u00192\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u001f\u001a\u00020\u00192\u0006\u0010 \u001a\u00020!2\u0012\u0010\"\u001a\u000e\u0012\u0004\u0012\u00020\u0019\u0012\u0004\u0012\u00020\u00190#2\f\u0010$\u001a\b\u0012\u0004\u0012\u00020&0%2\u0006\u0010'\u001a\u00020!2\u0006\u0010(\u001a\u00020\u00192\u0006\u0010)\u001a\u00020\u0019H\u0002JP\u0010*\u001a\b\u0012\u0004\u0012\u00020+0\u00142\u0006\u0010\u001c\u001a\u00020\u001d2\u0006\u0010\u001e\u001a\u00020\u00192\u0006\u0010 \u001a\u00020!2\u0012\u0010\"\u001a\u000e\u0012\u0004\u0012\u00020\u0019\u0012\u0004\u0012\u00020\u00190#2\f\u0010$\u001a\b\u0012\u0004\u0012\u00020&0%2\u0006\u0010)\u001a\u00020\u0019H\u0002J\u0010\u0010,\u001a\u00020-2\u0006\u0010\u001e\u001a\u00020\u0019H\u0002J(\u0010.\u001a\u00020\u00152\u0006\u0010/\u001a\u0002002\u0006\u00101\u001a\u00020+2\u0006\u00102\u001a\u00020\u00192\u0006\u0010\u0016\u001a\u00020\u0017H\u0016J.\u00103\u001a\u00020\u00152\u0006\u00104\u001a\u0002052\u0006\u0010/\u001a\u0002002\u0006\u00101\u001a\u00020+2\f\u00106\u001a\b\u0012\u0004\u0012\u00020807H\u0002J\f\u00109\u001a\u00020:*\u00020&H\u0002J\f\u0010;\u001a\u00020<*\u00020=H\u0002R\u000e\u0010\u0011\u001a\u00020\u0012X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u000e\u001a\u00020\u000fX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u000bX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\rX\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006?"}, d2 = {"Lcom/microsoft/intune/usercerts/apicomponent/scep/implementation/JscepScepClient;", "Lcom/microsoft/intune/usercerts/domain/scep/IScepClient;", "ndesServer", "Lcom/microsoft/intune/usercerts/apicomponent/scep/implementation/NdesServer;", "certificateVerifier", "Lorg/jscep/client/verification/CertificateVerifier;", "certStoreInspectorFactory", "Lorg/jscep/client/inspect/CertStoreInspectorFactory;", "transportFactory", "Lorg/jscep/transport/TransportFactory;", "ntpClient", "Lcom/microsoft/intune/common/domain/INtpClient;", "scepTelemetry", "Lcom/microsoft/intune/usercerts/domain/scep/telemetry/IScepTelemetry;", "messageDigestFactory", "Lcom/microsoft/intune/cryptography/domain/IMessageDigestFactory;", "(Lcom/microsoft/intune/usercerts/apicomponent/scep/implementation/NdesServer;Lorg/jscep/client/verification/CertificateVerifier;Lorg/jscep/client/inspect/CertStoreInspectorFactory;Lorg/jscep/transport/TransportFactory;Lcom/microsoft/intune/common/domain/INtpClient;Lcom/microsoft/intune/usercerts/domain/scep/telemetry/IScepTelemetry;Lcom/microsoft/intune/cryptography/domain/IMessageDigestFactory;)V", "client", "Lorg/jscep/client/Client;", "enrollScepCertificate", "Lio/reactivex/Single;", "Lcom/microsoft/intune/usercerts/domain/scep/ScepEnrollmentResponse;", "scepCertConfigItem", "Lcom/microsoft/intune/usercerts/domain/scep/ScepCertConfigItem;", "certificateRequestToken", "", "generateCertEnrollRequest", "Lorg/bouncycastle/pkcs/PKCS10CertificationRequest;", "keypair", "Ljava/security/KeyPair;", "subjectName", "templateName", "keyUsage", "", "ekuOidMapping", "", "sans", "", "Lcom/microsoft/intune/usercerts/domain/scep/SubjectAlternativeName;", "validityPeriod", "validityPeriodUnit", "signatureAlgorithm", "generateSelfSignedCertificate", "Ljava/security/cert/X509Certificate;", "newPrincipal", "Ljavax/security/auth/x500/X500Principal;", "pollCertificateRequest", "privateKey", "Ljava/security/PrivateKey;", "identityCert", "transactionId", "requestAndProcessResponse", "configItemGuid", "Ljava/util/UUID;", "requestBlock", "Lkotlin/Function0;", "Lorg/jscep/client/EnrollmentResponse;", "getAsn1Encodable", "Lorg/bouncycastle/asn1/ASN1Encodable;", "toScepFailureType", "Lcom/microsoft/intune/usercerts/domain/scep/ScepFailureType;", "Lorg/jscep/transaction/FailInfo;", "Companion", "policy_userOfficialRelease"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes2.dex */
public final class JscepScepClient implements IScepClient {
    public static final String SAN_TYPE_GUID_OID = "1.3.6.1.4.1.311.25.1";
    public static final String SAN_TYPE_UPN_OID = "1.3.6.1.4.1.311.20.2.3";
    public static final String VALIDITY_PERIOD = "ValidityPeriod";
    public static final String VALIDITY_PERIOD_UNITS = "ValidityPeriodUnits";
    public final Client client;
    public final IMessageDigestFactory messageDigestFactory;
    public final NdesServer ndesServer;
    public final INtpClient ntpClient;
    public final IScepTelemetry scepTelemetry;
    public static final Logger LOGGER = LoggingExtensionsKt.logger((KClass<?>) Reflection.getOrCreateKotlinClass(JscepScepClient.class));
    public static final ASN1ObjectIdentifier MICROSOFT_ENTERPRISE_OID_ROOT = MicrosoftObjectIdentifiers.microsoft.branch("21.8");
    public static final ASN1ObjectIdentifier MICROSOFT_ENROLLMENT_NAME_VALUE_PAIR_OID = MicrosoftObjectIdentifiers.microsoft.branch("13.2.1");
    public static final Map<String, String> ADDITIONAL_ATTRIBUTES = MapsKt__MapsKt.mapOf(TuplesKt.to("E", "1.2.840.113549.1.9.1"), TuplesKt.to("G", "2.5.4.42"), TuplesKt.to("I", "2.5.4.43"), TuplesKt.to("SN", "2.5.4.4"), TuplesKt.to("S", "2.5.4.8"));

    @Metadata(bv = {1, 0, 3}, k = 3, mv = {1, 4, 0})
    /* loaded from: classes2.dex */
    public final /* synthetic */ class WhenMappings {
        public static final /* synthetic */ int[] $EnumSwitchMapping$0 = new int[FailInfo.values().length];
        public static final /* synthetic */ int[] $EnumSwitchMapping$1;

        static {
            $EnumSwitchMapping$0[FailInfo.badAlg.ordinal()] = 1;
            $EnumSwitchMapping$0[FailInfo.badMessageCheck.ordinal()] = 2;
            $EnumSwitchMapping$0[FailInfo.badRequest.ordinal()] = 3;
            $EnumSwitchMapping$0[FailInfo.badTime.ordinal()] = 4;
            $EnumSwitchMapping$0[FailInfo.badCertId.ordinal()] = 5;
            $EnumSwitchMapping$1 = new int[SanType.values().length];
            $EnumSwitchMapping$1[SanType.OtherName.ordinal()] = 1;
            $EnumSwitchMapping$1[SanType.Rfc822Name.ordinal()] = 2;
            $EnumSwitchMapping$1[SanType.DnsName.ordinal()] = 3;
            $EnumSwitchMapping$1[SanType.DirectoryName.ordinal()] = 4;
            $EnumSwitchMapping$1[SanType.UrlName.ordinal()] = 5;
            $EnumSwitchMapping$1[SanType.IpAddress.ordinal()] = 6;
            $EnumSwitchMapping$1[SanType.RegisteredId.ordinal()] = 7;
            $EnumSwitchMapping$1[SanType.Guid.ordinal()] = 8;
            $EnumSwitchMapping$1[SanType.UserPrincipleName.ordinal()] = 9;
        }
    }

    public JscepScepClient(NdesServer ndesServer, CertificateVerifier certificateVerifier, CertStoreInspectorFactory certStoreInspectorFactory, TransportFactory transportFactory, INtpClient ntpClient, IScepTelemetry scepTelemetry, IMessageDigestFactory messageDigestFactory) {
        Intrinsics.checkNotNullParameter(ndesServer, "ndesServer");
        Intrinsics.checkNotNullParameter(certificateVerifier, "certificateVerifier");
        Intrinsics.checkNotNullParameter(certStoreInspectorFactory, "certStoreInspectorFactory");
        Intrinsics.checkNotNullParameter(transportFactory, "transportFactory");
        Intrinsics.checkNotNullParameter(ntpClient, "ntpClient");
        Intrinsics.checkNotNullParameter(scepTelemetry, "scepTelemetry");
        Intrinsics.checkNotNullParameter(messageDigestFactory, "messageDigestFactory");
        this.ndesServer = ndesServer;
        this.ntpClient = ntpClient;
        this.scepTelemetry = scepTelemetry;
        this.messageDigestFactory = messageDigestFactory;
        Client client = new Client(this.ndesServer.getUrl(), certificateVerifier);
        client.setCertStoreInspectorFactory(certStoreInspectorFactory);
        client.setTransportFactory(transportFactory);
        Unit unit = Unit.INSTANCE;
        this.client = client;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final PKCS10CertificationRequest generateCertEnrollRequest(KeyPair keypair, String subjectName, String certificateRequestToken, String templateName, int keyUsage, Map<String, String> ekuOidMapping, List<SubjectAlternativeName> sans, int validityPeriod, String validityPeriodUnit, String signatureAlgorithm) {
        JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(newPrincipal(subjectName), keypair.getPublic());
        jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(certificateRequestToken));
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        if (!ekuOidMapping.isEmpty()) {
            Collection<String> values = ekuOidMapping.values();
            ArrayList arrayList = new ArrayList(CollectionsKt__IterablesKt.collectionSizeOrDefault(values, 10));
            Iterator<T> it = values.iterator();
            while (it.hasNext()) {
                arrayList.add(KeyPurposeId.getInstance(new ASN1ObjectIdentifier((String) it.next())));
            }
            Object[] array = arrayList.toArray(new KeyPurposeId[0]);
            if (array == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T>");
            }
            extensionsGenerator.addExtension(Extension.extendedKeyUsage, false, (ASN1Encodable) new ExtendedKeyUsage((KeyPurposeId[]) array));
        }
        extensionsGenerator.addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(keyUsage));
        extensionsGenerator.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(false));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new DERTaggedObject(true, 0, new DERUTF8String(templateName)));
        DERTaggedObject dERTaggedObject = new DERTaggedObject(false, 0, new DERSequence(aSN1EncodableVector));
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector2.add(dERTaggedObject);
        extensionsGenerator.addExtension(MICROSOFT_ENTERPRISE_OID_ROOT, false, (ASN1Encodable) new DERSequence(aSN1EncodableVector2));
        if (!sans.isEmpty()) {
            ArrayList arrayList2 = new ArrayList(CollectionsKt__IterablesKt.collectionSizeOrDefault(sans, 10));
            Iterator<T> it2 = sans.iterator();
            while (it2.hasNext()) {
                arrayList2.add(getAsn1Encodable((SubjectAlternativeName) it2.next()));
            }
            if (!arrayList2.isEmpty()) {
                Object[] array2 = arrayList2.toArray(new ASN1Encodable[0]);
                if (array2 == null) {
                    throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T>");
                }
                extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, (ASN1Encodable) GeneralNames.getInstance(new DERSequence((ASN1Encodable[]) array2)));
            }
        }
        jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
        if (validityPeriod > 0) {
            if (validityPeriodUnit.length() > 0) {
                ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
                aSN1EncodableVector3.add(new DERBMPString(VALIDITY_PERIOD));
                aSN1EncodableVector3.add(new DERBMPString(String.valueOf(validityPeriod)));
                Unit unit = Unit.INSTANCE;
                DERSequence dERSequence = new DERSequence(aSN1EncodableVector3);
                ASN1EncodableVector aSN1EncodableVector4 = new ASN1EncodableVector();
                aSN1EncodableVector4.add(new DERBMPString(VALIDITY_PERIOD_UNITS));
                aSN1EncodableVector4.add(new DERBMPString(validityPeriodUnit));
                Unit unit2 = Unit.INSTANCE;
                DERSequence dERSequence2 = new DERSequence(aSN1EncodableVector4);
                jcaPKCS10CertificationRequestBuilder.addAttribute(MICROSOFT_ENROLLMENT_NAME_VALUE_PAIR_OID, dERSequence);
                jcaPKCS10CertificationRequestBuilder.addAttribute(MICROSOFT_ENROLLMENT_NAME_VALUE_PAIR_OID, dERSequence2);
            }
        }
        PKCS10CertificationRequest build = jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder(signatureAlgorithm).build(keypair.getPrivate()));
        Intrinsics.checkNotNullExpressionValue(build, "builder.build(signerBuil…r.build(keypair.private))");
        return build;
    }

    private final Single<X509Certificate> generateSelfSignedCertificate(final KeyPair keypair, final String subjectName, final int keyUsage, final Map<String, String> ekuOidMapping, final List<SubjectAlternativeName> sans, final String signatureAlgorithm) {
        Single map = this.ntpClient.currentTimeMillis().map(new Function<Long, X509Certificate>() { // from class: com.microsoft.intune.usercerts.apicomponent.scep.implementation.JscepScepClient$generateSelfSignedCertificate$1
            @Override // io.reactivex.functions.Function
            public final X509Certificate apply(Long currentTimeMillis) {
                Logger logger;
                X500Principal newPrincipal;
                ASN1Encodable asn1Encodable;
                Intrinsics.checkNotNullParameter(currentTimeMillis, "currentTimeMillis");
                BigInteger bigInteger = BigInteger.ONE;
                Calendar calendar = Calendar.getInstance();
                Intrinsics.checkNotNullExpressionValue(calendar, "calendar");
                calendar.setTimeInMillis(currentTimeMillis.longValue());
                calendar.add(5, -1);
                Date time = calendar.getTime();
                calendar.add(5, 2);
                Date time2 = calendar.getTime();
                logger = JscepScepClient.LOGGER;
                logger.fine("Self signed cert validity: " + time + " to " + time2);
                newPrincipal = JscepScepClient.this.newPrincipal(subjectName);
                JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(newPrincipal, bigInteger, time, time2, newPrincipal, keypair.getPublic());
                jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(keyUsage));
                if (!ekuOidMapping.isEmpty()) {
                    Collection values = ekuOidMapping.values();
                    ArrayList arrayList = new ArrayList(CollectionsKt__IterablesKt.collectionSizeOrDefault(values, 10));
                    Iterator<T> it = values.iterator();
                    while (it.hasNext()) {
                        arrayList.add(KeyPurposeId.getInstance(new ASN1ObjectIdentifier((String) it.next())));
                    }
                    Object[] array = arrayList.toArray(new KeyPurposeId[0]);
                    if (array == null) {
                        throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T>");
                    }
                    jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, (ASN1Encodable) new ExtendedKeyUsage((KeyPurposeId[]) array));
                }
                if (!sans.isEmpty()) {
                    List list = sans;
                    ArrayList arrayList2 = new ArrayList(CollectionsKt__IterablesKt.collectionSizeOrDefault(list, 10));
                    Iterator<T> it2 = list.iterator();
                    while (it2.hasNext()) {
                        asn1Encodable = JscepScepClient.this.getAsn1Encodable((SubjectAlternativeName) it2.next());
                        arrayList2.add(asn1Encodable);
                    }
                    if (!arrayList2.isEmpty()) {
                        Object[] array2 = arrayList2.toArray(new ASN1Encodable[0]);
                        if (array2 == null) {
                            throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T>");
                        }
                        jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, true, (ASN1Encodable) GeneralNames.getInstance(new DERSequence((ASN1Encodable[]) array2)));
                    }
                }
                return new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(signatureAlgorithm).build(keypair.getPrivate())));
            }
        });
        Intrinsics.checkNotNullExpressionValue(map, "ntpClient.currentTimeMil…certHolder)\n            }");
        return map;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final ASN1Encodable getAsn1Encodable(SubjectAlternativeName subjectAlternativeName) {
        DERTaggedObject dERTaggedObject;
        switch (WhenMappings.$EnumSwitchMapping$1[subjectAlternativeName.getType().ordinal()]) {
            case 1:
                return new GeneralName(0, subjectAlternativeName.getValue());
            case 2:
                return new GeneralName(1, subjectAlternativeName.getValue());
            case 3:
                return new GeneralName(2, subjectAlternativeName.getValue());
            case 4:
                return new GeneralName(4, subjectAlternativeName.getValue());
            case 5:
                return new GeneralName(6, subjectAlternativeName.getValue());
            case 6:
                return new GeneralName(7, subjectAlternativeName.getValue());
            case 7:
                return new GeneralName(8, subjectAlternativeName.getValue());
            case 8:
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                aSN1EncodableVector.add(new ASN1ObjectIdentifier(SAN_TYPE_GUID_OID));
                String value = subjectAlternativeName.getValue();
                Charset charset = Charsets.UTF_8;
                if (value == null) {
                    throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
                }
                byte[] bytes = value.getBytes(charset);
                Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
                aSN1EncodableVector.add(new DERTaggedObject(true, 0, new DEROctetString(Hex.encode(bytes))));
                dERTaggedObject = new DERTaggedObject(false, 0, new DERSequence(aSN1EncodableVector));
                break;
            case 9:
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                aSN1EncodableVector2.add(new ASN1ObjectIdentifier(SAN_TYPE_UPN_OID));
                aSN1EncodableVector2.add(new DERTaggedObject(true, 0, new DERUTF8String(subjectAlternativeName.getValue())));
                dERTaggedObject = new DERTaggedObject(false, 0, new DERSequence(aSN1EncodableVector2));
                break;
            default:
                throw new NoWhenBranchMatchedException();
        }
        return dERTaggedObject;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final X500Principal newPrincipal(String subjectName) {
        StringBuilder sb = new StringBuilder(subjectName.length());
        sb.append(subjectName);
        int lastIndexOf = sb.lastIndexOf("=", subjectName.length());
        while (-1 != lastIndexOf) {
            int max = Math.max(sb.lastIndexOf(SchemaConstants.SEPARATOR_COMMA, lastIndexOf), sb.lastIndexOf(";", lastIndexOf));
            int i = max + 1;
            String substring = sb.substring(i, lastIndexOf);
            Intrinsics.checkNotNullExpressionValue(substring, "this.substring(delimiterIndex + 1, equalIndex)");
            if (substring == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.CharSequence");
            }
            String str = ADDITIONAL_ATTRIBUTES.get(StringsKt__StringsKt.trim(substring).toString());
            if (str != null) {
                sb.replace(i, lastIndexOf, str);
            }
            lastIndexOf = sb.lastIndexOf("=", max);
        }
        String sb2 = sb.toString();
        Intrinsics.checkNotNullExpressionValue(sb2, "StringBuilder(capacity).…builderAction).toString()");
        return new X500Principal(sb2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final ScepEnrollmentResponse requestAndProcessResponse(UUID configItemGuid, PrivateKey privateKey, X509Certificate identityCert, Function0<EnrollmentResponse> requestBlock) {
        ScepEnrollmentResponse failure;
        try {
            EnrollmentResponse invoke = requestBlock.invoke();
            LOGGER.config("Got response: " + invoke);
            if (invoke.isSuccess()) {
                CertStore certStore = invoke.getCertStore();
                Intrinsics.checkNotNullExpressionValue(certStore, "response.certStore");
                failure = new ScepEnrollmentResponse.Success(privateKey, certStore);
            } else if (invoke.isPending()) {
                failure = new ScepEnrollmentResponse.Pending(this.ndesServer.getUrl(), privateKey, identityCert, String.valueOf(invoke.getTransactionId()), new Date());
            } else {
                FailInfo failInfo = invoke.getFailInfo();
                Intrinsics.checkNotNullExpressionValue(failInfo, "response.failInfo");
                failure = new ScepEnrollmentResponse.Failure(null, toScepFailureType(failInfo));
            }
            return failure;
        } catch (Exception e) {
            LOGGER.config("Got an exception while trying to enroll SCEP cert with guid " + configItemGuid);
            return e instanceof TransportException ? new ScepEnrollmentResponse.Failure(e, ScepFailureType.Network) : new ScepEnrollmentResponse.Failure(e, ScepFailureType.Unknown);
        }
    }

    private final ScepFailureType toScepFailureType(FailInfo failInfo) {
        int i = WhenMappings.$EnumSwitchMapping$0[failInfo.ordinal()];
        if (i == 1) {
            return ScepFailureType.BadAlgorithm;
        }
        if (i == 2) {
            return ScepFailureType.BadMessageCheck;
        }
        if (i == 3) {
            return ScepFailureType.BadRequest;
        }
        if (i == 4) {
            return ScepFailureType.BadTime;
        }
        if (i == 5) {
            return ScepFailureType.BadCertId;
        }
        throw new NoWhenBranchMatchedException();
    }

    @Override // com.microsoft.intune.usercerts.domain.scep.IScepClient
    public Single<ScepEnrollmentResponse> enrollScepCertificate(final ScepCertConfigItem scepCertConfigItem, final String certificateRequestToken) {
        Intrinsics.checkNotNullParameter(scepCertConfigItem, "scepCertConfigItem");
        Intrinsics.checkNotNullParameter(certificateRequestToken, "certificateRequestToken");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(DevicePopManager.KeyPairGeneratorAlgorithms.RSA);
        keyPairGenerator.initialize(scepCertConfigItem.getKeyLength());
        final KeyPair keypair = keyPairGenerator.genKeyPair();
        final String strongestSignatureAlgorithm = this.ndesServer.getCapabilities().getStrongestSignatureAlgorithm();
        Intrinsics.checkNotNullExpressionValue(strongestSignatureAlgorithm, "ndesServer.capabilities.…rongestSignatureAlgorithm");
        Intrinsics.checkNotNullExpressionValue(keypair, "keypair");
        Single map = generateSelfSignedCertificate(keypair, scepCertConfigItem.getSubjectName(), scepCertConfigItem.getKeyUsage(), scepCertConfigItem.getEkuOidMapping(), scepCertConfigItem.getSubjectAlternativeNames(), strongestSignatureAlgorithm).map(new Function<X509Certificate, ScepEnrollmentResponse>() { // from class: com.microsoft.intune.usercerts.apicomponent.scep.implementation.JscepScepClient$enrollScepCertificate$1
            @Override // io.reactivex.functions.Function
            public final ScepEnrollmentResponse apply(final X509Certificate identityCert) {
                final PKCS10CertificationRequest generateCertEnrollRequest;
                ScepEnrollmentResponse requestAndProcessResponse;
                Intrinsics.checkNotNullParameter(identityCert, "identityCert");
                JscepScepClient jscepScepClient = JscepScepClient.this;
                KeyPair keypair2 = keypair;
                Intrinsics.checkNotNullExpressionValue(keypair2, "keypair");
                generateCertEnrollRequest = jscepScepClient.generateCertEnrollRequest(keypair2, scepCertConfigItem.getSubjectName(), certificateRequestToken, scepCertConfigItem.getTemplateName(), scepCertConfigItem.getKeyUsage(), scepCertConfigItem.getEkuOidMapping(), scepCertConfigItem.getSubjectAlternativeNames(), scepCertConfigItem.getValidityPeriod(), scepCertConfigItem.getValidityPeriodUnit(), strongestSignatureAlgorithm);
                JscepScepClient jscepScepClient2 = JscepScepClient.this;
                UUID guid = scepCertConfigItem.getGuid();
                KeyPair keypair3 = keypair;
                Intrinsics.checkNotNullExpressionValue(keypair3, "keypair");
                PrivateKey privateKey = keypair3.getPrivate();
                Intrinsics.checkNotNullExpressionValue(privateKey, "keypair.private");
                requestAndProcessResponse = jscepScepClient2.requestAndProcessResponse(guid, privateKey, identityCert, new Function0<EnrollmentResponse>() { // from class: com.microsoft.intune.usercerts.apicomponent.scep.implementation.JscepScepClient$enrollScepCertificate$1.1
                    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                    {
                        super(0);
                    }

                    @Override // kotlin.jvm.functions.Function0
                    public final EnrollmentResponse invoke() {
                        Client client;
                        IScepTelemetry iScepTelemetry;
                        IMessageDigestFactory iMessageDigestFactory;
                        client = JscepScepClient.this.client;
                        X509Certificate x509Certificate = identityCert;
                        KeyPair keypair4 = keypair;
                        Intrinsics.checkNotNullExpressionValue(keypair4, "keypair");
                        EnrollmentResponse enrol = client.enrol(x509Certificate, keypair4.getPrivate(), generateCertEnrollRequest, JscepClientFactory.JSCEP_PROFILE_NAME);
                        iScepTelemetry = JscepScepClient.this.scepTelemetry;
                        iMessageDigestFactory = JscepScepClient.this.messageDigestFactory;
                        MessageDigest newSha1MessageDigest = iMessageDigestFactory.newSha1MessageDigest();
                        String str = certificateRequestToken;
                        Charset charset = Charsets.UTF_8;
                        if (str == null) {
                            throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
                        }
                        byte[] bytes = str.getBytes(charset);
                        Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
                        byte[] digest = newSha1MessageDigest.digest(bytes);
                        Intrinsics.checkNotNullExpressionValue(digest, "messageDigestFactory.new…questToken.toByteArray())");
                        iScepTelemetry.sendCertificateRequestTokenUsed(ArrayExtensionsKt.getAsHex(digest));
                        Intrinsics.checkNotNullExpressionValue(enrol, "client.enrol(\n          …  )\n                    }");
                        return enrol;
                    }
                });
                return requestAndProcessResponse;
            }
        });
        Intrinsics.checkNotNullExpressionValue(map, "generateSelfSignedCertif…}\n            }\n        }");
        return map;
    }

    @Override // com.microsoft.intune.usercerts.domain.scep.IScepClient
    public ScepEnrollmentResponse pollCertificateRequest(final PrivateKey privateKey, final X509Certificate identityCert, final String transactionId, ScepCertConfigItem scepCertConfigItem) {
        Intrinsics.checkNotNullParameter(privateKey, "privateKey");
        Intrinsics.checkNotNullParameter(identityCert, "identityCert");
        Intrinsics.checkNotNullParameter(transactionId, "transactionId");
        Intrinsics.checkNotNullParameter(scepCertConfigItem, "scepCertConfigItem");
        final X500Principal newPrincipal = newPrincipal(scepCertConfigItem.getSubjectName());
        return requestAndProcessResponse(scepCertConfigItem.getGuid(), privateKey, identityCert, new Function0<EnrollmentResponse>() { // from class: com.microsoft.intune.usercerts.apicomponent.scep.implementation.JscepScepClient$pollCertificateRequest$1
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final EnrollmentResponse invoke() {
                Client client;
                client = JscepScepClient.this.client;
                X509Certificate x509Certificate = identityCert;
                PrivateKey privateKey2 = privateKey;
                X500Principal x500Principal = newPrincipal;
                String str = transactionId;
                Charset charset = Charsets.UTF_8;
                if (str == null) {
                    throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
                }
                byte[] bytes = str.getBytes(charset);
                Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
                EnrollmentResponse poll = client.poll(x509Certificate, privateKey2, x500Principal, new TransactionId(bytes), JscepClientFactory.JSCEP_PROFILE_NAME);
                Intrinsics.checkNotNullExpressionValue(poll, "client.poll(\n           …ROFILE_NAME\n            )");
                return poll;
            }
        });
    }
}
