package com.microsoft.omadm.platforms.android.certmgr.data;

import com.microsoft.intune.common.xml.XMLUtils;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.platforms.android.certmgr.CertOperation;
import com.microsoft.omadm.platforms.android.certmgr.CertStatus;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Date;
import java.util.Iterator;
import java.util.concurrent.TimeUnit;
import javax.security.auth.x500.X500Principal;
import javax.xml.namespace.NamespaceContext;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.lang3.StringUtils;
import org.jscep.transaction.TransactionId;
import org.xml.sax.SAXException;

/* loaded from: classes2.dex */
public abstract class ScepCertificateRequest {
    protected static final String CP_NS = "http://schemas.microsoft.com/SystemCenterConfigurationManager/2012/03/07/CertificateEnrollment/ConfigurationParameters";
    protected static final String CP_NS_TAG = "cp";
    protected static final String XP_CATHUMBPRINT = "//cp:ConfigurationParameters/cp:CAThumbprint";
    protected static final String XP_CONFIGURATIONDOCUMENT = "//CertificateRequest/ConfigurationParametersDocument";
    protected static final String XP_CP = "//cp:ConfigurationParameters/";
    protected static final String XP_RETRYCOUNT = "//cp:ConfigurationParameters/cp:RetryCount";
    protected static final String XP_RETRYDELAY = "//cp:ConfigurationParameters/cp:RetryDelay";
    protected static final String XP_VALIDITYPERIOD = "//cp:ConfigurationParameters/cp:ValidityPeriod";
    protected static final String XP_VALIDITYPERIODUNIT = "//cp:ConfigurationParameters/cp:ValidityPeriodUnit";
    public String alias;
    public String configParameters;
    public String[] ndesUrls;
    public String requestId;
    public Long retryCount;
    public Long retryDelay;
    public Long userId;
    public CertStatus status = CertStatus.UNKNOWN;
    public Integer lastError = 0;
    public Long requestRetryCount = 0L;
    public Date timeLastRequested = new Date();
    public String certificateHash = null;
    public String caThumbPrint = null;
    public TransactionId transactId = null;
    public X509Certificate pendingCertificate = null;
    public PrivateKey privateKey = null;
    public String pendingCertNdesServer = null;
    public Long validityPeriod = 0L;
    public String validityPeriodUnit = null;

    /* JADX INFO: Access modifiers changed from: protected */
    public ScepCertificateRequest(String str, Long l) {
        this.requestId = str;
        this.userId = l;
    }

    public static ScepCertificateRequest fromState(ScepCertificateEnrollState scepCertificateEnrollState) throws OMADMException {
        if (scepCertificateEnrollState.opType == CertOperation.CERT_ENROLL || scepCertificateEnrollState.opType == CertOperation.CERT_REPLACE) {
            return ScepEnrollCertificateRequest.generateRequest(scepCertificateEnrollState);
        }
        if (scepCertificateEnrollState.opType == CertOperation.CERT_RENEW) {
            return ScepRenewCertificateRequest.generateRequest(scepCertificateEnrollState);
        }
        throw new OMADMException("bad certificate state type");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static XMLUtils getConfigurationDocument(String str) throws SAXException, IOException, ParserConfigurationException {
        return new XMLUtils(str, new NamespaceContext() { // from class: com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateRequest.1
            @Override // javax.xml.namespace.NamespaceContext
            public String getNamespaceURI(String str2) {
                if (ScepCertificateRequest.CP_NS_TAG.equals(str2)) {
                    return ScepCertificateRequest.CP_NS;
                }
                return null;
            }

            @Override // javax.xml.namespace.NamespaceContext
            public String getPrefix(String str2) {
                return null;
            }

            @Override // javax.xml.namespace.NamespaceContext
            public Iterator getPrefixes(String str2) {
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String[] getListFromString(String str) {
        return StringUtils.isEmpty(str) ? new String[0] : str.split(",");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getStringFromList(Object[] objArr) {
        String obj = objArr.length > 0 ? objArr[0].toString() : "";
        for (int i = 1; i < objArr.length; i++) {
            obj = obj + "," + objArr[i].toString();
        }
        return obj;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void buildRequest(ScepCertificateEnrollState scepCertificateEnrollState) throws OMADMException {
        this.requestId = scepCertificateEnrollState.requestId;
        this.caThumbPrint = scepCertificateEnrollState.caThumbprint;
        this.certificateHash = scepCertificateEnrollState.thumbprint;
        this.configParameters = scepCertificateEnrollState.configParameters;
        this.status = scepCertificateEnrollState.status;
        this.lastError = scepCertificateEnrollState.lastError;
        this.retryCount = scepCertificateEnrollState.retryCount;
        this.retryDelay = scepCertificateEnrollState.retryDelay;
        this.timeLastRequested = scepCertificateEnrollState.timeLastRequested;
        this.requestRetryCount = scepCertificateEnrollState.requestRetryCount;
        this.ndesUrls = getListFromString(scepCertificateEnrollState.ndesUrl);
        this.pendingCertNdesServer = scepCertificateEnrollState.pendingCertNdesServer;
        this.validityPeriod = scepCertificateEnrollState.validityPeriod;
        this.validityPeriodUnit = scepCertificateEnrollState.validityPeriodUnit;
        this.userId = scepCertificateEnrollState.user;
        if (scepCertificateEnrollState.transactId != null) {
            this.transactId = new TransactionId(scepCertificateEnrollState.transactId.getBytes());
        }
        if (scepCertificateEnrollState.encodedPendingcert != null) {
            try {
                this.pendingCertificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(scepCertificateEnrollState.encodedPendingcert));
            } catch (CertificateException e) {
                throw new OMADMException(e);
            }
        }
        if (scepCertificateEnrollState.encryptedPrivateKey == null || "".equals(scepCertificateEnrollState.encryptedPrivateKey)) {
            return;
        }
        try {
            try {
                this.privateKey = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(scepCertificateEnrollState.encryptedPrivateKey));
            } catch (InvalidKeySpecException e2) {
                throw new OMADMException("PrivateKey is not in a valid PKCS8 format", e2);
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new OMADMException("KeyFactory could find RSA algorithm", e3);
        }
    }

    public abstract String getAlias();

    public long getRetryDelayInMili() {
        return TimeUnit.MINUTES.toMillis(this.retryDelay.longValue());
    }

    public abstract X500Principal getSubjectPrincipal();

    public boolean isEnrollmentDue() {
        if (!isRetryable()) {
            return false;
        }
        if (this.status == CertStatus.CERT_ENROLL_PENDING_ROOT_CERT || this.status == CertStatus.CERT_ENROLL_UNKNOWN) {
            return true;
        }
        return !new Date().before(new Date(this.timeLastRequested.getTime() + getRetryDelayInMili()));
    }

    public abstract boolean isRenewRequest();

    public abstract boolean isReplaceRequest();

    public boolean isRetryable() {
        return (this.status == CertStatus.CERT_ENROLL_PENDING || this.status == CertStatus.CERT_ENROLL_REQUEST_RETRY || this.status == CertStatus.CERT_ENROLL_PENDING_ROOT_CERT || this.status == CertStatus.CERT_RENEW_PENDING_EXISTING_CERT || this.status == CertStatus.CERT_ENROLL_UNKNOWN) && this.requestRetryCount.longValue() <= this.retryCount.longValue();
    }

    public ScepCertificateEnrollState toState() throws OMADMException {
        return toState(null);
    }

    public ScepCertificateEnrollState toState(Long l) throws OMADMException {
        ScepCertificateEnrollState scepCertificateEnrollState = new ScepCertificateEnrollState(this.requestId, this.userId);
        scepCertificateEnrollState.id = l;
        scepCertificateEnrollState.caThumbprint = this.caThumbPrint;
        scepCertificateEnrollState.thumbprint = this.certificateHash;
        scepCertificateEnrollState.configParameters = this.configParameters;
        scepCertificateEnrollState.status = this.status;
        scepCertificateEnrollState.lastError = this.lastError;
        scepCertificateEnrollState.retryCount = this.retryCount;
        scepCertificateEnrollState.retryDelay = this.retryDelay;
        scepCertificateEnrollState.ndesUrl = getStringFromList(this.ndesUrls);
        scepCertificateEnrollState.requestRetryCount = this.requestRetryCount;
        scepCertificateEnrollState.timeLastRequested = this.timeLastRequested;
        scepCertificateEnrollState.pendingCertNdesServer = this.pendingCertNdesServer;
        scepCertificateEnrollState.validityPeriod = this.validityPeriod;
        scepCertificateEnrollState.validityPeriodUnit = this.validityPeriodUnit;
        scepCertificateEnrollState.alias = this.alias;
        if (this.transactId != null) {
            scepCertificateEnrollState.transactId = this.transactId.toString();
        }
        if (this.pendingCertificate != null) {
            try {
                scepCertificateEnrollState.encodedPendingcert = this.pendingCertificate.getEncoded();
            } catch (CertificateEncodingException e) {
                throw new OMADMException(e);
            }
        }
        if (this.privateKey != null) {
            scepCertificateEnrollState.encryptedPrivateKey = this.privateKey.getEncoded();
        }
        return scepCertificateEnrollState;
    }
}
