package nl.aeteurope.mpki.enrollment;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.net.UnknownHostException;
import java.security.Key;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLException;
import nl.aeteurope.mpki.AETException;
import nl.aeteurope.mpki.CertificateSource;
import nl.aeteurope.mpki.CertificateStore;
import nl.aeteurope.mpki.CertificateType;
import nl.aeteurope.mpki.DomainConfiguration;
import nl.aeteurope.mpki.ErrorCode;
import nl.aeteurope.mpki.Logger;
import nl.aeteurope.mpki.ProgressIndicator;
import nl.aeteurope.mpki.backendclient.BackendClient;
import nl.aeteurope.mpki.backendclient.BackendClientException;
import nl.aeteurope.mpki.backendclient.DefaultBackendClient;
import nl.aeteurope.mpki.secureelement.IncorrectPasswordException;
import nl.aeteurope.mpki.service.bluex.xml.CommandType;
import nl.aeteurope.mpki.service.bluex.xml.ErrorOrWarningDataType;
import nl.aeteurope.mpki.service.bluex.xml.GenerateCSRCommandType;
import nl.aeteurope.mpki.service.bluex.xml.GenerateKeyPairCommandType;
import nl.aeteurope.mpki.service.bluex.xml.PersonalisationResponse;
import nl.aeteurope.mpki.service.bluex.xml.RDNAttributeDataType;
import nl.aeteurope.mpki.service.bluex.xml.WriteCertificateCommandType;

/* loaded from: classes.dex */
public class EnrollmentServiceImpl implements EnrollmentService {
    private static final String LOG = EnrollmentServiceImpl.class.getSimpleName();
    private BackendClient backendClient;
    private BlueXClient blueXClient;
    private final DomainConfiguration domainConfiguration;
    private final EnrollmentStorage enrollmentStorage;
    private final KeyPairCache keyPairCache;
    private final Logger logger;
    private String pin;
    private final ProgressIndicator progressIndicator;
    private String username;
    private final KeyPairCreator keyPairCreator = new KeyPairCreator();
    private PersonalisationResponse response = null;

    public EnrollmentServiceImpl(DomainConfiguration domainConfiguration, Logger logger, File file, ProgressIndicator progressIndicator, EnrollmentStorage enrollmentStorage) throws IOException {
        this.logger = logger;
        this.domainConfiguration = domainConfiguration;
        try {
            this.backendClient = new DefaultBackendClient(this.domainConfiguration.getEnrollmentServerConfiguration(), null, this.logger, null);
            this.blueXClient = new BlueXClient(this.backendClient, this.logger);
            this.keyPairCache = new FileKeyPairCache(file);
            this.progressIndicator = progressIndicator;
            this.enrollmentStorage = enrollmentStorage;
        } catch (BackendClientException e) {
            throw new IOException(e);
        }
    }

    private CSRCommandResult handleCSRCommand(CommandType commandType) {
        String id = commandType.getId();
        GenerateCSRCommandType generateCSR = commandType.getGenerateCSR();
        HashMap hashMap = new HashMap();
        for (RDNAttributeDataType rDNAttributeDataType : generateCSR.getSubject().getAttribute()) {
            hashMap.put(rDNAttributeDataType.getType(), rDNAttributeDataType.getValue());
        }
        return new CSRCommandResult(id, CSRCreator.generateCSR(this.keyPairCache.lookup(new BigInteger(1, generateCSR.getKey().getModulus())), hashMap));
    }

    private KeyPairCommandResult handleGenKeyPairCommand(CommandType commandType) {
        String id = commandType.getId();
        GenerateKeyPairCommandType generateKeyPair = commandType.getGenerateKeyPair();
        String value = generateKeyPair.getKeyPair().getKeyType().value();
        try {
            KeyPair generateKeyPair2 = this.keyPairCreator.generateKeyPair(value, generateKeyPair.getKeyPair().getModulusSize().intValue());
            this.keyPairCache.cache(generateKeyPair2);
            return new KeyPairCommandResult(id, generateKeyPair2);
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException("No algorithm available for KeyType: " + value, e);
        }
    }

    private void handleInsertCertificate(List<WriteCertificateCommandType> list) throws IncorrectPasswordException {
        if (list.isEmpty()) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        Iterator<WriteCertificateCommandType> it = list.iterator();
        while (it.hasNext()) {
            X509Certificate readFromInputStream = CertificateStore.readFromInputStream(new ByteArrayInputStream(it.next().getCertificate()));
            KeyPair lookup = this.keyPairCache.lookup(((RSAPublicKey) readFromInputStream.getPublicKey()).getModulus());
            String name = readFromInputStream.getSubjectDN().getName();
            if (lookup != null) {
                arrayList.add(new EnrollmentResult(lookup.getPrivate(), readFromInputStream, name, CertificateType.SOFT, CertificateSource.BLUEX));
            }
        }
        processEnrollmentResult(arrayList, this.pin, this.username);
    }

    private List<CommandResult> handleRenewalCommands(List<CommandType> list) throws IncorrectPasswordException {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (CommandType commandType : list) {
            if (commandType.getGenerateKeyPair() != null) {
                arrayList.add(handleGenKeyPairCommand(commandType));
            } else if (commandType.getGenerateCSR() != null) {
                arrayList.add(handleCSRCommand(commandType));
            } else if (commandType.getWriteCertificate() != null) {
                arrayList2.add(commandType.getWriteCertificate());
            }
        }
        handleReplaceCertificate(arrayList2);
        return arrayList;
    }

    private void handleReplaceCertificate(List<WriteCertificateCommandType> list) throws IncorrectPasswordException {
        if (list.isEmpty()) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        Iterator<WriteCertificateCommandType> it = list.iterator();
        while (it.hasNext()) {
            X509Certificate readFromInputStream = CertificateStore.readFromInputStream(new ByteArrayInputStream(it.next().getCertificate()));
            KeyPair lookup = this.keyPairCache.lookup(((RSAPublicKey) readFromInputStream.getPublicKey()).getModulus());
            String name = readFromInputStream.getSubjectDN().getName();
            if (lookup != null) {
                arrayList.add(new EnrollmentResult(lookup.getPrivate(), readFromInputStream, name, CertificateType.SOFT, CertificateSource.BLUEX));
            }
        }
        processRenewalResult(arrayList, this.pin, this.username);
    }

    private List<CommandResult> handleSoftEnrollmentCommands(List<CommandType> list) throws IncorrectPasswordException {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (CommandType commandType : list) {
            if (commandType.getGenerateKeyPair() != null) {
                arrayList.add(handleGenKeyPairCommand(commandType));
            } else if (commandType.getGenerateCSR() != null) {
                arrayList.add(handleCSRCommand(commandType));
            } else if (commandType.getWriteCertificate() != null) {
                arrayList2.add(commandType.getWriteCertificate());
            }
        }
        handleInsertCertificate(arrayList2);
        return arrayList;
    }

    private void processEnrollmentResult(List<EnrollmentResult> list, String str, String str2) throws IncorrectPasswordException {
        if (this.enrollmentStorage.retrieveEnrollmentData() == null) {
            this.enrollmentStorage.saveEnrollmentData(list, str, str2);
            return;
        }
        Iterator<EnrollmentResult> it = list.iterator();
        while (it.hasNext()) {
            this.enrollmentStorage.updateEnrollmentData(it.next(), str);
        }
    }

    private void processRenewalResult(List<EnrollmentResult> list, String str, String str2) throws IncorrectPasswordException {
        this.enrollmentStorage.retrieveEnrollmentData();
        Iterator<EnrollmentResult> it = list.iterator();
        while (it.hasNext()) {
            this.enrollmentStorage.replaceEnrollmentData(it.next(), str);
        }
    }

    private void tryHandleErrorResponse(PersonalisationResponse personalisationResponse) throws IOException {
        if (personalisationResponse.getError() == null) {
            return;
        }
        ErrorOrWarningDataType error = personalisationResponse.getError();
        this.logger.e(LOG, "Exception occurred during softEnrollment with code: " + error.getCode() + " and description: " + error.getDescription());
        throw new IOException("Enrollment exception occurred");
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentService
    public boolean continueImportSoftEnrollment(String str, Certificate certificate, String str2, Key key) {
        this.pin = str2;
        this.username = str;
        ArrayList arrayList = new ArrayList();
        this.progressIndicator.start();
        this.progressIndicator.updateEnrollmentStart();
        boolean z = false;
        if (certificate == null || key == null || !(key instanceof PrivateKey)) {
            return false;
        }
        KeyPair keyPair = new KeyPair(certificate.getPublicKey(), (PrivateKey) key);
        this.keyPairCache.cache(keyPair);
        X509Certificate x509Certificate = (X509Certificate) certificate;
        arrayList.add(new EnrollmentResult(keyPair.getPrivate(), x509Certificate, x509Certificate.getSubjectDN().getName(), CertificateType.SOFT, CertificateSource.BLUEX));
        try {
            try {
                processEnrollmentResult(arrayList, str2, str);
                z = true;
            } catch (IncorrectPasswordException e) {
                e.printStackTrace();
            }
            return z;
        } finally {
            this.progressIndicator.dismiss();
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x003b, code lost:
    
        if (r1.getBasicConstraints() == (-1)) goto L62;
     */
    /* JADX WARN: Code restructure failed: missing block: B:12:0x003e, code lost:
    
        r3 = r1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:13:0x003f, code lost:
    
        r7.pin = r12;
        r10 = new nl.aeteurope.mpki.enrollment.ReadCertificateCommandResult(r13.getId(), r3);
        r13 = new java.util.ArrayList();
        r13.add(r10);
        r10 = r7.blueXClient.sendResults(r13);
        r7.response = r10;
        tryHandleErrorResponse(r10);
     */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x0068, code lost:
    
        if (r7.response.getCommand().size() != 1) goto L48;
     */
    /* JADX WARN: Code restructure failed: missing block: B:16:0x007b, code lost:
    
        if (r7.response.getCommand().get(0).getActiveCertificate() == null) goto L48;
     */
    /* JADX WARN: Code restructure failed: missing block: B:17:0x007d, code lost:
    
        r10 = new java.util.ArrayList();
     */
    /* JADX WARN: Code restructure failed: missing block: B:19:0x0082, code lost:
    
        r4 = r3.getSubjectDN().toString();
     */
    /* JADX WARN: Code restructure failed: missing block: B:20:0x008e, code lost:
    
        if (r11.isKeyEntry(r9) == false) goto L30;
     */
    /* JADX WARN: Code restructure failed: missing block: B:21:0x0090, code lost:
    
        r2 = (java.security.PrivateKey) r11.getKey(r9, r12.toCharArray());
     */
    /* JADX WARN: Code restructure failed: missing block: B:22:0x00c1, code lost:
    
        if (r2 == null) goto L44;
     */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x00c3, code lost:
    
        r10.add(new nl.aeteurope.mpki.enrollment.EnrollmentResult(r2, r3, r4, nl.aeteurope.mpki.CertificateType.SOFT_PRE_ENROLLED, nl.aeteurope.mpki.CertificateSource.FILE));
     */
    /* JADX WARN: Code restructure failed: missing block: B:24:0x00d0, code lost:
    
        processEnrollmentResult(r10, r12, r8);
     */
    /* JADX WARN: Code restructure failed: missing block: B:25:0x00d3, code lost:
    
        r7.progressIndicator.dismiss();
     */
    /* JADX WARN: Code restructure failed: missing block: B:26:0x00d8, code lost:
    
        return;
     */
    /* JADX WARN: Code restructure failed: missing block: B:29:0x00de, code lost:
    
        throw new java.security.KeyStoreException();
     */
    /* JADX WARN: Code restructure failed: missing block: B:30:0x009c, code lost:
    
        r9 = r11.aliases();
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x00a4, code lost:
    
        if (r9.hasMoreElements() == false) goto L65;
     */
    /* JADX WARN: Code restructure failed: missing block: B:33:0x00a6, code lost:
    
        r13 = r9.nextElement();
     */
    /* JADX WARN: Code restructure failed: missing block: B:34:0x00b0, code lost:
    
        if (r11.isKeyEntry(r13) != false) goto L64;
     */
    /* JADX WARN: Code restructure failed: missing block: B:36:0x00b3, code lost:
    
        r0 = (java.security.PrivateKey) r11.getKey(r13, r12.toCharArray());
     */
    /* JADX WARN: Code restructure failed: missing block: B:37:0x00be, code lost:
    
        if (r0 == null) goto L69;
     */
    /* JADX WARN: Code restructure failed: missing block: B:39:0x00c0, code lost:
    
        r2 = r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:3:0x001c, code lost:
    
        r9 = "";
     */
    /* JADX WARN: Code restructure failed: missing block: B:46:0x00df, code lost:
    
        r7.logger.e(nl.aeteurope.mpki.enrollment.EnrollmentServiceImpl.LOG, "Could not retrieve private key from keystore");
     */
    /* JADX WARN: Code restructure failed: missing block: B:47:0x00ef, code lost:
    
        throw new nl.aeteurope.mpki.AETException(nl.aeteurope.mpki.ErrorCode.AET_ERROR_ENROLLMENT);
     */
    /* JADX WARN: Code restructure failed: missing block: B:48:0x00f0, code lost:
    
        r7.logger.e(nl.aeteurope.mpki.enrollment.EnrollmentServiceImpl.LOG, "ReadCertificate response contains more than one command or the resultCommand is not ActiveCertificate");
     */
    /* JADX WARN: Code restructure failed: missing block: B:49:0x0100, code lost:
    
        throw new nl.aeteurope.mpki.AETException(nl.aeteurope.mpki.ErrorCode.AET_ERROR_ENROLLMENT);
     */
    /* JADX WARN: Code restructure failed: missing block: B:53:0x0101, code lost:
    
        r8 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:54:0x0102, code lost:
    
        r7.logger.e(nl.aeteurope.mpki.enrollment.EnrollmentServiceImpl.LOG, "Problems with keystore:" + r8.getMessage());
     */
    /* JADX WARN: Code restructure failed: missing block: B:55:0x0125, code lost:
    
        throw new nl.aeteurope.mpki.AETException(nl.aeteurope.mpki.ErrorCode.AET_ERROR_NO_CERTIFICATES_FOUND);
     */
    /* JADX WARN: Code restructure failed: missing block: B:5:0x001e, code lost:
    
        r10 = r11.aliases();
        r0 = null;
        r1 = null;
     */
    /* JADX WARN: Code restructure failed: missing block: B:7:0x0028, code lost:
    
        if (r10.hasMoreElements() == false) goto L61;
     */
    /* JADX WARN: Code restructure failed: missing block: B:8:0x002a, code lost:
    
        r9 = r10.nextElement();
        r1 = (java.security.cert.X509Certificate) r11.getCertificate(r9);
     */
    @Override // nl.aeteurope.mpki.enrollment.EnrollmentService
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void continuePreEnrollment(java.lang.String r8, java.lang.String r9, java.lang.String r10, java.security.KeyStore r11, java.lang.String r12, nl.aeteurope.mpki.service.bluex.xml.CommandType r13) throws nl.aeteurope.mpki.secureelement.IncorrectPasswordException, java.io.IOException, nl.aeteurope.mpki.AETException {
        /*
            Method dump skipped, instructions count: 308
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: nl.aeteurope.mpki.enrollment.EnrollmentServiceImpl.continuePreEnrollment(java.lang.String, java.lang.String, java.lang.String, java.security.KeyStore, java.lang.String, nl.aeteurope.mpki.service.bluex.xml.CommandType):void");
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentService
    public PersonalisationResponse continueRenewal(String str, String str2, List<CommandResult> list) throws IncorrectPasswordException, IOException {
        this.pin = str2;
        this.username = str;
        try {
            this.progressIndicator.start();
            this.progressIndicator.updateEnrollmentCommunicating();
            PersonalisationResponse sendResults = this.blueXClient.sendResults(list);
            this.response = sendResults;
            tryHandleErrorResponse(sendResults);
            return this.response;
        } finally {
            this.progressIndicator.dismiss();
        }
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentService
    public void continueRenewal(String str, String str2, String str3, String str4, List<CommandType> list) throws IncorrectPasswordException, IOException {
        this.pin = str4;
        this.username = str;
        try {
            this.progressIndicator.start();
            this.progressIndicator.updateEnrollmentCommunicating();
            while (list != null) {
                this.progressIndicator.updateEnrollmentHandlingCommands();
                List<CommandResult> handleRenewalCommands = handleRenewalCommands(list);
                if (handleRenewalCommands.isEmpty()) {
                    break;
                }
                PersonalisationResponse sendResults = this.blueXClient.sendResults(handleRenewalCommands);
                this.response = sendResults;
                tryHandleErrorResponse(sendResults);
                list = this.response.getCommand();
            }
        } finally {
            this.progressIndicator.dismiss();
        }
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentService
    public void continueSoftEnrollment(String str, String str2, String str3, String str4, List<CommandType> list) throws IncorrectPasswordException, IOException {
        this.pin = str4;
        this.username = str;
        try {
            this.progressIndicator.start();
            this.progressIndicator.updateEnrollmentCommunicating();
            while (list != null) {
                this.progressIndicator.updateEnrollmentHandlingCommands();
                List<CommandResult> handleSoftEnrollmentCommands = handleSoftEnrollmentCommands(list);
                if (handleSoftEnrollmentCommands.isEmpty()) {
                    break;
                }
                PersonalisationResponse sendResults = this.blueXClient.sendResults(handleSoftEnrollmentCommands);
                this.response = sendResults;
                tryHandleErrorResponse(sendResults);
                list = this.response.getCommand();
            }
        } finally {
            this.progressIndicator.dismiss();
        }
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentService
    public EnrollmentStartResult performStartRequest(String str, String str2) throws AETException {
        try {
            try {
                try {
                    try {
                        try {
                            this.backendClient = new DefaultBackendClient(this.domainConfiguration.getEnrollmentServerConfiguration(), null, this.logger, null);
                            this.blueXClient = new BlueXClient(this.backendClient, this.logger);
                            this.logger.d(LOG, "supplied OTP PREFIX -> RELOADED CONFIGS SUCCESSFULLY!");
                            this.progressIndicator.start();
                            this.progressIndicator.updateEnrollmentStart();
                            PersonalisationResponse start = this.blueXClient.start(str, str2);
                            this.progressIndicator.updateEnrollmentCommunicating();
                            return new EnrollmentStartResult(start);
                        } catch (UnknownHostException e) {
                            throw new AETException(ErrorCode.AET_ERROR_CONNECTION, e);
                        }
                    } catch (Exception e2) {
                        throw new AETException(ErrorCode.AET_ERROR_ENROLLMENT, e2);
                    }
                } catch (SSLException e3) {
                    throw new AETException(ErrorCode.AET_ERROR_CONNECTION, e3);
                }
            } catch (AETException e4) {
                throw e4;
            } catch (BackendClientException e5) {
                throw new AETException(ErrorCode.AET_ERROR_CONNECTION, e5);
            }
        } finally {
            this.progressIndicator.dismiss();
        }
    }
}
