package com.microsoft.omadm.platforms.android.certmgr.data;

import com.microsoft.intune.common.xml.XMLUtils;
import com.microsoft.omadm.Services;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.logging.telemetry.IScepTelemetry;
import com.microsoft.omadm.platforms.android.certmgr.CertOperation;
import com.microsoft.omadm.platforms.android.certmgr.X500PrincipalFactory;
import com.microsoft.omadm.utils.DataEncryptionUtils;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import javax.security.auth.x500.X500Principal;
import javax.xml.namespace.NamespaceContext;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.xpath.XPathExpressionException;
import org.apache.commons.lang3.StringUtils;
import org.w3c.dom.DOMException;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: classes3.dex */
public final class ScepEnrollCertificateRequest extends ScepCertificateRequest {
    private static final String XP_EKUMAPPING = "//cp:ConfigurationParameters/cp:EKUMapping/cp:EKUMap/cp:EKUOID";
    private static final String XP_EXPIRATIONTHRESHOLD = "//cp:ConfigurationParameters/cp:ExpirationThreshold";
    private static final String XP_HASHALGORITHMS = "//cp:ConfigurationParameters/cp:HashAlgorithms/cp:HashAlgorithm";
    private static final String XP_KEYLENGTH = "//cp:ConfigurationParameters/cp:KeyLength";
    private static final String XP_KEYSTORAGEPROVIDERSETTING = "//cp:ConfigurationParameters/cp:KeyStorageProviderSetting";
    private static final String XP_KEYUSAGE = "//cp:ConfigurationParameters/cp:KeyUsage";
    private static final String XP_RP = "//CertificateRequest/RequestParameters/";
    private static final String XP_RP_CERTIFICATEREQUESTTOKEN = "//CertificateRequest/RequestParameters/CertificateRequestToken";
    private static final String XP_RP_ISSUERS = "//CertificateRequest/RequestParameters/Issuers";
    private static final String XP_RP_NDESURL = "//CertificateRequest/RequestParameters/NDESUrl";
    private static final String XP_RP_SAN_ALTNAMETYPE = "./@AltNameType";
    private static final String XP_RP_SUBJECTALTERNATIVENAME = "//CertificateRequest/RequestParameters/SubjectAlternativeName/SANs/SAN";
    private static final String XP_RP_SUBJECTNAME = "//CertificateRequest/RequestParameters/SubjectName";
    private static final String XP_SUBJECTALTERNATIVENAMEFORMAT = "//cp:ConfigurationParameters/cp:SubjectAlternativeNameFormat";
    private static final String XP_SUBJECTNAMEFORMAT = "//cp:ConfigurationParameters/cp:SubjectNameFormat";
    private static final String XP_TEMPLATENAME = "//cp:ConfigurationParameters/cp:TemplateName";
    public String certificateRequestToken;
    public List<String> ekuOidMapping;
    public Long expirationThreshold;
    public List<String> hashAlgorithms;
    public String issuers;
    public Long keyLength;
    public Long keyStorageProviderSetting;
    public Long keyUsage;
    public List<SAN> sans;
    public Long subjectAlternativeNameFormat;
    public String subjectName;
    public Long subjectNameFormat;
    public String templateName;

    private ScepEnrollCertificateRequest(String str, Long l) {
        super(str, l);
    }

    public static ScepCertificateRequest generateRequest(ScepCertificateEnrollState scepCertificateEnrollState) throws OMADMException {
        if (scepCertificateEnrollState.opType != CertOperation.CERT_ENROLL && scepCertificateEnrollState.opType != CertOperation.CERT_REPLACE) {
            throw new OMADMException("Bad Enrollment type.");
        }
        ScepEnrollCertificateRequest scepEnrollCertificateRequest = new ScepEnrollCertificateRequest(scepCertificateEnrollState.requestId, scepCertificateEnrollState.user);
        scepEnrollCertificateRequest.buildRequest(scepCertificateEnrollState);
        logEnrollmentNdesUrls(scepEnrollCertificateRequest.ndesUrls);
        return scepEnrollCertificateRequest;
    }

    public static ScepCertificateRequest generateRequest(String str, String str2, String str3, Long l) throws SAXException, IOException, ParserConfigurationException, DOMException, XPathExpressionException, OMADMException {
        XMLUtils xMLUtils = new XMLUtils(str2, new NamespaceContext() { // from class: com.microsoft.omadm.platforms.android.certmgr.data.ScepEnrollCertificateRequest.1
            @Override // javax.xml.namespace.NamespaceContext
            public String getNamespaceURI(String str4) {
                if ("cp".equals(str4)) {
                    return "http://schemas.microsoft.com/SystemCenterConfigurationManager/2012/03/07/CertificateEnrollment/ConfigurationParameters";
                }
                return null;
            }

            @Override // javax.xml.namespace.NamespaceContext
            public String getPrefix(String str4) {
                return null;
            }

            @Override // javax.xml.namespace.NamespaceContext
            public Iterator getPrefixes(String str4) {
                return null;
            }
        });
        ScepEnrollCertificateRequest scepEnrollCertificateRequest = new ScepEnrollCertificateRequest(str, l);
        scepEnrollCertificateRequest.configParameters = xMLUtils.getNodeStringContent("//CertificateRequest/ConfigurationParametersDocument");
        XMLUtils configurationDocument = getConfigurationDocument(scepEnrollCertificateRequest.configParameters);
        scepEnrollCertificateRequest.expirationThreshold = configurationDocument.getNodeLongContent(XP_EXPIRATIONTHRESHOLD);
        scepEnrollCertificateRequest.retryCount = configurationDocument.getNodeLongContent("//cp:ConfigurationParameters/cp:RetryCount");
        scepEnrollCertificateRequest.retryDelay = configurationDocument.getNodeLongContent("//cp:ConfigurationParameters/cp:RetryDelay");
        scepEnrollCertificateRequest.templateName = configurationDocument.getNodeStringContent(XP_TEMPLATENAME);
        scepEnrollCertificateRequest.subjectNameFormat = configurationDocument.getNodeLongContent(XP_SUBJECTNAMEFORMAT);
        scepEnrollCertificateRequest.subjectAlternativeNameFormat = configurationDocument.getNodeLongContent(XP_SUBJECTALTERNATIVENAMEFORMAT);
        scepEnrollCertificateRequest.keyStorageProviderSetting = configurationDocument.getNodeLongContent(XP_KEYSTORAGEPROVIDERSETTING);
        scepEnrollCertificateRequest.keyUsage = configurationDocument.getNodeLongContent(XP_KEYUSAGE);
        scepEnrollCertificateRequest.keyLength = configurationDocument.getNodeLongContent(XP_KEYLENGTH);
        scepEnrollCertificateRequest.hashAlgorithms = configurationDocument.getNodeListStringContents(XP_HASHALGORITHMS);
        scepEnrollCertificateRequest.caThumbPrint = configurationDocument.getNodeStringContent("//cp:ConfigurationParameters/cp:CAThumbprint");
        scepEnrollCertificateRequest.validityPeriod = configurationDocument.getNodeLongContent("//cp:ConfigurationParameters/cp:ValidityPeriod");
        scepEnrollCertificateRequest.validityPeriodUnit = configurationDocument.getNodeStringContent("//cp:ConfigurationParameters/cp:ValidityPeriodUnit");
        scepEnrollCertificateRequest.ekuOidMapping = configurationDocument.getNodeListStringContents(XP_EKUMAPPING);
        scepEnrollCertificateRequest.certificateRequestToken = xMLUtils.getNodeStringContent(XP_RP_CERTIFICATEREQUESTTOKEN);
        scepEnrollCertificateRequest.issuers = xMLUtils.getNodeStringContent(XP_RP_ISSUERS);
        scepEnrollCertificateRequest.ndesUrls = xMLUtils.getNodeStringContent(XP_RP_NDESURL).split(";");
        scepEnrollCertificateRequest.subjectName = xMLUtils.getNodeStringContent(XP_RP_SUBJECTNAME);
        scepEnrollCertificateRequest.sans = new ArrayList();
        NodeList nodeList = xMLUtils.getNodeList(XP_RP_SUBJECTALTERNATIVENAME);
        for (int i = 0; i < nodeList.getLength(); i++) {
            Node item = nodeList.item(i);
            SAN fromString = SAN.fromString(SAN.toSANString(xMLUtils.getNodeLongContent(XP_RP_SAN_ALTNAMETYPE, item), item.getTextContent()));
            if (fromString == null) {
                throw new OMADMException("Invalid SAN encountered.");
            }
            scepEnrollCertificateRequest.sans.add(fromString);
        }
        scepEnrollCertificateRequest.alias = str3;
        validateEnrollRequest(scepEnrollCertificateRequest);
        logEnrollmentNdesUrls(scepEnrollCertificateRequest.ndesUrls);
        return scepEnrollCertificateRequest;
    }

    private static void logEnrollmentNdesUrls(String[] strArr) {
        IScepTelemetry scepTelemetry = Services.get().getScepTelemetry();
        for (String str : strArr) {
            if (str.toLowerCase(Locale.getDefault()).startsWith("https://")) {
                scepTelemetry.logEnrollmentRequestHttpsNdesUrl();
            } else if (str.toLowerCase(Locale.getDefault()).startsWith("http://")) {
                scepTelemetry.logEnrollmentRequestHttpNdesUrl();
            } else if (!str.isEmpty()) {
                scepTelemetry.logEnrollmentRequestNotHttpHttpsNdesUrl();
            }
        }
    }

    private static void validateEnrollRequest(ScepEnrollCertificateRequest scepEnrollCertificateRequest) throws OMADMException {
        if (StringUtils.isEmpty(scepEnrollCertificateRequest.subjectName)) {
            throw new OMADMException("No subject name specified in certificate request.");
        }
        if (X500PrincipalFactory.newPrincipal(scepEnrollCertificateRequest.subjectName) == null) {
            throw new OMADMException("Request contained invalid subject name: " + scepEnrollCertificateRequest.subjectName);
        }
        if (X500PrincipalFactory.newPrincipal(scepEnrollCertificateRequest.issuers) == null) {
            throw new OMADMException("Request contained invalid issuer subject: " + scepEnrollCertificateRequest.issuers);
        }
        List<SAN> list = scepEnrollCertificateRequest.sans;
        if (list == null || list.isEmpty()) {
            return;
        }
        for (SAN san : scepEnrollCertificateRequest.sans) {
            if (san.getAsn1Encodable() == null) {
                throw new OMADMException("SAN cannot be encoded as an ASN1Encodable: " + san.toString());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateRequest
    public void buildRequest(ScepCertificateEnrollState scepCertificateEnrollState) throws OMADMException {
        super.buildRequest(scepCertificateEnrollState);
        this.templateName = scepCertificateEnrollState.templateName;
        this.subjectNameFormat = scepCertificateEnrollState.subjectNameFormat;
        this.subjectAlternativeNameFormat = scepCertificateEnrollState.subjectAlternativeNameFormat;
        this.keyStorageProviderSetting = scepCertificateEnrollState.keyStorageProviderSetting;
        this.keyUsage = scepCertificateEnrollState.keyUsage;
        this.keyLength = scepCertificateEnrollState.keyLength;
        this.certificateRequestToken = DataEncryptionUtils.decryptData(scepCertificateEnrollState.encryptedCertificateRequestToken, Services.get().getContext());
        this.subjectName = scepCertificateEnrollState.subjectName;
        this.issuers = scepCertificateEnrollState.issuers;
        this.hashAlgorithms = Arrays.asList(getListFromString(scepCertificateEnrollState.hashAlgorithms));
        this.ekuOidMapping = Arrays.asList(getListFromString(scepCertificateEnrollState.ekuOidList));
        List asList = Arrays.asList(getListFromString(scepCertificateEnrollState.sans));
        this.sans = new ArrayList();
        if (asList != null) {
            Iterator it = asList.iterator();
            while (it.hasNext()) {
                this.sans.add(SAN.fromString((String) it.next()));
            }
        }
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateRequest
    public String getAlias() {
        if (this.alias != null) {
            return this.alias;
        }
        return "User" + this.certificateHash;
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateRequest
    public X500Principal getSubjectPrincipal() {
        return X500PrincipalFactory.newPrincipal(this.subjectName);
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateRequest
    public boolean isRenewRequest() {
        return false;
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateRequest
    public boolean isReplaceRequest() {
        if (this.alias != null) {
            return true;
        }
        CertStateData certStateData = Services.get().getCertStateData();
        return (certStateData == null || certStateData.getUserCertificateByRequestId(this.requestId, this.userId) == null) ? false : true;
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateRequest
    public ScepCertificateEnrollState toState() throws OMADMException {
        return toState(null);
    }

    @Override // com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateRequest
    public ScepCertificateEnrollState toState(Long l) throws OMADMException {
        ScepCertificateEnrollState state = super.toState(l);
        state.opType = CertOperation.CERT_ENROLL;
        state.templateName = this.templateName;
        state.subjectNameFormat = this.subjectNameFormat;
        state.subjectAlternativeNameFormat = this.subjectAlternativeNameFormat;
        state.keyStorageProviderSetting = this.keyStorageProviderSetting;
        state.keyUsage = this.keyUsage;
        state.keyLength = this.keyLength;
        state.encryptedCertificateRequestToken = DataEncryptionUtils.encryptData(this.certificateRequestToken, Services.get().getContext());
        state.subjectName = this.subjectName;
        state.issuers = this.issuers;
        List<SAN> list = this.sans;
        if (list != null) {
            state.sans = getStringFromList(list.toArray());
        }
        List<String> list2 = this.ekuOidMapping;
        if (list2 != null) {
            state.ekuOidList = getStringFromList(list2.toArray());
        }
        List<String> list3 = this.hashAlgorithms;
        if (list3 != null) {
            state.hashAlgorithms = getStringFromList(list3.toArray());
        }
        return state;
    }
}
