package com.microsoft.windowsintune.companyportal.enrollment;

import android.content.Context;
import android.util.Base64;
import com.microsoft.windowsintune.companyportal.exceptions.EnrollmentException;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;

/* loaded from: classes3.dex */
public class EnrollmentCertRequestGenerator {
    private static final int KEY_LENGTH = 2048;
    private static final String SIGNATURE_ALGORITHM = "SHA256withRSA";
    private static final String SUBJECT_NAME = "CN=ConfigMgrEnroll";

    private static KeyPair createKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public CertToken generate() throws EnrollmentException {
        try {
            KeyPair createKeyPair = createKeyPair();
            try {
                try {
                    return new CertToken(createKeyPair, Base64.encodeToString(new JcaPKCS10CertificationRequestBuilder(new X500Name(SUBJECT_NAME), createKeyPair.getPublic()).build(new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).build(createKeyPair.getPrivate())).getEncoded(), 2));
                } catch (IOException e) {
                    throw new EnrollmentException("cannot create the cert request", e);
                }
            } catch (OperatorCreationException e2) {
                throw new EnrollmentException("cannot create a signer", e2);
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new EnrollmentException("cannot create a keypair ", e3);
        }
    }

    public String signRequest(Context context, String str) throws EnrollmentException {
        try {
            return Base64.encodeToString(SignRequest.create(context, Base64.decode(str, 0)), 0);
        } catch (Exception e) {
            throw new EnrollmentException("Error signing request: " + e.getMessage(), e);
        }
    }
}
