package com.microsoft.identity.broker4j.workplacejoin.requests;

import com.microsoft.identity.broker4j.broker.crypto.IBrokerCryptoFactory;
import com.microsoft.identity.broker4j.workplacejoin.WorkplaceJoinFailure;
import com.microsoft.identity.common.java.AuthenticationConstants;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.logging.Logger;
import com.microsoft.identity.common.java.opentelemetry.CryptoFactoryTelemetryHelper;
import com.microsoft.identity.common.java.opentelemetry.CryptoObjectName;
import com.microsoft.identity.common.java.opentelemetry.ICryptoOperation;
import com.microsoft.identity.common.java.util.StringUtil;
import java.io.IOException;
import java.io.StringWriter;
import java.security.KeyPair;
import java.util.StringTokenizer;
import lombok.NonNull;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.tls.CipherSuite;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: classes2.dex */
public class CertSigningRequestGenerator {
    private static final String ASN1_OID_FOR_CSR_NONCE_EXTENSION = "1.2.840.113556.1.5.284.2.1";
    public static final String CERTIFICATE_TYPE = "CERTIFICATE REQUEST";
    public static final String COMMON_NAME = "CN";
    public static final String COUNTRY_NAME = "C";
    public static final String DEFAULT_X500DIR_NAME = "CN=AGREEYA";
    public static final String EMAIL_ADDRESS = "EMAIL";
    public static final String LOCALITY_NAME = "L";
    public static final String ORG_NAME = "O";
    public static final String ORG_UNIT_NAME = "OU";
    private static final String TAG = CertSigningRequestGenerator.class.getSimpleName() + "#";
    private static final Configuration mDataForPKCS = new Configuration();
    private final IBrokerCryptoFactory mCryptoFactory;

    /* loaded from: classes2.dex */
    public enum AlgorithEnum {
        DSA1024,
        RSA1024,
        RSA2048
    }

    /* loaded from: classes2.dex */
    public static class Configuration {
        private KeyUsage mKeyUsage;
        private String mNonce;
        private AlgorithEnum mAlgorithm = AlgorithEnum.RSA2048;
        private SignatureAlgorithmEnum mSignatureAlgorithm = SignatureAlgorithmEnum.SHA256WithRSAEncryption;
        private KeyPurposeId mKeyPurposeId = KeyPurposeId.id_kp_clientAuth;
        private String mX500DirName = "";

        private void addX500DirAttribute(@NonNull String str, @NonNull String str2) {
            if (str == null) {
                throw new NullPointerException("attr is marked non-null but is null");
            }
            if (str2 == null) {
                throw new NullPointerException("value is marked non-null but is null");
            }
            if (this.mX500DirName.length() > 0) {
                this.mX500DirName += "+";
            }
            this.mX500DirName += str + "=" + str2;
        }

        public String getAlgorithmString() {
            return this.mAlgorithm.toString().subSequence(0, 3).toString();
        }

        public KeyPurposeId getKeyPurposeId() {
            return this.mKeyPurposeId;
        }

        public int getKeySize() {
            try {
                return Integer.parseInt(this.mAlgorithm.toString().substring(3));
            } catch (NumberFormatException unused) {
                return 2048;
            }
        }

        public KeyUsage getKeyUsage() {
            KeyUsage keyUsage = this.mKeyUsage;
            return keyUsage != null ? keyUsage : new KeyUsage(CipherSuite.TLS_RSA_PSK_WITH_NULL_SHA256);
        }

        public SignatureAlgorithmEnum getSignatureAlgorithm() {
            return this.mSignatureAlgorithm;
        }

        public String getX500DirName() {
            return this.mX500DirName.length() > 0 ? this.mX500DirName : CertSigningRequestGenerator.DEFAULT_X500DIR_NAME;
        }

        public void setAlgorithm(AlgorithEnum algorithEnum) {
            this.mAlgorithm = algorithEnum;
        }

        public void setCommonName(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("commonName is marked non-null but is null");
            }
            addX500DirAttribute(CertSigningRequestGenerator.COMMON_NAME, str);
        }

        public void setCountryName(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("country is marked non-null but is null");
            }
            addX500DirAttribute(CertSigningRequestGenerator.COUNTRY_NAME, str);
        }

        public void setEmailAddress(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("emailAddress is marked non-null but is null");
            }
            addX500DirAttribute(CertSigningRequestGenerator.EMAIL_ADDRESS, str);
        }

        public void setKeyPurposeId(KeyPurposeId keyPurposeId) {
            this.mKeyPurposeId = keyPurposeId;
        }

        public void setKeyUsage(int... iArr) {
            int i = 0;
            for (int i2 : iArr) {
                i |= i2;
            }
            this.mKeyUsage = new KeyUsage(i);
        }

        public void setLocalityName(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("localityName is marked non-null but is null");
            }
            addX500DirAttribute(CertSigningRequestGenerator.LOCALITY_NAME, str);
        }

        public void setNonce(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("nonce is marked non-null but is null");
            }
            this.mNonce = str;
        }

        public void setOrgName(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("orgName is marked non-null but is null");
            }
            addX500DirAttribute(CertSigningRequestGenerator.ORG_NAME, str);
        }

        public void setOrgUnitName(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("orgUnitName is marked non-null but is null");
            }
            addX500DirAttribute(CertSigningRequestGenerator.ORG_UNIT_NAME, str);
        }

        public void setSignatureAlgorithm(SignatureAlgorithmEnum signatureAlgorithmEnum) {
            this.mSignatureAlgorithm = signatureAlgorithmEnum;
        }
    }

    /* loaded from: classes2.dex */
    public enum SignatureAlgorithmEnum {
        SHA1WithRSAEncryption,
        SHA224WithRSAEncryption,
        SHA256WithRSAEncryption,
        SHA384WithRSAEncryption,
        SHA512WithRSAEncryption,
        idDSAWithSha1
    }

    public CertSigningRequestGenerator(@NonNull IBrokerCryptoFactory iBrokerCryptoFactory) {
        if (iBrokerCryptoFactory == null) {
            throw new NullPointerException("mCryptoFactory is marked non-null but is null");
        }
        this.mCryptoFactory = iBrokerCryptoFactory;
    }

    private PKCS10CertificationRequest generateRequest(@NonNull KeyPair keyPair) throws PKCSException, ClientException, OperatorCreationException {
        if (keyPair == null) {
            throw new NullPointerException("keyPair is marked non-null but is null");
        }
        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
        Configuration configuration = mDataForPKCS;
        final PKCS10CertificationRequestBuilder pKCS10CertificationRequestBuilder = new PKCS10CertificationRequestBuilder(new X500Name(configuration.getX500DirName()), subjectPublicKeyInfo);
        pKCS10CertificationRequestBuilder.addAttribute(Extension.keyUsage, configuration.getKeyUsage());
        pKCS10CertificationRequestBuilder.addAttribute(Extension.extendedKeyUsage, new ExtendedKeyUsage(configuration.getKeyPurposeId()));
        if (!StringUtil.isNullOrEmpty(configuration.mNonce)) {
            Extension extension = new Extension(new ASN1ObjectIdentifier(ASN1_OID_FOR_CSR_NONCE_EXTENSION).intern(), false, configuration.mNonce.getBytes(AuthenticationConstants.CHARSET_UTF8));
            ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
            extensionsGenerator.addExtension(extension);
            pKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
        }
        Logger.verbose(TAG, "Signature alg:" + configuration.getSignatureAlgorithm().toString());
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(configuration.getSignatureAlgorithm().toString());
        this.mCryptoFactory.setProviderForJcaContentSigner(jcaContentSignerBuilder);
        final ContentSigner build = jcaContentSignerBuilder.build(keyPair.getPrivate());
        PKCS10CertificationRequest pKCS10CertificationRequest = (PKCS10CertificationRequest) CryptoFactoryTelemetryHelper.performCryptoOperationAndUploadTelemetry(CryptoObjectName.JcaContentSigner, configuration.getSignatureAlgorithm().toString(), this.mCryptoFactory, new ICryptoOperation<PKCS10CertificationRequest>() { // from class: com.microsoft.identity.broker4j.workplacejoin.requests.CertSigningRequestGenerator.1
            @Override // com.microsoft.identity.common.java.opentelemetry.ICryptoOperation
            public PKCS10CertificationRequest perform() throws ClientException {
                return pKCS10CertificationRequestBuilder.build(build);
            }
        });
        if (pKCS10CertificationRequest.isSignatureValid(new JcaContentVerifierProviderBuilder().build(keyPair.getPublic()))) {
            return pKCS10CertificationRequest;
        }
        throw new ClientException(ClientException.INVALID_CERTIFICATE_REQUEST, "NOT A VALID CERTIFICATE Request ", null);
    }

    public static Configuration getConfigurationForPKCS10() {
        return mDataForPKCS;
    }

    private String printCertRequest(@NonNull PKCS10CertificationRequest pKCS10CertificationRequest) throws IOException {
        if (pKCS10CertificationRequest == null) {
            throw new NullPointerException("request is marked non-null but is null");
        }
        PemObject pemObject = new PemObject("CERTIFICATE REQUEST", pKCS10CertificationRequest.getEncoded());
        StringWriter stringWriter = new StringWriter();
        PemWriter pemWriter = new PemWriter(stringWriter);
        pemWriter.writeObject(pemObject);
        pemWriter.close();
        String stringBuffer = stringWriter.getBuffer().toString();
        stringWriter.close();
        return stringBuffer;
    }

    public String generatePKCS10CertSigningRequest(@NonNull KeyPair keyPair) throws ClientException {
        if (keyPair == null) {
            throw new NullPointerException("keyPair is marked non-null but is null");
        }
        try {
            return removeFirstAndLastLine(getCertRequest(keyPair));
        } catch (ClientException e) {
            Logger.error(TAG + "getPKCS10Cert", "ERROR = " + e + " " + WorkplaceJoinFailure.CERTIFICATE, e);
            throw e;
        }
    }

    protected String getCertRequest(@NonNull KeyPair keyPair) throws ClientException {
        if (keyPair == null) {
            throw new NullPointerException("keyPair is marked non-null but is null");
        }
        try {
            return printCertRequest(generateRequest(keyPair));
        } catch (IOException e) {
            throw new ClientException("io_error", e.getMessage(), e);
        } catch (OperatorCreationException e2) {
            e = e2;
            throw new ClientException(ClientException.PKCS_FAILURE, e.getMessage(), e);
        } catch (PKCSException e3) {
            e = e3;
            throw new ClientException(ClientException.PKCS_FAILURE, e.getMessage(), e);
        }
    }

    protected String removeFirstAndLastLine(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("multiLineString is marked non-null but is null");
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str, "\n");
        int countTokens = stringTokenizer.countTokens();
        StringBuilder sb = new StringBuilder();
        int i = 0;
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (i != 0 && i != countTokens - 1) {
                sb.append(nextToken);
                sb.append("\n");
            }
            i++;
        }
        return sb.toString();
    }
}
