package com.sevenprinciples.android.mdm.safeclient.scep;

import com.microsoft.identity.common.java.platform.AbstractDevicePopManager;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.net.URL;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.jscep.client.Client;
import org.jscep.client.EnrollmentResponse;
import org.jscep.client.verification.OptimisticCertificateVerifier;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class ScepClient {
    public static byte[] enrollCerificate(JSONObject jSONObject) throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        Client client = new Client(new URL(jSONObject.getString("scepUrl")), new OptimisticCertificateVerifier());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(AbstractDevicePopManager.KeyPairGeneratorAlgorithms.RSA);
        keyPairGenerator.initialize(jSONObject.getInt("keySize"));
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        X500Name x500Name = new X500Name(jSONObject.getString("subjectName"));
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, BigInteger.valueOf(1L), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + 8640000000L), x500Name, genKeyPair.getPublic());
        ContentSigner build = new JcaContentSignerBuilder("SHA256withRSA").build(genKeyPair.getPrivate());
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(build));
        JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(x500Name, genKeyPair.getPublic());
        jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(jSONObject.getString("challengePassword")));
        new EnrollmentResponse(null);
        EnrollmentResponse enrol = client.enrol(certificate, genKeyPair.getPrivate(), jcaPKCS10CertificationRequestBuilder.build(build), "NDESCA");
        Certificate[] certificateArr = new Certificate[1];
        if (enrol.isSuccess()) {
            Iterator<? extends Certificate> it = enrol.getCertStore().getCertificates(null).iterator();
            while (it.hasNext()) {
                certificateArr[0] = it.next();
            }
        } else if (enrol.isFailure()) {
            throw new Exception(enrol.getFailInfo().toString());
        }
        KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
        keyStore.load(null, null);
        keyStore.setKeyEntry(jSONObject.getString("certificateAlias"), genKeyPair.getPrivate(), "".toCharArray(), certificateArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, "".toCharArray());
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        byteArrayOutputStream.close();
        return byteArray;
    }
}
