package com.aspose.pdf.internal.imaging.internal.bouncycastle.est;

import com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.ASN1InputStream;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.ASN1Sequence;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.cms.ContentInfo;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.est.CsrAttrs;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.cert.X509CRLHolder;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.cert.X509CertificateHolder;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.cmc.CMCException;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.cmc.SimplePKIResponse;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.operator.ContentSigner;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.pkcs.PKCS10CertificationRequest;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.util.Selector;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.util.Store;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.util.encoders.Base64;
import com.aspose.pdf.internal.ms.System.Net.WebRequestMethods;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.net.URL;
import java.text.SimpleDateFormat;
import java.util.Collection;
import java.util.HashSet;
import java.util.Locale;
import java.util.Set;
import java.util.TimeZone;
import java.util.regex.Pattern;

/* loaded from: input_file:com/aspose/pdf/internal/imaging/internal/bouncycastle/est/ESTService.class */
public class ESTService {
    private static Set<String> m12636;
    private final String a;
    private final ESTClientProvider m12637;
    private static final Pattern m12638;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ESTService(String str, String str2, ESTClientProvider eSTClientProvider) {
        String m394 = m394(str);
        if (str2 != null) {
            this.a = "https://" + m394 + "/.well-known/est/" + a(str2);
        } else {
            this.a = "https://" + m394 + "/.well-known/est";
        }
        this.m12637 = eSTClientProvider;
    }

    public static X509CertificateHolder[] storeToArray(Store<X509CertificateHolder> store) {
        return storeToArray(store, null);
    }

    public static X509CertificateHolder[] storeToArray(Store<X509CertificateHolder> store, Selector<X509CertificateHolder> selector) {
        Collection<X509CertificateHolder> matches = store.getMatches(selector);
        return (X509CertificateHolder[]) matches.toArray(new X509CertificateHolder[matches.size()]);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v34, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r3v14, types: [java.lang.Throwable] */
    public CACertsResponse getCACerts() throws Exception {
        ESTResponse eSTResponse = null;
        Object obj = null;
        ESTResponse eSTResponse2 = null;
        try {
            try {
                URL url = new URL(this.a + "/cacerts");
                ESTClient makeClient = this.m12637.makeClient();
                ESTRequest build = new ESTRequestBuilder("GET", url).withClient(makeClient).build();
                ESTResponse doRequest = makeClient.doRequest(build);
                Store<X509CertificateHolder> store = null;
                Store<X509CRLHolder> store2 = null;
                if (doRequest.getStatusCode() == 200) {
                    if (!"application/pkcs7-mime".equals(doRequest.getHeaders().m1("Content-Type"))) {
                        throw new ESTException("Response : " + url.toString() + "Expecting application/pkcs7-mime " + (doRequest.getHeaders().m1("Content-Type") != null ? " got " + doRequest.getHeaders().m1("Content-Type") : " but was not present."), null, doRequest.getStatusCode(), doRequest.getInputStream());
                    }
                    try {
                        if (doRequest.getContentLength() != null && doRequest.getContentLength().longValue() > 0) {
                            SimplePKIResponse simplePKIResponse = new SimplePKIResponse(ContentInfo.getInstance((ASN1Sequence) new ASN1InputStream(doRequest.getInputStream()).readObject()));
                            store = simplePKIResponse.getCertificates();
                            store2 = simplePKIResponse.getCRLs();
                        }
                    } catch (Throwable th) {
                        throw new ESTException("Decoding CACerts: " + url.toString() + " " + th.getMessage(), th, doRequest.getStatusCode(), doRequest.getInputStream());
                    }
                } else if (doRequest.getStatusCode() != 204) {
                    throw new ESTException("Get CACerts: " + url.toString(), null, doRequest.getStatusCode(), doRequest.getInputStream());
                }
                CACertsResponse cACertsResponse = new CACertsResponse(store, store2, build, doRequest.getSource(), this.m12637.isTrusted());
                ESTResponse eSTResponse3 = doRequest;
                if (eSTResponse3 != null) {
                    try {
                        eSTResponse3 = doRequest;
                        eSTResponse3.close();
                    } catch (Exception e) {
                        eSTResponse2 = eSTResponse3;
                    }
                }
                if (eSTResponse2 == null) {
                    return cACertsResponse;
                }
                if (eSTResponse2 instanceof ESTException) {
                    throw eSTResponse2;
                }
                throw new ESTException("Get CACerts: " + url.toString(), eSTResponse2, doRequest.getStatusCode(), null);
            } catch (Throwable th2) {
                if (obj instanceof ESTException) {
                    throw ((ESTException) th2);
                }
                throw new ESTException(th2.getMessage(), th2);
            }
        } catch (Throwable th3) {
            if (0 != 0) {
                try {
                    eSTResponse.close();
                } catch (Exception unused) {
                }
            }
            throw th3;
        }
    }

    public EnrollmentResponse simpleEnroll(EnrollmentResponse enrollmentResponse) throws Exception {
        if (!this.m12637.isTrusted()) {
            throw new IllegalStateException("No trust anchors.");
        }
        Object obj = null;
        ESTResponse eSTResponse = null;
        try {
            try {
                ESTClient makeClient = this.m12637.makeClient();
                ESTResponse doRequest = makeClient.doRequest(new ESTRequestBuilder(enrollmentResponse.getRequestToRetry()).withClient(makeClient).build());
                eSTResponse = doRequest;
                EnrollmentResponse m4 = m4(doRequest);
                if (eSTResponse != null) {
                    eSTResponse.close();
                }
                return m4;
            } catch (Throwable th) {
                if (obj instanceof ESTException) {
                    throw ((ESTException) th);
                }
                throw new ESTException(th.getMessage(), th);
            }
        } catch (Throwable th2) {
            if (eSTResponse != null) {
                eSTResponse.close();
            }
            throw th2;
        }
    }

    public EnrollmentResponse simpleEnroll(boolean z, PKCS10CertificationRequest pKCS10CertificationRequest, ESTAuth eSTAuth) throws IOException {
        if (!this.m12637.isTrusted()) {
            throw new IllegalStateException("No trust anchors.");
        }
        Object obj = null;
        ESTResponse eSTResponse = null;
        try {
            try {
                byte[] bytes = m134(pKCS10CertificationRequest.getEncoded()).getBytes();
                URL url = new URL(this.a + (z ? "/simplereenroll" : "/simpleenroll"));
                ESTClient makeClient = this.m12637.makeClient();
                ESTRequestBuilder withClient = new ESTRequestBuilder(WebRequestMethods.Http.POST, url).withData(bytes).withClient(makeClient);
                withClient.addHeader("Content-Type", "application/pkcs10");
                withClient.addHeader("Content-Length", new StringBuilder().append(bytes.length).toString());
                withClient.addHeader("Content-Transfer-Encoding", "base64");
                if (eSTAuth != null) {
                    eSTAuth.applyAuth(withClient);
                }
                ESTResponse doRequest = makeClient.doRequest(withClient.build());
                eSTResponse = doRequest;
                EnrollmentResponse m4 = m4(doRequest);
                if (eSTResponse != null) {
                    eSTResponse.close();
                }
                return m4;
            } catch (Throwable th) {
                if (obj instanceof ESTException) {
                    throw ((ESTException) th);
                }
                throw new ESTException(th.getMessage(), th);
            }
        } catch (Throwable th2) {
            if (eSTResponse != null) {
                eSTResponse.close();
            }
            throw th2;
        }
    }

    public EnrollmentResponse simpleEnrollPoP(boolean z, PKCS10CertificationRequestBuilder pKCS10CertificationRequestBuilder, ContentSigner contentSigner, ESTAuth eSTAuth) throws IOException {
        if (!this.m12637.isTrusted()) {
            throw new IllegalStateException("No trust anchors.");
        }
        Object obj = null;
        ESTResponse eSTResponse = null;
        try {
            try {
                URL url = new URL(this.a + (z ? "/simplereenroll" : "/simpleenroll"));
                ESTClient makeClient = this.m12637.makeClient();
                ESTRequestBuilder withConnectionListener = new ESTRequestBuilder(WebRequestMethods.Http.POST, url).withClient(makeClient).withConnectionListener(new z5(this, pKCS10CertificationRequestBuilder, contentSigner));
                if (eSTAuth != null) {
                    eSTAuth.applyAuth(withConnectionListener);
                }
                ESTResponse doRequest = makeClient.doRequest(withConnectionListener.build());
                eSTResponse = doRequest;
                EnrollmentResponse m4 = m4(doRequest);
                if (eSTResponse != null) {
                    eSTResponse.close();
                }
                return m4;
            } catch (Throwable th) {
                if (obj instanceof ESTException) {
                    throw ((ESTException) th);
                }
                throw new ESTException(th.getMessage(), th);
            }
        } catch (Throwable th2) {
            if (eSTResponse != null) {
                eSTResponse.close();
            }
            throw th2;
        }
    }

    private static EnrollmentResponse m4(ESTResponse eSTResponse) throws IOException {
        long time;
        ESTRequest originalRequest = eSTResponse.getOriginalRequest();
        if (eSTResponse.getStatusCode() != 202) {
            if (eSTResponse.getStatusCode() != 200) {
                throw new ESTException("Simple Enroll: " + originalRequest.getURL().toString(), null, eSTResponse.getStatusCode(), eSTResponse.getInputStream());
            }
            try {
                return new EnrollmentResponse(new SimplePKIResponse(ContentInfo.getInstance(new ASN1InputStream(eSTResponse.getInputStream()).readObject())).getCertificates(), -1L, null, eSTResponse.getSource());
            } catch (CMCException e) {
                throw new ESTException(e.getMessage(), e.getCause());
            }
        }
        String header = eSTResponse.getHeader("Retry-After");
        if (header == null) {
            throw new ESTException("Got Status 202 but not Retry-After header from: " + originalRequest.getURL().toString());
        }
        try {
            time = System.currentTimeMillis() + (Long.parseLong(header) * 1000);
        } catch (NumberFormatException unused) {
            try {
                SimpleDateFormat simpleDateFormat = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss z", Locale.US);
                simpleDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
                time = simpleDateFormat.parse(header).getTime();
            } catch (Exception e2) {
                throw new ESTException("Unable to parse Retry-After header:" + originalRequest.getURL().toString() + " " + e2.getMessage(), null, eSTResponse.getStatusCode(), eSTResponse.getInputStream());
            }
        }
        return new EnrollmentResponse(null, time, originalRequest, eSTResponse.getSource());
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v20, types: [java.lang.Exception] */
    /* JADX WARN: Type inference failed for: r3v20, types: [java.lang.Throwable] */
    public CSRRequestResponse getCSRAttributes() throws ESTException {
        if (!this.m12637.isTrusted()) {
            throw new IllegalStateException("No trust anchors.");
        }
        ESTResponse eSTResponse = null;
        CSRAttributesResponse cSRAttributesResponse = null;
        Object obj = null;
        ESTResponse eSTResponse2 = null;
        try {
            try {
                URL url = new URL(this.a + "/csrattrs");
                ESTClient makeClient = this.m12637.makeClient();
                ESTRequest build = new ESTRequestBuilder("GET", url).withClient(makeClient).build();
                ESTResponse doRequest = makeClient.doRequest(build);
                switch (doRequest.getStatusCode()) {
                    case 200:
                        try {
                            if (doRequest.getContentLength() != null && doRequest.getContentLength().longValue() > 0) {
                                cSRAttributesResponse = new CSRAttributesResponse(CsrAttrs.getInstance((ASN1Sequence) new ASN1InputStream(doRequest.getInputStream()).readObject()));
                            }
                            break;
                        } catch (Throwable th) {
                            throw new ESTException("Decoding CACerts: " + url.toString() + " " + th.getMessage(), th, doRequest.getStatusCode(), doRequest.getInputStream());
                        }
                        break;
                    case 204:
                        cSRAttributesResponse = null;
                        break;
                    case 404:
                        cSRAttributesResponse = null;
                        break;
                    default:
                        throw new ESTException("CSR Attribute request: " + build.getURL().toString(), null, doRequest.getStatusCode(), doRequest.getInputStream());
                }
                ESTResponse eSTResponse3 = doRequest;
                if (eSTResponse3 != null) {
                    try {
                        eSTResponse3 = doRequest;
                        eSTResponse3.close();
                    } catch (Exception e) {
                        eSTResponse2 = eSTResponse3;
                    }
                }
                if (eSTResponse2 == null) {
                    return new CSRRequestResponse(cSRAttributesResponse, doRequest.getSource());
                }
                if (eSTResponse2 instanceof ESTException) {
                    throw ((ESTException) eSTResponse2);
                }
                throw new ESTException(eSTResponse2.getMessage(), eSTResponse2, doRequest.getStatusCode(), null);
            } catch (Throwable th2) {
                if (0 != 0) {
                    try {
                        eSTResponse.close();
                    } catch (Exception unused) {
                    }
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (obj instanceof ESTException) {
                throw ((ESTException) th3);
            }
            throw new ESTException(th3.getMessage(), th3);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String m134(byte[] bArr) {
        int i = 0;
        StringWriter stringWriter = new StringWriter();
        PrintWriter printWriter = new PrintWriter(stringWriter);
        do {
            if (i + 48 < bArr.length) {
                printWriter.print(Base64.toBase64String(bArr, i, 48));
                i += 48;
            } else {
                printWriter.print(Base64.toBase64String(bArr, i, bArr.length - i));
                i = bArr.length;
            }
            printWriter.print('\n');
        } while (i < bArr.length);
        printWriter.flush();
        return stringWriter.toString();
    }

    private static String a(String str) {
        while (str.endsWith("/") && str.length() > 0) {
            str = str.substring(0, str.length() - 1);
        }
        while (str.startsWith("/") && str.length() > 0) {
            str = str.substring(1);
        }
        if (str.length() == 0) {
            throw new IllegalArgumentException("Label set but after trimming '/' is not zero length string.");
        }
        if (!m12638.matcher(str).matches()) {
            throw new IllegalArgumentException("Server path " + str + " contains invalid characters");
        }
        if (m12636.contains(str)) {
            throw new IllegalArgumentException("Label " + str + " is a reserved path segment.");
        }
        return str;
    }

    private static String m394(String str) {
        String substring;
        while (str.endsWith("/") && str.length() > 0) {
            try {
                substring = str.substring(0, str.length() - 1);
                str = substring;
            } catch (Exception e) {
                if (substring instanceof IllegalArgumentException) {
                    throw ((IllegalArgumentException) e);
                }
                throw new IllegalArgumentException("Scheme and host is invalid: " + e.getMessage(), e);
            }
        }
        if (str.contains("://")) {
            throw new IllegalArgumentException("Server contains scheme, must only be <dnsname/ipaddress>:port, https:// will be added arbitrarily.");
        }
        URL url = new URL("https://" + str);
        if (url.getPath().length() == 0 || url.getPath().equals("/")) {
            return str;
        }
        throw new IllegalArgumentException("Server contains path, must only be <dnsname/ipaddress>:port, a path of '/.well-known/est/<label>' will be added arbitrarily.");
    }

    static {
        HashSet hashSet = new HashSet();
        m12636 = hashSet;
        hashSet.add("/cacerts".substring(1));
        m12636.add("/simpleenroll".substring(1));
        m12636.add("/simplereenroll".substring(1));
        m12636.add("/fullcmc".substring(1));
        m12636.add("/serverkeygen".substring(1));
        m12636.add("/csrattrs".substring(1));
        m12638 = Pattern.compile("^[0-9a-zA-Z_\\-.~!$&'()*+,;=]+");
    }
}
