package blended.scep.internal;

import java.math.BigInteger;
import java.net.URL;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.jscep.client.Client;
import org.jscep.client.DefaultCallbackHandler;
import org.jscep.client.EnrollmentResponse;
import org.jscep.client.verification.OptimisticCertificateVerifier;
import org.jscep.transport.response.Capabilities;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import scala.MatchError;
import scala.None$;
import scala.Predef$;
import scala.Some;
import scala.StringContext;
import scala.Tuple2;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;

/* compiled from: ScepEnroller.scala */
@ScalaSignature(bytes = "\u0006\u0001e4A!\u0001\u0002\u0001\u0013\ta1kY3q\u000b:\u0014x\u000e\u001c7fe*\u00111\u0001B\u0001\tS:$XM\u001d8bY*\u0011QAB\u0001\u0005g\u000e,\u0007OC\u0001\b\u0003\u001d\u0011G.\u001a8eK\u0012\u001c\u0001a\u0005\u0002\u0001\u0015A\u00111BD\u0007\u0002\u0019)\tQ\"A\u0003tG\u0006d\u0017-\u0003\u0002\u0010\u0019\t1\u0011I\\=SK\u001aD\u0001\"\u0005\u0001\u0003\u0002\u0003\u0006IAE\u0001\u0004G\u001a<\u0007CA\n\u0015\u001b\u0005\u0011\u0011BA\u000b\u0003\u0005)\u00196-\u001a9D_:4\u0017n\u001a\u0005\u0006/\u0001!\t\u0001G\u0001\u0007y%t\u0017\u000e\u001e \u0015\u0005eQ\u0002CA\n\u0001\u0011\u0015\tb\u00031\u0001\u0013\u0011\u0019a\u0002\u0001)A\u0005;\u0005\u0019An\\4\u0011\u0005y\u0019S\"A\u0010\u000b\u0005\u0001\n\u0013!B:mMRR'\"\u0001\u0012\u0002\u0007=\u0014x-\u0003\u0002%?\t1Aj\\4hKJD\u0001B\n\u0001\t\u0006\u0004%\taJ\u0001\u0007G2LWM\u001c;\u0016\u0003!\u0002\"!K\u0017\u000e\u0003)R!AJ\u0016\u000b\u00051\n\u0013!\u00026tG\u0016\u0004\u0018B\u0001\u0018+\u0005\u0019\u0019E.[3oi\"A\u0001\u0007\u0001E\u0001B\u0003&\u0001&A\u0004dY&,g\u000e\u001e\u0011\t\u0011I\u0002\u0001R1A\u0005\u0002M\nAaY1qgV\tA\u0007\u0005\u00026u5\taG\u0003\u00028q\u0005A!/Z:q_:\u001cXM\u0003\u0002:W\u0005IAO]1ogB|'\u000f^\u0005\u0003wY\u0012AbQ1qC\nLG.\u001b;jKND\u0001\"\u0010\u0001\t\u0002\u0003\u0006K\u0001N\u0001\u0006G\u0006\u00048\u000f\t\u0005\u000b\u007f\u0001\u0001\n\u0011cb!\n\u0013\u0001\u0015a\u0001=%cU\t\u0011\t\u0005\u0003\f\u0005\u0012c\u0015BA\"\r\u0005\u0019!V\u000f\u001d7feA\u0011QIS\u0007\u0002\r*\u0011q\tS\u0001\tg\u0016\u001cWO]5us*\t\u0011*\u0001\u0003kCZ\f\u0017BA&G\u0005\u001dYU-\u001f)bSJ\u0004\"!\u0014)\u000e\u00039S!a\u0014$\u0002\t\r,'\u000f^\u0005\u0003#:\u0013q\u0002W\u001b1s\r+'\u000f^5gS\u000e\fG/\u001a\u0005\t'\u0002A\t\u0011)Q\u0005\u0003\u0006!\u0001\u0010J\u0019!\u0011!)\u0006\u0001#b\u0001\n\u00031\u0016!\u0004:fcV,7\u000f^3s\u0017\u0016L8/F\u0001E\u0011!A\u0006\u0001#A!B\u0013!\u0015A\u0004:fcV,7\u000f^3s\u0017\u0016L8\u000f\t\u0005\t5\u0002A)\u0019!C\u00017\u0006i!/Z9vKN$XM]\"feR,\u0012\u0001\u0014\u0005\t;\u0002A\t\u0011)Q\u0005\u0019\u0006q!/Z9vKN$XM]\"feR\u0004\u0003\"B0\u0001\t\u0013\u0001\u0017aD4f]\u0016\u0014\u0018\r^3LKf\u0004\u0016-\u001b:\u0015\u0005\u0011\u000b\u0007b\u00022_!\u0003\u0005\raY\u0001\tgR\u0014XM\\4uQB\u00111\u0002Z\u0005\u0003K2\u00111!\u00138u\u0011\u00159\u0007\u0001\"\u0001i\u0003\u0019)gN]8mYR\t\u0011\u000e\u0005\u0002\fU&\u00111\u000e\u0004\u0002\u0005+:LG\u000fC\u0004n\u0001E\u0005I\u0011\u00028\u00023\u001d,g.\u001a:bi\u0016\\U-\u001f)bSJ$C-\u001a4bk2$H%M\u000b\u0002_*\u00121\r]\u0016\u0002cB\u0011!o^\u0007\u0002g*\u0011A/^\u0001\nk:\u001c\u0007.Z2lK\u0012T!A\u001e\u0007\u0002\u0015\u0005tgn\u001c;bi&|g.\u0003\u0002yg\n\tRO\\2iK\u000e\\W\r\u001a,be&\fgnY3")
/* loaded from: input_file:blended/scep/internal/ScepEnroller.class */
public class ScepEnroller {
    private final ScepConfig cfg;
    private final Logger log = LoggerFactory.getLogger(ScepEnroller.class);
    private Client client;
    private Capabilities caps;
    private Tuple2<KeyPair, X509Certificate> x$1;
    private KeyPair requesterKeys;
    private X509Certificate requesterCert;
    private volatile byte bitmap$0;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v7 */
    private Client client$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 1)) == 0) {
                this.client = new Client(new URL(this.cfg.url()), new DefaultCallbackHandler(new OptimisticCertificateVerifier()));
                this.bitmap$0 = (byte) (this.bitmap$0 | 1);
            }
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
            r0 = r0;
            return this.client;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Capabilities caps$lzycompute() {
        Capabilities caCapabilities;
        synchronized (this) {
            if (((byte) (this.bitmap$0 & 2)) == 0) {
                Some profile = this.cfg.profile();
                if (None$.MODULE$.equals(profile)) {
                    caCapabilities = client().getCaCapabilities();
                } else {
                    if (!(profile instanceof Some)) {
                        throw new MatchError(profile);
                    }
                    caCapabilities = client().getCaCapabilities((String) profile.x());
                }
                this.caps = caCapabilities;
                this.bitmap$0 = (byte) (this.bitmap$0 | 2);
            }
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        }
        return this.caps;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Tuple2 x$1$lzycompute() {
        synchronized (this) {
            if (((byte) (this.bitmap$0 & 4)) == 0) {
                KeyPair generateKeyPair = generateKeyPair(2048);
                X500Principal requester = this.cfg.requester();
                BigInteger bigInteger = BigInteger.ONE;
                Calendar calendar = Calendar.getInstance();
                calendar.add(5, -1);
                Date time = calendar.getTime();
                calendar.add(5, 2);
                JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(requester, bigInteger, time, calendar.getTime(), this.cfg.subject(), generateKeyPair.getPublic());
                jcaX509v3CertificateBuilder.addExtension(X509Extension.keyUsage, false, new KeyUsage(128));
                Tuple2 tuple2 = new Tuple2(generateKeyPair, new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(caps().getStrongestSignatureAlgorithm()).build(generateKeyPair.getPrivate()))));
                if (tuple2 == null) {
                    throw new MatchError(tuple2);
                }
                this.x$1 = new Tuple2<>((KeyPair) tuple2._1(), (X509Certificate) tuple2._2());
                this.bitmap$0 = (byte) (this.bitmap$0 | 4);
            }
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        }
        return this.x$1;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v7 */
    private KeyPair requesterKeys$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 8)) == 0) {
                this.requesterKeys = (KeyPair) x$1()._1();
                this.bitmap$0 = (byte) (this.bitmap$0 | 8);
            }
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
            r0 = r0;
            return this.requesterKeys;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v7 */
    private X509Certificate requesterCert$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 16)) == 0) {
                this.requesterCert = (X509Certificate) x$1()._2();
                this.bitmap$0 = (byte) (this.bitmap$0 | 16);
            }
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
            r0 = r0;
            return this.requesterCert;
        }
    }

    public Client client() {
        return ((byte) (this.bitmap$0 & 1)) == 0 ? client$lzycompute() : this.client;
    }

    public Capabilities caps() {
        return ((byte) (this.bitmap$0 & 2)) == 0 ? caps$lzycompute() : this.caps;
    }

    private /* synthetic */ Tuple2 x$1() {
        return ((byte) (this.bitmap$0 & 4)) == 0 ? x$1$lzycompute() : this.x$1;
    }

    public KeyPair requesterKeys() {
        return ((byte) (this.bitmap$0 & 8)) == 0 ? requesterKeys$lzycompute() : this.requesterKeys;
    }

    public X509Certificate requesterCert() {
        return ((byte) (this.bitmap$0 & 16)) == 0 ? requesterCert$lzycompute() : this.requesterCert;
    }

    private KeyPair generateKeyPair(int i) {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(i);
        return keyPairGenerator.genKeyPair();
    }

    private int generateKeyPair$default$1() {
        return 2048;
    }

    public void enroll() {
        this.log.info("Enrolling entity");
        JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(this.cfg.subject(), requesterKeys().getPublic());
        jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString("password"));
        EnrollmentResponse enrol = client().enrol(requesterCert(), requesterKeys().getPrivate(), jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").build(requesterKeys().getPrivate())));
        while (enrol.isPending()) {
            this.log.info("Waiting for PKI response");
            Thread.sleep(1000L);
        }
        if (enrol.isFailure()) {
            this.log.info(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Certificate provisioning failed: [", "]"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{enrol.getFailInfo()})));
        } else {
            this.log.info(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Retrieved [", "] certificates."})).s(Predef$.MODULE$.genericWrapArray(new Object[]{BoxesRunTime.boxToInteger(enrol.getCertStore().getCertificates(null).size())})));
        }
        this.log.info(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{BoxesRunTime.boxToBoolean(enrol.isFailure())})));
    }

    public ScepEnroller(ScepConfig scepConfig) {
        this.cfg = scepConfig;
    }
}
