package com.comodo.mdm.security;

import android.content.Context;
import com.comodo.mdm.Command;
import com.comodo.mdm.Logger;
import com.comodo.mdm.utils.Utils;
import java.io.FileWriter;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Vector;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.DERPrintableString;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.ExtendedKeyUsage;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.ExtensionsGenerator;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.asn1.x509.GeneralNames;
import org.spongycastle.asn1.x509.KeyPurposeId;
import org.spongycastle.asn1.x509.KeyUsage;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.asn1.x509.X509Extension;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.openssl.PEMWriter;
import org.spongycastle.operator.ContentSigner;
import org.spongycastle.operator.ContentVerifierProvider;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.spongycastle.pkcs.PKCS10CertificationRequest;
import org.spongycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.spongycastle.pkcs.PKCSException;
import org.spongycastle.util.io.pem.PemObject;
import org.spongycastle.util.io.pem.PemObjectGenerator;

/* loaded from: classes.dex */
public class GenerateCSR {
    private Context context;
    private PrivateKey privateKey;
    private Command.SCEPSetting scepSettings;

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    public GenerateCSR(Context context, Command.SCEPSetting sCEPSetting) {
        this.context = context;
        this.scepSettings = sCEPSetting;
    }

    private PKCS10CertificationRequest _generateRequest(KeyPair keyPair) {
        ContentSigner contentSigner;
        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
        String alternativeName = this.scepSettings.getAlternativeName();
        PKCS10CertificationRequestBuilder pKCS10CertificationRequestBuilder = new PKCS10CertificationRequestBuilder(new X500Name("CN=" + alternativeName + ", O=" + this.scepSettings.getCompanyName() + ", CN=" + Utils.INSTANCE.getUUID(this.context) + ", CN=Android"), subjectPublicKeyInfo);
        pKCS10CertificationRequestBuilder.addAttribute(X509Extension.keyUsage, new KeyUsage(184));
        Vector vector = new Vector();
        vector.add(KeyPurposeId.id_kp_clientAuth);
        vector.add(KeyPurposeId.id_kp_serverAuth);
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        try {
            extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) new GeneralNames(new GeneralName(1, alternativeName)));
        } catch (IOException e) {
            Logger.INSTANCE.e(e.getLocalizedMessage());
        }
        pKCS10CertificationRequestBuilder.addAttribute(X509Extension.extendedKeyUsage, new ExtendedKeyUsage(vector));
        pKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder("SHA1WithRSAEncryption");
        jcaContentSignerBuilder.setProvider("SC");
        ContentVerifierProvider contentVerifierProvider = null;
        try {
            contentSigner = jcaContentSignerBuilder.build(keyPair.getPrivate());
        } catch (OperatorCreationException e2) {
            Logger.INSTANCE.e(e2.getLocalizedMessage());
            contentSigner = null;
        }
        pKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString("mdmself"));
        PKCS10CertificationRequest build = pKCS10CertificationRequestBuilder.build(contentSigner);
        try {
            contentVerifierProvider = new JcaContentVerifierProviderBuilder().build(keyPair.getPublic());
        } catch (OperatorCreationException e3) {
            Logger.INSTANCE.e(e3.getLocalizedMessage());
        }
        try {
            Logger.INSTANCE.e("isSignatureValid? " + build.isSignatureValid(contentVerifierProvider));
        } catch (PKCSException e4) {
            Logger.INSTANCE.e(e4.getLocalizedMessage());
        }
        Logger.INSTANCE.d(build.getSubject().toString());
        return build;
    }

    private void _pemEncodeToFile(String str, PKCS10CertificationRequest pKCS10CertificationRequest) throws IOException {
        PemObject pemObject = new PemObject("CERTIFICATE REQUEST", pKCS10CertificationRequest.getEncoded());
        PEMWriter pEMWriter = new PEMWriter(new FileWriter(str));
        pEMWriter.writeObject((PemObjectGenerator) pemObject);
        pEMWriter.flush();
        pEMWriter.close();
        PEMWriter pEMWriter2 = new PEMWriter(new FileWriter(this.context.getFilesDir() + "/local.key"));
        pEMWriter2.writeObject(this.privateKey);
        pEMWriter2.close();
    }

    public void createCSR() throws IOException, NoSuchProviderException, NoSuchAlgorithmException {
        SecureRandom secureRandom = new SecureRandom();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "SC");
        keyPairGenerator.initialize(2048, secureRandom);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        this.privateKey = generateKeyPair.getPrivate();
        _pemEncodeToFile(this.context.getFilesDir() + "/local.csr", _generateRequest(generateKeyPair));
    }
}
