package org.jscep.transaction;

import java.io.IOException;
import java.security.spec.InvalidKeySpecException;
import org.jscep.asn1.IssuerAndSubject;
import org.jscep.message.CertRep;
import org.jscep.message.GetCertInitial;
import org.jscep.message.MessageDecodingException;
import org.jscep.message.MessageEncodingException;
import org.jscep.message.PkcsReq;
import org.jscep.message.PkiMessage;
import org.jscep.message.PkiMessageDecoder;
import org.jscep.message.PkiMessageEncoder;
import org.jscep.message.PkiRequest;
import org.jscep.transaction.Transaction;
import org.jscep.transport.Transport;
import org.jscep.transport.request.PkiOperationRequest;
import org.jscep.transport.response.PkiOperationResponseHandler;
import org.jscep.util.CertificationRequestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spongycastle.cms.CMSSignedData;
import org.spongycastle.pkcs.PKCS10CertificationRequest;

/* loaded from: classes3.dex */
public final class EnrollmentTransaction extends Transaction {
    private static final Logger LOGGER = LoggerFactory.getLogger(EnrollmentTransaction.class);
    private static final NonceQueue QUEUE = new NonceQueue();
    private final PkiRequest<?> request;
    private final TransactionId transId;

    public EnrollmentTransaction(Transport transport, PkiMessageEncoder pkiMessageEncoder, PkiMessageDecoder pkiMessageDecoder, IssuerAndSubject issuerAndSubject, TransactionId transactionId) {
        super(transport, pkiMessageEncoder, pkiMessageDecoder);
        this.transId = transactionId;
        this.request = new GetCertInitial(transactionId, Nonce.nextNonce(), issuerAndSubject);
    }

    public EnrollmentTransaction(Transport transport, PkiMessageEncoder pkiMessageEncoder, PkiMessageDecoder pkiMessageDecoder, PKCS10CertificationRequest pKCS10CertificationRequest) throws TransactionException {
        super(transport, pkiMessageEncoder, pkiMessageDecoder);
        try {
            this.transId = TransactionId.createTransactionId(CertificationRequestUtils.getPublicKey(pKCS10CertificationRequest), "SHA-1");
            this.request = new PkcsReq(this.transId, Nonce.nextNonce(), pKCS10CertificationRequest);
        } catch (IOException e) {
            throw new TransactionException(e);
        } catch (InvalidKeySpecException e2) {
            throw new TransactionException(e2);
        }
    }

    private void validateExchange(PkiMessage<?> pkiMessage, CertRep certRep) throws TransactionException {
        LOGGER.debug("Validating SCEP message exchange");
        if (!certRep.getTransactionId().equals(pkiMessage.getTransactionId())) {
            throw new TransactionException("Transaction ID Mismatch");
        }
        LOGGER.debug("Matched transaction IDs");
        if (!certRep.getRecipientNonce().equals(pkiMessage.getSenderNonce())) {
            throw new InvalidNonceException(pkiMessage.getSenderNonce(), certRep.getRecipientNonce());
        }
        LOGGER.debug("Matched request senderNonce and response recipientNonce");
        if (certRep.getSenderNonce() == null) {
            LOGGER.warn("Response senderNonce is null");
        } else {
            if (QUEUE.contains(certRep.getSenderNonce())) {
                throw new InvalidNonceException(certRep.getSenderNonce());
            }
            QUEUE.add(certRep.getSenderNonce());
            LOGGER.debug("{} has not been encountered before", certRep.getSenderNonce());
            LOGGER.debug("SCEP message exchange validated successfully");
        }
    }

    @Override // org.jscep.transaction.Transaction
    public TransactionId getId() {
        return this.transId;
    }

    @Override // org.jscep.transaction.Transaction
    public Transaction.State send() throws TransactionException {
        try {
            CMSSignedData encode = encode(this.request);
            LOGGER.debug("Sending {}", encode);
            CMSSignedData send = send(new PkiOperationResponseHandler(), new PkiOperationRequest(encode));
            LOGGER.debug("Received response {}", send);
            try {
                CertRep certRep = (CertRep) decode(send);
                validateExchange(this.request, certRep);
                LOGGER.debug("Response: {}", certRep);
                return certRep.getPkiStatus() == PkiStatus.FAILURE ? failure(certRep.getFailInfo()) : certRep.getPkiStatus() == PkiStatus.SUCCESS ? success(extractCertStore(certRep)) : pending();
            } catch (MessageDecodingException e) {
                throw new TransactionException(e);
            }
        } catch (MessageEncodingException e2) {
            throw new TransactionException(e2);
        }
    }
}
