package com.echoworx.edt.internal.credential;

import com.echoworx.edt.common.ErrorCodes;
import com.echoworx.edt.common.pki.EDTX509Certificate;
import com.echoworx.edt.common.registry.CryptographyFacade;
import com.echoworx.edt.common.registry.HandlerRegistry;
import com.echoworx.edt.common.registry.HandlerType;
import com.echoworx.edt.common.registry.LoggingFacade;
import com.echoworx.edt.common.registry.PKIFacade;
import com.echoworx.edt.credential.domain.Password;
import com.echoworx.edt.credential.domain.UserCredentials;
import com.echoworx.edt.internal.common.AbstractServiceModel;
import com.echoworx.edt.internal.common.ParseServerResponseException;
import com.echoworx.edt.internal.common.communication.ESSSecureChannel;
import com.echoworx.edt.internal.common.communication.ESSXMLConstants;
import com.echoworx.edt.internal.common.communication.XMLConnection;
import com.echoworx.edt.internal.common.communication.XMLSchema;
import com.echoworx.edt.internal.util.Base64;
import com.echoworx.edt.internal.util.PKIUtils;
import org.w3c.dom.Document;

/* loaded from: classes.dex */
public class RolloverCredentialsModel extends AbstractServiceModel {
    protected UserCredentials fCredentials;
    protected CryptographyFacade fCryptoHelper;
    protected PKIFacade fPKIHelper;
    protected Password fPassword;
    protected ESSSecureChannel fSecureChannel;
    protected String fSecureId;
    private LoggingFacade logger;

    public RolloverCredentialsModel(ESSSecureChannel eSSSecureChannel, String str, Password password) {
        super(eSSSecureChannel.getURL());
        this.logger = ((LoggingFacade) HandlerRegistry.getHandler(HandlerType.LOG_FACADE)).getLogger(RegisterCredentialModel.class);
        this.fSecureId = null;
        this.fSecureChannel = null;
        this.fSecureChannel = eSSSecureChannel;
        this.fSecureId = str;
        this.fPassword = password;
        this.fCryptoHelper = (CryptographyFacade) HandlerRegistry.getHandler(HandlerType.CRYPTOGRAPHY_FACADE);
        this.fPKIHelper = (PKIFacade) HandlerRegistry.getHandler(HandlerType.PKI_FACADE);
    }

    public UserCredentials getCredentials() {
        return this.fCredentials;
    }

    public void invoke() {
        this.logger.debug("Attempting rollover CSR request");
        CSRRequestDataModel invoke = new CertificateSignRequestRolloverModel(this.fSecureChannel, this.fSecureId, this.fPassword).invoke(2048);
        this.logger.debug("CSR request completed.");
        if (invoke == null || invoke.getCredentialsDataModel() == null || invoke.getCredentialsDataModel().getHashedAnswers() == null) {
            this.logger.error("Could not retrieve data from a rollover for secure ID: " + this.fSecureId);
            ParseServerResponseException parseServerResponseException = new ParseServerResponseException(ErrorCodes.getErrorStringWithExtendedInfo(1002, "Could not retrieve data from a rollover CSR."));
            parseServerResponseException.setErrorCode(1002);
            parseServerResponseException.setURL(this.fSecureChannel.getURL());
            throw parseServerResponseException;
        }
        String encode = Base64.encode(this.fPKIHelper.encryptPKCS7(invoke.getCredentialsDataModel().getHashedAnswers(), new EDTX509Certificate[]{invoke.getTemplateCertificate()}));
        String encode2 = Base64.encode(invoke.getSignCredential().getLeafCertificate().getEncoded());
        String encode3 = Base64.encode(invoke.getCipherCredential().getLeafCertificate().getEncoded());
        ProtectedCredentialsPackage buildCredentialPackage = invoke.buildCredentialPackage();
        String KSS_KEYROLLOVERCOMMIT = XMLSchema.KSS_KEYROLLOVERCOMMIT(this.fSecureId, encode, Base64.encode(buildCredentialPackage.getSigningKeyBlobContents()), Base64.encode(buildCredentialPackage.getCipherKeyBlobContents()), encode2, encode3, Base64.encode(buildCredentialPackage.getKeyPrincipal()), invoke.buildKeyEscrowsList(invoke.getCredentialsDataModel().getSessionKey()));
        try {
            Document processRequest = this.fSecureChannel.processRequest(KSS_KEYROLLOVERCOMMIT);
            if (processRequest == null) {
                throw getCommunicationResponseException(KSS_KEYROLLOVERCOMMIT, "Key commit response was empty.");
            }
            if (!XMLConnection.checkXMLResponse(processRequest, ESSXMLConstants.OPERATION_KEYROLLOVERCOMMIT, ESSXMLConstants.RESPONSE_VALUE_OK)) {
                this.logger.warn("Key commit on rollover failed");
            }
            invoke.getCredentialsDataModel().getSigningKeyContainer().removeCertificate(invoke.getCredentialsDataModel().getSigningKeyContainer().getCertificateByCanonicalName(PKIUtils.KEY_SERVICE_TEMPORARY_CERTIFICATE_NAME));
            this.fCredentials = new UserCredentials(invoke.getCredentialsDataModel().getSigningKeyContainer(), invoke.getCredentialsDataModel().getCipherKeyContainer(), invoke.getCredentialsDataModel().getCredentialThumbPrint());
        } catch (Exception e) {
            throw getCommunicationException(KSS_KEYROLLOVERCOMMIT, "Could not commit keys.", e);
        }
    }
}
