package org.bouncycastle.jce.provider.test;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import org.bouncycastle.asn1.edec.EdECObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLNumber;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.TBSCertList;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.asn1.x509.V1TBSCertificateGenerator;
import org.bouncycastle.asn1.x509.V2TBSCertListGenerator;
import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;

/* loaded from: input_file:org/bouncycastle/jce/provider/test/TestCertificateGen.class */
public class TestCertificateGen {
    private static volatile long serialNumber = System.currentTimeMillis();
    private static Map algIds = new HashMap();

    static {
        algIds.put("GOST3411withGOST3410", new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94));
        algIds.put("SHA1withRSA", new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption, DERNull.INSTANCE));
        algIds.put("SHA256withRSA", new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256WithRSAEncryption, DERNull.INSTANCE));
        algIds.put("SHA1withECDSA", new AlgorithmIdentifier(X9ObjectIdentifiers.ecdsa_with_SHA1));
        algIds.put("MD5WithRSAEncryption", new AlgorithmIdentifier(PKCSObjectIdentifiers.md5WithRSAEncryption, DERNull.INSTANCE));
        algIds.put("LMS", new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_hss_lms_hashsig));
        algIds.put("Ed448", new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed448));
    }

    private static DERBitString booleanToBitString(boolean[] zArr) {
        byte[] bArr = new byte[(zArr.length + 7) / 8];
        for (int i = 0; i != zArr.length; i++) {
            int i2 = i / 8;
            bArr[i2] = (byte) (bArr[i2] | (zArr[i] ? 1 << (7 - (i % 8)) : 0));
        }
        int length = zArr.length % 8;
        return length == 0 ? new DERBitString(bArr) : new DERBitString(bArr, 8 - length);
    }

    public static X509CRL createCRL(X509Certificate x509Certificate, PrivateKey privateKey, BigInteger bigInteger) throws Exception {
        V2TBSCertListGenerator v2TBSCertListGenerator = new V2TBSCertListGenerator();
        Date date = new Date();
        X500Name x500Name = new X500Name(x509Certificate.getSubjectDN().getName());
        v2TBSCertListGenerator.setIssuer(x500Name);
        v2TBSCertListGenerator.setThisUpdate(new Time(date));
        v2TBSCertListGenerator.setNextUpdate(new Time(new Date(date.getTime() + 100000)));
        v2TBSCertListGenerator.setSignature((AlgorithmIdentifier) algIds.get("SHA256withRSA"));
        v2TBSCertListGenerator.addCRLEntry(new ASN1Integer(bigInteger), new Time(date), 9);
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifier(new GeneralNames(new GeneralName(x500Name)), x509Certificate.getSerialNumber()));
        extensionsGenerator.addExtension(Extension.cRLNumber, false, new CRLNumber(BigInteger.valueOf(1L)));
        v2TBSCertListGenerator.setExtensions(extensionsGenerator.generate());
        Signature signature = Signature.getInstance("SHA256withRSA", "BC");
        signature.initSign(privateKey);
        signature.update(v2TBSCertListGenerator.generateTBSCertList().getEncoded("DER"));
        TBSCertList generateTBSCertList = v2TBSCertListGenerator.generateTBSCertList();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(generateTBSCertList);
        aSN1EncodableVector.add((AlgorithmIdentifier) algIds.get("SHA256withRSA"));
        aSN1EncodableVector.add(new DERBitString(signature.sign()));
        return (X509CRL) CertificateFactory.getInstance("X.509", "BC").generateCRL(new ByteArrayInputStream(new DERSequence(aSN1EncodableVector).getEncoded("DER")));
    }

    public static X509Certificate createCert(X500Name x500Name, PrivateKey privateKey, String str, String str2, Extensions extensions, PublicKey publicKey) throws Exception {
        return createCert(x500Name, privateKey, new X500Name(str), str2, extensions, publicKey);
    }

    public static X509Certificate createCert(X500Name x500Name, PrivateKey privateKey, X500Name x500Name2, String str, Extensions extensions, PublicKey publicKey) throws Exception {
        V3TBSCertificateGenerator v3TBSCertificateGenerator = new V3TBSCertificateGenerator();
        long currentTimeMillis = System.currentTimeMillis();
        v3TBSCertificateGenerator.setSerialNumber(new ASN1Integer(getSerialNumber()));
        v3TBSCertificateGenerator.setIssuer(x500Name);
        v3TBSCertificateGenerator.setSubject(x500Name2);
        v3TBSCertificateGenerator.setStartDate(new Time(new Date(currentTimeMillis - 5000)));
        v3TBSCertificateGenerator.setEndDate(new Time(new Date(currentTimeMillis + 1800000)));
        v3TBSCertificateGenerator.setSignature((AlgorithmIdentifier) algIds.get(str));
        v3TBSCertificateGenerator.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
        v3TBSCertificateGenerator.setExtensions(extensions);
        Signature signature = Signature.getInstance(str, "BC");
        signature.initSign(privateKey);
        signature.update(v3TBSCertificateGenerator.generateTBSCertificate().getEncoded("DER"));
        TBSCertificate generateTBSCertificate = v3TBSCertificateGenerator.generateTBSCertificate();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(generateTBSCertificate);
        aSN1EncodableVector.add((AlgorithmIdentifier) algIds.get(str));
        aSN1EncodableVector.add(new DERBitString(signature.sign()));
        return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(new DERSequence(aSN1EncodableVector).getEncoded("DER")));
    }

    public static X509Certificate createCertWithIDs(X500Name x500Name, String str, KeyPair keyPair, boolean[] zArr, boolean[] zArr2) throws Exception {
        V3TBSCertificateGenerator v3TBSCertificateGenerator = new V3TBSCertificateGenerator();
        long currentTimeMillis = System.currentTimeMillis();
        v3TBSCertificateGenerator.setSerialNumber(new ASN1Integer(getSerialNumber()));
        v3TBSCertificateGenerator.setIssuer(x500Name);
        v3TBSCertificateGenerator.setSubject(x500Name);
        v3TBSCertificateGenerator.setStartDate(new Time(new Date(currentTimeMillis - 5000)));
        v3TBSCertificateGenerator.setEndDate(new Time(new Date(currentTimeMillis + 1800000)));
        v3TBSCertificateGenerator.setSignature((AlgorithmIdentifier) algIds.get(str));
        v3TBSCertificateGenerator.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
        if (zArr2 != null) {
            v3TBSCertificateGenerator.setIssuerUniqueID(booleanToBitString(zArr2));
        }
        if (zArr != null) {
            v3TBSCertificateGenerator.setSubjectUniqueID(booleanToBitString(zArr));
        }
        Signature signature = Signature.getInstance(str, "BC");
        signature.initSign(keyPair.getPrivate());
        signature.update(v3TBSCertificateGenerator.generateTBSCertificate().getEncoded("DER"));
        TBSCertificate generateTBSCertificate = v3TBSCertificateGenerator.generateTBSCertificate();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(generateTBSCertificate);
        aSN1EncodableVector.add((AlgorithmIdentifier) algIds.get(str));
        aSN1EncodableVector.add(new DERBitString(signature.sign()));
        return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(new DERSequence(aSN1EncodableVector).getEncoded("DER")));
    }

    public static X509Certificate createSelfSignedCert(String str, String str2, KeyPair keyPair) throws Exception {
        return createSelfSignedCert(new X500Name(str), str2, keyPair);
    }

    public static X509Certificate createSelfSignedCert(X500Name x500Name, String str, KeyPair keyPair) throws Exception {
        V1TBSCertificateGenerator v1TBSCertificateGenerator = new V1TBSCertificateGenerator();
        long currentTimeMillis = System.currentTimeMillis();
        v1TBSCertificateGenerator.setSerialNumber(new ASN1Integer(getSerialNumber()));
        v1TBSCertificateGenerator.setIssuer(x500Name);
        v1TBSCertificateGenerator.setSubject(x500Name);
        v1TBSCertificateGenerator.setStartDate(new Time(new Date(currentTimeMillis - 5000)));
        v1TBSCertificateGenerator.setEndDate(new Time(new Date(currentTimeMillis + 1800000)));
        v1TBSCertificateGenerator.setSignature((AlgorithmIdentifier) algIds.get(str));
        v1TBSCertificateGenerator.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
        Signature signature = Signature.getInstance(str, "BC");
        signature.initSign(keyPair.getPrivate());
        signature.update(v1TBSCertificateGenerator.generateTBSCertificate().getEncoded("DER"));
        TBSCertificate generateTBSCertificate = v1TBSCertificateGenerator.generateTBSCertificate();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(generateTBSCertificate);
        aSN1EncodableVector.add((AlgorithmIdentifier) algIds.get(str));
        aSN1EncodableVector.add(new DERBitString(signature.sign()));
        return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(new DERSequence(aSN1EncodableVector).getEncoded("DER")));
    }

    public static X509Certificate generateEndEntityCert(PublicKey publicKey, PrivateKey privateKey, X509Certificate x509Certificate) throws Exception {
        return generateEndEntityCert(publicKey, new X500Name("CN=Test End Certificate"), privateKey, x509Certificate);
    }

    public static X509Certificate generateEndEntityCert(PublicKey publicKey, X500Name x500Name, PrivateKey privateKey, X509Certificate x509Certificate) throws Exception {
        Certificate certificate = Certificate.getInstance(x509Certificate.getEncoded());
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifier(getDigest(certificate.getSubjectPublicKeyInfo()), new GeneralNames(new GeneralName(certificate.getIssuer())), certificate.getSerialNumber().getValue()));
        extensionsGenerator.addExtension(Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifier(getDigest(publicKey.getEncoded())));
        extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
        extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage(134));
        return createCert(certificate.getSubject(), privateKey, x500Name, "SHA256withRSA", extensionsGenerator.generate(), publicKey);
    }

    public static X509Certificate generateIntermediateCert(PublicKey publicKey, PrivateKey privateKey, X509Certificate x509Certificate) throws Exception {
        return generateIntermediateCert(publicKey, new X500Name("CN=Test Intermediate Certificate"), privateKey, x509Certificate);
    }

    public static X509Certificate generateIntermediateCert(PublicKey publicKey, X500Name x500Name, PrivateKey privateKey, X509Certificate x509Certificate) throws Exception {
        Certificate certificate = Certificate.getInstance(x509Certificate.getEncoded());
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifier(getDigest(certificate.getSubjectPublicKeyInfo()), new GeneralNames(new GeneralName(certificate.getIssuer())), certificate.getSerialNumber().getValue()));
        extensionsGenerator.addExtension(Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifier(getDigest(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()))));
        extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
        extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage(134));
        return createCert(certificate.getSubject(), privateKey, x500Name, "SHA256withRSA", extensionsGenerator.generate(), publicKey);
    }

    public static KeyPair generateRSAKeyPair() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(1024, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public static X509Certificate generateRootCert(KeyPair keyPair) throws Exception {
        return createSelfSignedCert("CN=Test CA Certificate", "SHA256withRSA", keyPair);
    }

    public static X509Certificate generateRootCert(KeyPair keyPair, X500Name x500Name) throws Exception {
        return createSelfSignedCert(x500Name, "SHA256withRSA", keyPair);
    }

    private static byte[] getDigest(SubjectPublicKeyInfo subjectPublicKeyInfo) throws IOException {
        return getDigest(subjectPublicKeyInfo.getPublicKeyData().getBytes());
    }

    private static byte[] getDigest(byte[] bArr) {
        try {
            return MessageDigest.getInstance("SHA1").digest(bArr);
        } catch (NoSuchAlgorithmException unused) {
            return null;
        }
    }

    private static synchronized long getSerialNumber() {
        long j = serialNumber;
        serialNumber = j + 1;
        return j;
    }
}
