package org.bouncycastle.cert.ocsp.test;

import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.crypto.KeyGenerator;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.cert.bc.BcX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.x509.X509V3CertificateGenerator;

/* loaded from: input_file:org/bouncycastle/cert/ocsp/test/OCSPTestUtil.class */
public class OCSPTestUtil {
    private static final String BC = "BC";
    public static SecureRandom rand;
    public static KeyPairGenerator kpg;
    public static KeyPairGenerator eckpg;
    public static KeyGenerator desede128kg;
    public static KeyGenerator desede192kg;
    public static KeyGenerator rc240kg;
    public static KeyGenerator rc264kg;
    public static KeyGenerator rc2128kg;
    public static BigInteger serialNumber;
    public static final boolean DEBUG = true;

    public static KeyPair makeKeyPair() {
        return kpg.generateKeyPair();
    }

    public static KeyPair makeECKeyPair() {
        return eckpg.generateKeyPair();
    }

    public static X509Certificate makeCertificate(KeyPair keyPair, String str) throws Exception {
        return makeCertificate(keyPair, str, keyPair, str, false);
    }

    public static X509Certificate makeRootCertificate(KeyPair keyPair, String str) throws Exception {
        ContentSigner build = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC).build(keyPair.getPrivate());
        return new JcaX509CertificateConverter().setProvider(BC).getCertificate(new JcaX509v1CertificateBuilder(new X500Name(str), allocateSerialNumber(), new Date(System.currentTimeMillis() - 50000), new Date(System.currentTimeMillis() + 50000), new X500Name(str), keyPair.getPublic()).build(build));
    }

    public static X509Certificate makeCertificate(KeyPair keyPair, String str, KeyPair keyPair2, X509Certificate x509Certificate, boolean z) throws Exception {
        Certificate certificate = Certificate.getInstance(x509Certificate.getEncoded());
        ContentSigner build = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC).build(keyPair2.getPrivate());
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(certificate.getSubject(), allocateSerialNumber(), new Date(System.currentTimeMillis() - 50000), new Date(System.currentTimeMillis() + 50000), new X500Name(str), keyPair.getPublic());
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(x509Certificate));
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(keyPair.getPublic()));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(z));
        return new JcaX509CertificateConverter().setProvider(BC).getCertificate(jcaX509v3CertificateBuilder.build(build));
    }

    public static X509Certificate makeCertificateWithOCSP(KeyPair keyPair, String str, KeyPair keyPair2, X509Certificate x509Certificate, boolean z, String str2) throws Exception {
        Certificate certificate = Certificate.getInstance(x509Certificate.getEncoded());
        ContentSigner build = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC).build(keyPair2.getPrivate());
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(certificate.getSubject(), allocateSerialNumber(), new Date(System.currentTimeMillis() - 50000), new Date(System.currentTimeMillis() + 50000), new X500Name(str), keyPair.getPublic());
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(x509Certificate));
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(keyPair.getPublic()));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(z));
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityInfoAccess, false, new AuthorityInformationAccess(new AccessDescription(AccessDescription.id_ad_ocsp, new GeneralName(6, str2))));
        return new JcaX509CertificateConverter().setProvider(BC).getCertificate(jcaX509v3CertificateBuilder.build(build));
    }

    public static X509Certificate makeCertificate(KeyPair keyPair, String str, KeyPair keyPair2, X509Certificate x509Certificate, KeyPurposeId keyPurposeId) throws Exception {
        Certificate certificate = Certificate.getInstance(x509Certificate.getEncoded());
        ContentSigner build = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC).build(keyPair2.getPrivate());
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(certificate.getSubject(), allocateSerialNumber(), new Date(System.currentTimeMillis() - 50000), new Date(System.currentTimeMillis() + 50000), new X500Name(str), keyPair.getPublic());
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(x509Certificate));
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(keyPair.getPublic()));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
        jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(keyPurposeId));
        return new JcaX509CertificateConverter().setProvider(BC).getCertificate(jcaX509v3CertificateBuilder.build(build));
    }

    public static X509Certificate makeECDSACertificate(KeyPair keyPair, String str, KeyPair keyPair2, String str2) throws Exception {
        return makeECDSACertificate(keyPair, str, keyPair2, str2, false);
    }

    public static X509Certificate makeCACertificate(KeyPair keyPair, String str, KeyPair keyPair2, String str2) throws Exception {
        return makeCertificate(keyPair, str, keyPair2, str2, true);
    }

    public static X509Certificate makeCertificate(KeyPair keyPair, String str, KeyPair keyPair2, String str2, boolean z) throws Exception {
        return makeCertificate(keyPair, str, keyPair2, str2, "SHA1withRSA", z);
    }

    public static X509Certificate makeECDSACertificate(KeyPair keyPair, String str, KeyPair keyPair2, String str2, boolean z) throws Exception {
        return makeCertificate(keyPair, str, keyPair2, str2, "SHA1WithECDSA", z);
    }

    public static X509Certificate makeCertificate(KeyPair keyPair, String str, KeyPair keyPair2, String str2) throws Exception {
        return makeCertificate(keyPair, str, keyPair2, str2, "SHA1withRSA", false);
    }

    public static X509Certificate makeCertificate(KeyPair keyPair, String str, KeyPair keyPair2, String str2, String str3, boolean z) throws Exception {
        PublicKey publicKey = keyPair.getPublic();
        PrivateKey privateKey = keyPair2.getPrivate();
        PublicKey publicKey2 = keyPair2.getPublic();
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.reset();
        x509V3CertificateGenerator.setSerialNumber(allocateSerialNumber());
        x509V3CertificateGenerator.setIssuerDN(new X509Name(str2));
        x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis()));
        x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + 8640000000L));
        x509V3CertificateGenerator.setSubjectDN(new X509Name(str));
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.setSignatureAlgorithm(str3);
        x509V3CertificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, createSubjectKeyId(publicKey));
        x509V3CertificateGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, createAuthorityKeyId(publicKey2));
        x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints, false, new BasicConstraints(z));
        X509Certificate generate = x509V3CertificateGenerator.generate(privateKey);
        generate.checkValidity(new Date());
        generate.verify(publicKey2);
        return generate;
    }

    private static AuthorityKeyIdentifier createAuthorityKeyId(PublicKey publicKey) throws IOException {
        return new AuthorityKeyIdentifier(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
    }

    private static SubjectKeyIdentifier createSubjectKeyId(PublicKey publicKey) throws IOException {
        return new BcX509ExtensionUtils().createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
    }

    private static BigInteger allocateSerialNumber() {
        BigInteger bigInteger = serialNumber;
        serialNumber = serialNumber.add(BigInteger.valueOf(1L));
        return bigInteger;
    }

    static {
        try {
            rand = new SecureRandom();
            kpg = KeyPairGenerator.getInstance("RSA", BC);
            kpg.initialize(1024, rand);
            serialNumber = new BigInteger("1");
            eckpg = KeyPairGenerator.getInstance("ECDSA", BC);
            eckpg.initialize(192, rand);
        } catch (Exception e) {
            throw new RuntimeException(e.toString());
        }
    }
}
