package org.bouncycastle.pkix.test;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.jcajce.JcaX509CRLConverter;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509v2CRLBuilder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:org/bouncycastle/pkix/test/TestUtil.class */
public class TestUtil {
    public static BigInteger serialNumber = BigInteger.ONE;

    private static BigInteger allocateSerialNumber() {
        BigInteger bigInteger = serialNumber;
        serialNumber = serialNumber.add(BigInteger.ONE);
        return bigInteger;
    }

    public static X509Certificate makeTrustAnchor(KeyPair keyPair, String str) throws GeneralSecurityException, IOException, OperatorCreationException {
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(new JcaX509v1CertificateBuilder(new X500Name(str), allocateSerialNumber(), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + 8640000000L), new X500Name(str), keyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC").build(keyPair.getPrivate())));
        certificate.checkValidity(new Date());
        certificate.verify(keyPair.getPublic());
        return certificate;
    }

    public static X509Certificate makeCaCertificate(X509Certificate x509Certificate, PrivateKey privateKey, PublicKey publicKey, String str) throws GeneralSecurityException, IOException, OperatorCreationException {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x509Certificate.getSubjectX500Principal(), allocateSerialNumber(), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + 8640000000L), new X500Principal(str), publicKey);
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey));
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(x509Certificate));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(0));
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC").build(privateKey)));
        certificate.checkValidity(new Date());
        certificate.verify(x509Certificate.getPublicKey());
        return certificate;
    }

    public static X509Certificate makeEeCertificate(boolean z, X509Certificate x509Certificate, PrivateKey privateKey, PublicKey publicKey, String str) throws GeneralSecurityException, IOException, OperatorCreationException {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x509Certificate.getSubjectX500Principal(), allocateSerialNumber(), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + 8640000000L), new X500Principal(str), publicKey);
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey));
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(x509Certificate));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
        if (z) {
            jcaX509v3CertificateBuilder.addExtension(Extension.cRLDistributionPoints, false, new DERSequence());
        }
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC").build(privateKey)));
        certificate.checkValidity(new Date());
        certificate.verify(x509Certificate.getPublicKey());
        return certificate;
    }

    public static X509CRL makeCrl(X509Certificate x509Certificate, PrivateKey privateKey, BigInteger bigInteger) throws Exception {
        Date date = new Date();
        JcaX509v2CRLBuilder jcaX509v2CRLBuilder = new JcaX509v2CRLBuilder(x509Certificate.getSubjectX500Principal(), date);
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        jcaX509v2CRLBuilder.setNextUpdate(new Date(date.getTime() + 100000));
        jcaX509v2CRLBuilder.addCRLEntry(bigInteger, date, 9);
        jcaX509v2CRLBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(x509Certificate));
        return new JcaX509CRLConverter().setProvider("BC").getCRL(jcaX509v2CRLBuilder.build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC").build(privateKey)));
    }

    public static X509CRL makeCrl(X509Certificate x509Certificate, Date date, PrivateKey privateKey, BigInteger bigInteger) throws Exception {
        Date date2 = new Date();
        JcaX509v2CRLBuilder jcaX509v2CRLBuilder = new JcaX509v2CRLBuilder(x509Certificate.getSubjectX500Principal(), date);
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        jcaX509v2CRLBuilder.setNextUpdate(new Date(date2.getTime() + 100000));
        jcaX509v2CRLBuilder.addCRLEntry(bigInteger, date2, 9);
        jcaX509v2CRLBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(x509Certificate));
        return new JcaX509CRLConverter().setProvider("BC").getCRL(jcaX509v2CRLBuilder.build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC").build(privateKey)));
    }
}
