package defpackage;

import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.Name;
import iaik.security.provider.IAIK;
import iaik.utils.KeyAndCertificate;
import iaik.x509.RevokedCertificate;
import iaik.x509.X509CRL;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionException;
import iaik.x509.extensions.CRLNumber;
import iaik.x509.extensions.ReasonCode;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.CRLException;
import java.util.GregorianCalendar;

/* loaded from: input_file:CRLExtensions.class */
public class CRLExtensions {
    public boolean start() {
        try {
            KeyAndCertificate keyAndCertificate = new KeyAndCertificate("test/caRSA.pem");
            X509Certificate x509Certificate = keyAndCertificate.getCertificateChain()[0];
            PrivateKey privateKey = keyAndCertificate.getPrivateKey();
            KeyAndCertificate keyAndCertificate2 = new KeyAndCertificate("test/user1.pem");
            KeyAndCertificate keyAndCertificate3 = new KeyAndCertificate("test/user2.pem");
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            RevokedCertificate revokedCertificate = new RevokedCertificate(keyAndCertificate2.getCertificateChain()[0], gregorianCalendar.getTime());
            RevokedCertificate revokedCertificate2 = new RevokedCertificate(keyAndCertificate3.getCertificateChain()[0], gregorianCalendar.getTime());
            revokedCertificate.addExtension(new ReasonCode(ReasonCode.keyCompromise));
            revokedCertificate2.addExtension(new ReasonCode(ReasonCode.superseded));
            X509CRL x509crl = new X509CRL();
            x509crl.setIssuerDN((Name) x509Certificate.getSubjectDN());
            x509crl.setThisUpdate(gregorianCalendar.getTime());
            gregorianCalendar.add(3, 1);
            x509crl.setNextUpdate(gregorianCalendar.getTime());
            x509crl.setSignatureAlgorithm(AlgorithmID.md5WithRSAEncryption);
            x509crl.addCertificate(revokedCertificate);
            x509crl.addCertificate(revokedCertificate2);
            x509crl.addExtension(new CRLNumber(BigInteger.valueOf(4234234L)));
            x509crl.sign(privateKey);
            System.out.println(new X509CRL(x509crl.toByteArray()).toString(true));
            return true;
        } catch (X509ExtensionException e) {
            System.out.println(new StringBuffer("X509ExtensionException: ").append(e.getMessage()).toString());
            return false;
        } catch (IOException e2) {
            System.out.println(new StringBuffer("IOException: ").append(e2.getMessage()).toString());
            return false;
        } catch (InvalidKeyException e3) {
            System.out.println(new StringBuffer("InvalidKeyException: ").append(e3.getMessage()).toString());
            return false;
        } catch (NoSuchAlgorithmException e4) {
            System.out.println(new StringBuffer("NoSuchAlgorithmException: ").append(e4.getMessage()).toString());
            return false;
        } catch (CRLException e5) {
            System.out.println(new StringBuffer("CRLException: ").append(e5.getMessage()).toString());
            return false;
        }
    }

    public static void main(String[] strArr) {
        Security.addProvider(new IAIK());
        new CRLExtensions().start();
    }
}
