package defpackage;

import iaik.asn1.ObjectID;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.Name;
import iaik.security.provider.IAIK;
import iaik.utils.KeyAndCertificate;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionException;
import iaik.x509.extensions.BasicConstraints;
import iaik.x509.extensions.KeyUsage;
import iaik.x509.extensions.SubjectKeyIdentifier;
import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.util.GregorianCalendar;

/* loaded from: input_file:CreateDemoCerts.class */
public class CreateDemoCerts {
    static final int format = 1;

    public void saveKeyAndCert(KeyPair keyPair, X509Certificate[] x509CertificateArr, String str) throws IOException {
        String stringBuffer = new StringBuffer(String.valueOf(str)).append(".der").toString();
        System.out.println(new StringBuffer("save private key and certificate chain to file ").append(stringBuffer).append("...").toString());
        new KeyAndCertificate(keyPair.getPrivate(), x509CertificateArr).saveTo(stringBuffer, 1);
    }

    public KeyPair generateKeyPair(String str, int i) throws NoSuchAlgorithmException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, "IAIK");
            keyPairGenerator.initialize(i);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchProviderException e) {
            throw new NoSuchAlgorithmException(e.toString());
        }
    }

    public boolean verifyCertificateChain(X509Certificate[] x509CertificateArr) {
        try {
            int length = x509CertificateArr.length;
            verifyCertificate(x509CertificateArr[length - 1], null);
            for (int i = length - 1; i > 0; i--) {
                verifyCertificate(x509CertificateArr[i - 1], x509CertificateArr[i]);
            }
            System.out.println("Verify certificate chain OK!");
            return true;
        } catch (SignatureException unused) {
            System.out.println("Verify certificate chain ERROR!");
            return false;
        }
    }

    public void verifyCertificate(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws SignatureException {
        try {
            if (x509Certificate2 == null) {
                x509Certificate.verify();
            } else {
                x509Certificate.verify(x509Certificate2.getPublicKey());
            }
        } catch (Exception e) {
            throw new SignatureException(e.toString());
        }
    }

    public X509Certificate createCertificate(Name name, PublicKey publicKey, Name name2, PrivateKey privateKey, AlgorithmID algorithmID, int i) throws CertificateException {
        X509Certificate x509Certificate = new X509Certificate();
        try {
            x509Certificate.setSerialNumber(BigInteger.valueOf(i));
            x509Certificate.setSubjectDN(name);
            x509Certificate.setPublicKey(publicKey);
            x509Certificate.setIssuerDN(name2);
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            gregorianCalendar.add(5, -1);
            x509Certificate.setValidNotBefore(gregorianCalendar.getTime());
            gregorianCalendar.add(2, 6);
            x509Certificate.setValidNotAfter(gregorianCalendar.getTime());
            if (0 != 0) {
                x509Certificate.addExtension(new SubjectKeyIdentifier(new byte[]{1, 2, 3, 23, 3, 4, 3, 23, 3}));
                BasicConstraints basicConstraints = new BasicConstraints(true, 1);
                basicConstraints.setCritical(true);
                x509Certificate.addExtension(basicConstraints);
                x509Certificate.addExtension(new KeyUsage(97));
            }
            x509Certificate.sign(algorithmID, privateKey);
            return x509Certificate;
        } catch (X509ExtensionException e) {
            throw new CertificateException(e.toString());
        } catch (InvalidKeyException e2) {
            throw new CertificateException(e2.toString());
        } catch (NoSuchAlgorithmException e3) {
            throw new CertificateException(e3.toString());
        }
    }

    public boolean start() {
        boolean z = true;
        try {
            boolean z2 = true;
            boolean z3 = true;
            boolean z4 = true;
            File file = new File("test");
            if (!file.exists()) {
                file.mkdir();
            }
            KeyPair keyPair = null;
            KeyPair keyPair2 = null;
            KeyPair keyPair3 = null;
            KeyPair keyPair4 = null;
            KeyPair keyPair5 = null;
            KeyPair keyPair6 = null;
            try {
                System.out.println("generate RSA KeyPair for CA certificate [1024 bits]...");
                keyPair = generateKeyPair("RSA", 1024);
            } catch (NoSuchAlgorithmException unused) {
                System.out.println("No implementation for RSA! Can't create RSA certificates!\n");
                z2 = false;
            }
            try {
                System.out.println("generate DSA KeyPair for CA certificate [1024 bits]...");
                keyPair2 = generateKeyPair("DSA", 1024);
            } catch (NoSuchAlgorithmException unused2) {
                System.out.println("No implementation for DSA! Can't create DSA certificates!");
                z3 = false;
            }
            if (z2) {
                System.out.println("generate RSA KeyPair for user1 [1024 bits]...");
                keyPair3 = generateKeyPair("RSA", 1024);
                System.out.println("generate RSA KeyPair for user2 [1024 bits]...");
                keyPair4 = generateKeyPair("RSA", 1024);
            }
            if (z3) {
                System.out.println("generate DSA KeyPair for user3 certificate [1024 bits]...");
                keyPair5 = generateKeyPair("DSA", 1024);
            }
            try {
                System.out.println("generate DH KeyPair for user4 certificate [1024 bits]...");
                keyPair6 = generateKeyPair("DH", 1024);
            } catch (NoSuchAlgorithmException unused3) {
                System.out.println("No implementation for DH! Can't create DH certificates!");
                z4 = false;
            }
            Name name = new Name();
            name.addRDN(ObjectID.country, "AT");
            name.addRDN(ObjectID.organization, "TU Graz");
            name.addRDN(ObjectID.organizationalUnit, "IAIK");
            name.addRDN(ObjectID.commonName, "IAIK Test Certification Authority");
            Name name2 = new Name();
            name2.addRDN(ObjectID.country, "AT");
            name2.addRDN(ObjectID.organization, "TU Graz");
            name2.addRDN(ObjectID.organizationalUnit, "IAIK");
            X509Certificate x509Certificate = null;
            X509Certificate x509Certificate2 = null;
            X509Certificate[] x509CertificateArr = new X509Certificate[1];
            if (z2) {
                System.out.println("create self signed CA certificate...");
                x509Certificate = createCertificate(name, keyPair.getPublic(), name, keyPair.getPrivate(), AlgorithmID.md5WithRSAEncryption, 1);
                x509CertificateArr[0] = x509Certificate;
                saveKeyAndCert(keyPair, x509CertificateArr, "test/caRSA");
            }
            if (z3) {
                System.out.println("create self signed DSA certificate...");
                x509Certificate2 = createCertificate(name, keyPair2.getPublic(), name, keyPair2.getPrivate(), AlgorithmID.dsaWithSHA, 2);
                x509CertificateArr[0] = x509Certificate2;
                saveKeyAndCert(keyPair2, x509CertificateArr, "test/caDSA");
            }
            X509Certificate[] x509CertificateArr2 = new X509Certificate[2];
            x509CertificateArr2[1] = x509Certificate;
            if (z2) {
                name2.addRDN(ObjectID.commonName, "User1 - RSA/RSA");
                System.out.println("create User1 certificate [RSA/RSA]...");
                x509CertificateArr2[0] = createCertificate(name2, keyPair3.getPublic(), name, keyPair.getPrivate(), AlgorithmID.md5WithRSAEncryption, 3);
                name2.removeRDN(ObjectID.commonName);
                boolean verifyCertificateChain = true & verifyCertificateChain(x509CertificateArr2);
                saveKeyAndCert(keyPair3, x509CertificateArr2, "test/userRSAcert1");
                name2.addRDN(ObjectID.commonName, "User2 - RSA/RSA");
                System.out.println("create User2 certificate [RSA/RSA]...");
                x509CertificateArr2[0] = createCertificate(name2, keyPair4.getPublic(), name, keyPair.getPrivate(), AlgorithmID.md5WithRSAEncryption, 4);
                name2.removeRDN(ObjectID.commonName);
                z = verifyCertificateChain & verifyCertificateChain(x509CertificateArr2);
                saveKeyAndCert(keyPair4, x509CertificateArr2, "test/userRSAcert2");
            }
            if (z3) {
                x509CertificateArr2[1] = x509Certificate2;
                name2.addRDN(ObjectID.commonName, "User3 - DSA/DSA");
                System.out.println("create User3 certificate [DSA/DSA]...");
                x509CertificateArr2[0] = createCertificate(name2, keyPair5.getPublic(), name, keyPair2.getPrivate(), AlgorithmID.dsaWithSHA, 5);
                name2.removeRDN(ObjectID.commonName);
                z &= verifyCertificateChain(x509CertificateArr2);
                saveKeyAndCert(keyPair5, x509CertificateArr2, "test/userDSAcert");
            }
            if (z4) {
                x509CertificateArr2[1] = x509Certificate2;
                name2.addRDN(ObjectID.commonName, "User4 - DH/DSA");
                System.out.println("create User4 certificate [DH/DSA]...");
                x509CertificateArr2[0] = createCertificate(name2, keyPair6.getPublic(), name, keyPair2.getPrivate(), AlgorithmID.dsaWithSHA, 6);
                z &= verifyCertificateChain(x509CertificateArr2);
                saveKeyAndCert(keyPair6, x509CertificateArr2, "test/userDHcert");
            }
            System.out.println("\nDemo certificates created.");
            return z;
        } catch (Exception e) {
            System.out.println(new StringBuffer("Exception: ").append(e).toString());
            return false;
        }
    }

    public static void main(String[] strArr) throws IOException {
        System.out.println("add Provider IAIK...\n");
        Security.addProvider(new IAIK());
        new CreateDemoCerts().start();
        System.in.read();
    }
}
