package defpackage;

import iaik.asn1.ObjectID;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.Name;
import iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo;
import iaik.security.provider.IAIK;
import iaik.utils.KeyAndCertificate;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionException;
import iaik.x509.extensions.BasicConstraints;
import iaik.x509.extensions.KeyUsage;
import iaik.x509.extensions.SubjectKeyIdentifier;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.util.GregorianCalendar;
import java.util.Random;

/* loaded from: input_file:CreateCertificates.class */
public class CreateCertificates {
    public static int saveFormat = 2;

    public static void saveKeyAndCert(KeyPair keyPair, X509Certificate[] x509CertificateArr, String str) throws IOException {
        System.out.println("encrypt private key...");
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(keyPair.getPrivate());
        try {
            encryptedPrivateKeyInfo.encrypt("This is the passphrase!", AlgorithmID.pbeWithMD5AndDES_CBC, (SecureRandom) null);
            String stringBuffer = new StringBuffer(String.valueOf(str)).append(saveFormat == 1 ? ".der" : ".pem").toString();
            System.out.println(new StringBuffer("save private key and certificate chain to file ").append(stringBuffer).append("...").toString());
            new KeyAndCertificate(encryptedPrivateKeyInfo, x509CertificateArr).saveTo(stringBuffer, saveFormat);
        } catch (NoSuchAlgorithmException unused) {
            throw new RuntimeException("No implementation for pbeWithMD5AndDES_CBC!");
        }
    }

    public static KeyPair generateKeyPair(String str, int i) throws NoSuchAlgorithmException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, "IAIK");
            keyPairGenerator.initialize(i);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchProviderException unused) {
            throw new NoSuchAlgorithmException("Provider IAIK not found!");
        }
    }

    public static void verifyCertificateChain(X509Certificate[] x509CertificateArr) {
        int length = x509CertificateArr.length;
        if (!verifyCertificate(x509CertificateArr[length - 1], null)) {
            System.out.println("Self signed TOPLEVEL certificate error!");
            return;
        }
        System.out.println("Self signed TOPLEVEL certificate OK!");
        for (int i = length - 1; i > 0; i--) {
            System.out.println(verifyCertificate(x509CertificateArr[i - 1], x509CertificateArr[i]));
        }
    }

    public static boolean verifyCertificate(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        try {
            if (x509Certificate2 == null) {
                x509Certificate.verify();
                return true;
            }
            x509Certificate.verify(x509Certificate2.getPublicKey());
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    public static X509Certificate createCertificate(Name name, PublicKey publicKey, Name name2, PrivateKey privateKey, AlgorithmID algorithmID) {
        X509Certificate x509Certificate = new X509Certificate();
        try {
            x509Certificate.setSerialNumber(new BigInteger(20, new Random()));
            x509Certificate.setSubjectDN(name);
            x509Certificate.setPublicKey(publicKey);
            x509Certificate.setIssuerDN(name2);
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            gregorianCalendar.add(5, -1);
            x509Certificate.setValidNotBefore(gregorianCalendar.getTime());
            gregorianCalendar.add(2, 6);
            x509Certificate.setValidNotAfter(gregorianCalendar.getTime());
            if (0 != 0) {
                x509Certificate.addExtension(new SubjectKeyIdentifier(new byte[]{1, 2, 3, 23, 3, 4, 3, 23, 3}));
                BasicConstraints basicConstraints = new BasicConstraints(true, 1);
                basicConstraints.setCritical(true);
                x509Certificate.addExtension(basicConstraints);
                x509Certificate.addExtension(new KeyUsage(97));
            }
            x509Certificate.sign(algorithmID, privateKey);
            return x509Certificate;
        } catch (InvalidKeyException e) {
            System.out.println(new StringBuffer("InvalidKeyException: ").append(e.getMessage()).toString());
            return null;
        } catch (NoSuchAlgorithmException e2) {
            System.out.println(new StringBuffer("NoSuchAlgorithmException: ").append(e2.getMessage()).toString());
            return null;
        } catch (CertificateException e3) {
            System.out.println(new StringBuffer("CertificateException: ").append(e3.getMessage()).toString());
            return null;
        } catch (X509ExtensionException e4) {
            System.out.println(new StringBuffer("X509ExtensionException: ").append(e4.getMessage()).toString());
            return null;
        }
    }

    public static void main(String[] strArr) throws IOException {
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(System.in));
            boolean z = true;
            boolean z2 = true;
            boolean z3 = true;
            System.out.println("add Provider IAIK...\n");
            Security.addProvider(new IAIK());
            File file = new File("certs");
            if (!file.exists()) {
                file.mkdir();
            }
            String str = null;
            try {
                str = InetAddress.getLocalHost().getHostName();
            } catch (UnknownHostException e) {
                System.out.print(new StringBuffer("UnknownHostException: ").append(e.getMessage()).toString());
            }
            System.out.print(new StringBuffer("Server host name [").append(str).append("]:").toString());
            String readLine = bufferedReader.readLine();
            if (readLine.length() != 0) {
                str = readLine;
            }
            System.out.println(new StringBuffer("Creating server test certificates for ").append(str).append("\n").toString());
            KeyPair keyPair = null;
            KeyPair keyPair2 = null;
            KeyPair keyPair3 = null;
            KeyPair keyPair4 = null;
            KeyPair keyPair5 = null;
            System.out.println("generate RSA KeyPair for RSA CA certificate [1024 bits]...");
            try {
                keyPair = generateKeyPair("RSA", 1024);
            } catch (NoSuchAlgorithmException unused) {
                z = false;
                System.out.println("No implementation for RSA! RSA certificates are not created!\n");
            }
            System.out.println("generate DSA KeyPair for DSA CA certificate [1024 bits]...");
            try {
                keyPair2 = generateKeyPair("DSA", 1024);
            } catch (NoSuchAlgorithmException unused2) {
                z2 = false;
                System.out.println("No implementation for DSA! DSA certificates are not created!\n");
            }
            if (z) {
                System.out.println("generate RSA KeyPair for server certificate [1024 bits]...");
                keyPair3 = generateKeyPair("RSA", 1024);
                System.out.println("generate temporary KeyPair for export ciphers [512 bits]...");
                KeyPair generateKeyPair = generateKeyPair("RSA", 512);
                System.out.println("save temporaray PrivateKey to file certs\tempRSAPrivateKey.der...");
                generateKeyPair.getPrivate().writeTo(new FileOutputStream("certs/tempRSAPrivateKey.der"));
            }
            if (z2) {
                System.out.println("generate DSA KeyPair for server certificate [1024 bits]...");
                keyPair4 = generateKeyPair("DSA", 1024);
            }
            try {
                System.out.println("generate DH KeyPair for server certificate [1024 bits]...");
                keyPair5 = generateKeyPair("DH", 1024);
            } catch (NoSuchAlgorithmException unused3) {
                z3 = false;
                System.out.println("No implementation for DH! DH certificates are not created!\n");
            }
            System.out.println("Creating client test certificates.\n");
            KeyPair keyPair6 = null;
            KeyPair keyPair7 = null;
            KeyPair keyPair8 = null;
            if (z) {
                System.out.println("generate RSA KeyPair for client certificate [1024 bits]...");
                keyPair6 = generateKeyPair("RSA", 1024);
            }
            if (z2) {
                System.out.println("generate DSA KeyPair for client certificate [1024 bits]...");
                keyPair7 = generateKeyPair("DSA", 1024);
            }
            if (z3) {
                System.out.println("generate DH KeyPair for client certificate [1024 bits]...");
                keyPair8 = generateKeyPair("DH", 1024);
            }
            Name name = new Name();
            name.addRDN(ObjectID.country, "AT");
            name.addRDN(ObjectID.organization, "IAIK");
            name.addRDN(ObjectID.organizationalUnit, "Secure Services");
            name.addRDN(ObjectID.commonName, "IAIK Test CA");
            Name name2 = new Name();
            name2.addRDN(ObjectID.country, "AT");
            name2.addRDN(ObjectID.organization, "IAIK");
            name2.addRDN(ObjectID.commonName, str);
            Name name3 = new Name();
            name3.addRDN(ObjectID.country, "AT");
            name3.addRDN(ObjectID.organization, "IAIK");
            name3.addRDN(ObjectID.emailAddress, "client@domain.com");
            name3.addRDN(ObjectID.commonName, "Client Test Certificate");
            X509Certificate x509Certificate = null;
            X509Certificate x509Certificate2 = null;
            X509Certificate[] x509CertificateArr = new X509Certificate[1];
            if (z) {
                System.out.println("create self signed RSA CA certificate...");
                x509Certificate = createCertificate(name, keyPair.getPublic(), name, keyPair.getPrivate(), AlgorithmID.md5WithRSAEncryption);
                x509CertificateArr[0] = x509Certificate;
                saveKeyAndCert(keyPair, x509CertificateArr, "certs/caRSA1024");
            }
            if (z2) {
                System.out.println("create self signed DSA CA certificate...");
                x509Certificate2 = createCertificate(name, keyPair2.getPublic(), name, keyPair2.getPrivate(), AlgorithmID.dsaWithSHA);
                x509CertificateArr[0] = x509Certificate2;
                saveKeyAndCert(keyPair2, x509CertificateArr, "certs/caDSA1024");
            }
            X509Certificate[] x509CertificateArr2 = new X509Certificate[2];
            if (z) {
                name2.addRDN(ObjectID.organizationalUnit, "RSA Server Certificate");
                System.out.println("create RSA server certificate...");
                x509CertificateArr2[0] = createCertificate(name2, keyPair3.getPublic(), name, keyPair.getPrivate(), AlgorithmID.md5WithRSAEncryption);
                name2.removeRDN(ObjectID.organizationalUnit);
                x509CertificateArr2[1] = x509Certificate;
                verifyCertificateChain(x509CertificateArr2);
                saveKeyAndCert(keyPair3, x509CertificateArr2, "certs/serverRSA1024");
            }
            if (z2) {
                name2.addRDN(ObjectID.organizationalUnit, "DSA Server Certificate");
                System.out.println("create DSA server certificate...");
                x509CertificateArr2[0] = createCertificate(name2, keyPair4.getPublic(), name, keyPair2.getPrivate(), AlgorithmID.dsaWithSHA);
                name2.removeRDN(ObjectID.organizationalUnit);
                x509CertificateArr2[1] = x509Certificate2;
                verifyCertificateChain(x509CertificateArr2);
                saveKeyAndCert(keyPair4, x509CertificateArr2, "certs/serverDSA1024");
            }
            if (z3) {
                name2.addRDN(ObjectID.organizationalUnit, "DH Server Certificate");
                System.out.println("create DH server certificate...");
                if (z2) {
                    x509CertificateArr2[1] = x509Certificate2;
                    x509CertificateArr2[0] = createCertificate(name2, keyPair5.getPublic(), name, keyPair2.getPrivate(), AlgorithmID.dsaWithSHA);
                } else if (z) {
                    x509CertificateArr2[1] = x509Certificate;
                    x509CertificateArr2[0] = createCertificate(name2, keyPair5.getPublic(), name, keyPair.getPrivate(), AlgorithmID.md5WithRSAEncryption);
                } else {
                    System.out.println("Unable to create DH server certificate.");
                    z3 = false;
                }
                if (z3) {
                    verifyCertificateChain(x509CertificateArr2);
                    saveKeyAndCert(keyPair5, x509CertificateArr2, "certs/serverDH1024");
                }
            }
            if (z) {
                name3.addRDN(ObjectID.organizationalUnit, "RSA Client Certificate");
                System.out.println("create RSA client certificate...");
                x509CertificateArr2[0] = createCertificate(name3, keyPair6.getPublic(), name, keyPair.getPrivate(), AlgorithmID.md5WithRSAEncryption);
                name3.removeRDN(ObjectID.organizationalUnit);
                x509CertificateArr2[1] = x509Certificate;
                verifyCertificateChain(x509CertificateArr2);
                saveKeyAndCert(keyPair6, x509CertificateArr2, "certs/clientRSA1024");
            }
            if (z2) {
                name3.addRDN(ObjectID.organizationalUnit, "DSA Client Certificate");
                System.out.println("create DSA client certificate...");
                x509CertificateArr2[0] = createCertificate(name3, keyPair7.getPublic(), name, keyPair2.getPrivate(), AlgorithmID.dsaWithSHA);
                name3.removeRDN(ObjectID.organizationalUnit);
                x509CertificateArr2[1] = x509Certificate2;
                verifyCertificateChain(x509CertificateArr2);
                saveKeyAndCert(keyPair7, x509CertificateArr2, "certs/clientDSA1024");
            }
            if (z3) {
                name3.addRDN(ObjectID.organizationalUnit, "DH Client Certificate");
                System.out.println("create DH client certificate...");
                if (z2) {
                    x509CertificateArr2[1] = x509Certificate2;
                    x509CertificateArr2[0] = createCertificate(name3, keyPair8.getPublic(), name, keyPair2.getPrivate(), AlgorithmID.dsaWithSHA);
                } else if (z) {
                    x509CertificateArr2[1] = x509Certificate;
                    x509CertificateArr2[0] = createCertificate(name3, keyPair8.getPublic(), name, keyPair.getPrivate(), AlgorithmID.md5WithRSAEncryption);
                } else {
                    System.out.println("Unable to create DH client certificate.");
                    z3 = false;
                }
                if (z3) {
                    verifyCertificateChain(x509CertificateArr2);
                    saveKeyAndCert(keyPair8, x509CertificateArr2, "certs/clientDH1024");
                }
            }
            System.out.println("\nServer and Client certificates created.");
        } catch (NoSuchAlgorithmException e2) {
            System.out.println(new StringBuffer("generateKey exception: ").append(e2.toString()).toString());
        } catch (Exception e3) {
            System.out.println(new StringBuffer("Exception: ").append(e3).toString());
        }
        System.in.read();
    }
}
