package iaik.jigsaw.https;

import iaik.asn1.ObjectID;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.Name;
import iaik.security.provider.IAIK;
import iaik.utils.KeyAndCertificate;
import iaik.x509.X509Certificate;
import iaik.x509.extensions.BasicConstraints;
import iaik.x509.extensions.KeyUsage;
import iaik.x509.extensions.SubjectKeyIdentifier;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.util.GregorianCalendar;
import java.util.Random;

/* loaded from: input_file:iaik/jigsaw/https/CreateCertificates.class */
public class CreateCertificates {
    public static void saveKeyAndCert(KeyPair keyPair, X509Certificate[] x509CertificateArr, String str) throws IOException {
        System.out.println(new StringBuffer("save private key and certificate chain to file ").append(str).append("...").toString());
        new KeyAndCertificate(keyPair.getPrivate(), x509CertificateArr).saveTo(str, 2);
    }

    public static KeyPair generateKeyPair(String str, int i) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, "IAIK");
            keyPairGenerator.initialize(i);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException unused) {
            System.out.println(new StringBuffer("generateKey: Algorithm ").append(str).append(" not implemented!").toString());
            return null;
        } catch (NoSuchProviderException unused2) {
            System.out.println("generateKey: Provider IAIK not found!");
            return null;
        }
    }

    public static void verifyCertificateChain(X509Certificate[] x509CertificateArr) {
        int length = x509CertificateArr.length;
        if (!verifyCertificate(x509CertificateArr[length - 1], null)) {
            System.out.println("Self signed TOPLEVEL certificate error!");
            return;
        }
        System.out.println("Self signed TOPLEVEL certificate OK!");
        for (int i = length - 1; i > 0; i--) {
            System.out.println(verifyCertificate(x509CertificateArr[i - 1], x509CertificateArr[i]));
        }
    }

    public static boolean verifyCertificate(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        try {
            if (x509Certificate2 == null) {
                x509Certificate.verify();
                return true;
            }
            x509Certificate.verify(x509Certificate2.getPublicKey());
            return true;
        } catch (Exception e) {
            System.out.println(new StringBuffer("verifyCertificate: Exception: ").append(e.toString()).toString());
            return false;
        }
    }

    public static X509Certificate createCertificate(Name name, PublicKey publicKey, Name name2, PrivateKey privateKey, AlgorithmID algorithmID) {
        X509Certificate x509Certificate = new X509Certificate();
        try {
            x509Certificate.setSerialNumber(new BigInteger(32, new Random()).abs());
            x509Certificate.setSubjectDN(name);
            x509Certificate.setPublicKey(publicKey);
            x509Certificate.setIssuerDN(name2);
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            gregorianCalendar.add(5, -1);
            x509Certificate.setValidNotBefore(gregorianCalendar.getTime());
            gregorianCalendar.add(2, 6);
            x509Certificate.setValidNotAfter(gregorianCalendar.getTime());
            if (0 != 0) {
                x509Certificate.addExtension(new SubjectKeyIdentifier(new byte[]{1, 2, 3, 23, 3, 4, 3, 23, 3}));
                BasicConstraints basicConstraints = new BasicConstraints(true, 1);
                basicConstraints.setCritical(true);
                x509Certificate.addExtension(basicConstraints);
                x509Certificate.addExtension(new KeyUsage(97));
            }
            x509Certificate.sign(algorithmID, privateKey);
            return x509Certificate;
        } catch (Exception e) {
            System.out.println(new StringBuffer("Exception: ").append(e.toString()).toString());
            return null;
        }
    }

    public static void main(String[] strArr) throws IOException {
        try {
            DataInputStream dataInputStream = new DataInputStream(System.in);
            System.out.println("add Provider IAIK...\n");
            Security.addProvider(new IAIK());
            File file = new File("certs");
            if (!file.exists()) {
                file.mkdir();
            }
            String str = null;
            try {
                str = InetAddress.getLocalHost().getHostName();
            } catch (UnknownHostException e) {
                System.out.print(new StringBuffer("UnknownHostException: ").append(e.getMessage()).toString());
            }
            System.out.print(new StringBuffer("Server host name [").append(str).append("]:").toString());
            String readLine = dataInputStream.readLine();
            if (readLine.length() != 0) {
                str = readLine;
            }
            System.out.println(new StringBuffer("Creating server test certificates for ").append(str).append("\n").toString());
            System.out.println("generate RSA KeyPair for CA certificate [1024 bits]...");
            KeyPair generateKeyPair = generateKeyPair("RSA", 1024);
            System.out.println("generate RSA KeyPair for server certificate [1024 bits]...");
            KeyPair generateKeyPair2 = generateKeyPair("RSA", 1024);
            System.out.println("generate temporary KeyPair for export ciphers [512 bits]...");
            KeyPair generateKeyPair3 = generateKeyPair("RSA", 512);
            System.out.println("save temporaray PrivateKey to file certs\tempRSAPrivateKey.der...");
            generateKeyPair3.getPrivate().writeTo(new FileOutputStream("certs/tempRSAPrivateKey.der"));
            System.out.println("generate DSA KeyPair for server certificate [1024 bits]...");
            KeyPair generateKeyPair4 = generateKeyPair("DSA", 1024);
            System.out.println("generate DH KeyPair for server certificate [1024 bits]...");
            KeyPair generateKeyPair5 = generateKeyPair("DH", 1024);
            Name name = new Name();
            name.addRDN(ObjectID.country, "AT");
            name.addRDN(ObjectID.organization, "IAIK");
            name.addRDN(ObjectID.commonName, "Jigsaw Test CA");
            Name name2 = new Name();
            name2.addRDN(ObjectID.country, "AT");
            name2.addRDN(ObjectID.organization, "IAIK");
            name2.addRDN(ObjectID.commonName, str);
            System.out.println("create self signed CA certificate...");
            X509Certificate createCertificate = createCertificate(name, generateKeyPair.getPublic(), name, generateKeyPair.getPrivate(), AlgorithmID.md5WithRSAEncryption);
            name2.addRDN(ObjectID.organizationalUnit, "RSA Server Certificate");
            System.out.println("create RSA server certificate...");
            X509Certificate createCertificate2 = createCertificate(name2, generateKeyPair2.getPublic(), name, generateKeyPair.getPrivate(), AlgorithmID.md5WithRSAEncryption);
            name2.removeRDN(ObjectID.organizationalUnit);
            name2.addRDN(ObjectID.organizationalUnit, "DSA Server Certificate");
            System.out.println("create DSA server certificate...");
            X509Certificate createCertificate3 = createCertificate(name2, generateKeyPair4.getPublic(), name, generateKeyPair.getPrivate(), AlgorithmID.md5WithRSAEncryption);
            name2.removeRDN(ObjectID.organizationalUnit);
            name2.addRDN(ObjectID.organizationalUnit, "DH Server Certificate");
            System.out.println("create DH server certificate...");
            X509Certificate createCertificate4 = createCertificate(name2, generateKeyPair5.getPublic(), name, generateKeyPair.getPrivate(), AlgorithmID.md5WithRSAEncryption);
            saveKeyAndCert(generateKeyPair, new X509Certificate[]{createCertificate}, "certs/caRSA1024.pem");
            X509Certificate[] x509CertificateArr = {createCertificate2, createCertificate};
            verifyCertificateChain(x509CertificateArr);
            saveKeyAndCert(generateKeyPair2, x509CertificateArr, "certs/serverRSA1024.pem");
            x509CertificateArr[0] = createCertificate3;
            verifyCertificateChain(x509CertificateArr);
            saveKeyAndCert(generateKeyPair4, x509CertificateArr, "certs/serverDSA1024.pem");
            x509CertificateArr[0] = createCertificate4;
            verifyCertificateChain(x509CertificateArr);
            saveKeyAndCert(generateKeyPair5, x509CertificateArr, "certs/serverDH1024.pem");
            System.out.println("\nServer certificates created.");
            System.out.println("\nNow you can start Jigsaw.");
        } catch (Exception e2) {
            System.out.println(new StringBuffer("Exception: ").append(e2).toString());
            e2.printStackTrace();
        }
        System.in.read();
    }
}
