package org.mozilla.jss.tests;

import es.mityc.firmaJava.libreria.ConstantesXADES;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.util.Calendar;
import java.util.Date;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.asn1.ASN1Util;
import org.mozilla.jss.asn1.BOOLEAN;
import org.mozilla.jss.asn1.INTEGER;
import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
import org.mozilla.jss.asn1.OCTET_STRING;
import org.mozilla.jss.asn1.SEQUENCE;
import org.mozilla.jss.crypto.InternalCertificate;
import org.mozilla.jss.crypto.SignatureAlgorithm;
import org.mozilla.jss.crypto.X509Certificate;
import org.mozilla.jss.pkix.cert.Certificate;
import org.mozilla.jss.pkix.cert.CertificateInfo;
import org.mozilla.jss.pkix.cert.Extension;
import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier;
import org.mozilla.jss.pkix.primitive.Name;
import org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo;
import org.mozilla.jss.util.NativeErrcodes;

/* loaded from: input_file:org/mozilla/jss/tests/GenerateTestCert.class */
public class GenerateTestCert {
    private final SignatureAlgorithm sigAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest;
    private X509Certificate nssServerCert;
    private X509Certificate nssClientCert;
    private static final String CACERT_NICKNAME = "JSSCATestCert";
    private static final String SERVERCERT_NICKNAME = "JSSTestServerCert";
    private static final String CLIENTCERT_NICKNAME = "JSSTestClientCert";

    public static void main(String[] strArr) throws Exception {
        GenerateTestCert generateTestCert = new GenerateTestCert();
        if (strArr.length > 0) {
            generateTestCert.doIt(strArr);
        } else {
            generateTestCert.usage();
        }
    }

    public void usage() {
        System.out.println("USAGE: java org.mozilla.jss.tests.GenerateTestCert <test dir> <password file> [hostname] [CAcertNickname] [ServerCertNickname] [ClientCertNickName]");
        System.out.println("This program creates self signed Certificates.They are only meant for testing and should never be used in production. \nThe default nicknames:\n\tCA certificate: JSSCATestCert\n\tServer certificate: JSSTestServerCert\n\tClient certificate: JSSTestClientCert");
        System.exit(1);
    }

    private void doIt(String[] strArr) throws Exception {
        String str = CACERT_NICKNAME;
        String str2 = SERVERCERT_NICKNAME;
        String str3 = CLIENTCERT_NICKNAME;
        if (strArr.length < 2) {
            usage();
        }
        try {
            CryptoManager.initialize(strArr[0]);
            CryptoManager cryptoManager = CryptoManager.getInstance();
            cryptoManager.getInternalKeyStorageToken().login(new FilePasswordCallback(strArr[1]));
            int nextRandInt = nextRandInt(SecureRandom.getInstance("pkcs11prng", ConstantesXADES.JSS_PROVIDER));
            String str4 = strArr.length > 3 ? strArr[2] : "localhost";
            if (strArr.length > 4) {
                str = strArr[3];
            }
            if (cryptoManager.findCertsByNickname(str).length > 0) {
                System.out.println(str + " already exists!");
                System.exit(1);
            }
            if (strArr.length > 5) {
                str2 = strArr[4];
            }
            if (cryptoManager.findCertsByNickname(str2).length > 0) {
                System.out.println(str2 + " already exists!");
                System.exit(1);
            }
            if (strArr.length == 6) {
                str3 = strArr[5];
            }
            if (cryptoManager.findCertsByNickname(str3).length > 0) {
                System.out.println(str3 + " already exists!");
                System.exit(1);
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ConstantesXADES.JSS_PROVIDER);
            keyPairGenerator.initialize(512);
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            SEQUENCE sequence = new SEQUENCE();
            sequence.addElement(makeBasicConstraintsExtension());
            ((InternalCertificate) cryptoManager.importUserCACertPackage(ASN1Util.encode(makeCert("CACert", "CACert", nextRandInt + 1, genKeyPair.getPrivate(), genKeyPair.getPublic(), nextRandInt, sequence)), str)).setSSLTrust(NativeErrcodes.SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
            keyPairGenerator.initialize(512);
            this.nssServerCert = cryptoManager.importCertPackage(ASN1Util.encode(makeCert("CACert", str4, nextRandInt + 2, genKeyPair.getPrivate(), keyPairGenerator.genKeyPair().getPublic(), nextRandInt, null)), str2);
            keyPairGenerator.initialize(512);
            this.nssClientCert = cryptoManager.importCertPackage(ASN1Util.encode(makeCert("CACert", "ClientCert", nextRandInt + 3, genKeyPair.getPrivate(), keyPairGenerator.genKeyPair().getPublic(), nextRandInt, null)), str3);
            System.out.println("\nThis program created certificates with \nfollowing cert nicknames:\n\t" + str + "\n\t" + str2 + "\n\t" + str3);
            System.out.println("Exiting main()");
        } catch (Exception e) {
            e.printStackTrace();
            System.exit(1);
        }
        System.exit(0);
    }

    static int nextRandInt(SecureRandom secureRandom) throws Exception {
        byte[] bArr = new byte[4];
        secureRandom.nextBytes(bArr);
        int i = (bArr[0] << 24) | (bArr[1] << 16) | (bArr[2] << 8) | bArr[3];
        System.out.println("generated random value:" + i);
        return i;
    }

    private Extension makeBasicConstraintsExtension() throws Exception {
        SEQUENCE sequence = new SEQUENCE();
        sequence.addElement(new BOOLEAN(true));
        return new Extension(new OBJECT_IDENTIFIER(new long[]{2, 5, 29, 19}), true, new OCTET_STRING(ASN1Util.encode(sequence)));
    }

    private Certificate makeCert(String str, String str2, int i, PrivateKey privateKey, PublicKey publicKey, int i2, SEQUENCE sequence) throws Exception {
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(this.sigAlg.toOID());
        Name name = new Name();
        name.addCommonName(str);
        name.addCountryName("US");
        name.addOrganizationName(ConstantesXADES.MOZILLA + i2);
        name.addOrganizationalUnitName("JSS Testing");
        Name name2 = new Name();
        name2.addCommonName(str2);
        name2.addCountryName("US");
        name2.addOrganizationName(ConstantesXADES.MOZILLA + i2);
        name2.addOrganizationalUnitName("JSS Testing");
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        calendar.add(1, 1);
        CertificateInfo certificateInfo = new CertificateInfo(CertificateInfo.v3, new INTEGER(i), algorithmIdentifier, name, time, calendar.getTime(), name2, (SubjectPublicKeyInfo) ASN1Util.decode(new SubjectPublicKeyInfo.Template(), publicKey.getEncoded()));
        if (sequence != null) {
            certificateInfo.setExtensions(sequence);
        }
        return new Certificate(certificateInfo, privateKey, this.sigAlg);
    }
}
