package org.mozilla.jss.tests;

import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Calendar;
import java.util.Date;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.asn1.ASN1Util;
import org.mozilla.jss.asn1.BOOLEAN;
import org.mozilla.jss.asn1.INTEGER;
import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
import org.mozilla.jss.asn1.OCTET_STRING;
import org.mozilla.jss.asn1.SEQUENCE;
import org.mozilla.jss.crypto.InternalCertificate;
import org.mozilla.jss.crypto.SignatureAlgorithm;
import org.mozilla.jss.crypto.X509Certificate;
import org.mozilla.jss.pkix.cert.Certificate;
import org.mozilla.jss.pkix.cert.CertificateInfo;
import org.mozilla.jss.pkix.cert.Extension;
import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier;
import org.mozilla.jss.pkix.primitive.Name;
import org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo;
import org.mozilla.jss.util.NativeErrcodes;

/* loaded from: input_file:org/mozilla/jss/tests/GenerateTestCert.class */
public class GenerateTestCert {
    private X509Certificate nssServerCert;
    private X509Certificate nssClientCert;
    private static final String CACERT_NICKNAME = "JSSCATestCert";
    private static final String SERVERCERT_NICKNAME = "JSSTestServerCert";
    private static final String CLIENTCERT_NICKNAME = "JSSTestClientCert";
    private String keyType = "RSA";
    private int keyLength = 1024;
    private SignatureAlgorithm sigAlg = SignatureAlgorithm.RSASignatureWithSHA256Digest;

    public static void main(String[] strArr) throws Exception {
        GenerateTestCert generateTestCert = new GenerateTestCert();
        if (strArr.length > 0) {
            generateTestCert.doIt(strArr);
        } else {
            generateTestCert.usage();
        }
    }

    public void usage() {
        System.out.println("USAGE: java org.mozilla.jss.tests.GenerateTestCert <test dir> <password file> <serial Number > [hostname] [Signature Alg] [CAcertNickname] [ServerCertNickname] [ClientCertNickName]");
        System.out.println("This program creates self signed Certificates.They are only meant for testing and should never be used in production. \nThe default nicknames:\n\tCA certificate: JSSCATestCert\n\tServer certificate: JSSTestServerCert\n\tClient certificate: JSSTestClientCert");
        System.out.println("Signature algorithm values:\n\tSHA-1/RSA\tSHA-256/RSA\tSHA-384/RSA\tSHA-512/RSA\tSHA-1/DSA\tSHA-1/EC\tSHA-256/EC\tSHA-384/EC\tSHA-512/EC");
        System.exit(1);
    }

    private void setSigAlg(String str) {
        if (str.equalsIgnoreCase("SHA-1/RSA")) {
            this.sigAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest;
        } else if (str.equalsIgnoreCase("SHA-256/RSA")) {
            this.sigAlg = SignatureAlgorithm.RSASignatureWithSHA256Digest;
        } else if (str.equalsIgnoreCase("SHA-384/RSA")) {
            this.sigAlg = SignatureAlgorithm.RSASignatureWithSHA384Digest;
        } else if (str.equalsIgnoreCase("SHA-512/RSA")) {
            this.sigAlg = SignatureAlgorithm.RSASignatureWithSHA512Digest;
        } else if (str.equalsIgnoreCase("SHA-1/DSA")) {
            this.sigAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest;
        } else if (str.equalsIgnoreCase("SHA-1/EC")) {
            this.sigAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest;
        } else if (str.equalsIgnoreCase("SHA-256/EC")) {
            this.sigAlg = SignatureAlgorithm.ECSignatureWithSHA256Digest;
        } else if (str.equalsIgnoreCase("SHA-384/EC")) {
            this.sigAlg = SignatureAlgorithm.ECSignatureWithSHA384Digest;
        } else if (str.equalsIgnoreCase("SHA-512/EC")) {
            this.sigAlg = SignatureAlgorithm.ECSignatureWithSHA512Digest;
        } else {
            usage();
        }
        if (str.endsWith("RSA")) {
            this.keyType = "RSA";
            return;
        }
        if (str.endsWith("DSA")) {
            this.keyType = "DSA";
        } else if (!str.endsWith("EC")) {
            usage();
        } else {
            this.keyType = "EC";
            this.keyLength = NativeErrcodes.SEC_ERROR_IMPORTING_CERTIFICATES;
        }
    }

    private void doIt(String[] strArr) throws Exception {
        String str = CACERT_NICKNAME;
        String str2 = SERVERCERT_NICKNAME;
        String str3 = CLIENTCERT_NICKNAME;
        if (strArr.length < 3) {
            usage();
        }
        try {
            CryptoManager.initialize(strArr[0]);
            CryptoManager cryptoManager = CryptoManager.getInstance();
            cryptoManager.getInternalKeyStorageToken().login(new FilePasswordCallback(strArr[1]));
            int intValue = new Integer(strArr[2]).intValue();
            int length = cryptoManager.getPermCerts().length;
            System.out.println("Number of certificates stored in the  database: " + length);
            String str4 = strArr.length > 4 ? strArr[3] : "localhost";
            setSigAlg(strArr.length > 5 ? strArr[4] : "SHA-256/RSA");
            if (strArr.length > 6) {
                str = strArr[5];
            }
            if (cryptoManager.findCertsByNickname(str).length > 0) {
                System.out.println(str + " already exists!");
                System.exit(1);
            }
            if (strArr.length > 7) {
                str2 = strArr[6];
            }
            if (cryptoManager.findCertsByNickname(str2).length > 0) {
                System.out.println(str2 + " already exists!");
                System.exit(1);
            }
            if (strArr.length == 8) {
                str3 = strArr[7];
            }
            if (cryptoManager.findCertsByNickname(str3).length > 0) {
                System.out.println(str3 + " already exists!");
                System.exit(1);
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.keyType, "Mozilla-JSS");
            keyPairGenerator.initialize(this.keyLength);
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            SEQUENCE sequence = new SEQUENCE();
            sequence.addElement(makeBasicConstraintsExtension());
            ((InternalCertificate) cryptoManager.importUserCACertPackage(ASN1Util.encode(makeCert("CACert", "CACert", intValue, genKeyPair.getPrivate(), genKeyPair.getPublic(), intValue, sequence)), str)).setSSLTrust(NativeErrcodes.SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
            keyPairGenerator.initialize(this.keyLength);
            this.nssServerCert = cryptoManager.importCertPackage(ASN1Util.encode(makeCert("CACert", str4, intValue + 1, genKeyPair.getPrivate(), keyPairGenerator.genKeyPair().getPublic(), intValue, null)), str2);
            keyPairGenerator.initialize(this.keyLength);
            this.nssClientCert = cryptoManager.importCertPackage(ASN1Util.encode(makeCert("CACert", "ClientCert", intValue + 2, genKeyPair.getPrivate(), keyPairGenerator.genKeyPair().getPublic(), intValue, null)), str3);
            System.out.println("\nThis program created certificates with \nfollowing cert nicknames:\n\t" + str + "\n\t" + str2 + "\n\t" + str3);
            X509Certificate[] permCerts = cryptoManager.getPermCerts();
            if (length + 3 != permCerts.length) {
                System.out.println("Error there should be three more  certificates stored in the database");
                System.exit(1);
            } else {
                System.out.println("Number of certificates stored in the  database: " + permCerts.length);
            }
            if (cryptoManager.findCertsByNickname(str).length == 0) {
                System.out.println(str + " should exist!");
                System.exit(1);
            }
            if (cryptoManager.findCertsByNickname(str2).length == 0) {
                System.out.println(str2 + " should exist!");
                System.exit(1);
            }
            if (cryptoManager.findCertsByNickname(str3).length == 0) {
                System.out.println(str3 + " should exist!");
                System.exit(1);
            }
        } catch (Exception e) {
            e.printStackTrace();
            System.exit(1);
        }
        System.exit(0);
    }

    private Extension makeBasicConstraintsExtension() throws Exception {
        SEQUENCE sequence = new SEQUENCE();
        sequence.addElement(new BOOLEAN(true));
        return new Extension(new OBJECT_IDENTIFIER(new long[]{2, 5, 29, 19}), true, new OCTET_STRING(ASN1Util.encode(sequence)));
    }

    private Certificate makeCert(String str, String str2, int i, PrivateKey privateKey, PublicKey publicKey, int i2, SEQUENCE sequence) throws Exception {
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(this.sigAlg.toOID());
        Name name = new Name();
        name.addCountryName("US");
        name.addOrganizationName("Mozilla");
        name.addOrganizationalUnitName("JSS Testing" + i2);
        name.addCommonName(str);
        Name name2 = new Name();
        name2.addCountryName("US");
        name2.addOrganizationName("Mozilla");
        name2.addOrganizationalUnitName("JSS Testing" + i2);
        name2.addCommonName(str2);
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        calendar.add(1, 1);
        CertificateInfo certificateInfo = new CertificateInfo(CertificateInfo.v3, new INTEGER(i), algorithmIdentifier, name, time, calendar.getTime(), name2, (SubjectPublicKeyInfo) ASN1Util.decode(new SubjectPublicKeyInfo.Template(), publicKey.getEncoded()));
        if (sequence != null) {
            certificateInfo.setExtensions(sequence);
        }
        return new Certificate(certificateInfo, privateKey, this.sigAlg);
    }
}
