package org.mpisws.p2p.pki.x509;

import java.io.EOFException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V1CertificateGenerator;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;
import rice.environment.Environment;
import rice.environment.logging.Logger;
import rice.p2p.commonapi.rawserialization.InputBuffer;
import rice.p2p.commonapi.rawserialization.OutputBuffer;
import rice.p2p.util.rawserialization.SimpleInputBuffer;
import rice.p2p.util.rawserialization.SimpleOutputBuffer;
import rice.p2p.util.tuples.Tuple;
import rice.pastry.standard.RandomNodeIdFactory;

/* loaded from: input_file:org/mpisws/p2p/pki/x509/CAToolImpl.class */
public class CAToolImpl implements CATool {
    static SecureRandom random;
    public static final String DEFAULT_SIGNATURE_ALGORITHM = "SHA1withRSA";
    X509Certificate cert;
    KeyPair keyPair;
    public static final String CA_STORE_FILENAME = "ca-store";
    public static final String CA_STORE_PRIVATE = "private";
    public static final String CA_STORE_PUBLIC = "public";
    public static final String CA_STORE_CERT = "cert";

    public CAToolImpl(X509Certificate x509Certificate, KeyPair keyPair) {
        this.cert = x509Certificate;
        this.keyPair = keyPair;
    }

    @Override // org.mpisws.p2p.pki.x509.CATool
    public X509Certificate getCertificate() {
        return this.cert;
    }

    public static CAToolImpl getCATool(String str, char[] cArr) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, UnrecoverableKeyException, InvalidKeyException, IllegalStateException, SignatureException, InvalidAlgorithmParameterException {
        X509Certificate a;
        KeyPair b;
        File file = new File(CA_STORE_FILENAME);
        if (file.exists()) {
            KeyStore keyStore = KeyStore.getInstance("UBER", "BC");
            try {
                keyStore.load(new FileInputStream(file), cArr);
                b = new KeyPair((PublicKey) keyStore.getKey(CA_STORE_PUBLIC, null), (PrivateKey) keyStore.getKey(CA_STORE_PRIVATE, null));
                a = (X509Certificate) keyStore.getCertificate(CA_STORE_CERT);
            } catch (EOFException e) {
                throw new RuntimeException("Invalid password for " + file);
            }
        } else {
            Date date = new Date();
            date.setYear(date.getYear() + 10);
            Tuple<X509Certificate, KeyPair> generateNewCA = generateNewCA(str, date);
            a = generateNewCA.a();
            b = generateNewCA.b();
            System.out.println(a);
            KeyStore keyStore2 = KeyStore.getInstance("UBER", "BC");
            keyStore2.load(null, null);
            keyStore2.setKeyEntry(CA_STORE_PRIVATE, b.getPrivate(), null, new Certificate[]{a});
            keyStore2.setKeyEntry(CA_STORE_PUBLIC, b.getPublic(), null, null);
            keyStore2.setCertificateEntry(CA_STORE_CERT, a);
            keyStore2.store(new FileOutputStream(CA_STORE_FILENAME), cArr);
        }
        return new CAToolImpl(a, b);
    }

    public static Tuple<X509Certificate, KeyPair> generateNewCA(String str, Date date) throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidAlgorithmParameterException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(new RSAKeyGenParameterSpec(768, RSAKeyGenParameterSpec.F4), random);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        return new Tuple<>(generateNewCA(str, new Date(), date, 1L, generateKeyPair, "SHA1withRSA"), generateKeyPair);
    }

    public static X509Certificate generateNewCA(String str, Date date, Date date2, long j, KeyPair keyPair, String str2) throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException {
        X509V1CertificateGenerator x509V1CertificateGenerator = new X509V1CertificateGenerator();
        X500Principal x500Principal = new X500Principal("CN=" + str);
        x509V1CertificateGenerator.setSerialNumber(BigInteger.valueOf(j));
        x509V1CertificateGenerator.setIssuerDN(x500Principal);
        x509V1CertificateGenerator.setNotBefore(date);
        x509V1CertificateGenerator.setNotAfter(date2);
        x509V1CertificateGenerator.setSubjectDN(x500Principal);
        x509V1CertificateGenerator.setPublicKey(keyPair.getPublic());
        x509V1CertificateGenerator.setSignatureAlgorithm(str2);
        return x509V1CertificateGenerator.generate(keyPair.getPrivate(), "BC");
    }

    @Override // org.mpisws.p2p.pki.x509.CATool
    public X509Certificate sign(String str, PublicKey publicKey) throws CertificateParsingException, CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException {
        Date date = new Date();
        date.setYear(date.getYear() + 1);
        return sign(str, publicKey, date, System.currentTimeMillis());
    }

    @Override // org.mpisws.p2p.pki.x509.CATool
    public X509Certificate sign(String str, PublicKey publicKey, Date date, long j) throws CertificateParsingException, CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException {
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        X500Principal x500Principal = new X500Principal("CN=" + str);
        x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(j));
        x509V3CertificateGenerator.setIssuerDN(this.cert.getSubjectX500Principal());
        x509V3CertificateGenerator.setNotBefore(new Date());
        x509V3CertificateGenerator.setNotAfter(date);
        x509V3CertificateGenerator.setSubjectDN(x500Principal);
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.setSignatureAlgorithm("SHA1withRSA");
        x509V3CertificateGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(this.cert));
        x509V3CertificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(publicKey));
        return x509V3CertificateGenerator.generate(this.keyPair.getPrivate(), "BC");
    }

    public static void main(String[] strArr) throws Exception {
        char[] cArr = new char[0];
        String str = "MyCA";
        String str2 = null;
        for (int i = 0; i < strArr.length; i++) {
            if (strArr[i].equalsIgnoreCase("-p")) {
                cArr = strArr[i + 1].toCharArray();
            } else if (strArr[i].equalsIgnoreCase("-ca")) {
                str = strArr[i + 1];
            } else if (strArr[i].equalsIgnoreCase("-cn")) {
                str2 = strArr[i + 1];
            }
        }
        if (str2 == null) {
            str2 = new RandomNodeIdFactory(new Environment()).generateNodeId().toStringFull();
        }
        CAToolImpl cATool = getCATool(str, cArr);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(new RSAKeyGenParameterSpec(768, RSAKeyGenParameterSpec.F4), random);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        X509Certificate sign = cATool.sign(str2, generateKeyPair.getPublic());
        System.out.println("Cert Type:" + sign.getType() + " len:" + sign.getEncoded().length);
        X509SerializerImpl x509SerializerImpl = new X509SerializerImpl();
        SimpleOutputBuffer simpleOutputBuffer = new SimpleOutputBuffer();
        x509SerializerImpl.serialize((X509SerializerImpl) cATool.getCertificate(), (OutputBuffer) simpleOutputBuffer);
        X509Certificate x509Certificate = (X509Certificate) x509SerializerImpl.deserialize((InputBuffer) new SimpleInputBuffer(simpleOutputBuffer.getBytes()));
        sign.verify(x509Certificate.getPublicKey());
        System.out.println("cert verified.");
        System.out.println(x509Certificate);
        System.out.println(sign);
        System.out.println(generateKeyPair.getPublic().getFormat() + " " + generateKeyPair.getPublic().getAlgorithm());
        System.out.println(generateKeyPair.getPrivate().getFormat() + " " + generateKeyPair.getPrivate().getAlgorithm());
        Signature signature = Signature.getInstance("SHA1withRSA", "BC");
        signature.initSign(generateKeyPair.getPrivate());
        byte[] bArr = new byte[Logger.FINER];
        random.nextBytes(bArr);
        signature.update(bArr);
        byte[] sign2 = signature.sign();
        System.out.println(signature);
        System.out.println("Signature length:" + sign2.length);
        Signature signature2 = Signature.getInstance("SHA1withRSA", "BC");
        signature2.initVerify(sign);
        signature2.update(bArr);
        System.out.println("verified:" + signature2.verify(sign2));
        KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator2.initialize(new RSAKeyGenParameterSpec(768, RSAKeyGenParameterSpec.F4), random);
        KeyPair generateKeyPair2 = keyPairGenerator2.generateKeyPair();
        try {
            sign.verify(generateKeyPair2.getPublic());
            System.out.println("WARNING!  Bogus key verified!!!");
        } catch (InvalidKeyException e) {
            System.out.println("bogus didn't verify.");
        }
        Signature signature3 = Signature.getInstance("SHA1withRSA", "BC");
        signature3.initVerify(generateKeyPair2.getPublic());
        signature3.update(bArr);
        System.out.println("bogus verify: " + signature3.verify(sign2));
        signature2.update(bArr);
        System.out.println("verified 2:" + signature2.verify(sign2));
        bArr[0] = (byte) (bArr[0] + 1);
        signature2.update(bArr);
        System.out.println("verified (should fail):" + signature2.verify(sign2));
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
        random = new SecureRandom();
    }
}
