package eu.europa.esig.dss.test.gen;

import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.EncryptionAlgorithm;
import eu.europa.esig.dss.SignatureAlgorithm;
import eu.europa.esig.dss.test.mock.MockPrivateKeyEntry;
import eu.europa.esig.dss.token.DSSPrivateKeyEntry;
import eu.europa.esig.dss.x509.CertificateToken;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.Date;
import java.util.Random;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:eu/europa/esig/dss/test/gen/CertificateService.class */
public class CertificateService {
    private static final BouncyCastleProvider SECURITY_PROVIDER = new BouncyCastleProvider();
    private static final int MAX = Integer.MAX_VALUE;

    public KeyPair generateKeyPair(EncryptionAlgorithm encryptionAlgorithm) throws GeneralSecurityException {
        if (encryptionAlgorithm == EncryptionAlgorithm.ECDSA) {
            return generateECDSAKeyPair();
        }
        if (encryptionAlgorithm == EncryptionAlgorithm.RSA) {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", (Provider) SECURITY_PROVIDER);
            keyPairGenerator.initialize(2048);
            return keyPairGenerator.generateKeyPair();
        }
        if (encryptionAlgorithm != EncryptionAlgorithm.DSA) {
            throw new DSSException("Unknown algo : " + encryptionAlgorithm);
        }
        KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("DSA", (Provider) SECURITY_PROVIDER);
        keyPairGenerator2.initialize(1024);
        return keyPairGenerator2.generateKeyPair();
    }

    private KeyPair generateECDSAKeyPair() throws GeneralSecurityException {
        AlgorithmParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("prime256v1");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDSA", (Provider) SECURITY_PROVIDER);
        keyPairGenerator.initialize(parameterSpec, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public MockPrivateKeyEntry generateCertificateChain(SignatureAlgorithm signatureAlgorithm, MockPrivateKeyEntry mockPrivateKeyEntry, Date date, Date date2) throws Exception {
        X500Name subject = new JcaX509CertificateHolder(mockPrivateKeyEntry.getCertificate().getCertificate()).getSubject();
        KeyPair generateKeyPair = generateKeyPair(signatureAlgorithm.getEncryptionAlgorithm());
        return new MockPrivateKeyEntry(signatureAlgorithm.getEncryptionAlgorithm(), generateRootCertificateWithCrl(signatureAlgorithm, new X500Name("CN=SignerFake,O=DSS-test"), subject, mockPrivateKeyEntry.getPrivateKey(), generateKeyPair.getPublic(), date, date2), createChildCertificateChain(mockPrivateKeyEntry), generateKeyPair.getPrivate());
    }

    public MockPrivateKeyEntry generateCertificateChain(SignatureAlgorithm signatureAlgorithm, boolean z) throws Exception {
        return generateCertificateChain(signatureAlgorithm, generateSelfSignedCertificate(signatureAlgorithm, z), new Date(System.currentTimeMillis() - 86400000), new Date(System.currentTimeMillis() + 2147483647L));
    }

    public MockPrivateKeyEntry generateCertificateChain(SignatureAlgorithm signatureAlgorithm) throws Exception {
        return generateCertificateChain(signatureAlgorithm, true);
    }

    public MockPrivateKeyEntry generateCertificateChain(SignatureAlgorithm signatureAlgorithm, MockPrivateKeyEntry mockPrivateKeyEntry) throws Exception {
        return generateCertificateChain(signatureAlgorithm, mockPrivateKeyEntry, new Date(System.currentTimeMillis() - 86400000), new Date(System.currentTimeMillis() + 2147483647L));
    }

    public MockPrivateKeyEntry generateExpiredCertificateChain(SignatureAlgorithm signatureAlgorithm, boolean z) throws Exception {
        return generateCertificateChain(signatureAlgorithm, generateSelfSignedCertificate(signatureAlgorithm, z), new Date(System.currentTimeMillis() - 864000000), new Date(System.currentTimeMillis() - 86400000));
    }

    public MockPrivateKeyEntry generateSelfSignedCertificate(SignatureAlgorithm signatureAlgorithm, boolean z) throws Exception {
        KeyPair generateKeyPair = generateKeyPair(signatureAlgorithm.getEncryptionAlgorithm());
        X500Name x500Name = new X500Name("CN=RootSelfSignedFake,O=DSS-test");
        Date date = new Date(System.currentTimeMillis() - 86400000);
        Date date2 = new Date(System.currentTimeMillis() + 2147483647L);
        return new MockPrivateKeyEntry(signatureAlgorithm.getEncryptionAlgorithm(), z ? generateRootCertificateWithCrl(signatureAlgorithm, x500Name, x500Name, generateKeyPair.getPrivate(), generateKeyPair.getPublic(), date, date2) : generateRootCertificateWithoutCrl(signatureAlgorithm, x500Name, x500Name, generateKeyPair.getPrivate(), generateKeyPair.getPublic(), date, date2), generateKeyPair.getPrivate());
    }

    public MockPrivateKeyEntry generateTspCertificate(SignatureAlgorithm signatureAlgorithm) throws Exception {
        KeyPair generateKeyPair = generateKeyPair(signatureAlgorithm.getEncryptionAlgorithm());
        return new MockPrivateKeyEntry(signatureAlgorithm.getEncryptionAlgorithm(), generateTspCertificate(signatureAlgorithm, generateKeyPair, new X500Name("CN=RootIssuerTSPFake,O=DSS-test"), new X500Name("CN=RootSubjectTSP,O=DSS-test"), new Date(System.currentTimeMillis() - 86400000), new Date(System.currentTimeMillis() + 2147483647L)), generateKeyPair.getPrivate());
    }

    public CertificateToken generateTspCertificate(SignatureAlgorithm signatureAlgorithm, KeyPair keyPair, X500Name x500Name, X500Name x500Name2, Date date, Date date2) throws CertIOException, OperatorCreationException, CertificateException, IOException {
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, new BigInteger("" + new Random().nextInt(10) + System.currentTimeMillis()), date, date2, x500Name2, SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
        x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping));
        return new CertificateToken((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(signatureAlgorithm.getJCEId()).setProvider("BC").build(keyPair.getPrivate())).getEncoded())));
    }

    public CertificateToken generateRootCertificateWithCrl(SignatureAlgorithm signatureAlgorithm, X500Name x500Name, X500Name x500Name2, PrivateKey privateKey, PublicKey publicKey, Date date, Date date2) throws Exception {
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name2, new BigInteger("" + new Random().nextInt(10) + System.currentTimeMillis()), date, date2, x500Name, SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
        x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(6));
        return new CertificateToken((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(signatureAlgorithm.getJCEId()).setProvider("BC").build(privateKey)).getEncoded())));
    }

    public CertificateToken generateRootCertificateWithoutCrl(SignatureAlgorithm signatureAlgorithm, X500Name x500Name, X500Name x500Name2, PrivateKey privateKey, PublicKey publicKey, Date date, Date date2) throws Exception {
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name2, new BigInteger("" + new Random().nextInt(10) + System.currentTimeMillis()), date, date2, x500Name, SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
        x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(4));
        return new CertificateToken((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(signatureAlgorithm.getJCEId()).setProvider("BC").build(privateKey)).getEncoded())));
    }

    private CertificateToken[] createChildCertificateChain(DSSPrivateKeyEntry dSSPrivateKeyEntry) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(dSSPrivateKeyEntry.getCertificate());
        CertificateToken[] certificateChain = dSSPrivateKeyEntry.getCertificateChain();
        if (certificateChain != null && certificateChain.length > 0) {
            for (CertificateToken certificateToken : certificateChain) {
                arrayList.add(certificateToken);
            }
        }
        return (CertificateToken[]) arrayList.toArray(new CertificateToken[arrayList.size()]);
    }

    static {
        Security.addProvider(SECURITY_PROVIDER);
    }
}
