package org.xipki.litecaclient.example;

import java.io.File;
import java.io.FileInputStream;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.concurrent.atomic.AtomicLong;
import org.bouncycastle.asn1.x509.CRLReason;
import org.xipki.litecaclient.CmpCaClient;
import org.xipki.litecaclient.SdkUtil;
import org.xipki.litecaclient.example.CaClientExample;

/* loaded from: input_file:org/xipki/litecaclient/example/CmpCaClientExample.class */
public class CmpCaClientExample extends CaClientExample {
    private static final String XIPKI_DIR = "~/source/xipki/dist/xipki-pki/target/xipki-pki-2.2.1";
    private static final String CA_URL = "https://localhost:8443/cmp/myca";
    private static final String CA_CERT_FILE = "~/source/xipki/dist/xipki-pki/target/xipki-pki-2.2.1/xipki/setup/keycerts/MYCA1.der";
    private static final String REQUESTOR_KEYSTORE_PASSWORD = "1234";
    private static final String REQUESTOR_KEYSTORE_FILE = "~/source/xipki/dist/xipki-pki/target/xipki-pki-2.2.1/xipki/security/tlskeys/tls-client-keystore.p12";
    private static final String RESPONDER_CERT_FILE = "~/source/xipki/dist/xipki-pki/target/xipki-pki-2.2.1/xipki/security/tlskeys/tls-server.der";
    private static final String HASH_ALGO = "SHA256";
    private static final String CERT_PROFILE = "TLS";
    private static final AtomicLong index = new AtomicLong(System.currentTimeMillis());

    public static void main(String[] strArr) {
        try {
            X509Certificate parseCert = SdkUtil.parseCert(new File(expandPath(RESPONDER_CERT_FILE)));
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            char[] charArray = REQUESTOR_KEYSTORE_PASSWORD.toCharArray();
            FileInputStream fileInputStream = new FileInputStream(expandPath(REQUESTOR_KEYSTORE_FILE));
            keyStore.load(fileInputStream, charArray);
            fileInputStream.close();
            Enumeration<String> aliases = keyStore.aliases();
            String str = null;
            while (true) {
                if (!aliases.hasMoreElements()) {
                    break;
                }
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement)) {
                    str = nextElement;
                    break;
                }
            }
            CmpCaClient cmpCaClient = new CmpCaClient(CA_URL, SdkUtil.parseCert(new File(expandPath(CA_CERT_FILE))), (PrivateKey) keyStore.getKey(str, charArray), (X509Certificate) keyStore.getCertificate(str), parseCert, HASH_ALGO);
            cmpCaClient.init();
            printCert("===== CA Certificate =====", cmpCaClient.getCaCert());
            printCert("===== RSA via CSR (CMP) =====", cmpCaClient.requestCertViaCSR(CERT_PROFILE, genCsr(generateRsaKeypair(), getSubject())));
            printCert("===== EC via CSR (CMP) =====", cmpCaClient.requestCertViaCSR(CERT_PROFILE, genCsr(generateEcKeypair(), getSubject())));
            printCert("===== DSA via CSR (CMP) =====", cmpCaClient.requestCertViaCSR(CERT_PROFILE, genCsr(generateDsaKeypair(), getSubject())));
            CaClientExample.MyKeypair generateRsaKeypair = generateRsaKeypair();
            printCert("===== RSA via CRMF (CMP) =====", cmpCaClient.requestCertViaCRMF(CERT_PROFILE, generateRsaKeypair.getPrivate(), generateRsaKeypair.getPublic(), getSubject()));
            CaClientExample.MyKeypair generateEcKeypair = generateEcKeypair();
            printCert("===== EC via CRMF (CMP) =====", cmpCaClient.requestCertViaCRMF(CERT_PROFILE, generateEcKeypair.getPrivate(), generateEcKeypair.getPublic(), getSubject()));
            CaClientExample.MyKeypair generateDsaKeypair = generateDsaKeypair();
            X509Certificate requestCertViaCRMF = cmpCaClient.requestCertViaCRMF(CERT_PROFILE, generateDsaKeypair.getPrivate(), generateDsaKeypair.getPublic(), getSubject());
            printCert("===== DSA via CRMF (CMP) =====", requestCertViaCRMF);
            BigInteger serialNumber = requestCertViaCRMF.getSerialNumber();
            if (cmpCaClient.revokeCert(serialNumber, CRLReason.lookup(6))) {
                System.out.println("(CMP) suspended certificate");
            } else {
                System.err.println("(CMP) suspending certificate failed");
            }
            if (cmpCaClient.revokeCert(serialNumber, CRLReason.lookup(8))) {
                System.out.println("(CMP) unsuspended certificate");
            } else {
                System.err.println("(CMP) unsuspending certificate failed");
            }
            if (cmpCaClient.revokeCert(serialNumber, CRLReason.lookup(1))) {
                System.out.println("(CMP) revoked certificate");
            } else {
                System.err.println("(CMP) revoking certificate failed");
            }
            cmpCaClient.shutdown();
        } catch (Exception e) {
            e.printStackTrace();
            System.exit(-1);
        }
    }

    private static String getSubject() {
        return "CN=CMP-" + index.incrementAndGet() + ".xipki.org,O=xipki,C=DE";
    }
}
