package org.xipki.litecaclient.example;

import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.DSAParameterSpec;
import java.security.spec.ECGenParameterSpec;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;

/* loaded from: input_file:org/xipki/litecaclient/example/CaClientExample.class */
public class CaClientExample {
    private static final BigInteger P2048_Q256_P = new BigInteger("E13AC60336C29FAF1B48393D80C74B781E15E23E3F59F0827190FF016720A8E0DAC2D4FF699EBA2196E1B9815ECAE0506441A4BC4DA97E97F2723A808EF6B6343968906137B04B23F6540FC4B9D7C0A46635B6D52AEDD08347370B9BE43A7222807655CB5ED480F4C66128357D0E0A2C62785DC38160645661FA569ADCE46D3B3BFAB114613436242855F5717143D51FB365972F6B8695C2186CBAD1E8C5B4D31AD70876EBDD1C2191C5FB6C4804E0D38CBAA054FC7AFD25E0F2735F726D8A31DE97431BFB6CF1AD563811830131E7D5E5117D92389406EF436A8077E69B879518436E33A9F221AB3A331680D0345B316F5BEBDA8FBF70612BEC734272E760BF", 16);
    private static final BigInteger P2048_Q256_Q = new BigInteger("9CF2A23A8F95FEFB0CA67212991AC172FDD3F4D70401B684C3E4223D46D090E5", 16);
    private static final BigInteger P2048_Q256_G = new BigInteger("1CBEF6EEB9E73C5997BF64CA8BCC33CDC6AFC5601B86FDE1B0AC4C34066DFBF99B80CCE264C909B32CF88CE09CB73476C0A6E701092E09C93507FE3EBD425B758AE3C5E3FDC1076AF237C5EF40A790CF6555EB3408BCEF212AC5A1C125A7183D24935554C0D258BF1F6A5A6D05C0879DB92D32A0BCA3A85D42F9B436AE97E62E0E30E53B8690D8585493D291969791EA0F3B062645440587C031CD2880481E0BE3253A28EFFF3ACEB338A2FE4DB8F652E0FDA277268B73D5E532CF9E4E2A1CAB738920F760012DD9389F35E0AA7C8528CE173934529397DABDFAA1E77AF83FAD629AC102596885A06B5C670FFA838D37EB55FE7179A88F6FF927B37E0F827726", 16);

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/xipki/litecaclient/example/CaClientExample$MyKeypair.class */
    public static final class MyKeypair {
        private final PrivateKey privateKey;
        private final SubjectPublicKeyInfo publicKeyInfo;

        MyKeypair(PrivateKey privateKey, SubjectPublicKeyInfo subjectPublicKeyInfo) {
            this.privateKey = privateKey;
            this.publicKeyInfo = subjectPublicKeyInfo;
        }

        public PrivateKey getPrivate() {
            return this.privateKey;
        }

        public SubjectPublicKeyInfo getPublic() {
            return this.publicKeyInfo;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String expandPath(String str) {
        return str.startsWith("~") ? System.getProperty("user.home") + str.substring(1) : str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static MyKeypair generateRsaKeypair() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        RSAPublicKey rSAPublicKey = (RSAPublicKey) generateKeyPair.getPublic();
        return new MyKeypair(generateKeyPair.getPrivate(), new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPublicKey(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent())));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static MyKeypair generateEcKeypair() throws GeneralSecurityException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = SECObjectIdentifiers.secp256r1;
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(new ECGenParameterSpec("secp256r1"));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, aSN1ObjectIdentifier);
        ECPublicKey eCPublicKey = (ECPublicKey) generateKeyPair.getPublic();
        byte[] bArr = new byte[65];
        bArr[0] = 4;
        copyArray(eCPublicKey.getW().getAffineX().toByteArray(), bArr, 1, 32);
        copyArray(eCPublicKey.getW().getAffineY().toByteArray(), bArr, 33, 32);
        return new MyKeypair(generateKeyPair.getPrivate(), new SubjectPublicKeyInfo(algorithmIdentifier, bArr));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static MyKeypair generateDsaKeypair() throws Exception {
        DSAParameterSpec dSAParameterSpec = new DSAParameterSpec(P2048_Q256_P, P2048_Q256_Q, P2048_Q256_G);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");
        keyPairGenerator.initialize(dSAParameterSpec);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        DSAPublicKey dSAPublicKey = (DSAPublicKey) generateKeyPair.getPublic();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new ASN1Integer(dSAPublicKey.getParams().getP()));
        aSN1EncodableVector.add(new ASN1Integer(dSAPublicKey.getParams().getQ()));
        aSN1EncodableVector.add(new ASN1Integer(dSAPublicKey.getParams().getG()));
        return new MyKeypair(generateKeyPair.getPrivate(), new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DERSequence(aSN1EncodableVector)), new ASN1Integer(dSAPublicKey.getY())));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static CertificationRequest genCsr(MyKeypair myKeypair, String str) throws GeneralSecurityException, OperatorCreationException {
        return genCsr(myKeypair, str, null);
    }

    protected static CertificationRequest genCsr(MyKeypair myKeypair, String str, String str2) throws GeneralSecurityException, OperatorCreationException {
        PKCS10CertificationRequestBuilder pKCS10CertificationRequestBuilder = new PKCS10CertificationRequestBuilder(new X500Name(str), myKeypair.publicKeyInfo);
        if (str2 != null && !str2.isEmpty()) {
            pKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(str2));
        }
        return pKCS10CertificationRequestBuilder.build(buildSigner(myKeypair.privateKey, "SHA256")).toASN1Structure();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void printCert(String str, X509Certificate x509Certificate) throws CertificateEncodingException {
        System.out.println(str);
        System.out.print("Subject: ");
        System.out.println(x509Certificate.getSubjectX500Principal());
        System.out.print(" Issuer: ");
        System.out.println(x509Certificate.getIssuerX500Principal());
        System.out.print(" Serial: 0X");
        System.out.println(x509Certificate.getSerialNumber().toString(16).toUpperCase());
        System.out.println("NotBefore: " + x509Certificate.getNotBefore());
        System.out.println(" NotAfter: " + x509Certificate.getNotAfter());
        System.out.println("-----BEGIN CERTIFICATE-----");
        System.out.println(Base64.encodeToString(x509Certificate.getEncoded(), true));
        System.out.println("-----END CERTIFICATE-----");
    }

    protected static ContentSigner buildSigner(PrivateKey privateKey, String str) throws OperatorCreationException {
        String algorithm = privateKey.getAlgorithm();
        return new JcaContentSignerBuilder("EC".equalsIgnoreCase(algorithm) ? str + "WITHECDSA" : str + "WITH" + algorithm).build(privateKey);
    }

    private static void copyArray(byte[] bArr, byte[] bArr2, int i, int i2) {
        int length = bArr.length;
        if (i2 >= length) {
            System.arraycopy(bArr, 0, bArr2, (i + i2) - length, length);
            return;
        }
        boolean z = true;
        int i3 = 0;
        while (true) {
            if (i3 >= length - i2) {
                break;
            }
            if (bArr[i3] != 0) {
                z = false;
                break;
            }
            i3++;
        }
        if (!z) {
            throw new IllegalArgumentException("source too long");
        }
        System.arraycopy(bArr, length - i2, bArr2, i, i2);
    }
}
