package be.iminds.ilabt.jfed.lowlevel;

import be.iminds.ilabt.jfed.util.KeyUtil;
import be.iminds.ilabt.jfed.util.SSHKeyHelper;
import ch.qos.logback.core.joran.action.Action;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Date;
import java.util.Random;
import java.util.UUID;
import javanet.staxutils.Indentation;
import sun.security.x509.AlgorithmId;
import sun.security.x509.BasicConstraintsExtension;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateExtensions;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.GeneralName;
import sun.security.x509.GeneralNames;
import sun.security.x509.RFC822Name;
import sun.security.x509.SubjectAlternativeNameExtension;
import sun.security.x509.URIName;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;

/* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/TestCertHelper.class */
public class TestCertHelper {
    public static final int defaultValidityDays = 2;
    public static final String authority1Hostname = "authority.example.com";
    public static final String authority1Urn = "urn:publicid:IDN+authority.example.com+authority+root";
    public static final String authority2Hostname = "authority2.example.com";
    public static final String authority2Urn = "urn:publicid:IDN+authority2.example.com+authority+root";
    public static final String authority3Hostname = "authority3.example.com";
    public static final String authority3Urn = "urn:publicid:IDN+authority3.example.com+authority+root";
    public static final String fakeHostname = "fake.example.com";
    public static final String username = "tester";
    public static final String userUuid;
    public static final String userEmail = "tester@authority.example.com";
    public static final String userUuidUrn;
    public static final String userUrn = "urn:publicid:IDN+authority.example.com+user+tester";
    public static final String am1Uuid;
    public static final String am1Email = "am1@authority.example.com";
    public static final String am1UuidUrn;
    public static final String am1Urn = "urn:publicid:IDN+authority.example.com+authority+cm";
    public static final String am2Uuid;
    public static final String am2Email = "am2@authority2.example.com";
    public static final String am2UuidUrn;
    public static final String am2Urn = "urn:publicid:IDN+authority2.example.com+authority+cm";
    public static final String am3Uuid;
    public static final String am3Email = "am3@authority3.example.com";
    public static final String am3UuidUrn;
    public static final String am3Urn = "urn:publicid:IDN+authority3.example.com+authority+cm";
    public static final String scsUuid;
    public static final String scsEmail = "scs@authority3.example.com";
    public static final String scsUuidUrn;
    public static final String scsUrn = "urn:publicid:IDN+authority3.example.com+authority+cm";
    public static final String fakeAmUrn = "urn:publicid:IDN+fake.example.com+authority+cm";
    public static final String saUuid;
    public static final String saEmail = "sa@authority.example.com";
    public static final String saUuidUrn;
    public static final String saUrn = "urn:publicid:IDN+authority.example.com+authority+sa";
    public static final String toolUuid;
    public static final String toolUrn = "urn:publicid:IDN+authority.example.com+tool+jfed_unit_test";
    public static final String toolUuidUrn;
    public final SSHKeyHelper authority1Keys;
    public final SSHKeyHelper authority2Keys;
    public final SSHKeyHelper authority3Keys;
    public final SSHKeyHelper userKeys;
    public final SSHKeyHelper saKeys;
    public final SSHKeyHelper am1Keys;
    public final SSHKeyHelper am2Keys;
    public final SSHKeyHelper scsKeys;
    public final SSHKeyHelper toolKeys;
    public final X509Certificate authority1Cert;
    public final X509Certificate authority2Cert;
    public final X509Certificate authority3Cert;
    public final X509Certificate saCert;
    public final X509Certificate am1Cert;
    public final X509Certificate am2Cert;
    public final X509Certificate scsCert;
    public final X509Certificate userCert;
    public final X509Certificate toolCert;
    public final KeyStore testTrustStore;
    static final /* synthetic */ boolean $assertionsDisabled;

    public TestCertHelper() {
        try {
            this.authority1Keys = new SSHKeyHelper();
            this.authority2Keys = new SSHKeyHelper();
            this.authority3Keys = new SSHKeyHelper();
            this.userKeys = new SSHKeyHelper();
            this.saKeys = new SSHKeyHelper();
            this.am1Keys = new SSHKeyHelper();
            this.am2Keys = new SSHKeyHelper();
            this.scsKeys = new SSHKeyHelper();
            this.toolKeys = new SSHKeyHelper();
            this.authority1Cert = makeAuthCert(this.authority1Keys, authority1Hostname, authority1Urn);
            this.authority2Cert = makeAuthCert(this.authority2Keys, authority2Hostname, authority2Urn);
            this.authority3Cert = makeAuthCert(this.authority3Keys, authority3Hostname, authority3Urn);
            this.userCert = makeUserCert(this.authority1Keys, authority1Hostname, authority1Urn, this.userKeys, userEmail, userUrn, userUuid, userUuidUrn);
            this.saCert = makeServerCert(this.authority1Keys, authority1Hostname, authority1Urn, this.saKeys, saEmail, saUrn, saUuid, saUuidUrn);
            this.am1Cert = makeServerCert(this.authority1Keys, authority1Hostname, authority1Urn, this.am1Keys, am1Email, am1Urn, am1Uuid, am1UuidUrn);
            this.am2Cert = makeServerCert(this.authority1Keys, authority1Hostname, authority1Urn, this.am2Keys, am2Email, am2Urn, am2Uuid, am2UuidUrn);
            this.scsCert = makeServerCert(this.authority3Keys, authority3Hostname, authority3Urn, this.scsKeys, scsEmail, "urn:publicid:IDN+authority3.example.com+authority+cm", scsUuid, scsUuidUrn);
            this.toolCert = makeToolCert(this.authority1Keys, authority1Hostname, authority1Urn, this.toolKeys, toolUrn, toolUuid, toolUuidUrn);
            this.testTrustStore = KeyStore.getInstance("jks");
            this.testTrustStore.load(null, null);
            this.testTrustStore.setCertificateEntry("testTrustRoot1", this.authority1Cert);
            this.testTrustStore.setCertificateEntry("testTrustRoot2", this.authority2Cert);
            this.testTrustStore.setCertificateEntry("testTrustRoot3", this.authority3Cert);
        } catch (Exception e) {
            throw new RuntimeException("Error generating test keys and/or certificate", e);
        }
    }

    public static X509Certificate makeUserCert(SSHKeyHelper sSHKeyHelper, String str, String str2, SSHKeyHelper sSHKeyHelper2, String str3, String str4, String str5, String str6) throws NoSuchAlgorithmException, IOException, CertificateException, SignatureException, NoSuchProviderException, InvalidKeyException {
        return makeUserCert(sSHKeyHelper, str, str2, sSHKeyHelper2, str3, str4, str5, str6, 2);
    }

    public static X509Certificate makeUserCert(SSHKeyHelper sSHKeyHelper, String str, String str2, SSHKeyHelper sSHKeyHelper2, String str3, String str4, String str5, String str6, int i) throws NoSuchAlgorithmException, IOException, CertificateException, SignatureException, NoSuchProviderException, InvalidKeyException {
        RSAPublicKey sshPublicKey = sSHKeyHelper2.getSshPublicKey();
        if (!$assertionsDisabled && sshPublicKey == null) {
            throw new AssertionError();
        }
        RSAPrivateKey sshPrivateKey = sSHKeyHelper.getSshPrivateKey();
        if (!$assertionsDisabled && sshPrivateKey == null) {
            throw new AssertionError();
        }
        String compatibleSigAlgName = KeyUtil.getCompatibleSigAlgName(sshPrivateKey.getAlgorithm());
        CertificateValidity certificateValidity = new CertificateValidity(new Date(System.currentTimeMillis() - 86400000), new Date(System.currentTimeMillis() + (i * 24 * 60 * 60 * 1000)));
        X500Name x500Name = new X500Name("CN=" + str);
        X500Name x500Name2 = new X500Name("EMAILADDRESS=" + str3 + ", CN=" + str5);
        X509CertInfo x509CertInfo = new X509CertInfo();
        x509CertInfo.set("version", new CertificateVersion(2));
        x509CertInfo.set("serialNumber", new CertificateSerialNumber(new Random().nextInt() & Integer.MAX_VALUE));
        x509CertInfo.set("algorithmID", new CertificateAlgorithmId(AlgorithmId.getAlgorithmId(compatibleSigAlgName)));
        x509CertInfo.set("subject", x500Name2);
        GeneralNames generalNames = new GeneralNames();
        generalNames.add(new GeneralName(new RFC822Name(str3)));
        generalNames.add(new GeneralName(new URIName(str4)));
        generalNames.add(new GeneralName(new URIName(str6)));
        CertificateExtensions certificateExtensions = new CertificateExtensions();
        certificateExtensions.set("SubjectAlternativeName", new SubjectAlternativeNameExtension(generalNames));
        x509CertInfo.set("extensions", certificateExtensions);
        x509CertInfo.set("validity", certificateValidity);
        x509CertInfo.set("issuer", x500Name);
        x509CertInfo.set(Action.KEY_ATTRIBUTE, new CertificateX509Key(sshPublicKey));
        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
        x509CertImpl.sign(sshPrivateKey, compatibleSigAlgName);
        if (!$assertionsDisabled && !x509CertImpl.getSubjectDN().getName().equals(x500Name2.getName())) {
            throw new AssertionError();
        }
        if ($assertionsDisabled || x509CertImpl.getIssuerDN().getName().equals(x500Name.getName())) {
            return x509CertImpl;
        }
        throw new AssertionError();
    }

    public static X509Certificate makeServerCert(SSHKeyHelper sSHKeyHelper, String str, String str2, SSHKeyHelper sSHKeyHelper2, String str3, String str4, String str5, String str6) throws NoSuchAlgorithmException, IOException, CertificateException, SignatureException, NoSuchProviderException, InvalidKeyException {
        return makeServerCert(sSHKeyHelper, str, str2, sSHKeyHelper2, str3, str4, str5, str6, 2);
    }

    public static X509Certificate makeServerCert(SSHKeyHelper sSHKeyHelper, String str, String str2, SSHKeyHelper sSHKeyHelper2, String str3, String str4, String str5, String str6, int i) throws NoSuchAlgorithmException, IOException, CertificateException, SignatureException, NoSuchProviderException, InvalidKeyException {
        RSAPublicKey sshPublicKey = sSHKeyHelper2.getSshPublicKey();
        if (!$assertionsDisabled && sshPublicKey == null) {
            throw new AssertionError();
        }
        RSAPrivateKey sshPrivateKey = sSHKeyHelper.getSshPrivateKey();
        if (!$assertionsDisabled && sshPrivateKey == null) {
            throw new AssertionError();
        }
        String compatibleSigAlgName = KeyUtil.getCompatibleSigAlgName(sshPrivateKey.getAlgorithm());
        CertificateValidity certificateValidity = new CertificateValidity(new Date(System.currentTimeMillis() - 86400000), new Date(System.currentTimeMillis() + (i * 24 * 60 * 60 * 1000)));
        X500Name x500Name = new X500Name("CN=" + str);
        X500Name x500Name2 = new X500Name("EMAILADDRESS=" + str3 + ", CN=" + str5);
        X509CertInfo x509CertInfo = new X509CertInfo();
        x509CertInfo.set("version", new CertificateVersion(2));
        x509CertInfo.set("serialNumber", new CertificateSerialNumber(new Random().nextInt() & Integer.MAX_VALUE));
        x509CertInfo.set("algorithmID", new CertificateAlgorithmId(AlgorithmId.getAlgorithmId(compatibleSigAlgName)));
        x509CertInfo.set("subject", x500Name2);
        GeneralNames generalNames = new GeneralNames();
        generalNames.add(new GeneralName(new RFC822Name(saEmail)));
        generalNames.add(new GeneralName(new URIName(saUrn)));
        generalNames.add(new GeneralName(new URIName(saUuidUrn)));
        CertificateExtensions certificateExtensions = new CertificateExtensions();
        certificateExtensions.set("SubjectAlternativeName", new SubjectAlternativeNameExtension(generalNames));
        x509CertInfo.set("extensions", certificateExtensions);
        x509CertInfo.set("validity", certificateValidity);
        x509CertInfo.set("issuer", x500Name);
        x509CertInfo.set(Action.KEY_ATTRIBUTE, new CertificateX509Key(sshPublicKey));
        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
        x509CertImpl.sign(sshPrivateKey, compatibleSigAlgName);
        if (!$assertionsDisabled && !x509CertImpl.getSubjectDN().getName().equals(x500Name2.getName())) {
            throw new AssertionError();
        }
        if ($assertionsDisabled || x509CertImpl.getIssuerDN().getName().equals(x500Name.getName())) {
            return x509CertImpl;
        }
        throw new AssertionError();
    }

    public static X509Certificate makeToolCert(SSHKeyHelper sSHKeyHelper, String str, String str2, SSHKeyHelper sSHKeyHelper2, String str3, String str4, String str5) throws NoSuchAlgorithmException, IOException, CertificateException, SignatureException, NoSuchProviderException, InvalidKeyException {
        return makeToolCert(sSHKeyHelper, str, str2, sSHKeyHelper2, str3, str4, str5, 2);
    }

    public static X509Certificate makeToolCert(SSHKeyHelper sSHKeyHelper, String str, String str2, SSHKeyHelper sSHKeyHelper2, String str3, String str4, String str5, int i) throws NoSuchAlgorithmException, IOException, CertificateException, SignatureException, NoSuchProviderException, InvalidKeyException {
        RSAPublicKey sshPublicKey = sSHKeyHelper2.getSshPublicKey();
        if (!$assertionsDisabled && sshPublicKey == null) {
            throw new AssertionError();
        }
        RSAPrivateKey sshPrivateKey = sSHKeyHelper.getSshPrivateKey();
        if (!$assertionsDisabled && sshPrivateKey == null) {
            throw new AssertionError();
        }
        String compatibleSigAlgName = KeyUtil.getCompatibleSigAlgName(sshPrivateKey.getAlgorithm());
        CertificateValidity certificateValidity = new CertificateValidity(new Date(System.currentTimeMillis() - 86400000), new Date(System.currentTimeMillis() + (i * 24 * 60 * 60 * 1000)));
        X500Name x500Name = new X500Name("CN=" + str);
        X500Name x500Name2 = new X500Name("CN=" + str4);
        X509CertInfo x509CertInfo = new X509CertInfo();
        x509CertInfo.set("version", new CertificateVersion(2));
        x509CertInfo.set("serialNumber", new CertificateSerialNumber(new Random().nextInt() & Integer.MAX_VALUE));
        x509CertInfo.set("algorithmID", new CertificateAlgorithmId(AlgorithmId.getAlgorithmId(compatibleSigAlgName)));
        x509CertInfo.set("subject", x500Name2);
        GeneralNames generalNames = new GeneralNames();
        generalNames.add(new GeneralName(new URIName(str3)));
        generalNames.add(new GeneralName(new URIName(str5)));
        CertificateExtensions certificateExtensions = new CertificateExtensions();
        certificateExtensions.set("SubjectAlternativeName", new SubjectAlternativeNameExtension(generalNames));
        x509CertInfo.set("extensions", certificateExtensions);
        x509CertInfo.set("validity", certificateValidity);
        x509CertInfo.set("issuer", x500Name);
        x509CertInfo.set(Action.KEY_ATTRIBUTE, new CertificateX509Key(sshPublicKey));
        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
        x509CertImpl.sign(sshPrivateKey, compatibleSigAlgName);
        if (!$assertionsDisabled && !x509CertImpl.getSubjectDN().getName().equals(x500Name2.getName())) {
            throw new AssertionError();
        }
        if ($assertionsDisabled || x509CertImpl.getIssuerDN().getName().equals(x500Name.getName())) {
            return x509CertImpl;
        }
        throw new AssertionError();
    }

    public static X509Certificate makeAuthCert(SSHKeyHelper sSHKeyHelper, String str, String str2) throws NoSuchAlgorithmException, IOException, CertificateException, SignatureException, NoSuchProviderException, InvalidKeyException {
        return makeAuthCert(sSHKeyHelper, str, str2, 2);
    }

    public static X509Certificate makeAuthCert(SSHKeyHelper sSHKeyHelper, String str, String str2, int i) throws NoSuchAlgorithmException, IOException, CertificateException, SignatureException, NoSuchProviderException, InvalidKeyException {
        RSAPublicKey sshPublicKey = sSHKeyHelper.getSshPublicKey();
        if (!$assertionsDisabled && sshPublicKey == null) {
            throw new AssertionError();
        }
        RSAPrivateKey sshPrivateKey = sSHKeyHelper.getSshPrivateKey();
        if (!$assertionsDisabled && sshPrivateKey == null) {
            throw new AssertionError();
        }
        String compatibleSigAlgName = KeyUtil.getCompatibleSigAlgName(sshPrivateKey.getAlgorithm());
        CertificateValidity certificateValidity = new CertificateValidity(new Date(System.currentTimeMillis() - 86400000), new Date(System.currentTimeMillis() + (i * 24 * 60 * 60 * 1000)));
        X500Name x500Name = new X500Name("CN=" + str);
        X500Name x500Name2 = new X500Name("CN=" + str);
        X509CertInfo x509CertInfo = new X509CertInfo();
        x509CertInfo.set("version", new CertificateVersion(2));
        x509CertInfo.set("serialNumber", new CertificateSerialNumber(new Random().nextInt() & Integer.MAX_VALUE));
        x509CertInfo.set("algorithmID", new CertificateAlgorithmId(AlgorithmId.getAlgorithmId(compatibleSigAlgName)));
        x509CertInfo.set("subject", x500Name2);
        GeneralNames generalNames = new GeneralNames();
        generalNames.add(new GeneralName(new URIName(str2)));
        BasicConstraintsExtension basicConstraintsExtension = new BasicConstraintsExtension(true, 1);
        CertificateExtensions certificateExtensions = new CertificateExtensions();
        certificateExtensions.set("SubjectAlternativeName", new SubjectAlternativeNameExtension(generalNames));
        certificateExtensions.set("BasicConstraints", basicConstraintsExtension);
        x509CertInfo.set("extensions", certificateExtensions);
        x509CertInfo.set("validity", certificateValidity);
        x509CertInfo.set("issuer", x500Name);
        x509CertInfo.set(Action.KEY_ATTRIBUTE, new CertificateX509Key(sshPublicKey));
        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
        x509CertImpl.sign(sshPrivateKey, compatibleSigAlgName);
        return x509CertImpl;
    }

    public String getUserPem() {
        return new String(this.userKeys.getPEMAnyPrivateKey()) + Indentation.NORMAL_END_OF_LINE + KeyUtil.x509certificateToPem(this.userCert);
    }

    static {
        $assertionsDisabled = !TestCertHelper.class.desiredAssertionStatus();
        userUuid = UUID.randomUUID().toString();
        userUuidUrn = "urn:uuid:" + userUuid;
        am1Uuid = UUID.randomUUID().toString();
        am1UuidUrn = "urn:uuid:" + am1Uuid;
        am2Uuid = UUID.randomUUID().toString();
        am2UuidUrn = "urn:uuid:" + am2Uuid;
        am3Uuid = UUID.randomUUID().toString();
        am3UuidUrn = "urn:uuid:" + am3Uuid;
        scsUuid = UUID.randomUUID().toString();
        scsUuidUrn = "urn:uuid:" + scsUuid;
        saUuid = UUID.randomUUID().toString();
        saUuidUrn = "urn:uuid:" + saUuid;
        toolUuid = UUID.randomUUID().toString();
        toolUuidUrn = "urn:uuid:" + toolUuid;
    }
}
