package at.gv.egiz.bku.webstart;

import iaik.asn1.CodingException;
import iaik.asn1.ObjectID;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.GeneralName;
import iaik.asn1.structures.GeneralNames;
import iaik.asn1.structures.Name;
import iaik.cms.SecurityProvider;
import iaik.x509.X509Certificate;
import iaik.x509.extensions.AuthorityKeyIdentifier;
import iaik.x509.extensions.BasicConstraints;
import iaik.x509.extensions.ExtendedKeyUsage;
import iaik.x509.extensions.KeyUsage;
import iaik.x509.extensions.SubjectAltName;
import iaik.x509.extensions.SubjectKeyIdentifier;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.GregorianCalendar;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:at/gv/egiz/bku/webstart/TLSServerCA.class */
public class TLSServerCA {
    public static final int CA_VALIDITY_Y = 3;
    public static final String MOCCA_TLS_SERVER_ALIAS = "server";
    public static final int SERVER_VALIDITY_Y = 3;
    private static final Logger log = LoggerFactory.getLogger(TLSServerCA.class);
    private KeyPair caKeyPair;
    private X509Certificate caCert;
    private KeyPair serverKeyPair;
    private X509Certificate serverCert;

    private KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(SecurityProvider.IMPLEMENTATION_NAME_RSA);
        keyPairGenerator.initialize(2048);
        return keyPairGenerator.generateKeyPair();
    }

    private void generateCACert() throws GeneralSecurityException, CodingException {
        log.debug("generating MOCCA CA certificate");
        Name name = new Name();
        name.addRDN(ObjectID.country, "AT");
        name.addRDN(ObjectID.organization, "MOCCA");
        name.addRDN(ObjectID.organizationalUnit, "MOCCA TLS Server CA");
        this.caKeyPair = generateKeyPair();
        this.caCert = new X509Certificate();
        this.caCert.setSerialNumber(new BigInteger(20, new SecureRandom()));
        this.caCert.setSubjectDN(name);
        this.caCert.setPublicKey(this.caKeyPair.getPublic());
        this.caCert.setIssuerDN(name);
        this.caCert.addExtension(new SubjectKeyIdentifier(this.caKeyPair.getPublic()));
        BasicConstraints basicConstraints = new BasicConstraints(true);
        basicConstraints.setCritical(true);
        this.caCert.addExtension(basicConstraints);
        KeyUsage keyUsage = new KeyUsage(97);
        keyUsage.setCritical(true);
        this.caCert.addExtension(keyUsage);
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.add(11, -1);
        this.caCert.setValidNotBefore(gregorianCalendar.getTime());
        gregorianCalendar.add(1, 3);
        this.caCert.setValidNotAfter(gregorianCalendar.getTime());
        this.caCert.sign(AlgorithmID.sha256WithRSAEncryption, this.caKeyPair.getPrivate());
        log.debug("successfully generated MOCCA TLS Server CA certificate " + this.caCert.getSubjectDN());
    }

    private void generateServerCert() throws GeneralSecurityException, CodingException {
        log.debug("generating MOCCA server certificate");
        Name name = new Name();
        name.addRDN(ObjectID.country, "AT");
        name.addRDN(ObjectID.organization, "MOCCA");
        name.addRDN(ObjectID.organizationalUnit, "MOCCA TLS Server");
        name.addRDN(ObjectID.commonName, "localhost");
        name.addRDN(ObjectID.commonName, "127.0.0.1");
        this.serverKeyPair = generateKeyPair();
        this.serverCert = new X509Certificate();
        this.serverCert.setSerialNumber(new BigInteger(20, new SecureRandom()));
        this.serverCert.setSubjectDN(name);
        this.serverCert.setPublicKey(this.serverKeyPair.getPublic());
        this.serverCert.setIssuerDN(this.caCert.getSubjectDN());
        this.serverCert.addExtension(new SubjectKeyIdentifier(this.serverKeyPair.getPublic()));
        this.serverCert.addExtension(new AuthorityKeyIdentifier(new SubjectKeyIdentifier(this.caCert.getPublicKey()).get()));
        this.serverCert.addExtension(new ExtendedKeyUsage(ExtendedKeyUsage.serverAuth));
        GeneralNames generalNames = new GeneralNames();
        generalNames.addName(new GeneralName(2, "localhost"));
        generalNames.addName(new GeneralName(2, "127.0.0.1"));
        generalNames.addName(new GeneralName(7, "127.0.0.1"));
        this.serverCert.addExtension(new SubjectAltName(generalNames));
        this.serverCert.addExtension(new BasicConstraints(false));
        this.serverCert.addExtension(new KeyUsage(5));
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.add(11, -1);
        this.serverCert.setValidNotBefore(gregorianCalendar.getTime());
        gregorianCalendar.add(1, 3);
        gregorianCalendar.add(11, -1);
        this.serverCert.setValidNotAfter(gregorianCalendar.getTime());
        this.serverCert.sign(AlgorithmID.sha256WithRSAEncryption, this.caKeyPair.getPrivate());
        log.debug("successfully generated MOCCA TLS Server certificate " + this.serverCert.getSubjectDN());
        this.caKeyPair = null;
    }

    public KeyStore generateKeyStore(char[] cArr) throws GeneralSecurityException, IOException, CodingException {
        generateCACert();
        generateServerCert();
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        keyStore.setKeyEntry(MOCCA_TLS_SERVER_ALIAS, this.serverKeyPair.getPrivate(), cArr, new X509Certificate[]{this.serverCert, this.caCert});
        return keyStore;
    }
}
