package de.rub.nds.tlsattacker.core.util;

import de.rub.nds.modifiablevariable.util.BadRandom;
import de.rub.nds.tlsattacker.core.constants.HandshakeByteLength;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Date;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:de/rub/nds/tlsattacker/core/util/KeyStoreGenerator.class */
public class KeyStoreGenerator {
    public static final String PASSWORD = "password";
    public static final String ALIAS = "alias";

    public static KeyPair createRSAKeyPair(int i, BadRandom badRandom) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(i, (SecureRandom) badRandom);
        return keyPairGenerator.generateKeyPair();
    }

    public static KeyPair createECKeyPair(int i, BadRandom badRandom) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(i, (SecureRandom) badRandom);
        return keyPairGenerator.generateKeyPair();
    }

    public static KeyPair createGost01KeyPair(String str, BadRandom badRandom) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        AlgorithmParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(str);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECGOST3410");
        keyPairGenerator.initialize(parameterSpec, (SecureRandom) badRandom);
        return keyPairGenerator.generateKeyPair();
    }

    public static KeyPair createGost12KeyPair(String str, BadRandom badRandom) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        AlgorithmParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(str);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECGOST3410-2012");
        keyPairGenerator.initialize(parameterSpec, (SecureRandom) badRandom);
        return keyPairGenerator.generateKeyPair();
    }

    public static KeyStore createKeyStore(KeyPair keyPair, BadRandom badRandom) throws CertificateException, IOException, InvalidKeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, OperatorCreationException {
        PublicKey publicKey = keyPair.getPublic();
        PrivateKey privateKey = keyPair.getPrivate();
        X500Name x500Name = new X500Name("CN=127.0.0.1, O=TLS-Attacker, L=RUB, ST=NRW, C=DE");
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, BigInteger.valueOf(badRandom.nextInt()), new Date(System.currentTimeMillis() - 5000), new Date(System.currentTimeMillis() + 600000), x500Name, publicKey);
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
        jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, false, new KeyUsage(180));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(KeyPurposeId.id_kp_serverAuth);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_clientAuth);
        aSN1EncodableVector.add(KeyPurposeId.anyExtendedKeyUsage);
        jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(aSN1EncodableVector));
        X509Certificate signCertificate = signCertificate(createSigningAlgorithm(keyPair), jcaX509v3CertificateBuilder, privateKey);
        signCertificate.checkValidity(new Date());
        signCertificate.verify(publicKey);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        keyStore.setKeyEntry(ALIAS, privateKey, PASSWORD.toCharArray(), new Certificate[]{signCertificate});
        return keyStore;
    }

    private static X509Certificate signCertificate(String str, X509v3CertificateBuilder x509v3CertificateBuilder, PrivateKey privateKey) throws OperatorCreationException, CertificateException {
        return new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(str).build(privateKey)));
    }

    private static String createSigningAlgorithm(KeyPair keyPair) {
        String algorithm = keyPair.getPublic().getAlgorithm();
        boolean z = -1;
        switch (algorithm.hashCode()) {
            case 2180:
                if (algorithm.equals("DH")) {
                    z = 2;
                    break;
                }
                break;
            case 2206:
                if (algorithm.equals("EC")) {
                    z = true;
                    break;
                }
                break;
            case 81440:
                if (algorithm.equals("RSA")) {
                    z = false;
                    break;
                }
                break;
            case 1519267751:
                if (algorithm.equals("ECGOST3410")) {
                    z = 3;
                    break;
                }
                break;
            case 1635915589:
                if (algorithm.equals("ECGOST3410-2012")) {
                    z = 4;
                    break;
                }
                break;
        }
        switch (z) {
            case HandshakeByteLength.PSK_ZERO /* 0 */:
                return "SHA256withRSA";
            case true:
                return "SHA256withECDSA";
            case true:
                return "SHA256withDSA";
            case true:
                return "GOST3411WITHECGOST3410";
            case true:
                return keyPair.getPublic().getQ().getAffineXCoord().toBigInteger().bitLength() > 256 ? "GOST3411-2012-512WITHGOST3410-2012-512" : "GOST3411-2012-256WITHGOST3410-2012-256";
            default:
                throw new UnsupportedOperationException("Algorithm " + keyPair.getPublic().getAlgorithm() + " not supported");
        }
    }

    private KeyStoreGenerator() {
    }
}
