package org.xipki.scep.serveremulator;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.util.Date;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.jce.X509KeyUsage;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.xipki.scep.crypto.ScepHashAlgoType;
import org.xipki.scep.message.CaCaps;
import org.xipki.scep.util.ScepUtil;

/* loaded from: input_file:org/xipki/scep/serveremulator/ScepServer.class */
public class ScepServer {
    private final String name;
    private final CaCaps caCaps;
    private final boolean withRa;
    private final boolean withNextCa;
    private final boolean generateCrl;
    private final ScepControl control;
    private Long maxSigningTimeBiasInMs;
    private ScepServlet servlet;
    private Certificate caCert;
    private Certificate raCert;
    private Certificate nextCaCert;
    private Certificate nextRaCert;

    public ScepServer(String str, CaCaps caCaps, boolean z, boolean z2, boolean z3, ScepControl scepControl) {
        this.name = ScepUtil.requireNonBlank("name", str);
        this.caCaps = (CaCaps) ScepUtil.requireNonNull("caCaps", caCaps);
        this.control = (ScepControl) ScepUtil.requireNonNull("control", scepControl);
        this.withRa = z;
        this.withNextCa = z2;
        this.generateCrl = z3;
    }

    public String name() {
        return this.name;
    }

    public void setMaxSigningTimeBias(long j) {
        this.maxSigningTimeBiasInMs = Long.valueOf(j);
    }

    public ScepServlet getServlet() throws Exception {
        if (this.servlet != null) {
            return this.servlet;
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        PrivateKey privateKey = keyPairGenerator.generateKeyPair().getPrivate();
        X500Name x500Name = new X500Name("CN=RCA1, OU=emulator, O=xipki.org, C=DE");
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        this.caCert = issueSubCaCert(privateKey, x500Name, ScepUtil.createSubjectPublicKeyInfo(generateKeyPair.getPublic()), new X500Name("CN=CA1, OU=emulator, O=xipki.org, C=DE"), BigInteger.valueOf(2L), new Date(System.currentTimeMillis() - 600000));
        CaEmulator caEmulator = new CaEmulator(generateKeyPair.getPrivate(), this.caCert, this.generateCrl);
        RaEmulator raEmulator = null;
        if (this.withRa) {
            keyPairGenerator.initialize(2048);
            KeyPair generateKeyPair2 = keyPairGenerator.generateKeyPair();
            this.raCert = caEmulator.generateCert(ScepUtil.createSubjectPublicKeyInfo(generateKeyPair2.getPublic()), new X500Name("CN=RA1, OU=emulator, O=xipki.org, C=DE"));
            raEmulator = new RaEmulator(generateKeyPair2.getPrivate(), this.raCert);
        }
        NextCaAndRa nextCaAndRa = null;
        if (this.withNextCa) {
            keyPairGenerator.initialize(2048);
            KeyPair generateKeyPair3 = keyPairGenerator.generateKeyPair();
            SubjectPublicKeyInfo createSubjectPublicKeyInfo = ScepUtil.createSubjectPublicKeyInfo(generateKeyPair3.getPublic());
            X500Name x500Name2 = new X500Name("CN=CA2, OU=emulator, O=xipki.org, C=DE");
            Date date = new Date(System.currentTimeMillis() + 31536000000L);
            this.nextCaCert = issueSubCaCert(privateKey, x500Name, createSubjectPublicKeyInfo, x500Name2, BigInteger.valueOf(2L), date);
            CaEmulator caEmulator2 = new CaEmulator(generateKeyPair3.getPrivate(), this.nextCaCert, this.generateCrl);
            if (this.withRa) {
                keyPairGenerator.initialize(2048);
                this.nextRaCert = caEmulator2.generateCert(ScepUtil.createSubjectPublicKeyInfo(keyPairGenerator.generateKeyPair().getPublic()), new X500Name("CN=RA2, OU=emulator, O=xipki.org, C=DE"), new Date(date.getTime() + 864000000));
            }
            nextCaAndRa = new NextCaAndRa(this.nextCaCert, this.nextRaCert);
        }
        ScepResponder scepResponder = new ScepResponder(this.caCaps, caEmulator, raEmulator, nextCaAndRa, this.control);
        if (this.maxSigningTimeBiasInMs != null) {
            scepResponder.setMaxSigningTimeBias(this.maxSigningTimeBiasInMs.longValue());
        }
        this.servlet = new ScepServlet(scepResponder);
        return this.servlet;
    }

    public Certificate caCert() {
        return this.caCert;
    }

    public Certificate raCert() {
        return this.raCert;
    }

    public Certificate nextCaCert() {
        return this.nextCaCert;
    }

    public Certificate nextRaCert() {
        return this.nextRaCert;
    }

    public boolean isWithRa() {
        return this.withRa;
    }

    public boolean isWithNextCa() {
        return this.withNextCa;
    }

    public boolean isGenerateCrl() {
        return this.generateCrl;
    }

    private static Certificate issueSubCaCert(PrivateKey privateKey, X500Name x500Name, SubjectPublicKeyInfo subjectPublicKeyInfo, X500Name x500Name2, BigInteger bigInteger, Date date) throws CertIOException, OperatorCreationException {
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, bigInteger, date, new Date(date.getTime() + 315360000000L), x500Name2, subjectPublicKeyInfo);
        x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new X509KeyUsage(6));
        x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
        return x509v3CertificateBuilder.build(new JcaContentSignerBuilder(ScepUtil.getSignatureAlgorithm(privateKey, ScepHashAlgoType.SHA256)).build(privateKey)).toASN1Structure();
    }
}
