package org.eclipse.californium.elements.util;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.security.auth.x500.X500Principal;
import org.eclipse.californium.elements.util.SslContextUtil;
import org.junit.Assert;

/* loaded from: input_file:org/eclipse/californium/elements/util/TestCertificatesTools.class */
public class TestCertificatesTools {
    public static final String KEY_STORE_LOCATION = "certs/keyStore.jks";
    public static final String EDDSA_KEY_STORE_LOCATION = "certs/eddsaKeyStore.jks";
    public static final String TRUST_STORE_LOCATION = "certs/trustStore.jks";
    public static final String KEY_STORE_URI = "classpath://certs/keyStore.jks";
    public static final String EDDSA_KEY_STORE_URI = "classpath://certs/eddsaKeyStore.jks";
    public static final String TRUST_STORE_URI = "classpath://certs/trustStore.jks";
    public static final String SERVER_NAME = "server";
    public static final String SERVER_CA_RSA_NAME = "servercarsa";
    public static final String SERVER_RSA_NAME = "serverrsa";
    public static final String CLIENT_NAME = "client";
    public static final String CLIENT_RSA_NAME = "clientrsa";
    public static final String ROOT_CA_ALIAS = "root";
    public static final String CA_ALIAS = "ca";
    public static final String CA_ALT_ALIAS = "caalt";
    public static final String NO_SIGNING_ALIAS = "nosigning";
    private static X509ExtendedKeyManager clientKeyManager;
    private static X509ExtendedKeyManager serverKeyManager;
    private static X509ExtendedKeyManager serverEdDsaKeyManager;
    public static SslContextUtil.Credentials clientCredentials;
    public static SslContextUtil.Credentials clientRsaCredentials;
    public static SslContextUtil.Credentials serverCredentials;
    public static SslContextUtil.Credentials serverCaRsaCredentials;
    public static SslContextUtil.Credentials serverRsaCredentials;
    private static X509Certificate[] trustedCertificates;
    private static X509Certificate rootCaCertificate;
    private static X509Certificate caCertificate;
    private static X509Certificate caAlternativeCertificate;
    private static X509Certificate nosigningCertificate;
    public static final char[] TRUST_STORE_PASSWORD = "rootPass".toCharArray();
    public static final char[] KEY_STORE_PASSWORD = "endPass".toCharArray();
    private static final SecureRandom random = new SecureRandom();

    protected TestCertificatesTools() {
    }

    public static X509ExtendedKeyManager getKeyManager(SslContextUtil.Credentials credentials) {
        try {
            return getX509KeyManager(SslContextUtil.createKeyManager("test", credentials.getPrivateKey(), credentials.getCertificateChain()));
        } catch (GeneralSecurityException e) {
            Assert.fail(e.getMessage());
            return null;
        }
    }

    public static X509ExtendedKeyManager getServerKeyManager() {
        return serverKeyManager;
    }

    public static X509ExtendedKeyManager getClientKeyManager() {
        return clientKeyManager;
    }

    public static X509ExtendedKeyManager getServerEdDsaKeyManager() {
        return serverEdDsaKeyManager;
    }

    public static X509Certificate[] getServerCertificateChain() {
        X509Certificate[] certificateChain = serverCredentials.getCertificateChain();
        return (X509Certificate[]) Arrays.copyOf(certificateChain, certificateChain.length);
    }

    public static List<X509Certificate> getServerCertificateChainAsList() {
        return Arrays.asList(serverCredentials.getCertificateChain());
    }

    public static X509Certificate[] getServerCaRsaCertificateChain() {
        X509Certificate[] certificateChain = serverCaRsaCredentials.getCertificateChain();
        return (X509Certificate[]) Arrays.copyOf(certificateChain, certificateChain.length);
    }

    public static List<X509Certificate> getServerCaRsaCertificateChainAsList() {
        return Arrays.asList(serverCaRsaCredentials.getCertificateChain());
    }

    public static X509Certificate[] getServerRsaCertificateChain() {
        X509Certificate[] certificateChain = serverRsaCredentials.getCertificateChain();
        return (X509Certificate[]) Arrays.copyOf(certificateChain, certificateChain.length);
    }

    public static List<X509Certificate> getServerRsaCertificateChainAsList() {
        return Arrays.asList(serverRsaCredentials.getCertificateChain());
    }

    public static X509Certificate[] getClientCertificateChain() {
        X509Certificate[] certificateChain = clientCredentials.getCertificateChain();
        return (X509Certificate[]) Arrays.copyOf(certificateChain, certificateChain.length);
    }

    public static List<X509Certificate> getClientCertificateChainAsList() {
        return Arrays.asList(clientCredentials.getCertificateChain());
    }

    public static X509Certificate[] getClientRsaCertificateChain() {
        X509Certificate[] certificateChain = clientRsaCredentials.getCertificateChain();
        return (X509Certificate[]) Arrays.copyOf(certificateChain, certificateChain.length);
    }

    public static List<X509Certificate> getClientRsaCertificateChainAsList() {
        return Arrays.asList(clientRsaCredentials.getCertificateChain());
    }

    public static SslContextUtil.Credentials getCredentials(String str) {
        try {
            try {
                return SslContextUtil.loadCredentials(KEY_STORE_URI, str, KEY_STORE_PASSWORD, KEY_STORE_PASSWORD);
            } catch (IllegalArgumentException e) {
                return SslContextUtil.loadCredentials(EDDSA_KEY_STORE_URI, str, KEY_STORE_PASSWORD, KEY_STORE_PASSWORD);
            }
        } catch (IOException | GeneralSecurityException e2) {
            return null;
        }
    }

    public static KeyPair getServerKeyPair() {
        return new KeyPair(serverCredentials.getPubicKey(), serverCredentials.getPrivateKey());
    }

    public static PrivateKey getPrivateKey() {
        return serverCredentials.getPrivateKey();
    }

    public static PrivateKey getServerCaRsaPrivateKey() {
        return serverCaRsaCredentials.getPrivateKey();
    }

    public static PrivateKey getServerRsaPrivateKey() {
        return serverRsaCredentials.getPrivateKey();
    }

    public static PrivateKey getClientPrivateKey() {
        return clientCredentials.getPrivateKey();
    }

    public static PrivateKey getClientRsaPrivateKey() {
        return clientRsaCredentials.getPrivateKey();
    }

    public static PublicKey getPublicKey() {
        return serverCredentials.getCertificateChain()[0].getPublicKey();
    }

    public static PublicKey getServerRsaPublicKey() {
        return serverRsaCredentials.getCertificateChain()[0].getPublicKey();
    }

    public static PublicKey getClientPublicKey() {
        return clientCredentials.getCertificateChain()[0].getPublicKey();
    }

    public static PublicKey getClientRsaPublicKey() {
        return clientRsaCredentials.getCertificateChain()[0].getPublicKey();
    }

    public static X509Certificate[] getTrustedCertificates() {
        return trustedCertificates;
    }

    public static X509Certificate getTrustedRootCA() {
        return rootCaCertificate;
    }

    public static X509Certificate getTrustedCA() {
        return caCertificate;
    }

    public static X509Certificate getAlternativeCA() {
        return caAlternativeCertificate;
    }

    public static X509Certificate getNoSigningCertificate() {
        return nosigningCertificate;
    }

    public static void assertSigning(String str, PrivateKey privateKey, PublicKey publicKey, String str2) {
        try {
            assertSigning(str, privateKey, publicKey, getSignatureInstance(str2));
        } catch (GeneralSecurityException e) {
            e.printStackTrace();
            Assert.fail(str2 + " failed with " + e);
        }
    }

    public static void assertSigning(String str, PrivateKey privateKey, PublicKey publicKey, Signature signature) {
        String algorithm = signature.getAlgorithm();
        try {
            int i = 256;
            if (algorithm.startsWith("NONEwith") && !algorithm.equals("NONEwithEdDSA")) {
                i = 64;
            }
            byte[] createBytes = Bytes.createBytes(random, i);
            signature.initSign(privateKey);
            signature.update(createBytes, 0, i);
            byte[] sign = signature.sign();
            signature.initVerify(publicKey);
            signature.update(createBytes, 0, i);
            if (!signature.verify(sign)) {
                Assert.fail(str + ":" + algorithm + " failed!");
            }
        } catch (RuntimeException e) {
            e.printStackTrace();
            Assert.fail(str + ":" + algorithm + " failed with " + e);
        } catch (GeneralSecurityException e2) {
            e2.printStackTrace();
            Assert.fail(str + ":" + algorithm + " failed with " + e2);
        }
    }

    private static Signature getSignatureInstance(String str) throws NoSuchAlgorithmException {
        return Signature.getInstance(Asn1DerDecoder.getEdDsaStandardAlgorithmName(str, str));
    }

    public static void assertEquals(List<? extends Certificate> list, List<? extends Certificate> list2) {
        assertEquals("", list, list2);
    }

    public static void assertEquals(String str, List<? extends Certificate> list, List<? extends Certificate> list2) {
        String diff = diff(list, list2);
        if (diff.isEmpty()) {
            return;
        }
        Assert.fail(str + diff);
    }

    public static void assertEquals(X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2) {
        assertEquals((List<? extends Certificate>) Arrays.asList(x509CertificateArr), (List<? extends Certificate>) Arrays.asList(x509CertificateArr2));
    }

    public static void assertEquals(String str, X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2) {
        assertEquals(str, (List<? extends Certificate>) Arrays.asList(x509CertificateArr), (List<? extends Certificate>) Arrays.asList(x509CertificateArr2));
    }

    public static void assertEquals(X509Certificate[] x509CertificateArr, List<? extends Certificate> list) {
        assertEquals((List<? extends Certificate>) Arrays.asList(x509CertificateArr), list);
    }

    public static void assertEquals(String str, X509Certificate[] x509CertificateArr, List<? extends Certificate> list) {
        assertEquals(str, (List<? extends Certificate>) Arrays.asList(x509CertificateArr), list);
    }

    private static String diff(List<? extends Certificate> list, List<? extends Certificate> list2) {
        String str;
        Certificate certificate;
        boolean z = false;
        StringBuilder sb = new StringBuilder();
        int size = list.size();
        int size2 = list2.size();
        int min = Math.min(size, size2);
        if (size != size2) {
            sb.append("size ").append(size).append("!=").append(size2).append(", ");
        }
        int i = 0;
        while (true) {
            if (i >= min) {
                break;
            }
            Certificate certificate2 = list.get(i);
            Certificate certificate3 = list2.get(i);
            if (certificate2.equals(certificate3)) {
                i++;
            } else {
                z = true;
                if ((certificate2 instanceof X509Certificate) && (certificate3 instanceof X509Certificate)) {
                    X500Principal subjectX500Principal = ((X509Certificate) certificate2).getSubjectX500Principal();
                    X500Principal subjectX500Principal2 = ((X509Certificate) certificate3).getSubjectX500Principal();
                    if (!subjectX500Principal.equals(subjectX500Principal2)) {
                        sb.append("DN [").append(i).append("] ").append(subjectX500Principal).append("!=").append(subjectX500Principal2).append(", ");
                    }
                }
                sb.append("cert [").append(i).append("] ").append(certificate2).append("!=").append(certificate3).append(", ");
            }
        }
        if (!z && size != size2) {
            if (size < size2) {
                str = "list-2";
                certificate = list2.get(min);
            } else {
                str = "list-1";
                certificate = list.get(min);
            }
            if (certificate instanceof X509Certificate) {
                sb.append(str).append(" additional DN [").append(min).append("] ").append(((X509Certificate) certificate).getSubjectX500Principal()).append(", ");
            } else {
                sb.append(str).append(" additional cert [").append(min).append("] ").append(certificate).append(", ");
            }
        }
        if (sb.length() > 0) {
            sb.setLength(sb.length() - 2);
        }
        return sb.toString();
    }

    private static X509ExtendedKeyManager getX509KeyManager(KeyManager[] keyManagerArr) {
        if (keyManagerArr == null) {
            return null;
        }
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509ExtendedKeyManager) {
                return (X509ExtendedKeyManager) keyManager;
            }
        }
        return null;
    }

    static {
        try {
            clientCredentials = SslContextUtil.loadCredentials(KEY_STORE_URI, "client", KEY_STORE_PASSWORD, KEY_STORE_PASSWORD);
            clientRsaCredentials = SslContextUtil.loadCredentials(KEY_STORE_URI, CLIENT_RSA_NAME, KEY_STORE_PASSWORD, KEY_STORE_PASSWORD);
            serverCredentials = SslContextUtil.loadCredentials(KEY_STORE_URI, "server", KEY_STORE_PASSWORD, KEY_STORE_PASSWORD);
            serverCaRsaCredentials = SslContextUtil.loadCredentials(KEY_STORE_URI, SERVER_CA_RSA_NAME, KEY_STORE_PASSWORD, KEY_STORE_PASSWORD);
            serverRsaCredentials = SslContextUtil.loadCredentials(KEY_STORE_URI, SERVER_RSA_NAME, KEY_STORE_PASSWORD, KEY_STORE_PASSWORD);
            Certificate[] loadTrustedCertificates = SslContextUtil.loadTrustedCertificates(TRUST_STORE_URI, (String) null, TRUST_STORE_PASSWORD);
            serverKeyManager = getX509KeyManager(SslContextUtil.loadKeyManager(KEY_STORE_URI, "server.*", KEY_STORE_PASSWORD, KEY_STORE_PASSWORD));
            clientKeyManager = getX509KeyManager(SslContextUtil.loadKeyManager(KEY_STORE_URI, "client", KEY_STORE_PASSWORD, KEY_STORE_PASSWORD));
            if (JceProviderUtil.isSupported("Ed25519") && SslContextUtil.isAvailableFromUri(EDDSA_KEY_STORE_URI)) {
                serverEdDsaKeyManager = getX509KeyManager(SslContextUtil.loadKeyManager(EDDSA_KEY_STORE_URI, "server.*", KEY_STORE_PASSWORD, KEY_STORE_PASSWORD));
            }
            trustedCertificates = SslContextUtil.asX509Certificates(loadTrustedCertificates);
            rootCaCertificate = (X509Certificate) SslContextUtil.loadTrustedCertificates(TRUST_STORE_URI, ROOT_CA_ALIAS, TRUST_STORE_PASSWORD)[0];
            caCertificate = (X509Certificate) SslContextUtil.loadTrustedCertificates(TRUST_STORE_URI, "ca", TRUST_STORE_PASSWORD)[0];
            caAlternativeCertificate = (X509Certificate) SslContextUtil.loadTrustedCertificates(TRUST_STORE_URI, CA_ALT_ALIAS, TRUST_STORE_PASSWORD)[0];
            nosigningCertificate = SslContextUtil.loadCertificateChain(KEY_STORE_URI, NO_SIGNING_ALIAS, KEY_STORE_PASSWORD)[0];
        } catch (IOException | GeneralSecurityException e) {
            throw new Error(e.getMessage());
        }
    }
}
