package org.bouncycastle.tls.test;

import java.math.BigInteger;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ocsp.RevokedInfo;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.CRLReason;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.OCSPRespBuilder;
import org.bouncycastle.cert.ocsp.Req;
import org.bouncycastle.cert.ocsp.RespID;
import org.bouncycastle.cert.ocsp.RevokedStatus;
import org.bouncycastle.cert.ocsp.jcajce.JcaBasicOCSPRespBuilder;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.pkix.PKIXIdentity;
import org.bouncycastle.tls.DefaultTlsDHConfigVerifier;
import org.bouncycastle.util.io.Streams;

/* loaded from: input_file:org/bouncycastle/tls/test/TestOCSPCertServer.class */
public class TestOCSPCertServer {
    private final KeyPair signKP;
    private final X509Certificate rootCert;
    private final KeyPair interKP;
    private final X509Certificate interCert;
    private final DigestCalculatorProvider digCalcProv;
    private final X509CertificateHolder[] chain;
    private final Set<BigInteger> revocations = new HashSet();

    /* loaded from: input_file:org/bouncycastle/tls/test/TestOCSPCertServer$ServerTask.class */
    public static class ServerTask implements Runnable {
        private final int portNo;
        private final TestOCSPCertServer server;

        public ServerTask(int i, TestOCSPCertServer testOCSPCertServer) {
            this.portNo = i;
            this.server = testOCSPCertServer;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                Socket accept = new ServerSocket(this.portNo).accept();
                accept.getOutputStream().write(this.server.respond(new OCSPReq(Streams.readAll(accept.getInputStream()))).getEncoded());
                accept.close();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    public TestOCSPCertServer() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(DefaultTlsDHConfigVerifier.DEFAULT_MINIMUM_PRIME_BITS);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        this.interKP = keyPairGenerator.generateKeyPair();
        this.signKP = keyPairGenerator.generateKeyPair();
        this.digCalcProv = new JcaDigestCalculatorProviderBuilder().build();
        this.rootCert = CertChainUtil.createMasterCert("CN=Root Certificate", generateKeyPair);
        this.interCert = CertChainUtil.createIntermediateCert("CN=Intermediate Certificate", this.interKP.getPublic(), generateKeyPair.getPrivate(), this.rootCert);
        this.chain = new X509CertificateHolder[]{new X509CertificateHolder(CertChainUtil.createEndEntityCert("CN=OCSP Signing Certificate", this.signKP.getPublic(), this.interKP.getPrivate(), this.interCert, KeyPurposeId.id_kp_OCSPSigning).getEncoded()), new X509CertificateHolder(this.interCert.getEncoded())};
    }

    public X509Certificate getRootCert() {
        return this.rootCert;
    }

    public X509Certificate getCACert() {
        return this.interCert;
    }

    public PKIXIdentity issueClientCert(String str, boolean z) throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(DefaultTlsDHConfigVerifier.DEFAULT_MINIMUM_PRIME_BITS);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        X509Certificate createEndEntityCert = CertChainUtil.createEndEntityCert(str, generateKeyPair.getPublic(), this.interKP.getPrivate(), this.interCert);
        if (z) {
            this.revocations.add(createEndEntityCert.getSerialNumber());
        }
        return new PKIXIdentity(PrivateKeyInfo.getInstance(generateKeyPair.getPrivate().getEncoded()), new X509CertificateHolder[]{new X509CertificateHolder(createEndEntityCert.getEncoded()), new X509CertificateHolder(this.interCert.getEncoded())});
    }

    public OCSPResp respond(OCSPReq oCSPReq) throws Exception {
        JcaBasicOCSPRespBuilder jcaBasicOCSPRespBuilder = new JcaBasicOCSPRespBuilder(this.signKP.getPublic(), this.digCalcProv.get(RespID.HASH_SHA1));
        Req[] requestList = oCSPReq.getRequestList();
        for (int i = 0; i != requestList.length; i++) {
            CertificateID certID = requestList[i].getCertID();
            if (this.revocations.contains(certID.getSerialNumber())) {
                jcaBasicOCSPRespBuilder.addResponse(certID, new RevokedStatus(new RevokedInfo(new ASN1GeneralizedTime(new Date(System.currentTimeMillis() - 60000)), CRLReason.lookup(4))));
            } else {
                jcaBasicOCSPRespBuilder.addResponse(certID, CertificateStatus.GOOD);
            }
        }
        return new OCSPRespBuilder().build(0, jcaBasicOCSPRespBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").build(this.signKP.getPrivate()), this.chain, new Date()));
    }
}
