package org.bouncycastle.tsp.test;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.cert.CertStore;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import junit.framework.TestCase;
import org.bouncycastle.asn1.cmp.PKIFailureInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.tsp.GenTimeAccuracy;
import org.bouncycastle.tsp.TSPAlgorithms;
import org.bouncycastle.tsp.TSPValidationException;
import org.bouncycastle.tsp.TimeStampRequest;
import org.bouncycastle.tsp.TimeStampRequestGenerator;
import org.bouncycastle.tsp.TimeStampResponse;
import org.bouncycastle.tsp.TimeStampResponseGenerator;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.tsp.TimeStampTokenGenerator;
import org.bouncycastle.tsp.TimeStampTokenInfo;
import org.bouncycastle.util.Arrays;

/* loaded from: input_file:bctest-jdk16-144.jar:org/bouncycastle/tsp/test/TSPTest.class */
public class TSPTest extends TestCase {
    public void testGeneral() throws Exception {
        KeyPair makeKeyPair = TSPTestUtil.makeKeyPair();
        X509Certificate makeCACertificate = TSPTestUtil.makeCACertificate(makeKeyPair, "O=Bouncy Castle, C=AU", makeKeyPair, "O=Bouncy Castle, C=AU");
        KeyPair makeKeyPair2 = TSPTestUtil.makeKeyPair();
        X509Certificate makeCertificate = TSPTestUtil.makeCertificate(makeKeyPair2, "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU", makeKeyPair, "O=Bouncy Castle, C=AU");
        ArrayList arrayList = new ArrayList();
        arrayList.add(makeCertificate);
        arrayList.add(makeCACertificate);
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC");
        basicTest(makeKeyPair2.getPrivate(), makeCertificate, certStore);
        responseValidationTest(makeKeyPair2.getPrivate(), makeCertificate, certStore);
        incorrectHashTest(makeKeyPair2.getPrivate(), makeCertificate, certStore);
        badAlgorithmTest(makeKeyPair2.getPrivate(), makeCertificate, certStore);
        badPolicyTest(makeKeyPair2.getPrivate(), makeCertificate, certStore);
        tokenEncodingTest(makeKeyPair2.getPrivate(), makeCertificate, certStore);
        certReqTest(makeKeyPair2.getPrivate(), makeCertificate, certStore);
        testAccuracyZeroCerts(makeKeyPair2.getPrivate(), makeCertificate, certStore);
        testAccuracyWithCertsAndOrdering(makeKeyPair2.getPrivate(), makeCertificate, certStore);
        testNoNonse(makeKeyPair2.getPrivate(), makeCertificate, certStore);
    }

    private void basicTest(PrivateKey privateKey, X509Certificate x509Certificate, CertStore certStore) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(privateKey, x509Certificate, TSPAlgorithms.SHA1, "1.2");
        timeStampTokenGenerator.setCertificatesAndCRLs(certStore);
        TimeStampToken timeStampToken = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(new TimeStampRequestGenerator().generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100L)), new BigInteger("23"), new Date(), "BC").getEncoded()).getTimeStampToken();
        timeStampToken.validate(x509Certificate, "BC");
        assertNotNull("no signingCertificate attribute found", timeStampToken.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificate));
    }

    private void responseValidationTest(PrivateKey privateKey, X509Certificate x509Certificate, CertStore certStore) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(privateKey, x509Certificate, TSPAlgorithms.MD5, "1.2");
        timeStampTokenGenerator.setCertificatesAndCRLs(certStore);
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        TimeStampRequest generate = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100L));
        TimeStampResponse timeStampResponse = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(generate, new BigInteger("23"), new Date(), "BC").getEncoded());
        timeStampResponse.getTimeStampToken().validate(x509Certificate, "BC");
        timeStampResponse.validate(generate);
        try {
            timeStampResponse.validate(timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(101L)));
            fail("response validation failed on invalid nonce.");
        } catch (TSPValidationException e) {
        }
        try {
            timeStampResponse.validate(timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[22], BigInteger.valueOf(100L)));
            fail("response validation failed on wrong digest.");
        } catch (TSPValidationException e2) {
        }
        try {
            timeStampResponse.validate(timeStampRequestGenerator.generate(TSPAlgorithms.MD5, new byte[20], BigInteger.valueOf(100L)));
            fail("response validation failed on wrong digest.");
        } catch (TSPValidationException e3) {
        }
    }

    private void incorrectHashTest(PrivateKey privateKey, X509Certificate x509Certificate, CertStore certStore) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(privateKey, x509Certificate, TSPAlgorithms.SHA1, "1.2");
        timeStampTokenGenerator.setCertificatesAndCRLs(certStore);
        TimeStampResponse timeStampResponse = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(new TimeStampRequestGenerator().generate(TSPAlgorithms.SHA1, new byte[16]), new BigInteger("23"), new Date(), "BC").getEncoded());
        if (timeStampResponse.getTimeStampToken() != null) {
            fail("incorrectHash - token not null.");
        }
        PKIFailureInfo failInfo = timeStampResponse.getFailInfo();
        if (failInfo == null) {
            fail("incorrectHash - failInfo set to null.");
        }
        if (failInfo.intValue() != 4) {
            fail("incorrectHash - wrong failure info returned.");
        }
    }

    private void badAlgorithmTest(PrivateKey privateKey, X509Certificate x509Certificate, CertStore certStore) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(privateKey, x509Certificate, TSPAlgorithms.SHA1, "1.2");
        timeStampTokenGenerator.setCertificatesAndCRLs(certStore);
        TimeStampResponse timeStampResponse = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(new TimeStampRequestGenerator().generate("1.2.3.4.5", new byte[20]), new BigInteger("23"), new Date(), "BC").getEncoded());
        if (timeStampResponse.getTimeStampToken() != null) {
            fail("badAlgorithm - token not null.");
        }
        PKIFailureInfo failInfo = timeStampResponse.getFailInfo();
        if (failInfo == null) {
            fail("badAlgorithm - failInfo set to null.");
        }
        if (failInfo.intValue() != 128) {
            fail("badAlgorithm - wrong failure info returned.");
        }
    }

    private void badPolicyTest(PrivateKey privateKey, X509Certificate x509Certificate, CertStore certStore) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(privateKey, x509Certificate, TSPAlgorithms.SHA1, "1.2");
        timeStampTokenGenerator.setCertificatesAndCRLs(certStore);
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        timeStampRequestGenerator.setReqPolicy("1.1");
        TimeStampResponse timeStampResponse = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED, new HashSet()).generate(timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20]), new BigInteger("23"), new Date(), "BC").getEncoded());
        if (timeStampResponse.getTimeStampToken() != null) {
            fail("badPolicy - token not null.");
        }
        PKIFailureInfo failInfo = timeStampResponse.getFailInfo();
        if (failInfo == null) {
            fail("badPolicy - failInfo set to null.");
        }
        if (failInfo.intValue() != 256) {
            fail("badPolicy - wrong failure info returned.");
        }
    }

    private void certReqTest(PrivateKey privateKey, X509Certificate x509Certificate, CertStore certStore) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(privateKey, x509Certificate, TSPAlgorithms.MD5, "1.2");
        timeStampTokenGenerator.setCertificatesAndCRLs(certStore);
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        timeStampRequestGenerator.setCertReq(false);
        TimeStampToken timeStampToken = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100L)), new BigInteger("23"), new Date(), "BC").getEncoded()).getTimeStampToken();
        assertNull(timeStampToken.getTimeStampInfo().getGenTimeAccuracy());
        assertEquals("1.2", timeStampToken.getTimeStampInfo().getPolicy());
        try {
            timeStampToken.validate(x509Certificate, "BC");
        } catch (TSPValidationException e) {
            fail("certReq(false) verification of token failed.");
        }
        if (timeStampToken.getCertificatesAndCRLs("Collection", "BC").getCertificates(null).isEmpty()) {
            return;
        }
        fail("certReq(false) found certificates in response.");
    }

    private void tokenEncodingTest(PrivateKey privateKey, X509Certificate x509Certificate, CertStore certStore) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(privateKey, x509Certificate, TSPAlgorithms.SHA1, "1.2.3.4.5.6");
        timeStampTokenGenerator.setCertificatesAndCRLs(certStore);
        TimeStampResponse timeStampResponse = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(new TimeStampRequestGenerator().generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100L)), new BigInteger("23"), new Date(), "BC").getEncoded());
        TimeStampResponse timeStampResponse2 = new TimeStampResponse(timeStampResponse.getEncoded());
        if (Arrays.areEqual(timeStampResponse2.getEncoded(), timeStampResponse.getEncoded()) && Arrays.areEqual(timeStampResponse2.getTimeStampToken().getEncoded(), timeStampResponse.getTimeStampToken().getEncoded())) {
            return;
        }
        fail();
    }

    private void testAccuracyZeroCerts(PrivateKey privateKey, X509Certificate x509Certificate, CertStore certStore) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(privateKey, x509Certificate, TSPAlgorithms.MD5, "1.2");
        timeStampTokenGenerator.setCertificatesAndCRLs(certStore);
        timeStampTokenGenerator.setAccuracySeconds(1);
        timeStampTokenGenerator.setAccuracyMillis(2);
        timeStampTokenGenerator.setAccuracyMicros(3);
        TimeStampRequest generate = new TimeStampRequestGenerator().generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100L));
        TimeStampResponse timeStampResponse = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(generate, new BigInteger("23"), new Date(), "BC").getEncoded());
        TimeStampToken timeStampToken = timeStampResponse.getTimeStampToken();
        timeStampToken.validate(x509Certificate, "BC");
        timeStampResponse.validate(generate);
        TimeStampTokenInfo timeStampInfo = timeStampToken.getTimeStampInfo();
        GenTimeAccuracy genTimeAccuracy = timeStampInfo.getGenTimeAccuracy();
        assertEquals(1, genTimeAccuracy.getSeconds());
        assertEquals(2, genTimeAccuracy.getMillis());
        assertEquals(3, genTimeAccuracy.getMicros());
        assertEquals(new BigInteger("23"), timeStampInfo.getSerialNumber());
        assertEquals("1.2", timeStampInfo.getPolicy());
        assertEquals(0, timeStampToken.getCertificatesAndCRLs("Collection", "BC").getCertificates(null).size());
    }

    private void testAccuracyWithCertsAndOrdering(PrivateKey privateKey, X509Certificate x509Certificate, CertStore certStore) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(privateKey, x509Certificate, TSPAlgorithms.MD5, "1.2.3");
        timeStampTokenGenerator.setCertificatesAndCRLs(certStore);
        timeStampTokenGenerator.setAccuracySeconds(3);
        timeStampTokenGenerator.setAccuracyMillis(1);
        timeStampTokenGenerator.setAccuracyMicros(2);
        timeStampTokenGenerator.setOrdering(true);
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        timeStampRequestGenerator.setCertReq(true);
        TimeStampRequest generate = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100L));
        assertTrue(generate.getCertReq());
        TimeStampResponse timeStampResponse = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(generate, new BigInteger("23"), new Date(), "BC").getEncoded());
        TimeStampToken timeStampToken = timeStampResponse.getTimeStampToken();
        timeStampToken.validate(x509Certificate, "BC");
        timeStampResponse.validate(generate);
        TimeStampTokenInfo timeStampInfo = timeStampToken.getTimeStampInfo();
        GenTimeAccuracy genTimeAccuracy = timeStampInfo.getGenTimeAccuracy();
        assertEquals(3, genTimeAccuracy.getSeconds());
        assertEquals(1, genTimeAccuracy.getMillis());
        assertEquals(2, genTimeAccuracy.getMicros());
        assertEquals(new BigInteger("23"), timeStampInfo.getSerialNumber());
        assertEquals("1.2.3", timeStampInfo.getPolicy());
        assertEquals(true, timeStampInfo.isOrdered());
        assertEquals(timeStampInfo.getNonce(), BigInteger.valueOf(100L));
        assertEquals(2, timeStampToken.getCertificatesAndCRLs("Collection", "BC").getCertificates(null).size());
    }

    private void testNoNonse(PrivateKey privateKey, X509Certificate x509Certificate, CertStore certStore) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(privateKey, x509Certificate, TSPAlgorithms.MD5, "1.2.3");
        timeStampTokenGenerator.setCertificatesAndCRLs(certStore);
        TimeStampRequest generate = new TimeStampRequestGenerator().generate(TSPAlgorithms.SHA1, new byte[20]);
        assertFalse(generate.getCertReq());
        TimeStampResponse timeStampResponse = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(generate, new BigInteger("24"), new Date(), "BC").getEncoded());
        TimeStampToken timeStampToken = timeStampResponse.getTimeStampToken();
        timeStampToken.validate(x509Certificate, "BC");
        timeStampResponse.validate(generate);
        TimeStampTokenInfo timeStampInfo = timeStampToken.getTimeStampInfo();
        assertNull(timeStampInfo.getGenTimeAccuracy());
        assertEquals(new BigInteger("24"), timeStampInfo.getSerialNumber());
        assertEquals("1.2.3", timeStampInfo.getPolicy());
        assertEquals(false, timeStampInfo.isOrdered());
        assertNull(timeStampInfo.getNonce());
        assertEquals(0, timeStampToken.getCertificatesAndCRLs("Collection", "BC").getCertificates(null).size());
    }
}
