package org.bouncycastle.tsp.test;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import org.bouncycastle.asn1.cmp.PKIFailureInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.tsp.TSPAlgorithms;
import org.bouncycastle.tsp.TSPValidationException;
import org.bouncycastle.tsp.TimeStampRequest;
import org.bouncycastle.tsp.TimeStampRequestGenerator;
import org.bouncycastle.tsp.TimeStampResponse;
import org.bouncycastle.tsp.TimeStampResponseGenerator;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.tsp.TimeStampTokenGenerator;
import org.bouncycastle.util.test.SimpleTestResult;
import org.bouncycastle.util.test.Test;
import org.bouncycastle.util.test.TestResult;

/* loaded from: input_file:org/bouncycastle/tsp/test/TSPTest.class */
public class TSPTest implements Test {
    public String getName() {
        return "TSPTest";
    }

    public TestResult perform() {
        try {
            KeyPair makeKeyPair = TSPTestUtil.makeKeyPair();
            X509Certificate makeCACertificate = TSPTestUtil.makeCACertificate(makeKeyPair, "O=Bouncy Castle, C=AU", makeKeyPair, "O=Bouncy Castle, C=AU");
            KeyPair makeKeyPair2 = TSPTestUtil.makeKeyPair();
            X509Certificate makeCertificate = TSPTestUtil.makeCertificate(makeKeyPair2, "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU", makeKeyPair, "O=Bouncy Castle, C=AU");
            ArrayList arrayList = new ArrayList();
            arrayList.add(makeCertificate);
            arrayList.add(makeCACertificate);
            CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC");
            TestResult basicTest = basicTest(makeKeyPair2.getPrivate(), makeCertificate, certStore);
            if (!basicTest.isSuccessful()) {
                return basicTest;
            }
            TestResult responseValidationTest = responseValidationTest(makeKeyPair2.getPrivate(), makeCertificate, certStore);
            if (!responseValidationTest.isSuccessful()) {
                return responseValidationTest;
            }
            TestResult incorrectHashTest = incorrectHashTest(makeKeyPair2.getPrivate(), makeCertificate, certStore);
            if (!incorrectHashTest.isSuccessful()) {
                return incorrectHashTest;
            }
            TestResult badAlgorithmTest = badAlgorithmTest(makeKeyPair2.getPrivate(), makeCertificate, certStore);
            if (!badAlgorithmTest.isSuccessful()) {
                return badAlgorithmTest;
            }
            TestResult badPolicyTest = badPolicyTest(makeKeyPair2.getPrivate(), makeCertificate, certStore);
            return !badPolicyTest.isSuccessful() ? badPolicyTest : new SimpleTestResult(true, new StringBuffer().append(getName()).append(": Okay").toString());
        } catch (Exception e) {
            return new SimpleTestResult(false, new StringBuffer().append(getName()).append(": Exception - ").append(e.toString()).toString(), e);
        }
    }

    public TestResult basicTest(PrivateKey privateKey, X509Certificate x509Certificate, CertStore certStore) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(privateKey, x509Certificate, TSPAlgorithms.SHA1, "1.2");
        timeStampTokenGenerator.setCertificatesAndCRLs(certStore);
        TimeStampToken timeStampToken = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(new TimeStampRequestGenerator().generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100L)), new BigInteger("23"), new Date(), "BC").getEncoded()).getTimeStampToken();
        try {
            timeStampToken.validate(x509Certificate, "BC");
            return timeStampToken.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificate) == null ? new SimpleTestResult(false, new StringBuffer().append(getName()).append(": no signingCertificate attribute found.").toString()) : new SimpleTestResult(true, new StringBuffer().append(getName()).append(": Okay").toString());
        } catch (TSPValidationException e) {
            return new SimpleTestResult(false, new StringBuffer().append(getName()).append(": validation of token failed.").toString());
        }
    }

    public TestResult responseValidationTest(PrivateKey privateKey, X509Certificate x509Certificate, CertStore certStore) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(privateKey, x509Certificate, TSPAlgorithms.MD5, "1.2");
        timeStampTokenGenerator.setCertificatesAndCRLs(certStore);
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        TimeStampRequest generate = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100L));
        TimeStampResponse timeStampResponse = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(generate, new BigInteger("23"), new Date(), "BC").getEncoded());
        try {
            timeStampResponse.getTimeStampToken().validate(x509Certificate, "BC");
            try {
                timeStampResponse.validate(generate);
                try {
                    timeStampResponse.validate(timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(101L)));
                    return new SimpleTestResult(false, new StringBuffer().append(getName()).append(": response validation failed on invalid nonce.").toString());
                } catch (TSPValidationException e) {
                    try {
                        timeStampResponse.validate(timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[22], BigInteger.valueOf(100L)));
                        return new SimpleTestResult(false, new StringBuffer().append(getName()).append(": response validation failed on wrong digest.").toString());
                    } catch (TSPValidationException e2) {
                        try {
                            timeStampResponse.validate(timeStampRequestGenerator.generate(TSPAlgorithms.MD5, new byte[20], BigInteger.valueOf(100L)));
                            return new SimpleTestResult(false, new StringBuffer().append(getName()).append(": response validation failed on wrong digest.").toString());
                        } catch (TSPValidationException e3) {
                            return new SimpleTestResult(true, new StringBuffer().append(getName()).append(": Okay").toString());
                        }
                    }
                }
            } catch (TSPValidationException e4) {
                return new SimpleTestResult(false, new StringBuffer().append(getName()).append(": response validation failed - ").append(e4.getMessage()).toString());
            }
        } catch (TSPValidationException e5) {
            return new SimpleTestResult(false, new StringBuffer().append(getName()).append(": verification of token failed in response validation.").toString());
        }
    }

    public TestResult incorrectHashTest(PrivateKey privateKey, X509Certificate x509Certificate, CertStore certStore) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(privateKey, x509Certificate, TSPAlgorithms.SHA1, "1.2");
        timeStampTokenGenerator.setCertificatesAndCRLs(certStore);
        TimeStampResponse timeStampResponse = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(new TimeStampRequestGenerator().generate(TSPAlgorithms.SHA1, new byte[16]), new BigInteger("23"), new Date(), "BC").getEncoded());
        if (timeStampResponse.getTimeStampToken() != null) {
            return new SimpleTestResult(false, new StringBuffer().append(getName()).append(": incorrectHash - token not null.").toString());
        }
        PKIFailureInfo failInfo = timeStampResponse.getFailInfo();
        return failInfo == null ? new SimpleTestResult(false, new StringBuffer().append(getName()).append(": incorrectHash - failInfo set to null.").toString()) : failInfo.intValue() != 8 ? new SimpleTestResult(false, new StringBuffer().append(getName()).append(": incorrectHash - wrong failure info returned.").toString()) : new SimpleTestResult(true, new StringBuffer().append(getName()).append(": Okay").toString());
    }

    public TestResult badAlgorithmTest(PrivateKey privateKey, X509Certificate x509Certificate, CertStore certStore) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(privateKey, x509Certificate, TSPAlgorithms.SHA1, "1.2");
        timeStampTokenGenerator.setCertificatesAndCRLs(certStore);
        TimeStampResponse timeStampResponse = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(new TimeStampRequestGenerator().generate("1.2.3.4.5", new byte[20]), new BigInteger("23"), new Date(), "BC").getEncoded());
        if (timeStampResponse.getTimeStampToken() != null) {
            return new SimpleTestResult(false, new StringBuffer().append(getName()).append(": badAlgorithm - token not null.").toString());
        }
        PKIFailureInfo failInfo = timeStampResponse.getFailInfo();
        return failInfo == null ? new SimpleTestResult(false, new StringBuffer().append(getName()).append(": badAlgorithm - failInfo set to null.").toString()) : failInfo.intValue() != 128 ? new SimpleTestResult(false, new StringBuffer().append(getName()).append(": badAlgorithm - wrong failure info returned.").toString()) : new SimpleTestResult(true, new StringBuffer().append(getName()).append(": Okay").toString());
    }

    public TestResult badPolicyTest(PrivateKey privateKey, X509Certificate x509Certificate, CertStore certStore) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(privateKey, x509Certificate, TSPAlgorithms.SHA1, "1.2");
        timeStampTokenGenerator.setCertificatesAndCRLs(certStore);
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        timeStampRequestGenerator.setReqPolicy("4.4");
        TimeStampResponse timeStampResponse = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED, new HashSet()).generate(timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20]), new BigInteger("23"), new Date(), "BC").getEncoded());
        if (timeStampResponse.getTimeStampToken() != null) {
            return new SimpleTestResult(false, new StringBuffer().append(getName()).append(": badPolicy - token not null.").toString());
        }
        PKIFailureInfo failInfo = timeStampResponse.getFailInfo();
        return failInfo == null ? new SimpleTestResult(false, new StringBuffer().append(getName()).append(": badPolicy - failInfo set to null.").toString()) : failInfo.intValue() != 256 ? new SimpleTestResult(false, new StringBuffer().append(getName()).append(": badPolicy - wrong failure info returned.").toString()) : new SimpleTestResult(true, new StringBuffer().append(getName()).append(": Okay").toString());
    }

    public TestResult certReqTest(PrivateKey privateKey, X509Certificate x509Certificate, CertStore certStore) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(privateKey, x509Certificate, TSPAlgorithms.SHA1, "1.2");
        timeStampTokenGenerator.setCertificatesAndCRLs(certStore);
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        timeStampRequestGenerator.setCertReq(false);
        TimeStampToken timeStampToken = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(timeStampRequestGenerator.generate("1.2.3.4.5", new byte[20]), new BigInteger("23"), new Date(), "BC").getEncoded()).getTimeStampToken();
        try {
            timeStampToken.validate(x509Certificate, "BC");
            Collection<? extends Certificate> certificates = timeStampToken.getCertificatesAndCRLs("Collection", "BC").getCertificates(null);
            if (!certificates.isEmpty()) {
                return new SimpleTestResult(false, new StringBuffer().append(getName()).append(": certReq(false) found certificates in response.").toString());
            }
            timeStampRequestGenerator.setCertReq(true);
            try {
                new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(timeStampRequestGenerator.generate("1.2.3.4.5", new byte[20]), new BigInteger("23"), new Date(), "BC").getEncoded()).getTimeStampToken().validate(x509Certificate, "BC");
                return certificates.isEmpty() ? new SimpleTestResult(false, new StringBuffer().append(getName()).append(": certReq(false) no certificates found.").toString()) : new SimpleTestResult(true, new StringBuffer().append(getName()).append(": Okay").toString());
            } catch (TSPValidationException e) {
                return new SimpleTestResult(false, new StringBuffer().append(getName()).append(": certReq(true) verification of token failed.").toString());
            }
        } catch (TSPValidationException e2) {
            return new SimpleTestResult(false, new StringBuffer().append(getName()).append(": certReq(false) verification of token failed.").toString());
        }
    }

    public static void main(String[] strArr) {
        Security.addProvider(new BouncyCastleProvider());
        System.out.println(new TSPTest().perform().toString());
    }
}
