package cn.com.easysec.jce.provider.test.nist;

import cn.com.easysec.asn1.x509.X509Extensions;
import cn.com.easysec.i18n.ErrorBundle;
import cn.com.easysec.jce.provider.EasySecProvider;
import cn.com.easysec.security.Security;
import cn.com.easysec.security.cert.CertStore;
import cn.com.easysec.security.cert.CertificateFactory;
import cn.com.easysec.security.cert.PKIXParameters;
import cn.com.easysec.x509.PKIXCertPathReviewer;
import cn.com.easysec.x509.extension.X509ExtensionUtil;
import java.io.FileInputStream;
import java.security.cert.CertPath;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.TimeZone;
import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;
import junit.textui.TestRunner;

/* loaded from: classes.dex */
public class NistCertPathReviewerTest extends TestCase {
    private static String a;
    private static String b;
    private static String c;
    private static Map d;
    private static Map e;
    private static Set f;
    private static Set g;
    private static Set h;
    private static Set i;
    private static Set j;

    static {
        "password".toCharArray();
        a = "2.16.840.1.101.3.2.1.48.1";
        b = "2.16.840.1.101.3.2.1.48.2";
        c = "2.16.840.1.101.3.2.1.48.3";
        d = new HashMap();
        e = new HashMap();
        f = Collections.EMPTY_SET;
        g = Collections.singleton(a);
        h = Collections.singleton(b);
        i = Collections.singleton(c);
        j = new HashSet(Arrays.asList(a, b));
    }

    private static String a() {
        String property = System.getProperty("bc.test.data.home");
        if (property == null) {
            throw new IllegalStateException("bc.test.data.home property not set");
        }
        return String.valueOf(property) + "/PKITS";
    }

    private static X509Certificate a(String str) {
        X509Certificate x509Certificate = (X509Certificate) d.get(str);
        if (x509Certificate != null) {
            return x509Certificate;
        }
        try {
            X509Certificate x509Certificate2 = (X509Certificate) CertificateFactory.getInstance("X.509", "ES").generateCertificate(new FileInputStream(String.valueOf(a()) + "/certs/" + str + ".crt"));
            d.put(str, x509Certificate2);
            return x509Certificate2;
        } catch (Exception e2) {
            throw new IllegalStateException("exception loading certificate " + str + ": " + e2);
        }
    }

    private static void a(String str, String[] strArr, String[] strArr2) throws Exception {
        if (b(str, strArr, strArr2, null).isValidCertPath()) {
            return;
        }
        fail("path rejected when should be accepted");
    }

    private static void a(String str, String[] strArr, String[] strArr2, int i2, String str2, String str3) throws Exception {
        PKIXCertPathReviewer b2 = b(str, strArr, strArr2, null);
        if (b2.isValidCertPath()) {
            fail("path accepted when should be rejected");
            return;
        }
        ErrorBundle errorBundle = (ErrorBundle) b2.getErrors(i2).iterator().next();
        assertEquals(str2, errorBundle.getId());
        assertEquals(str3, errorBundle.getText(Locale.ENGLISH, TimeZone.getTimeZone("GMT")));
    }

    private static void a(String str, String[] strArr, String[] strArr2, Set set) throws Exception {
        if (b(str, strArr, strArr2, set).isValidCertPath()) {
            return;
        }
        fail("path rejected when should be accepted");
    }

    private static void a(String str, String[] strArr, String[] strArr2, Set set, String str2, String str3) throws Exception {
        PKIXCertPathReviewer b2 = b(str, strArr, strArr2, set);
        if (b2.isValidCertPath()) {
            fail("path accepted when should be rejected");
            return;
        }
        ErrorBundle errorBundle = (ErrorBundle) b2.getErrors(-1).iterator().next();
        assertEquals(str2, errorBundle.getId());
        assertEquals(str3, errorBundle.getText(Locale.ENGLISH, TimeZone.getTimeZone("GMT")));
    }

    private static PKIXCertPathReviewer b(String str, String[] strArr, String[] strArr2, Set set) throws Exception {
        X509Certificate a2 = a(str);
        byte[] extensionValue = a2.getExtensionValue(X509Extensions.NameConstraints.getId());
        Set singleton = Collections.singleton(extensionValue != null ? new TrustAnchor(a2, X509ExtensionUtil.fromExtensionValue(extensionValue).getDEREncoded()) : new TrustAnchor(a2, null));
        ArrayList arrayList = new ArrayList();
        X509Certificate a3 = a(strArr[strArr.length - 1]);
        for (int i2 = 0; i2 != strArr.length - 1; i2++) {
            arrayList.add(a(strArr[i2]));
        }
        arrayList.add(a3);
        CertPath generateCertPath = CertificateFactory.getInstance("X.509", "ES").generateCertPath(arrayList);
        for (int i3 = 0; i3 != strArr2.length; i3++) {
            arrayList.add(b(strArr2[i3]));
        }
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "ES");
        PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) singleton);
        pKIXParameters.addCertStore(certStore);
        pKIXParameters.setRevocationEnabled(true);
        if (set != null) {
            pKIXParameters.setExplicitPolicyRequired(true);
            pKIXParameters.setInitialPolicies(set);
        }
        return new PKIXCertPathReviewer(generateCertPath, pKIXParameters);
    }

    private static X509CRL b(String str) throws Exception {
        X509CRL x509crl = (X509CRL) d.get(str);
        if (x509crl != null) {
            return x509crl;
        }
        try {
            X509CRL x509crl2 = (X509CRL) CertificateFactory.getInstance("X.509", "ES").generateCRL(new FileInputStream(String.valueOf(a()) + "/crls/" + str + ".crl"));
            e.put(str, x509crl2);
            return x509crl2;
        } catch (Exception e2) {
            throw new IllegalStateException("exception loading CRL: " + str);
        }
    }

    public static void main(String[] strArr) throws Exception {
        TestRunner.run(suite());
    }

    public static Test suite() throws Exception {
        TestSuite testSuite = new TestSuite("NIST CertPath Tests");
        testSuite.addTestSuite(NistCertPathReviewerTest.class);
        return testSuite;
    }

    public void setUp() {
        if (Security.getProvider("ES") == null) {
            Security.addProvider(new EasySecProvider());
        }
    }

    public void testAllCertificatesAnyPolicyTest11() throws Exception {
        String[] strArr = {"anyPolicyCACert", "AllCertificatesanyPolicyTest11EE"};
        String[] strArr2 = {"TrustAnchorRootCRL", "anyPolicyCACRL"};
        a("TrustAnchorRootCertificate", strArr, strArr2);
        a("TrustAnchorRootCertificate", strArr, strArr2, g);
    }

    public void testAllCertificatesNoPoliciesTest2() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"NoPoliciesCACert", "AllCertificatesNoPoliciesTest2EE"}, new String[]{"TrustAnchorRootCRL", "NoPoliciesCACRL"});
        a("TrustAnchorRootCertificate", new String[]{"NoPoliciesCACert", "AllCertificatesNoPoliciesTest2EE"}, new String[]{"TrustAnchorRootCRL", "NoPoliciesCACRL"}, f, "CertPathReviewer.noValidPolicyTree", "Policy checking failed: no valid policy tree found when one expected.");
    }

    public void testAllCertificatesSamePoliciesTest10() throws Exception {
        String[] strArr = {"PoliciesP12CACert", "AllCertificatesSamePoliciesTest10EE"};
        String[] strArr2 = {"TrustAnchorRootCRL", "PoliciesP12CACRL"};
        a("TrustAnchorRootCertificate", strArr, strArr2);
        a("TrustAnchorRootCertificate", strArr, strArr2, g);
        a("TrustAnchorRootCertificate", strArr, strArr2, h);
    }

    public void testAllCertificatesSamePoliciesTest13() throws Exception {
        String[] strArr = {"PoliciesP123CACert", "AllCertificatesSamePoliciesTest13EE"};
        String[] strArr2 = {"TrustAnchorRootCRL", "PoliciesP123CACRL"};
        a("TrustAnchorRootCertificate", strArr, strArr2, g);
        a("TrustAnchorRootCertificate", strArr, strArr2, h);
        a("TrustAnchorRootCertificate", strArr, strArr2, i);
    }

    public void testAllCertificatesSamePolicyTest1() throws Exception {
        String[] strArr = {"GoodCACert", "ValidCertificatePathTest1EE"};
        String[] strArr2 = {"TrustAnchorRootCRL", "GoodCACRL"};
        a("TrustAnchorRootCertificate", strArr, strArr2, f);
        a("TrustAnchorRootCertificate", strArr, strArr2, g);
        a("TrustAnchorRootCertificate", strArr, strArr2, h, "CertPathReviewer.invalidPolicy", "Path processing failed on policy.");
        a("TrustAnchorRootCertificate", strArr, strArr2, j);
    }

    public void testAnyPolicyTest14() throws Exception {
        String[] strArr = {"anyPolicyCACert", "AnyPolicyTest14EE"};
        String[] strArr2 = {"TrustAnchorRootCRL", "anyPolicyCACRL"};
        a("TrustAnchorRootCertificate", strArr, strArr2, g);
        a("TrustAnchorRootCertificate", strArr, strArr2, h, "CertPathReviewer.invalidPolicy", "Path processing failed on policy.");
    }

    public void testCANotBeforeDateTest1() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"BadnotBeforeDateCACert", "InvalidCAnotBeforeDateTest1EE"}, new String[]{"TrustAnchorRootCRL", "BadnotBeforeDateCACRL"}, 1, "CertPathReviewer.certificateNotYetValid", "Could not validate the certificate. Certificate is not valid until Jan 1, 2047 12:01:00 PM GMT.");
    }

    public void testDifferentPoliciesTest12() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"PoliciesP3CACert", "DifferentPoliciesTest12EE"}, new String[]{"TrustAnchorRootCRL", "PoliciesP3CACRL"}, -1, "CertPathReviewer.noValidPolicyTree", "Policy checking failed: no valid policy tree found when one expected.");
    }

    public void testDifferentPoliciesTest3() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"GoodCACert", "PoliciesP2subCACert", "DifferentPoliciesTest3EE"}, new String[]{"TrustAnchorRootCRL", "GoodCACRL", "PoliciesP2subCACRL"});
        a("TrustAnchorRootCertificate", new String[]{"GoodCACert", "PoliciesP2subCACert", "DifferentPoliciesTest3EE"}, new String[]{"TrustAnchorRootCRL", "GoodCACRL", "PoliciesP2subCACRL"}, f, "CertPathReviewer.noValidPolicyTree", "Policy checking failed: no valid policy tree found when one expected.");
        a("TrustAnchorRootCertificate", new String[]{"GoodCACert", "PoliciesP2subCACert", "DifferentPoliciesTest3EE"}, new String[]{"TrustAnchorRootCRL", "GoodCACRL", "PoliciesP2subCACRL"}, j, "CertPathReviewer.noValidPolicyTree", "Policy checking failed: no valid policy tree found when one expected.");
    }

    public void testDifferentPoliciesTest4() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"GoodCACert", "GoodsubCACert", "DifferentPoliciesTest4EE"}, new String[]{"TrustAnchorRootCRL", "GoodCACRL", "GoodsubCACRL"}, -1, "CertPathReviewer.noValidPolicyTree", "Policy checking failed: no valid policy tree found when one expected.");
    }

    public void testDifferentPoliciesTest5() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"GoodCACert", "PoliciesP2subCA2Cert", "DifferentPoliciesTest5EE"}, new String[]{"TrustAnchorRootCRL", "GoodCACRL", "PoliciesP2subCA2CRL"}, -1, "CertPathReviewer.noValidPolicyTree", "Policy checking failed: no valid policy tree found when one expected.");
    }

    public void testDifferentPoliciesTest7() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"PoliciesP123CACert", "PoliciesP123subCAP12Cert", "PoliciesP123subsubCAP12P1Cert", "DifferentPoliciesTest7EE"}, new String[]{"TrustAnchorRootCRL", "PoliciesP123CACRL", "PoliciesP123subCAP12CRL", "PoliciesP123subsubCAP12P1CRL"}, -1, "CertPathReviewer.noValidPolicyTree", "Policy checking failed: no valid policy tree found when one expected.");
    }

    public void testDifferentPoliciesTest8() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"PoliciesP12CACert", "PoliciesP12subCAP1Cert", "PoliciesP12subsubCAP1P2Cert", "DifferentPoliciesTest8EE"}, new String[]{"TrustAnchorRootCRL", "PoliciesP12CACRL", "PoliciesP12subCAP1CRL", "PoliciesP12subsubCAP1P2CRL"}, -1, "CertPathReviewer.noValidPolicyTree", "Policy checking failed: no valid policy tree found when one expected.");
    }

    public void testDifferentPoliciesTest9() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"PoliciesP123CACert", "PoliciesP123subCAP12Cert", "PoliciesP123subsubCAP12P2Cert", "PoliciesP123subsubsubCAP12P2P1Cert", "DifferentPoliciesTest9EE"}, new String[]{"TrustAnchorRootCRL", "PoliciesP123CACRL", "PoliciesP123subCAP12CRL", "PoliciesP123subsubCAP2P2CRL", "PoliciesP123subsubsubCAP12P2P1CRL"}, -1, "CertPathReviewer.noValidPolicyTree", "Policy checking failed: no valid policy tree found when one expected.");
    }

    public void testInvalidCANotAfterDateTest5() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"BadnotAfterDateCACert", "InvalidCAnotAfterDateTest5EE"}, new String[]{"TrustAnchorRootCRL", "BadnotAfterDateCACRL"}, 1, "CertPathReviewer.certificateExpired", "Could not validate the certificate. Certificate expired on Jan 1, 2002 12:01:00 PM GMT.");
    }

    public void testInvalidCASignatureTest2() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"ValidCertificatePathTest1EE", "BadSignedCACert"}, new String[]{"BadSignedCACRL", "TrustAnchorRootCRL"}, 1, "CertPathReviewer.signatureNotVerified", "The certificate signature is invalid. A java.security.InvalidKeyException occurred.");
    }

    public void testInvalidDSASignaturesTest6() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"DSACACert", "InvalidDSASignatureTest6EE"}, new String[]{"TrustAnchorRootCRL", "DSACACRL"}, 0, "CertPathReviewer.signatureNotVerified", "The certificate signature is invalid. A java.security.InvalidKeyException occurred.");
    }

    public void testInvalidEENotAfterDateTest6() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"GoodCACert", "InvalidEEnotAfterDateTest6EE"}, new String[]{"TrustAnchorRootCRL", "GoodCACRL"}, 0, "CertPathReviewer.certificateExpired", "Could not validate the certificate. Certificate expired on Jan 1, 2002 12:01:00 PM GMT.");
    }

    public void testInvalidEENotBeforeDateTest2() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"GoodCACert", "InvalidEEnotBeforeDateTest2EE"}, new String[]{"TrustAnchorRootCRL", "GoodCACRL"}, 0, "CertPathReviewer.certificateNotYetValid", "Could not validate the certificate. Certificate is not valid until Jan 1, 2047 12:01:00 PM GMT.");
    }

    public void testInvalidEESignatureTest3() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"GoodCACert", "InvalidEESignatureTest3EE"}, new String[]{"TrustAnchorRootCRL", "GoodCACRL"}, 0, "CertPathReviewer.signatureNotVerified", "The certificate signature is invalid. A java.security.InvalidKeyException occurred.");
    }

    public void testInvalidNegativeSerialNumberTest15() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"NegativeSerialNumberCACert", "InvalidNegativeSerialNumberTest15EE"}, new String[]{"TrustAnchorRootCRL", "NegativeSerialNumberCACRL"}, 0, "CertPathReviewer.certRevoked", "The certificate was revoked at Apr 19, 2001 2:57:20 PM GMT. Reason: Key Compromise.");
    }

    public void testInvalidValidPre2000UTCNotAfterDateTest7() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"GoodCACert", "Invalidpre2000UTCEEnotAfterDateTest7EE"}, new String[]{"TrustAnchorRootCRL", "GoodCACRL"}, 0, "CertPathReviewer.certificateExpired", "Could not validate the certificate. Certificate expired on Jan 1, 1999 12:01:00 PM GMT.");
    }

    public void testOverlappingPoliciesTest6() throws Exception {
        String[] strArr = {"PoliciesP1234CACert", "PoliciesP1234subCAP123Cert", "PoliciesP1234subsubCAP123P12Cert", "OverlappingPoliciesTest6EE"};
        String[] strArr2 = {"TrustAnchorRootCRL", "PoliciesP1234CACRL", "PoliciesP1234subCAP123CRL", "PoliciesP1234subsubCAP123P12CRL"};
        a("TrustAnchorRootCertificate", strArr, strArr2);
        a("TrustAnchorRootCertificate", strArr, strArr2, g);
        a("TrustAnchorRootCertificate", strArr, strArr2, h, "CertPathReviewer.invalidPolicy", "Path processing failed on policy.");
    }

    public void testUserNoticeQualifierTest15() throws Exception {
        String[] strArr = {"UserNoticeQualifierTest15EE"};
        String[] strArr2 = {"TrustAnchorRootCRL"};
        a("TrustAnchorRootCertificate", strArr, strArr2);
        a("TrustAnchorRootCertificate", strArr, strArr2, g);
        a("TrustAnchorRootCertificate", strArr, strArr2, h, "CertPathReviewer.invalidPolicy", "Path processing failed on policy.");
    }

    public void testUserNoticeQualifierTest16() throws Exception {
        String[] strArr = {"GoodCACert", "UserNoticeQualifierTest16EE"};
        String[] strArr2 = {"TrustAnchorRootCRL", "GoodCACRL"};
        a("TrustAnchorRootCertificate", strArr, strArr2);
        a("TrustAnchorRootCertificate", strArr, strArr2, g);
        a("TrustAnchorRootCertificate", strArr, strArr2, h, "CertPathReviewer.invalidPolicy", "Path processing failed on policy.");
    }

    public void testUserNoticeQualifierTest17() throws Exception {
        String[] strArr = {"GoodCACert", "UserNoticeQualifierTest17EE"};
        String[] strArr2 = {"TrustAnchorRootCRL", "GoodCACRL"};
        a("TrustAnchorRootCertificate", strArr, strArr2);
        a("TrustAnchorRootCertificate", strArr, strArr2, g);
        a("TrustAnchorRootCertificate", strArr, strArr2, h, "CertPathReviewer.invalidPolicy", "Path processing failed on policy.");
    }

    public void testUserNoticeQualifierTest18() throws Exception {
        String[] strArr = {"PoliciesP12CACert", "UserNoticeQualifierTest18EE"};
        String[] strArr2 = {"TrustAnchorRootCRL", "PoliciesP12CACRL"};
        a("TrustAnchorRootCertificate", strArr, strArr2, g);
        a("TrustAnchorRootCertificate", strArr, strArr2, h);
    }

    public void testUserNoticeQualifierTest19() throws Exception {
        String[] strArr = {"UserNoticeQualifierTest19EE"};
        String[] strArr2 = {"TrustAnchorRootCRL"};
        a("TrustAnchorRootCertificate", strArr, strArr2, g);
        a("TrustAnchorRootCertificate", strArr, strArr2, h, "CertPathReviewer.invalidPolicy", "Path processing failed on policy.");
    }

    public void testValidDSASignaturesTest4() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"DSACACert", "ValidDSASignaturesTest4EE"}, new String[]{"TrustAnchorRootCRL", "DSACACRL"});
    }

    public void testValidGeneralizedTimeNotBeforeDateTest4() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"GoodCACert", "ValidGeneralizedTimenotBeforeDateTest4EE"}, new String[]{"TrustAnchorRootCRL", "GoodCACRL"});
    }

    public void testValidPre2000UTCNotBeforeDateTest3() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"GoodCACert", "Validpre2000UTCnotBeforeDateTest3EE"}, new String[]{"TrustAnchorRootCRL", "GoodCACRL"});
    }

    public void testValidSignaturesTest1() throws Exception {
        a("TrustAnchorRootCertificate", new String[]{"ValidCertificatePathTest1EE", "GoodCACert"}, new String[]{"GoodCACRL", "TrustAnchorRootCRL"});
    }
}
