package org.bouncycastle.cert.test;

import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertStore;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v2CRLBuilder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CRLConverter;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.test.SimpleTest;

/* loaded from: input_file:org/bouncycastle/cert/test/CertPathLoopTest.class */
public class CertPathLoopTest extends SimpleTest {
    private static Set taSet;
    private static List otherList;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/bouncycastle/cert/test/CertPathLoopTest$CA.class */
    public static class CA {
        static final KeyPairGenerator kpg;
        TrustAnchor ta;
        X509Certificate acCertAc;
        X509Certificate acCertCrl;
        X509CRL crl;
        private ContentSigner caCrlSigner;
        private ContentSigner caCertSigner;
        private int counter;
        private KeyPair caCertKp = kpg.generateKeyPair();
        private KeyPair caCrlKp = kpg.generateKeyPair();
        X500Name acSubject = new X500Name("CN=AC_0");

        public CA() throws Exception {
            this.counter = 1;
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            Date time = gregorianCalendar.getTime();
            gregorianCalendar.add(6, 1);
            Date time2 = gregorianCalendar.getTime();
            this.caCertSigner = new JcaContentSignerBuilder("SHA1withRSA").build(this.caCertKp.getPrivate());
            X500Name x500Name = this.acSubject;
            ContentSigner contentSigner = this.caCertSigner;
            int i = this.counter;
            this.counter = i + 1;
            this.acCertAc = convert(new X509v3CertificateBuilder(x500Name, BigInteger.valueOf(i), time, time2, this.acSubject, getPublicKeyInfo(this.caCertKp.getPublic())).addExtension(Extension.basicConstraints, true, new BasicConstraints(true)).addExtension(Extension.keyUsage, true, new KeyUsage(4)).build(contentSigner));
            this.ta = new TrustAnchor(this.acCertAc, null);
            this.caCrlSigner = new JcaContentSignerBuilder("SHA1withRSA").build(this.caCrlKp.getPrivate());
            int i2 = this.counter;
            this.counter = i2 + 1;
            this.acCertCrl = convert(new X509v3CertificateBuilder(x500Name, BigInteger.valueOf(i2), time, time2, this.acSubject, getPublicKeyInfo(this.caCrlKp.getPublic())).addExtension(Extension.basicConstraints, false, new BasicConstraints(false)).addExtension(Extension.keyUsage, true, new KeyUsage(2)).build(contentSigner));
            this.crl = convert(new X509v2CRLBuilder(this.acSubject, time).setNextUpdate(time2).build(this.caCrlSigner));
        }

        public X509Certificate makeNewCert() throws Exception {
            PublicKey publicKey = kpg.generateKeyPair().getPublic();
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            Date time = gregorianCalendar.getTime();
            gregorianCalendar.add(6, 1);
            Date time2 = gregorianCalendar.getTime();
            int i = this.counter;
            this.counter = i + 1;
            BigInteger valueOf = BigInteger.valueOf(i);
            return convert(new X509v3CertificateBuilder(this.acSubject, valueOf, time, time2, new X500Name(new StringBuffer().append("CN=EU_").append(valueOf.toString()).toString()), getPublicKeyInfo(publicKey)).addExtension(Extension.basicConstraints, false, new BasicConstraints(false)).addExtension(Extension.keyUsage, true, new KeyUsage(0)).build(this.caCertSigner));
        }

        static X509Certificate convert(X509CertificateHolder x509CertificateHolder) throws Exception {
            return new JcaX509CertificateConverter().getCertificate(x509CertificateHolder);
        }

        static X509CRL convert(X509CRLHolder x509CRLHolder) throws Exception {
            return new JcaX509CRLConverter().getCRL(x509CRLHolder);
        }

        static SubjectPublicKeyInfo getPublicKeyInfo(PublicKey publicKey) throws Exception {
            return SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
        }

        static {
            try {
                kpg = KeyPairGenerator.getInstance("RSA");
                kpg.initialize(512);
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        }
    }

    private static void checkUseDistinctCAs(CA ca, CA ca2) {
        taSet = new HashSet();
        taSet.add(ca.ta);
        otherList = new ArrayList();
        otherList.add(ca.acCertCrl);
        otherList.add(ca.crl);
        taSet.add(ca2.ta);
        otherList.add(ca2.acCertCrl);
        otherList.add(ca2.crl);
    }

    static CertStore getStore(Collection collection) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        return CertStore.getInstance("Collection", new CollectionCertStoreParameters(collection));
    }

    @Override // org.bouncycastle.util.test.SimpleTest, org.bouncycastle.util.test.Test
    public String getName() {
        return "CertPath Loop Test";
    }

    @Override // org.bouncycastle.util.test.SimpleTest
    public void performTest() throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        CA ca = new CA();
        checkUseDistinctCAs(ca, new CA());
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setCertificate(ca.makeNewCert());
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters((Set<TrustAnchor>) taSet, x509CertSelector);
        pKIXBuilderParameters.addCertStore(getStore(Collections.singleton(x509CertSelector.getCertificate())));
        pKIXBuilderParameters.addCertStore(getStore(otherList));
        pKIXBuilderParameters.setRevocationEnabled(true);
        try {
            CertPathBuilder.getInstance("PKIX", "BC").build(pKIXBuilderParameters);
            fail("invalid path build");
        } catch (CertPathBuilderException e) {
            if (e.getCause().getMessage().equals("CertPath for CRL signer failed to validate.")) {
                return;
            }
            fail("Exception thrown, but wrong one", e.getCause());
        }
    }

    public static void main(String[] strArr) {
        runTest(new CertPathLoopTest());
    }
}
