package org.bouncycastle.cert.path.test;

import java.io.IOException;
import java.security.Security;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509ContentVerifierProviderBuilder;
import org.bouncycastle.cert.path.CertPath;
import org.bouncycastle.cert.path.CertPathValidation;
import org.bouncycastle.cert.path.CertPathValidationResult;
import org.bouncycastle.cert.path.validations.BasicConstraintsValidation;
import org.bouncycastle.cert.path.validations.KeyUsageValidation;
import org.bouncycastle.cert.path.validations.ParentCertIssuedValidation;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.test.SimpleTest;

/* loaded from: input_file:org/bouncycastle/cert/path/test/PKITSBasicConstraintsTest.class */
public class PKITSBasicConstraintsTest extends SimpleTest {
    public static final String PKITS_DATA_RESOURCE_PREFIX = "/PKITS/certs/";
    static Class class$org$bouncycastle$cert$path$test$PKITSBasicConstraintsTest;

    @Override // org.bouncycastle.util.test.SimpleTest, org.bouncycastle.util.test.Test
    public String getName() {
        return "PKITSBasicConstraintsTest";
    }

    private static X509CertificateHolder readPKITSCert(String str) throws IOException {
        Class cls;
        if (class$org$bouncycastle$cert$path$test$PKITSBasicConstraintsTest == null) {
            cls = class$("org.bouncycastle.cert.path.test.PKITSBasicConstraintsTest");
            class$org$bouncycastle$cert$path$test$PKITSBasicConstraintsTest = cls;
        } else {
            cls = class$org$bouncycastle$cert$path$test$PKITSBasicConstraintsTest;
        }
        return new X509CertificateHolder(Certificate.getInstance(new ASN1InputStream(cls.getResourceAsStream(new StringBuffer().append(PKITS_DATA_RESOURCE_PREFIX).append(str).toString())).readObject()));
    }

    private static CertPath readPKITSPath(String str, String[] strArr) throws IOException {
        X509CertificateHolder[] x509CertificateHolderArr = new X509CertificateHolder[strArr.length + 2];
        x509CertificateHolderArr[x509CertificateHolderArr.length - 1] = readPKITSCert("TrustAnchorRootCertificate.crt");
        x509CertificateHolderArr[0] = readPKITSCert(str);
        for (int i = 0; i < strArr.length; i++) {
            x509CertificateHolderArr[(x509CertificateHolderArr.length - 2) - i] = readPKITSCert(strArr[i]);
        }
        return new CertPath(x509CertificateHolderArr);
    }

    private static CertPathValidationResult checkPKITSPath(String str, String[] strArr) throws IOException {
        return readPKITSPath(str, strArr).validate(new CertPathValidation[]{new BasicConstraintsValidation(), new KeyUsageValidation(), new ParentCertIssuedValidation(new JcaX509ContentVerifierProviderBuilder())});
    }

    private void expectBCValidationSuccess(String str, String[] strArr) throws IOException {
        isTrue("Valid path was rejected", checkPKITSPath(str, strArr).isValid());
    }

    private void expectBCValidationFailure(String str, String[] strArr, String str2) throws IOException {
        CertPathValidationResult checkPKITSPath = checkPKITSPath(str, strArr);
        isTrue("Invalid path was accepted", !checkPKITSPath.isValid());
        String message = checkPKITSPath.getCause().getMessage();
        isEquals(new StringBuffer().append("Rejection reasons do not match: expected ").append(str2).append(", got ").append(message).toString(), str2, message);
    }

    @Override // org.bouncycastle.util.test.SimpleTest
    public void performTest() throws Exception {
        expectBCValidationFailure("InvalidMissingbasicConstraintsTest1EE.crt", new String[]{"MissingbasicConstraintsCACert.crt"}, "Basic constraints violated: issuer is not a CA");
        isTrue(readPKITSPath("InvalidMissingbasicConstraintsTest1EE.crt", new String[]{"MissingbasicConstraintsCACert.crt"}).validate(new CertPathValidation[]{new BasicConstraintsValidation(false), new KeyUsageValidation(), new ParentCertIssuedValidation(new JcaX509ContentVerifierProviderBuilder())}).isValid());
        expectBCValidationFailure("InvalidcAFalseTest2EE.crt", new String[]{"basicConstraintsCriticalcAFalseCACert.crt"}, "Basic constraints violated: issuer is not a CA");
        expectBCValidationFailure("InvalidcAFalseTest3EE.crt", new String[]{"basicConstraintsNotCriticalcAFalseCACert.crt"}, "Basic constraints violated: issuer is not a CA");
        expectBCValidationSuccess("ValidbasicConstraintsNotCriticalTest4EE.crt", new String[]{"basicConstraintsNotCriticalCACert.crt"});
        expectBCValidationFailure("InvalidpathLenConstraintTest5EE.crt", new String[]{"pathLenConstraint0CACert.crt", "pathLenConstraint0subCACert.crt"}, "Basic constraints violated: path length exceeded");
        expectBCValidationFailure("InvalidpathLenConstraintTest6EE.crt", new String[]{"pathLenConstraint0CACert.crt", "pathLenConstraint0subCACert.crt"}, "Basic constraints violated: path length exceeded");
        expectBCValidationSuccess("ValidpathLenConstraintTest7EE.crt", new String[]{"pathLenConstraint0CACert.crt"});
        expectBCValidationSuccess("ValidpathLenConstraintTest8EE.crt", new String[]{"pathLenConstraint0CACert.crt"});
        expectBCValidationFailure("InvalidpathLenConstraintTest9EE.crt", new String[]{"pathLenConstraint6CACert.crt", "pathLenConstraint6subCA0Cert.crt", "pathLenConstraint6subsubCA00Cert.crt"}, "Basic constraints violated: path length exceeded");
        expectBCValidationFailure("InvalidpathLenConstraintTest10EE.crt", new String[]{"pathLenConstraint6CACert.crt", "pathLenConstraint6subCA0Cert.crt", "pathLenConstraint6subsubCA00Cert.crt"}, "Basic constraints violated: path length exceeded");
        expectBCValidationFailure("InvalidpathLenConstraintTest11EE.crt", new String[]{"pathLenConstraint6CACert.crt", "pathLenConstraint6subCA1Cert.crt", "pathLenConstraint6subsubCA11Cert.crt", "pathLenConstraint6subsubsubCA11XCert.crt"}, "Basic constraints violated: path length exceeded");
        expectBCValidationFailure("InvalidpathLenConstraintTest12EE.crt", new String[]{"pathLenConstraint6CACert.crt", "pathLenConstraint6subCA1Cert.crt", "pathLenConstraint6subsubCA11Cert.crt", "pathLenConstraint6subsubsubCA11XCert.crt"}, "Basic constraints violated: path length exceeded");
        expectBCValidationSuccess("ValidpathLenConstraintTest13EE.crt", new String[]{"pathLenConstraint6CACert.crt", "pathLenConstraint6subCA4Cert.crt", "pathLenConstraint6subsubCA41Cert.crt", "pathLenConstraint6subsubsubCA41XCert.crt"});
        expectBCValidationSuccess("ValidpathLenConstraintTest14EE.crt", new String[]{"pathLenConstraint6CACert.crt", "pathLenConstraint6subCA4Cert.crt", "pathLenConstraint6subsubCA41Cert.crt", "pathLenConstraint6subsubsubCA41XCert.crt"});
        expectBCValidationSuccess("ValidSelfIssuedpathLenConstraintTest15EE.crt", new String[]{"pathLenConstraint0CACert.crt", "pathLenConstraint0SelfIssuedCACert.crt"});
        expectBCValidationFailure("InvalidSelfIssuedpathLenConstraintTest16EE.crt", new String[]{"pathLenConstraint0CACert.crt", "pathLenConstraint0SelfIssuedCACert.crt", "pathLenConstraint0subCA2Cert.crt"}, "Basic constraints violated: path length exceeded");
        expectBCValidationSuccess("ValidSelfIssuedpathLenConstraintTest17EE.crt", new String[]{"pathLenConstraint1CACert.crt", "pathLenConstraint1SelfIssuedCACert.crt", "pathLenConstraint1subCACert.crt", "pathLenConstraint1SelfIssuedsubCACert.crt"});
    }

    public static void main(String[] strArr) {
        Security.addProvider(new BouncyCastleProvider());
        runTest(new PKITSBasicConstraintsTest());
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
