package org.bouncycastle.cert.cmp.test;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import junit.framework.TestCase;
import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
import org.bouncycastle.asn1.cmp.CMPCertificate;
import org.bouncycastle.asn1.cmp.PKIStatus;
import org.bouncycastle.asn1.cmp.PKIStatusInfo;
import org.bouncycastle.asn1.crmf.CertTemplate;
import org.bouncycastle.asn1.crmf.SubsequentMessage;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.CertException;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.cmp.CMSProcessableCMPCertificate;
import org.bouncycastle.cert.cmp.CertificateConfirmationContent;
import org.bouncycastle.cert.cmp.CertificateConfirmationContentBuilder;
import org.bouncycastle.cert.cmp.ProtectedPKIMessage;
import org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder;
import org.bouncycastle.cert.crmf.CertificateRepMessage;
import org.bouncycastle.cert.crmf.CertificateRepMessageBuilder;
import org.bouncycastle.cert.crmf.CertificateReqMessages;
import org.bouncycastle.cert.crmf.CertificateReqMessagesBuilder;
import org.bouncycastle.cert.crmf.CertificateRequestMessage;
import org.bouncycastle.cert.crmf.CertificateResponse;
import org.bouncycastle.cert.crmf.CertificateResponseBuilder;
import org.bouncycastle.cert.crmf.jcajce.JcaCertificateRequestMessageBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.cms.CMSAlgorithm;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKEMEnvelopedRecipient;
import org.bouncycastle.cms.jcajce.JceKEMRecipientInfoGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.MacCalculator;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.pkcs.jcajce.JcePBMac1CalculatorBuilder;
import org.bouncycastle.pkcs.jcajce.JcePBMac1CalculatorProviderBuilder;
import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider;
import org.bouncycastle.pqc.jcajce.spec.BIKEParameterSpec;
import org.bouncycastle.pqc.jcajce.spec.CMCEParameterSpec;
import org.bouncycastle.pqc.jcajce.spec.DilithiumParameterSpec;
import org.bouncycastle.pqc.jcajce.spec.HQCParameterSpec;
import org.bouncycastle.pqc.jcajce.spec.KyberParameterSpec;
import org.bouncycastle.pqc.jcajce.spec.NTRUParameterSpec;
import org.bouncycastle.util.BigIntegers;

/* loaded from: input_file:org/bouncycastle/cert/cmp/test/PQCTest.class */
public class PQCTest extends TestCase {
    public void setUp() {
        Security.addProvider(new BouncyCastleProvider());
        Security.addProvider(new BouncyCastlePQCProvider());
    }

    public void tearDown() {
    }

    public void testKyberRequestWithDilithiumCA() throws Exception {
        char[] charArray = "secret".toCharArray();
        GeneralName generalName = new GeneralName(new X500Name("CN=Kyber Subject"));
        GeneralName generalName2 = new GeneralName(new X500Name("CN=Dilithium Issuer"));
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("Dilithium", "BCPQC");
        keyPairGenerator.initialize((AlgorithmParameterSpec) DilithiumParameterSpec.dilithium2);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        X509CertificateHolder makeV3Certificate = makeV3Certificate("CN=Dilithium Issuer", generateKeyPair);
        KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("Kyber", "BCPQC");
        keyPairGenerator2.initialize((AlgorithmParameterSpec) KyberParameterSpec.kyber512);
        KeyPair generateKeyPair2 = keyPairGenerator2.generateKeyPair();
        JcaCertificateRequestMessageBuilder jcaCertificateRequestMessageBuilder = new JcaCertificateRequestMessageBuilder(BigIntegers.ONE);
        jcaCertificateRequestMessageBuilder.setPublicKey(generateKeyPair2.getPublic()).setSubject(X500Name.getInstance(generalName.getName())).setProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert);
        CertificateReqMessagesBuilder certificateReqMessagesBuilder = new CertificateReqMessagesBuilder();
        certificateReqMessagesBuilder.addRequest(jcaCertificateRequestMessageBuilder.build());
        MacCalculator build = new JcePBMac1CalculatorBuilder("HmacSHA256", 256).setProvider("BC").build(charArray);
        ProtectedPKIMessage build2 = new ProtectedPKIMessageBuilder(generalName, generalName2).setBody(0, certificateReqMessagesBuilder.build()).build(build);
        assertTrue(build2.getProtectionAlgorithm().equals(build.getAlgorithmIdentifier()));
        assertTrue(build2.verify(new JcePBMac1CalculatorProviderBuilder().setProvider("BC").build(), charArray));
        assertEquals(0, build2.getBody().getType());
        CertificateRequestMessage certificateRequestMessage = CertificateReqMessages.fromPKIBody(build2.getBody()).getRequests()[0];
        CertTemplate certTemplate = certificateRequestMessage.getCertTemplate();
        X509CertificateHolder makeV3Certificate2 = makeV3Certificate(certTemplate.getPublicKey(), certTemplate.getSubject(), generateKeyPair, "CN=Dilithium Issuer");
        CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
        cMSEnvelopedDataGenerator.addRecipientInfoGenerator(new JceKEMRecipientInfoGenerator(certificateRequestMessage.getCertReqId().getEncoded(), new JcaX509CertificateConverter().setProvider("BC").getCertificate(makeV3Certificate2).getPublicKey(), CMSAlgorithm.AES256_WRAP).setKDF(new AlgorithmIdentifier(NISTObjectIdentifiers.id_shake256)));
        CMSEnvelopedData generate = cMSEnvelopedDataGenerator.generate(new CMSProcessableCMPCertificate(makeV3Certificate2), new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider("BC").build());
        CertificateResponseBuilder certificateResponseBuilder = new CertificateResponseBuilder(certificateRequestMessage.getCertReqId(), new PKIStatusInfo(PKIStatus.granted));
        certificateResponseBuilder.withCertificate(generate);
        CertificateRepMessageBuilder certificateRepMessageBuilder = new CertificateRepMessageBuilder(makeV3Certificate);
        certificateRepMessageBuilder.addCertificateResponse(certificateResponseBuilder.build());
        ProtectedPKIMessage build3 = new ProtectedPKIMessageBuilder(generalName, generalName2).setBody(1, certificateRepMessageBuilder.build()).build(new JcaContentSignerBuilder("Dilithium").setProvider("BCPQC").build(generateKeyPair.getPrivate()));
        assertTrue(build3.verify(new JcaContentVerifierProviderBuilder().build(makeV3Certificate)));
        CertificateRepMessage fromPKIBody = CertificateRepMessage.fromPKIBody(build3.getBody());
        CertificateResponse certificateResponse = fromPKIBody.getResponses()[0];
        assertEquals(true, certificateResponse.hasEncryptedCertificate());
        Collection recipients = certificateResponse.getEncryptedCertificate().getRecipientInfos().getRecipients();
        assertEquals(1, recipients.size());
        RecipientInformation recipientInformation = (RecipientInformation) recipients.iterator().next();
        assertEquals(recipientInformation.getKeyEncryptionAlgOID(), BCObjectIdentifiers.kyber512.getId());
        assertEquals(true, Arrays.equals(new CMPCertificate(makeV3Certificate2.toASN1Structure()).getEncoded(), recipientInformation.getContent(new JceKEMEnvelopedRecipient(generateKeyPair2.getPrivate()))));
        X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(certificateResponse.getCertificate(new JceKEMEnvelopedRecipient(generateKeyPair2.getPrivate())).getX509v3PKCert());
        assertEquals(true, x509CertificateHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().build(fromPKIBody.getX509Certificates()[0])));
        CertificateConfirmationContent build4 = new CertificateConfirmationContentBuilder().addAcceptedCertificate(makeV3Certificate2, BigInteger.ONE).build(new JcaDigestCalculatorProviderBuilder().build());
        ProtectedPKIMessage build5 = new ProtectedPKIMessageBuilder(generalName, generalName2).setBody(24, build4).build(build);
        assertTrue(build4.getStatusMessages()[0].isVerified(x509CertificateHolder, new JcaDigestCalculatorProviderBuilder().build()));
        assertEquals(24, build5.getBody().getType());
        assertTrue(CertificateConfirmationContent.fromPKIBody(build5.getBody()).getStatusMessages()[0].isVerified(x509CertificateHolder, new JcaDigestCalculatorProviderBuilder().build()));
    }

    public void testNTRURequestWithDilithiumCA() throws Exception {
        char[] charArray = "secret".toCharArray();
        GeneralName generalName = new GeneralName(new X500Name("CN=NTRU Subject"));
        GeneralName generalName2 = new GeneralName(new X500Name("CN=Dilithium Issuer"));
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("Dilithium", "BCPQC");
        keyPairGenerator.initialize((AlgorithmParameterSpec) DilithiumParameterSpec.dilithium2);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        X509CertificateHolder makeV3Certificate = makeV3Certificate("CN=Dilithium Issuer", generateKeyPair);
        KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("NTRU", "BCPQC");
        keyPairGenerator2.initialize((AlgorithmParameterSpec) NTRUParameterSpec.ntruhrss701);
        KeyPair generateKeyPair2 = keyPairGenerator2.generateKeyPair();
        JcaCertificateRequestMessageBuilder jcaCertificateRequestMessageBuilder = new JcaCertificateRequestMessageBuilder(BigIntegers.ONE);
        jcaCertificateRequestMessageBuilder.setPublicKey(generateKeyPair2.getPublic()).setSubject(X500Name.getInstance(generalName.getName())).setProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert);
        CertificateReqMessagesBuilder certificateReqMessagesBuilder = new CertificateReqMessagesBuilder();
        certificateReqMessagesBuilder.addRequest(jcaCertificateRequestMessageBuilder.build());
        MacCalculator build = new JcePBMac1CalculatorBuilder("HmacSHA256", 256).setProvider("BC").build(charArray);
        ProtectedPKIMessage build2 = new ProtectedPKIMessageBuilder(generalName, generalName2).setBody(0, certificateReqMessagesBuilder.build()).build(build);
        assertTrue(build2.getProtectionAlgorithm().equals(build.getAlgorithmIdentifier()));
        assertTrue(build2.verify(new JcePBMac1CalculatorProviderBuilder().setProvider("BC").build(), charArray));
        assertEquals(0, build2.getBody().getType());
        CertificateRequestMessage certificateRequestMessage = CertificateReqMessages.fromPKIBody(build2.getBody()).getRequests()[0];
        CertTemplate certTemplate = certificateRequestMessage.getCertTemplate();
        X509CertificateHolder makeV3Certificate2 = makeV3Certificate(certTemplate.getPublicKey(), certTemplate.getSubject(), generateKeyPair, "CN=Dilithium Issuer");
        CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
        cMSEnvelopedDataGenerator.addRecipientInfoGenerator(new JceKEMRecipientInfoGenerator(certificateRequestMessage.getCertReqId().getEncoded(), new JcaX509CertificateConverter().setProvider("BC").getCertificate(makeV3Certificate2).getPublicKey(), CMSAlgorithm.AES256_WRAP).setKDF(new AlgorithmIdentifier(NISTObjectIdentifiers.id_shake256)));
        CMSEnvelopedData generate = cMSEnvelopedDataGenerator.generate(new CMSProcessableCMPCertificate(makeV3Certificate2), new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES192_CBC).setProvider("BC").build());
        CertificateResponseBuilder certificateResponseBuilder = new CertificateResponseBuilder(certificateRequestMessage.getCertReqId(), new PKIStatusInfo(PKIStatus.granted));
        certificateResponseBuilder.withCertificate(generate);
        CertificateRepMessageBuilder certificateRepMessageBuilder = new CertificateRepMessageBuilder(makeV3Certificate);
        certificateRepMessageBuilder.addCertificateResponse(certificateResponseBuilder.build());
        ProtectedPKIMessage build3 = new ProtectedPKIMessageBuilder(generalName, generalName2).setBody(1, certificateRepMessageBuilder.build()).build(new JcaContentSignerBuilder("Dilithium").setProvider("BCPQC").build(generateKeyPair.getPrivate()));
        assertTrue(build3.verify(new JcaContentVerifierProviderBuilder().build(makeV3Certificate)));
        CertificateRepMessage fromPKIBody = CertificateRepMessage.fromPKIBody(build3.getBody());
        CertificateResponse certificateResponse = fromPKIBody.getResponses()[0];
        assertEquals(true, certificateResponse.hasEncryptedCertificate());
        Collection recipients = certificateResponse.getEncryptedCertificate().getRecipientInfos().getRecipients();
        assertEquals(1, recipients.size());
        RecipientInformation recipientInformation = (RecipientInformation) recipients.iterator().next();
        assertEquals(recipientInformation.getKeyEncryptionAlgOID(), BCObjectIdentifiers.ntruhrss701.getId());
        assertEquals(true, Arrays.equals(new CMPCertificate(makeV3Certificate2.toASN1Structure()).getEncoded(), recipientInformation.getContent(new JceKEMEnvelopedRecipient(generateKeyPair2.getPrivate()))));
        X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(certificateResponse.getCertificate(new JceKEMEnvelopedRecipient(generateKeyPair2.getPrivate())).getX509v3PKCert());
        assertEquals(true, x509CertificateHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().build(fromPKIBody.getX509Certificates()[0])));
        CertificateConfirmationContent build4 = new CertificateConfirmationContentBuilder().addAcceptedCertificate(makeV3Certificate2, BigInteger.ONE).build(new JcaDigestCalculatorProviderBuilder().build());
        ProtectedPKIMessage build5 = new ProtectedPKIMessageBuilder(generalName, generalName2).setBody(24, build4).build(build);
        assertTrue(build4.getStatusMessages()[0].isVerified(x509CertificateHolder, new JcaDigestCalculatorProviderBuilder().build()));
        assertEquals(24, build5.getBody().getType());
        assertTrue(CertificateConfirmationContent.fromPKIBody(build5.getBody()).getStatusMessages()[0].isVerified(x509CertificateHolder, new JcaDigestCalculatorProviderBuilder().build()));
    }

    public void testBIKERequestWithDilithiumCA() throws Exception {
        char[] charArray = "secret".toCharArray();
        GeneralName generalName = new GeneralName(new X500Name("CN=Bike128 Subject"));
        GeneralName generalName2 = new GeneralName(new X500Name("CN=Dilithium Issuer"));
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("Dilithium", "BCPQC");
        keyPairGenerator.initialize((AlgorithmParameterSpec) DilithiumParameterSpec.dilithium2);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        X509CertificateHolder makeV3Certificate = makeV3Certificate("CN=Dilithium Issuer", generateKeyPair);
        KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("BIKE", "BCPQC");
        keyPairGenerator2.initialize((AlgorithmParameterSpec) BIKEParameterSpec.bike128);
        KeyPair generateKeyPair2 = keyPairGenerator2.generateKeyPair();
        JcaCertificateRequestMessageBuilder jcaCertificateRequestMessageBuilder = new JcaCertificateRequestMessageBuilder(BigIntegers.ONE);
        jcaCertificateRequestMessageBuilder.setPublicKey(generateKeyPair2.getPublic()).setSubject(X500Name.getInstance(generalName.getName())).setProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert);
        CertificateReqMessagesBuilder certificateReqMessagesBuilder = new CertificateReqMessagesBuilder();
        certificateReqMessagesBuilder.addRequest(jcaCertificateRequestMessageBuilder.build());
        MacCalculator build = new JcePBMac1CalculatorBuilder("HmacSHA256", 256).setProvider("BC").build(charArray);
        ProtectedPKIMessage build2 = new ProtectedPKIMessageBuilder(generalName, generalName2).setBody(0, certificateReqMessagesBuilder.build()).build(build);
        assertTrue(build2.getProtectionAlgorithm().equals(build.getAlgorithmIdentifier()));
        assertTrue(build2.verify(new JcePBMac1CalculatorProviderBuilder().setProvider("BC").build(), charArray));
        assertEquals(0, build2.getBody().getType());
        CertificateRequestMessage certificateRequestMessage = CertificateReqMessages.fromPKIBody(build2.getBody()).getRequests()[0];
        CertTemplate certTemplate = certificateRequestMessage.getCertTemplate();
        X509CertificateHolder makeV3Certificate2 = makeV3Certificate(certTemplate.getPublicKey(), certTemplate.getSubject(), generateKeyPair, "CN=Dilithium Issuer");
        CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
        cMSEnvelopedDataGenerator.addRecipientInfoGenerator(new JceKEMRecipientInfoGenerator(certificateRequestMessage.getCertReqId().getEncoded(), new JcaX509CertificateConverter().setProvider("BC").getCertificate(makeV3Certificate2).getPublicKey(), CMSAlgorithm.AES256_WRAP).setKDF(new AlgorithmIdentifier(NISTObjectIdentifiers.id_shake256)));
        CMSEnvelopedData generate = cMSEnvelopedDataGenerator.generate(new CMSProcessableCMPCertificate(makeV3Certificate2), new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES192_CBC).setProvider("BC").build());
        CertificateResponseBuilder certificateResponseBuilder = new CertificateResponseBuilder(certificateRequestMessage.getCertReqId(), new PKIStatusInfo(PKIStatus.granted));
        certificateResponseBuilder.withCertificate(generate);
        CertificateRepMessageBuilder certificateRepMessageBuilder = new CertificateRepMessageBuilder(makeV3Certificate);
        certificateRepMessageBuilder.addCertificateResponse(certificateResponseBuilder.build());
        ProtectedPKIMessage build3 = new ProtectedPKIMessageBuilder(generalName, generalName2).setBody(1, certificateRepMessageBuilder.build()).build(new JcaContentSignerBuilder("Dilithium").setProvider("BCPQC").build(generateKeyPair.getPrivate()));
        assertTrue(build3.verify(new JcaContentVerifierProviderBuilder().build(makeV3Certificate)));
        CertificateRepMessage fromPKIBody = CertificateRepMessage.fromPKIBody(build3.getBody());
        CertificateResponse certificateResponse = fromPKIBody.getResponses()[0];
        assertEquals(true, certificateResponse.hasEncryptedCertificate());
        Collection recipients = certificateResponse.getEncryptedCertificate().getRecipientInfos().getRecipients();
        assertEquals(1, recipients.size());
        RecipientInformation recipientInformation = (RecipientInformation) recipients.iterator().next();
        assertEquals(recipientInformation.getKeyEncryptionAlgOID(), BCObjectIdentifiers.bike128.getId());
        assertEquals(true, Arrays.equals(new CMPCertificate(makeV3Certificate2.toASN1Structure()).getEncoded(), recipientInformation.getContent(new JceKEMEnvelopedRecipient(generateKeyPair2.getPrivate()))));
        X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(certificateResponse.getCertificate(new JceKEMEnvelopedRecipient(generateKeyPair2.getPrivate())).getX509v3PKCert());
        assertEquals(true, x509CertificateHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().build(fromPKIBody.getX509Certificates()[0])));
        CertificateConfirmationContent build4 = new CertificateConfirmationContentBuilder().addAcceptedCertificate(makeV3Certificate2, BigInteger.ONE).build(new JcaDigestCalculatorProviderBuilder().build());
        ProtectedPKIMessage build5 = new ProtectedPKIMessageBuilder(generalName, generalName2).setBody(24, build4).build(build);
        assertTrue(build4.getStatusMessages()[0].isVerified(x509CertificateHolder, new JcaDigestCalculatorProviderBuilder().build()));
        assertEquals(24, build5.getBody().getType());
        assertTrue(CertificateConfirmationContent.fromPKIBody(build5.getBody()).getStatusMessages()[0].isVerified(x509CertificateHolder, new JcaDigestCalculatorProviderBuilder().build()));
    }

    public void testHQCRequestWithDilithiumCA() throws Exception {
        char[] charArray = "secret".toCharArray();
        GeneralName generalName = new GeneralName(new X500Name("CN=HQC128 Subject"));
        GeneralName generalName2 = new GeneralName(new X500Name("CN=Dilithium Issuer"));
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("Dilithium", "BCPQC");
        keyPairGenerator.initialize((AlgorithmParameterSpec) DilithiumParameterSpec.dilithium2);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        X509CertificateHolder makeV3Certificate = makeV3Certificate("CN=Dilithium Issuer", generateKeyPair);
        KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("HQC", "BCPQC");
        keyPairGenerator2.initialize((AlgorithmParameterSpec) HQCParameterSpec.hqc128);
        KeyPair generateKeyPair2 = keyPairGenerator2.generateKeyPair();
        JcaCertificateRequestMessageBuilder jcaCertificateRequestMessageBuilder = new JcaCertificateRequestMessageBuilder(BigIntegers.ONE);
        jcaCertificateRequestMessageBuilder.setPublicKey(generateKeyPair2.getPublic()).setSubject(X500Name.getInstance(generalName.getName())).setProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert);
        CertificateReqMessagesBuilder certificateReqMessagesBuilder = new CertificateReqMessagesBuilder();
        certificateReqMessagesBuilder.addRequest(jcaCertificateRequestMessageBuilder.build());
        MacCalculator build = new JcePBMac1CalculatorBuilder("HmacSHA256", 256).setProvider("BC").build(charArray);
        ProtectedPKIMessage build2 = new ProtectedPKIMessageBuilder(generalName, generalName2).setBody(0, certificateReqMessagesBuilder.build()).build(build);
        assertTrue(build2.getProtectionAlgorithm().equals(build.getAlgorithmIdentifier()));
        assertTrue(build2.verify(new JcePBMac1CalculatorProviderBuilder().setProvider("BC").build(), charArray));
        assertEquals(0, build2.getBody().getType());
        CertificateRequestMessage certificateRequestMessage = CertificateReqMessages.fromPKIBody(build2.getBody()).getRequests()[0];
        CertTemplate certTemplate = certificateRequestMessage.getCertTemplate();
        X509CertificateHolder makeV3Certificate2 = makeV3Certificate(certTemplate.getPublicKey(), certTemplate.getSubject(), generateKeyPair, "CN=Dilithium Issuer");
        CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
        cMSEnvelopedDataGenerator.addRecipientInfoGenerator(new JceKEMRecipientInfoGenerator(certificateRequestMessage.getCertReqId().getEncoded(), new JcaX509CertificateConverter().setProvider("BC").getCertificate(makeV3Certificate2).getPublicKey(), CMSAlgorithm.AES256_WRAP).setKDF(new AlgorithmIdentifier(NISTObjectIdentifiers.id_shake256)));
        CMSEnvelopedData generate = cMSEnvelopedDataGenerator.generate(new CMSProcessableCMPCertificate(makeV3Certificate2), new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES192_CBC).setProvider("BC").build());
        CertificateResponseBuilder certificateResponseBuilder = new CertificateResponseBuilder(certificateRequestMessage.getCertReqId(), new PKIStatusInfo(PKIStatus.granted));
        certificateResponseBuilder.withCertificate(generate);
        CertificateRepMessageBuilder certificateRepMessageBuilder = new CertificateRepMessageBuilder(makeV3Certificate);
        certificateRepMessageBuilder.addCertificateResponse(certificateResponseBuilder.build());
        ProtectedPKIMessage build3 = new ProtectedPKIMessageBuilder(generalName, generalName2).setBody(1, certificateRepMessageBuilder.build()).build(new JcaContentSignerBuilder("Dilithium").setProvider("BCPQC").build(generateKeyPair.getPrivate()));
        assertTrue(build3.verify(new JcaContentVerifierProviderBuilder().build(makeV3Certificate)));
        CertificateRepMessage fromPKIBody = CertificateRepMessage.fromPKIBody(build3.getBody());
        CertificateResponse certificateResponse = fromPKIBody.getResponses()[0];
        assertEquals(true, certificateResponse.hasEncryptedCertificate());
        Collection recipients = certificateResponse.getEncryptedCertificate().getRecipientInfos().getRecipients();
        assertEquals(1, recipients.size());
        RecipientInformation recipientInformation = (RecipientInformation) recipients.iterator().next();
        assertEquals(recipientInformation.getKeyEncryptionAlgOID(), BCObjectIdentifiers.hqc128.getId());
        assertEquals(true, Arrays.equals(new CMPCertificate(makeV3Certificate2.toASN1Structure()).getEncoded(), recipientInformation.getContent(new JceKEMEnvelopedRecipient(generateKeyPair2.getPrivate()))));
        X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(certificateResponse.getCertificate(new JceKEMEnvelopedRecipient(generateKeyPair2.getPrivate())).getX509v3PKCert());
        assertEquals(true, x509CertificateHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().build(fromPKIBody.getX509Certificates()[0])));
        CertificateConfirmationContent build4 = new CertificateConfirmationContentBuilder().addAcceptedCertificate(makeV3Certificate2, BigInteger.ONE).build(new JcaDigestCalculatorProviderBuilder().build());
        ProtectedPKIMessage build5 = new ProtectedPKIMessageBuilder(generalName, generalName2).setBody(24, build4).build(build);
        assertTrue(build4.getStatusMessages()[0].isVerified(x509CertificateHolder, new JcaDigestCalculatorProviderBuilder().build()));
        assertEquals(24, build5.getBody().getType());
        assertTrue(CertificateConfirmationContent.fromPKIBody(build5.getBody()).getStatusMessages()[0].isVerified(x509CertificateHolder, new JcaDigestCalculatorProviderBuilder().build()));
    }

    public void testCMCERequestWithDilithiumCA() throws Exception {
        char[] charArray = "secret".toCharArray();
        GeneralName generalName = new GeneralName(new X500Name("CN=mceliece3488864 Subject"));
        GeneralName generalName2 = new GeneralName(new X500Name("CN=Dilithium Issuer"));
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("Dilithium", "BCPQC");
        keyPairGenerator.initialize((AlgorithmParameterSpec) DilithiumParameterSpec.dilithium2);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        X509CertificateHolder makeV3Certificate = makeV3Certificate("CN=Dilithium Issuer", generateKeyPair);
        KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("CMCE", "BCPQC");
        keyPairGenerator2.initialize((AlgorithmParameterSpec) CMCEParameterSpec.mceliece348864);
        KeyPair generateKeyPair2 = keyPairGenerator2.generateKeyPair();
        JcaCertificateRequestMessageBuilder jcaCertificateRequestMessageBuilder = new JcaCertificateRequestMessageBuilder(BigIntegers.ONE);
        jcaCertificateRequestMessageBuilder.setPublicKey(generateKeyPair2.getPublic()).setSubject(X500Name.getInstance(generalName.getName())).setProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert);
        CertificateReqMessagesBuilder certificateReqMessagesBuilder = new CertificateReqMessagesBuilder();
        certificateReqMessagesBuilder.addRequest(jcaCertificateRequestMessageBuilder.build());
        MacCalculator build = new JcePBMac1CalculatorBuilder("HmacSHA256", 256).setProvider("BC").build(charArray);
        ProtectedPKIMessage build2 = new ProtectedPKIMessageBuilder(generalName, generalName2).setBody(0, certificateReqMessagesBuilder.build()).build(build);
        assertTrue(build2.getProtectionAlgorithm().equals(build.getAlgorithmIdentifier()));
        assertTrue(build2.verify(new JcePBMac1CalculatorProviderBuilder().setProvider("BC").build(), charArray));
        assertEquals(0, build2.getBody().getType());
        CertificateRequestMessage certificateRequestMessage = CertificateReqMessages.fromPKIBody(build2.getBody()).getRequests()[0];
        CertTemplate certTemplate = certificateRequestMessage.getCertTemplate();
        X509CertificateHolder makeV3Certificate2 = makeV3Certificate(certTemplate.getPublicKey(), certTemplate.getSubject(), generateKeyPair, "CN=Dilithium Issuer");
        CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
        cMSEnvelopedDataGenerator.addRecipientInfoGenerator(new JceKEMRecipientInfoGenerator(certificateRequestMessage.getCertReqId().getEncoded(), new JcaX509CertificateConverter().setProvider("BC").getCertificate(makeV3Certificate2).getPublicKey(), CMSAlgorithm.AES256_WRAP).setKDF(new AlgorithmIdentifier(NISTObjectIdentifiers.id_shake256)));
        CMSEnvelopedData generate = cMSEnvelopedDataGenerator.generate(new CMSProcessableCMPCertificate(makeV3Certificate2), new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES192_CBC).setProvider("BC").build());
        CertificateResponseBuilder certificateResponseBuilder = new CertificateResponseBuilder(certificateRequestMessage.getCertReqId(), new PKIStatusInfo(PKIStatus.granted));
        certificateResponseBuilder.withCertificate(generate);
        CertificateRepMessageBuilder certificateRepMessageBuilder = new CertificateRepMessageBuilder(makeV3Certificate);
        certificateRepMessageBuilder.addCertificateResponse(certificateResponseBuilder.build());
        ProtectedPKIMessage build3 = new ProtectedPKIMessageBuilder(generalName, generalName2).setBody(1, certificateRepMessageBuilder.build()).build(new JcaContentSignerBuilder("Dilithium").setProvider("BCPQC").build(generateKeyPair.getPrivate()));
        assertTrue(build3.verify(new JcaContentVerifierProviderBuilder().build(makeV3Certificate)));
        CertificateRepMessage fromPKIBody = CertificateRepMessage.fromPKIBody(build3.getBody());
        CertificateResponse certificateResponse = fromPKIBody.getResponses()[0];
        assertEquals(true, certificateResponse.hasEncryptedCertificate());
        Collection recipients = certificateResponse.getEncryptedCertificate().getRecipientInfos().getRecipients();
        assertEquals(1, recipients.size());
        RecipientInformation recipientInformation = (RecipientInformation) recipients.iterator().next();
        assertEquals(recipientInformation.getKeyEncryptionAlgOID(), BCObjectIdentifiers.mceliece348864_r3.getId());
        assertEquals(true, Arrays.equals(new CMPCertificate(makeV3Certificate2.toASN1Structure()).getEncoded(), recipientInformation.getContent(new JceKEMEnvelopedRecipient(generateKeyPair2.getPrivate()))));
        X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(certificateResponse.getCertificate(new JceKEMEnvelopedRecipient(generateKeyPair2.getPrivate())).getX509v3PKCert());
        assertEquals(true, x509CertificateHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().build(fromPKIBody.getX509Certificates()[0])));
        CertificateConfirmationContent build4 = new CertificateConfirmationContentBuilder().addAcceptedCertificate(makeV3Certificate2, BigInteger.ONE).build(new JcaDigestCalculatorProviderBuilder().build());
        ProtectedPKIMessage build5 = new ProtectedPKIMessageBuilder(generalName, generalName2).setBody(24, build4).build(build);
        assertTrue(build4.getStatusMessages()[0].isVerified(x509CertificateHolder, new JcaDigestCalculatorProviderBuilder().build()));
        assertEquals(24, build5.getBody().getType());
        assertTrue(CertificateConfirmationContent.fromPKIBody(build5.getBody()).getStatusMessages()[0].isVerified(x509CertificateHolder, new JcaDigestCalculatorProviderBuilder().build()));
    }

    private static X509CertificateHolder makeV3Certificate(String str, KeyPair keyPair) throws OperatorCreationException, CertException, CertIOException {
        PrivateKey privateKey = keyPair.getPrivate();
        PublicKey publicKey = keyPair.getPublic();
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(new X500Name(str), BigInteger.valueOf(System.currentTimeMillis()), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + 8640000000L), new X500Name(str), keyPair.getPublic());
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
        X509CertificateHolder build = jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("Dilithium").build(privateKey));
        assertTrue(build.isSignatureValid(new JcaContentVerifierProviderBuilder().build(publicKey)));
        return build;
    }

    private static X509CertificateHolder makeV3Certificate(SubjectPublicKeyInfo subjectPublicKeyInfo, X500Name x500Name, KeyPair keyPair, String str) throws OperatorCreationException, CertException, CertIOException {
        PrivateKey privateKey = keyPair.getPrivate();
        PublicKey publicKey = keyPair.getPublic();
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(new X500Name(str), BigInteger.valueOf(System.currentTimeMillis()), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + 8640000000L), x500Name, subjectPublicKeyInfo);
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
        X509CertificateHolder build = jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("Dilithium").build(privateKey));
        assertTrue(build.isSignatureValid(new JcaContentVerifierProviderBuilder().build(publicKey)));
        return build;
    }
}
