package org.bouncycastle.tls.test;

import java.io.IOException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import junit.framework.TestCase;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.OCSPResponse;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.bouncycastle.cert.ocsp.SingleResp;
import org.bouncycastle.cert.ocsp.jcajce.JcaCertificateID;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.DigestCalculator;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider;

/* loaded from: input_file:org/bouncycastle/tls/test/OCSPTest.class */
public class OCSPTest extends TestCase {

    /* loaded from: input_file:org/bouncycastle/tls/test/OCSPTest$OCSPResponder.class */
    interface OCSPResponder {
        OCSPResponse[] getResponses(Certificate certificate) throws IOException;
    }

    /* loaded from: input_file:org/bouncycastle/tls/test/OCSPTest$TestOCSPResponderImpl.class */
    private class TestOCSPResponderImpl implements OCSPResponder {
        private final TestOCSPCertServer server;
        private final DigestCalculator digCalc = new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1);
        private final X509Certificate caCert;

        public TestOCSPResponderImpl(TestOCSPCertServer testOCSPCertServer) throws OperatorCreationException {
            this.server = testOCSPCertServer;
            this.caCert = testOCSPCertServer.getCACert();
        }

        @Override // org.bouncycastle.tls.test.OCSPTest.OCSPResponder
        public OCSPResponse[] getResponses(Certificate certificate) throws IOException {
            TlsCertificate[] certificateList = certificate.getCertificateList();
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i != certificateList.length; i++) {
                try {
                    OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
                    oCSPReqBuilder.addRequest(new CertificateID(this.digCalc, new X509CertificateHolder(this.caCert.getEncoded()), certificateList[i].getSerialNumber()));
                    arrayList.add(this.server.respond(oCSPReqBuilder.build()).toASN1Structure());
                } catch (Exception e) {
                    throw new IOException("OCSP response issue: " + e.getMessage());
                } catch (OCSPException e2) {
                    throw new IOException("OCSP issue: " + e2.getMessage());
                } catch (CertificateEncodingException e3) {
                    throw new IOException("CA encoding issue: " + e3.getMessage());
                }
            }
            return (OCSPResponse[]) arrayList.toArray(new OCSPResponse[arrayList.size()]);
        }
    }

    public void setUp() {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    public void testOCSPResponder() throws Exception {
        JcaTlsCrypto create = new JcaTlsCryptoProvider().create(new SecureRandom());
        DigestCalculator digestCalculator = new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1);
        TestOCSPCertServer testOCSPCertServer = new TestOCSPCertServer();
        X509Certificate cACert = testOCSPCertServer.getCACert();
        X509CertificateHolder certificate = testOCSPCertServer.issueClientCert("CN=Okay", false).getCertificate();
        X509CertificateHolder certificate2 = testOCSPCertServer.issueClientCert("CN=Revoked", true).getCertificate();
        OCSPResponse[] responses = new TestOCSPResponderImpl(testOCSPCertServer).getResponses(new Certificate(new TlsCertificate[]{create.createCertificate(certificate.getEncoded()), create.createCertificate(certificate2.getEncoded())}));
        assertEquals(2, responses.length);
        OCSPResponse oCSPResponse = responses[0];
        assertEquals(0, oCSPResponse.getResponseStatus().getValue().intValue());
        assertEquals(OCSPObjectIdentifiers.id_pkix_ocsp_basic, oCSPResponse.getResponseBytes().getResponseType());
        SingleResp[] responses2 = new BasicOCSPResp(BasicOCSPResponse.getInstance(oCSPResponse.getResponseBytes().getResponse().getOctets())).getResponses();
        assertEquals(1, responses2.length);
        assertEquals(responses2[0].getCertID(), new JcaCertificateID(digestCalculator, cACert, certificate.getSerialNumber()));
        assertNull(responses2[0].getCertStatus());
        OCSPResponse oCSPResponse2 = responses[1];
        assertEquals(0, oCSPResponse2.getResponseStatus().getValue().intValue());
        assertEquals(OCSPObjectIdentifiers.id_pkix_ocsp_basic, oCSPResponse2.getResponseBytes().getResponseType());
        SingleResp[] responses3 = new BasicOCSPResp(BasicOCSPResponse.getInstance(oCSPResponse2.getResponseBytes().getResponse().getOctets())).getResponses();
        assertEquals(1, responses3.length);
        assertEquals(responses3[0].getCertID(), new JcaCertificateID(digestCalculator, cACert, certificate2.getSerialNumber()));
        assertNotNull(responses3[0].getCertStatus());
    }
}
