package org.bouncycastle.pqc.jcajce.provider.test;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.atomic.AtomicLong;
import junit.framework.TestCase;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider;
import org.bouncycastle.pqc.jcajce.spec.McElieceKeyGenParameterSpec;
import org.bouncycastle.pqc.jcajce.spec.SPHINCS256KeyGenParameterSpec;
import org.bouncycastle.pqc.jcajce.spec.XMSSMTParameterSpec;

/* loaded from: input_file:org/bouncycastle/pqc/jcajce/provider/test/KeyStoreTest.class */
public class KeyStoreTest extends TestCase {
    private static final long ONE_DAY_IN_MILLIS = 86400000;
    private static final long TEN_YEARS_IN_MILLIS = 315360000000L;
    private static Map algIds = new HashMap();

    public void setUp() {
        Security.addProvider(new BouncyCastleProvider());
        Security.addProvider(new BouncyCastlePQCProvider());
    }

    public void testPKCS12() throws Exception {
        tryKeyStore("PKCS12");
        tryKeyStore("PKCS12-DEF");
    }

    public void testBKS() throws Exception {
        tryKeyStore("BKS");
        tryKeyStore("UBER");
    }

    public void testBCFKS() throws Exception {
        tryKeyStore("BCFKS-DEF");
    }

    private void tryKeyStore(String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(str, "BC");
        keyStore.load(null, null);
        X500NameBuilder x500NameBuilder = new X500NameBuilder();
        x500NameBuilder.addRDN(BCStyle.CN, "Root CA");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("XMSSMT", "BCPQC");
        keyPairGenerator.initialize((AlgorithmParameterSpec) new XMSSMTParameterSpec(20, 10, "SHA256"), new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        X509Certificate createPQSelfSignedCert = createPQSelfSignedCert(x500NameBuilder.build(), "SHA256WITHXMSSMT", generateKeyPair);
        keyStore.setKeyEntry("xmssmt private", generateKeyPair.getPrivate(), "qwertz".toCharArray(), new X509Certificate[]{createPQSelfSignedCert});
        keyStore.setCertificateEntry("root ca", createPQSelfSignedCert);
        KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("McEliece", "BCPQC");
        keyPairGenerator2.initialize((AlgorithmParameterSpec) new McElieceKeyGenParameterSpec(9, 33));
        KeyPair generateKeyPair2 = keyPairGenerator2.generateKeyPair();
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
        extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage(1));
        X509Certificate createCert = createCert(x500NameBuilder.build(), generateKeyPair.getPrivate(), new X500Name("CN=meceliece"), "SHA256WITHXMSSMT", extensionsGenerator.generate(), generateKeyPair2.getPublic());
        X509Certificate[] x509CertificateArr = {createCert, createPQSelfSignedCert};
        KeyPairGenerator keyPairGenerator3 = KeyPairGenerator.getInstance("SPHINCS256", "BCPQC");
        keyPairGenerator3.initialize((AlgorithmParameterSpec) new SPHINCS256KeyGenParameterSpec("SHA512-256"));
        KeyPair generateKeyPair3 = keyPairGenerator3.generateKeyPair();
        ExtensionsGenerator extensionsGenerator2 = new ExtensionsGenerator();
        extensionsGenerator2.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
        extensionsGenerator2.addExtension(Extension.keyUsage, true, new KeyUsage(128));
        X509Certificate createCert2 = createCert(x500NameBuilder.build(), generateKeyPair3.getPrivate(), new X500Name("CN=sphincs256"), "SHA512WITHSPHINCS256", extensionsGenerator2.generate(), generateKeyPair3.getPublic());
        keyStore.setKeyEntry("private key 1", generateKeyPair2.getPrivate(), "qwertz".toCharArray(), x509CertificateArr);
        keyStore.setKeyEntry("private key 2", generateKeyPair3.getPrivate(), "qwertz".toCharArray(), new X509Certificate[]{createCert2, createPQSelfSignedCert});
        keyStore.setCertificateEntry("cert 1", createCert);
        keyStore.setCertificateEntry("cert 2", createCert2);
        assertEquals(generateKeyPair.getPrivate(), keyStore.getKey("xmssmt private", "qwertz".toCharArray()));
        assertEquals(generateKeyPair2.getPrivate(), keyStore.getKey("private key 1", "qwertz".toCharArray()));
        assertEquals(generateKeyPair3.getPrivate(), keyStore.getKey("private key 2", "qwertz".toCharArray()));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, "fred".toCharArray());
        KeyStore.getInstance(str, "BC").load(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), "fred".toCharArray());
        assertEquals(generateKeyPair.getPrivate(), keyStore.getKey("xmssmt private", "qwertz".toCharArray()));
        assertEquals(generateKeyPair2.getPrivate(), keyStore.getKey("private key 1", "qwertz".toCharArray()));
        assertEquals(generateKeyPair3.getPrivate(), keyStore.getKey("private key 2", "qwertz".toCharArray()));
    }

    private static X509Certificate createPQSelfSignedCert(X500Name x500Name, String str, KeyPair keyPair) throws Exception {
        V3TBSCertificateGenerator v3TBSCertificateGenerator = new V3TBSCertificateGenerator();
        long currentTimeMillis = System.currentTimeMillis();
        v3TBSCertificateGenerator.setSerialNumber(new ASN1Integer(new AtomicLong(System.currentTimeMillis()).getAndIncrement()));
        v3TBSCertificateGenerator.setIssuer(x500Name);
        v3TBSCertificateGenerator.setSubject(x500Name);
        v3TBSCertificateGenerator.setStartDate(new Time(new Date(currentTimeMillis - 5000)));
        v3TBSCertificateGenerator.setEndDate(new Time(new Date(currentTimeMillis + TEN_YEARS_IN_MILLIS)));
        v3TBSCertificateGenerator.setSignature((AlgorithmIdentifier) algIds.get(str));
        v3TBSCertificateGenerator.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
        extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage(4));
        v3TBSCertificateGenerator.setExtensions(extensionsGenerator.generate());
        TBSCertificate generateTBSCertificate = v3TBSCertificateGenerator.generateTBSCertificate();
        Signature signature = Signature.getInstance(str, BouncyCastlePQCProvider.PROVIDER_NAME);
        signature.initSign(keyPair.getPrivate());
        signature.update(generateTBSCertificate.getEncoded("DER"));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(generateTBSCertificate);
        aSN1EncodableVector.add((AlgorithmIdentifier) algIds.get(str));
        aSN1EncodableVector.add(new DERBitString(signature.sign()));
        return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(new DERSequence(aSN1EncodableVector).getEncoded("DER")));
    }

    private static X509Certificate createCert(X500Name x500Name, PrivateKey privateKey, X500Name x500Name2, String str, Extensions extensions, PublicKey publicKey) throws Exception {
        V3TBSCertificateGenerator v3TBSCertificateGenerator = new V3TBSCertificateGenerator();
        long currentTimeMillis = System.currentTimeMillis();
        v3TBSCertificateGenerator.setSerialNumber(new ASN1Integer(new AtomicLong(System.currentTimeMillis()).getAndIncrement()));
        v3TBSCertificateGenerator.setIssuer(x500Name);
        v3TBSCertificateGenerator.setSubject(x500Name2);
        v3TBSCertificateGenerator.setStartDate(new Time(new Date(currentTimeMillis - 5000)));
        v3TBSCertificateGenerator.setEndDate(new Time(new Date(currentTimeMillis + TEN_YEARS_IN_MILLIS)));
        v3TBSCertificateGenerator.setSignature((AlgorithmIdentifier) algIds.get(str));
        v3TBSCertificateGenerator.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
        v3TBSCertificateGenerator.setExtensions(extensions);
        TBSCertificate generateTBSCertificate = v3TBSCertificateGenerator.generateTBSCertificate();
        Signature signature = Signature.getInstance(str, BouncyCastlePQCProvider.PROVIDER_NAME);
        signature.initSign(privateKey);
        signature.update(generateTBSCertificate.getEncoded("DER"));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(generateTBSCertificate);
        aSN1EncodableVector.add((AlgorithmIdentifier) algIds.get(str));
        aSN1EncodableVector.add(new DERBitString(signature.sign()));
        return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(new DERSequence(aSN1EncodableVector).getEncoded("DER")));
    }

    static {
        algIds.put("SHA512WITHSPHINCS256", new AlgorithmIdentifier(BCObjectIdentifiers.sphincs256_with_SHA512));
        algIds.put("SHA256WITHXMSSMT", new AlgorithmIdentifier(BCObjectIdentifiers.xmss_mt_SHA256ph));
        algIds.put("SHA512WITHXMSSMT", new AlgorithmIdentifier(BCObjectIdentifiers.xmss_mt_SHA512ph));
    }
}
