package org.bouncycastle.jsse.provider.test;

import java.net.Socket;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.KeyStoreBuilderParameters;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.x500.X500Principal;
import junit.framework.TestCase;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.jsse.BCX509ExtendedKeyManager;

/* loaded from: input_file:org/bouncycastle/jsse/provider/test/KeyManagerFactoryTest.class */
public class KeyManagerFactoryTest extends TestCase {
    private static final char[] PASSWORD = "fred".toCharArray();

    protected void setUp() {
        ProviderUtils.setupLowPriority(false);
    }

    public void testBasicEC() throws Exception {
        implTestKeyManagerFactory(getEcKeyStore(false), "ECDHE_ECDSA");
    }

    public void testBasicRSA() throws Exception {
        implTestKeyManagerFactory(getRsaKeyStore(true), "KE:RSA");
    }

    public void testRSAServer() throws Exception {
        KeyStore rsaKeyStore = getRsaKeyStore(true);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, PASSWORD);
        keyStore.setCertificateEntry("server", rsaKeyStore.getCertificate("root"));
        SSLUtils.startServer(rsaKeyStore, PASSWORD, keyStore, false, 8886);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX", "BCJSSE");
        trustManagerFactory.init(keyStore);
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2", "BCJSSE");
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
        SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket("localhost", 8886);
        sSLSocket.setUseClientMode(true);
        SSLUtils.restrictKeyExchange(sSLSocket, "RSA");
        sSLSocket.getOutputStream().write(33);
        sSLSocket.getInputStream().read();
    }

    public void testRSAServerTrustEE() throws Exception {
        KeyStore rsaKeyStore = getRsaKeyStore(true);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, PASSWORD);
        keyStore.setCertificateEntry("server", rsaKeyStore.getCertificate("root"));
        SSLUtils.startServer(rsaKeyStore, PASSWORD, keyStore, false, 8886);
        KeyStore keyStore2 = KeyStore.getInstance("JKS");
        keyStore2.load(null, PASSWORD);
        keyStore2.setCertificateEntry("server", rsaKeyStore.getCertificate("test"));
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX", "BCJSSE");
        trustManagerFactory.init(keyStore2);
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2", "BCJSSE");
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
        SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket("localhost", 8886);
        sSLSocket.setUseClientMode(true);
        SSLUtils.restrictKeyExchange(sSLSocket, "RSA");
        sSLSocket.getOutputStream().write(33);
        sSLSocket.getInputStream().read();
    }

    public void testRSAServerWithClientAuth() throws Exception {
        KeyStore rsaKeyStore = getRsaKeyStore(false);
        KeyStore rsaKeyStore2 = getRsaKeyStore(true);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, PASSWORD);
        keyStore.setCertificateEntry("clientRoot", rsaKeyStore.getCertificate("root"));
        SSLUtils.startServer(rsaKeyStore2, PASSWORD, keyStore, true, 8887);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("PKIX", "BCJSSE");
        keyManagerFactory.init(rsaKeyStore, PASSWORD);
        KeyStore keyStore2 = KeyStore.getInstance("JKS");
        keyStore2.load(null, PASSWORD);
        keyStore2.setCertificateEntry("serverRoot", rsaKeyStore2.getCertificate("root"));
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX", "BCJSSE");
        trustManagerFactory.init(keyStore2);
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2", "BCJSSE");
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
        SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket("localhost", 8887);
        sSLSocket.setUseClientMode(true);
        SSLUtils.restrictKeyExchange(sSLSocket, "RSA");
        sSLSocket.getOutputStream().write(33);
        sSLSocket.getInputStream().read();
    }

    private KeyStore getEcKeyStore(boolean z) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        KeyPair generateECKeyPair = TestUtils.generateECKeyPair();
        KeyPair generateECKeyPair2 = TestUtils.generateECKeyPair();
        KeyPair generateECKeyPair3 = TestUtils.generateECKeyPair();
        X509Certificate generateRootCert = TestUtils.generateRootCert(generateECKeyPair);
        X509Certificate generateIntermediateCert = TestUtils.generateIntermediateCert(generateECKeyPair2.getPublic(), new X500Name("CN=TLS Test CA"), generateECKeyPair.getPrivate(), generateRootCert);
        X509Certificate generateEndEntityCertAgree = z ? TestUtils.generateEndEntityCertAgree(generateECKeyPair3.getPublic(), new X500Name("CN=TLS Test"), generateECKeyPair2.getPrivate(), generateIntermediateCert) : TestUtils.generateEndEntityCertSign(generateECKeyPair3.getPublic(), new X500Name("CN=TLS Test"), generateECKeyPair2.getPrivate(), generateIntermediateCert);
        keyStore.load(null, PASSWORD);
        keyStore.setKeyEntry("test", generateECKeyPair3.getPrivate(), PASSWORD, new Certificate[]{generateEndEntityCertAgree, generateIntermediateCert});
        keyStore.setCertificateEntry("root", generateRootCert);
        return keyStore;
    }

    private KeyStore getRsaKeyStore(boolean z) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        KeyPair generateRSAKeyPair = TestUtils.generateRSAKeyPair();
        KeyPair generateRSAKeyPair2 = TestUtils.generateRSAKeyPair();
        KeyPair generateRSAKeyPair3 = TestUtils.generateRSAKeyPair();
        X509Certificate generateRootCert = TestUtils.generateRootCert(generateRSAKeyPair);
        X509Certificate generateIntermediateCert = TestUtils.generateIntermediateCert(generateRSAKeyPair2.getPublic(), new X500Name("CN=TLS Test CA"), generateRSAKeyPair.getPrivate(), generateRootCert);
        X509Certificate generateEndEntityCertEnc = z ? TestUtils.generateEndEntityCertEnc(generateRSAKeyPair3.getPublic(), new X500Name("CN=TLS Test"), generateRSAKeyPair2.getPrivate(), generateIntermediateCert) : TestUtils.generateEndEntityCertSign(generateRSAKeyPair3.getPublic(), new X500Name("CN=TLS Test"), generateRSAKeyPair2.getPrivate(), generateIntermediateCert);
        keyStore.load(null, PASSWORD);
        keyStore.setKeyEntry("test", generateRSAKeyPair3.getPrivate(), PASSWORD, new Certificate[]{generateEndEntityCertEnc, generateIntermediateCert});
        keyStore.setCertificateEntry("root", generateRootCert);
        return keyStore;
    }

    private void implTestKeyManager(BCX509ExtendedKeyManager bCX509ExtendedKeyManager, String str) throws Exception {
        String chooseServerAlias = bCX509ExtendedKeyManager.chooseServerAlias(str, (Principal[]) null, (Socket) null);
        assertNotNull(chooseServerAlias);
        assertNotNull(bCX509ExtendedKeyManager.getCertificateChain(chooseServerAlias));
        assertNotNull(bCX509ExtendedKeyManager.getPrivateKey(chooseServerAlias));
        assertNotNull(bCX509ExtendedKeyManager.chooseServerKeyBC(new String[]{str}, (Principal[]) null, (Socket) null));
        assertNull(bCX509ExtendedKeyManager.chooseServerAlias(str, new Principal[]{new X500Principal("CN=TLS Test")}, (Socket) null));
        assertNull(bCX509ExtendedKeyManager.chooseServerKeyBC(new String[]{str}, new Principal[]{new X500Principal("CN=TLS Test")}, (Socket) null));
        String chooseServerAlias2 = bCX509ExtendedKeyManager.chooseServerAlias(str, new Principal[]{new X500Principal("CN=TLS Test CA")}, (Socket) null);
        assertNotNull(chooseServerAlias2);
        assertNotNull(bCX509ExtendedKeyManager.getCertificateChain(chooseServerAlias2));
        assertNotNull(bCX509ExtendedKeyManager.getPrivateKey(chooseServerAlias2));
        assertNotNull(bCX509ExtendedKeyManager.chooseServerKeyBC(new String[]{str}, new Principal[]{new X500Principal("CN=TLS Test CA")}, (Socket) null));
    }

    private void implTestKeyManagerFactory(KeyManagerFactory keyManagerFactory, String str) throws Exception {
        implTestKeyManager((BCX509ExtendedKeyManager) keyManagerFactory.getKeyManagers()[0], str);
    }

    private void implTestKeyManagerFactory(KeyStore keyStore, String str) throws Exception {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("PKIX", "BCJSSE");
        keyManagerFactory.init(keyStore, PASSWORD);
        implTestKeyManagerFactory(keyManagerFactory, str);
        keyManagerFactory.init(new KeyStoreBuilderParameters(KeyStore.Builder.newInstance(keyStore, new KeyStore.PasswordProtection(PASSWORD))));
        implTestKeyManagerFactory(keyManagerFactory, str);
    }
}
