package org.bouncycastle.cert.ocsp.test;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.URI;
import java.security.KeyPair;
import java.security.Security;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateFactory;
import java.security.cert.Extension;
import java.security.cert.PKIXParameters;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.OCSPRespBuilder;
import org.bouncycastle.cert.ocsp.RespID;
import org.bouncycastle.cert.ocsp.RevokedStatus;
import org.bouncycastle.cert.ocsp.jcajce.JcaBasicOCSPRespBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.io.Streams;
import org.bouncycastle.util.test.SimpleTest;

/* loaded from: input_file:org/bouncycastle/cert/ocsp/test/PKIXRevocationTest.class */
public class PKIXRevocationTest extends SimpleTest {
    private static final String BC = "BC";
    private static final int TEST_OCSP_RESPONDER_PORT = 10541;

    /* loaded from: input_file:org/bouncycastle/cert/ocsp/test/PKIXRevocationTest$NonceExtension.class */
    private static class NonceExtension implements Extension {
        private final byte[] nonce;

        NonceExtension(byte[] bArr) {
            this.nonce = bArr;
        }

        @Override // java.security.cert.Extension
        public String getId() {
            return OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId();
        }

        @Override // java.security.cert.Extension
        public boolean isCritical() {
            return false;
        }

        @Override // java.security.cert.Extension
        public byte[] getValue() {
            return this.nonce;
        }

        @Override // java.security.cert.Extension
        public void encode(OutputStream outputStream) throws IOException {
            outputStream.write(new org.bouncycastle.asn1.x509.Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, this.nonce).getEncoded());
        }
    }

    /* loaded from: input_file:org/bouncycastle/cert/ocsp/test/PKIXRevocationTest$OCSPResponderTask.class */
    private static class OCSPResponderTask implements Runnable {
        private final byte[] resp;
        private final int portNo;

        OCSPResponderTask(int i, byte[] bArr) {
            this.portNo = i;
            this.resp = bArr;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                ServerSocket serverSocket = new ServerSocket(this.portNo);
                Socket accept = serverSocket.accept();
                InputStream inputStream = accept.getInputStream();
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                int i = 0;
                while (true) {
                    int read = inputStream.read();
                    if (read < 0) {
                        break;
                    }
                    byteArrayOutputStream.write(read);
                    if (read == 10) {
                        String trim = Strings.fromByteArray(byteArrayOutputStream.toByteArray()).trim();
                        if (trim.startsWith("Content-Length")) {
                            i = Integer.parseInt(trim.substring("Content-Length: ".length()));
                        }
                        if (trim.length() == 0) {
                            break;
                        } else {
                            byteArrayOutputStream.reset();
                        }
                    }
                }
                Streams.readFully(inputStream, new byte[i]);
                OutputStream outputStream = accept.getOutputStream();
                outputStream.write(Strings.toByteArray("HTTP/1.1 200 OK\r\n"));
                outputStream.write(Strings.toByteArray("Content-type: application/ocsp-response\r\n"));
                outputStream.write(Strings.toByteArray("Content-Length: " + this.resp.length + "\r\n"));
                outputStream.write(Strings.toByteArray("\r\n"));
                outputStream.write(this.resp);
                outputStream.flush();
                outputStream.close();
                accept.close();
                serverSocket.close();
            } catch (Exception e) {
            }
        }
    }

    @Override // org.bouncycastle.util.test.SimpleTest, org.bouncycastle.util.test.Test
    public String getName() {
        return "PKIXRevocationTest";
    }

    @Override // org.bouncycastle.util.test.SimpleTest
    public void performTest() throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", BC);
        DigestCalculatorProvider build = new JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
        KeyPair makeKeyPair = OCSPTestUtil.makeKeyPair();
        KeyPair makeKeyPair2 = OCSPTestUtil.makeKeyPair();
        KeyPair makeKeyPair3 = OCSPTestUtil.makeKeyPair();
        KeyPair makeKeyPair4 = OCSPTestUtil.makeKeyPair();
        X509Certificate makeRootCertificate = OCSPTestUtil.makeRootCertificate(makeKeyPair, "CN=Root");
        X509Certificate makeCertificate = OCSPTestUtil.makeCertificate(makeKeyPair2, "CN=CA", makeKeyPair, makeRootCertificate, true);
        X509Certificate makeCertificate2 = OCSPTestUtil.makeCertificate(makeKeyPair3, "CN=EE", makeKeyPair2, makeCertificate, false);
        X509Certificate makeRootCertificate2 = OCSPTestUtil.makeRootCertificate(makeKeyPair4, "CN=OCSP");
        byte[] ocspResponse = getOcspResponse(makeKeyPair4, build, makeCertificate, makeCertificate2);
        byte[] ocspResponse2 = getOcspResponse(makeKeyPair4, build, makeRootCertificate, makeCertificate);
        ArrayList arrayList = new ArrayList();
        arrayList.add(makeCertificate2);
        arrayList.add(makeCertificate);
        CertPath generateCertPath = certificateFactory.generateCertPath(arrayList);
        HashSet hashSet = new HashSet();
        hashSet.add(new TrustAnchor(makeRootCertificate, null));
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", BC);
        PKIXRevocationChecker pKIXRevocationChecker = (PKIXRevocationChecker) certPathValidator.getRevocationChecker();
        HashMap hashMap = new HashMap();
        hashMap.put(makeCertificate2, ocspResponse);
        pKIXRevocationChecker.setOcspResponses(hashMap);
        pKIXRevocationChecker.setOcspResponderCert(makeRootCertificate2);
        pKIXRevocationChecker.setOptions(Collections.singleton(PKIXRevocationChecker.Option.ONLY_END_ENTITY));
        PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
        pKIXParameters.addCertPathChecker(pKIXRevocationChecker);
        certPathValidator.validate(generateCertPath, pKIXParameters);
        CertPathValidator certPathValidator2 = CertPathValidator.getInstance("PKIX", BC);
        PKIXRevocationChecker pKIXRevocationChecker2 = (PKIXRevocationChecker) certPathValidator2.getRevocationChecker();
        pKIXRevocationChecker2.setOcspResponses(hashMap);
        pKIXRevocationChecker2.setOcspResponderCert(makeRootCertificate2);
        PKIXParameters pKIXParameters2 = new PKIXParameters(hashSet);
        pKIXParameters2.addCertPathChecker(pKIXRevocationChecker2);
        try {
            certPathValidator2.validate(generateCertPath, pKIXParameters2);
            fail("no exception ca check");
        } catch (CertPathValidatorException e) {
        }
        CertPathValidator certPathValidator3 = CertPathValidator.getInstance("PKIX", BC);
        PKIXRevocationChecker pKIXRevocationChecker3 = (PKIXRevocationChecker) certPathValidator3.getRevocationChecker();
        HashMap hashMap2 = new HashMap();
        hashMap2.put(makeCertificate2, ocspResponse);
        hashMap2.put(makeCertificate, ocspResponse2);
        pKIXRevocationChecker3.setOcspResponses(hashMap2);
        pKIXRevocationChecker3.setOcspResponderCert(makeRootCertificate2);
        PKIXParameters pKIXParameters3 = new PKIXParameters(hashSet);
        pKIXParameters3.addCertPathChecker(pKIXRevocationChecker3);
        certPathValidator3.validate(generateCertPath, pKIXParameters3);
        CertPathValidator certPathValidator4 = CertPathValidator.getInstance("PKIX", BC);
        PKIXRevocationChecker pKIXRevocationChecker4 = (PKIXRevocationChecker) certPathValidator4.getRevocationChecker();
        HashMap hashMap3 = new HashMap();
        hashMap3.put(makeCertificate2, getRevokedOcspResponse(makeKeyPair4, build, makeCertificate, makeCertificate2));
        hashMap3.put(makeCertificate, ocspResponse2);
        pKIXRevocationChecker4.setOcspResponses(hashMap3);
        pKIXRevocationChecker4.setOcspResponderCert(makeRootCertificate2);
        PKIXParameters pKIXParameters4 = new PKIXParameters(hashSet);
        pKIXParameters4.addCertPathChecker(pKIXRevocationChecker4);
        try {
            certPathValidator4.validate(generateCertPath, pKIXParameters4);
            fail("no exception");
        } catch (CertPathValidatorException e2) {
            isEquals(0, e2.getIndex());
            isTrue(e2.getMessage().startsWith("certificate revoked, reason=(CRLReason: keyCompromise)"));
        }
        CertPathValidator certPathValidator5 = CertPathValidator.getInstance("PKIX", BC);
        PKIXRevocationChecker pKIXRevocationChecker5 = (PKIXRevocationChecker) certPathValidator5.getRevocationChecker();
        HashMap hashMap4 = new HashMap();
        hashMap4.put(makeCertificate2, getFailedOcspResponse(makeKeyPair4, build, makeCertificate, makeCertificate2));
        hashMap4.put(makeCertificate, ocspResponse2);
        pKIXRevocationChecker5.setOcspResponses(hashMap4);
        pKIXRevocationChecker5.setOcspResponderCert(makeRootCertificate2);
        PKIXParameters pKIXParameters5 = new PKIXParameters(hashSet);
        pKIXParameters5.addCertPathChecker(pKIXRevocationChecker5);
        try {
            certPathValidator5.validate(generateCertPath, pKIXParameters5);
            fail("no exception");
        } catch (CertPathValidatorException e3) {
            isEquals(0, e3.getIndex());
            isTrue(e3.getMessage().startsWith("OCSP response failed: "));
        }
        CertPathValidator certPathValidator6 = CertPathValidator.getInstance("PKIX", BC);
        PKIXRevocationChecker pKIXRevocationChecker6 = (PKIXRevocationChecker) certPathValidator6.getRevocationChecker();
        pKIXRevocationChecker6.setOcspResponder(new URI("http://localhost:10541/"));
        pKIXRevocationChecker6.setOptions(Collections.singleton(PKIXRevocationChecker.Option.ONLY_END_ENTITY));
        pKIXRevocationChecker6.setOcspResponderCert(makeRootCertificate2);
        byte[] encoded = new DEROctetString(Hex.decode("DEADBEEF")).getEncoded();
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new NonceExtension(encoded));
        pKIXRevocationChecker6.setOcspExtensions(arrayList2);
        PKIXParameters pKIXParameters6 = new PKIXParameters(hashSet);
        pKIXParameters6.addCertPathChecker(pKIXRevocationChecker6);
        Thread thread = new Thread(new OCSPResponderTask(TEST_OCSP_RESPONDER_PORT, getOcspResponse(makeKeyPair4, build, makeCertificate, makeCertificate2, encoded)));
        thread.setDaemon(true);
        thread.start();
        certPathValidator6.validate(generateCertPath, pKIXParameters6);
        X509Certificate makeCertificate3 = OCSPTestUtil.makeCertificate(makeKeyPair4, "CN=OCSP", makeKeyPair2, makeCertificate, KeyPurposeId.id_kp_codeSigning);
        CertPathValidator certPathValidator7 = CertPathValidator.getInstance("PKIX", BC);
        PKIXRevocationChecker pKIXRevocationChecker7 = (PKIXRevocationChecker) certPathValidator7.getRevocationChecker();
        pKIXRevocationChecker7.setOcspResponder(new URI("http://localhost:10542/"));
        pKIXRevocationChecker7.setOptions(Collections.singleton(PKIXRevocationChecker.Option.ONLY_END_ENTITY));
        PKIXParameters pKIXParameters7 = new PKIXParameters(hashSet);
        pKIXParameters7.addCertPathChecker(pKIXRevocationChecker7);
        Thread thread2 = new Thread(new OCSPResponderTask(10542, getOcspResponse(makeKeyPair4, makeCertificate3, build, makeCertificate, makeCertificate2)));
        thread2.setDaemon(true);
        thread2.start();
        try {
            certPathValidator7.validate(generateCertPath, pKIXParameters7);
            fail("no exception");
        } catch (CertPathValidatorException e4) {
            isEquals(0, e4.getIndex());
            isTrue(e4.getMessage().equals("responder certificate not valid for signing OCSP responses"));
        }
        X509Certificate makeCertificate4 = OCSPTestUtil.makeCertificate(makeKeyPair4, "CN=OCSP", makeKeyPair2, makeCertificate, KeyPurposeId.id_kp_OCSPSigning);
        CertPathValidator certPathValidator8 = CertPathValidator.getInstance("PKIX", BC);
        PKIXRevocationChecker pKIXRevocationChecker8 = (PKIXRevocationChecker) certPathValidator8.getRevocationChecker();
        pKIXRevocationChecker8.setOcspResponder(new URI("http://localhost:10543/"));
        pKIXRevocationChecker8.setOptions(Collections.singleton(PKIXRevocationChecker.Option.ONLY_END_ENTITY));
        PKIXParameters pKIXParameters8 = new PKIXParameters(hashSet);
        pKIXParameters8.addCertPathChecker(pKIXRevocationChecker8);
        Thread thread3 = new Thread(new OCSPResponderTask(10543, getOcspResponse(makeKeyPair4, makeCertificate4, build, makeCertificate, makeCertificate2)));
        thread3.setDaemon(true);
        thread3.start();
        certPathValidator8.validate(generateCertPath, pKIXParameters8);
        X509Certificate makeCertificateWithOCSP = OCSPTestUtil.makeCertificateWithOCSP(makeKeyPair2, "CN=CA", makeKeyPair, makeRootCertificate, true, "http://localhost:10541/");
        X509Certificate makeCertificate5 = OCSPTestUtil.makeCertificate(makeKeyPair3, "CN=EE", makeKeyPair2, makeCertificateWithOCSP, false);
        byte[] ocspResponseName = getOcspResponseName(makeKeyPair2, build, makeCertificateWithOCSP, makeCertificate5);
        byte[] ocspResponse3 = getOcspResponse(makeKeyPair4, build, makeRootCertificate, makeCertificateWithOCSP);
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add(makeCertificate5);
        arrayList3.add(makeCertificateWithOCSP);
        CertPath generateCertPath2 = certificateFactory.generateCertPath(arrayList3);
        CertPathValidator certPathValidator9 = CertPathValidator.getInstance("PKIX", BC);
        PKIXRevocationChecker pKIXRevocationChecker9 = (PKIXRevocationChecker) certPathValidator9.getRevocationChecker();
        HashMap hashMap5 = new HashMap();
        hashMap5.put(makeCertificate5, ocspResponseName);
        pKIXRevocationChecker9.setOcspResponses(hashMap5);
        pKIXRevocationChecker9.setOcspResponderCert(makeCertificate4);
        Thread thread4 = new Thread(new OCSPResponderTask(TEST_OCSP_RESPONDER_PORT, ocspResponse3));
        thread4.setDaemon(true);
        thread4.start();
        PKIXParameters pKIXParameters9 = new PKIXParameters(hashSet);
        pKIXParameters9.addCertPathChecker(pKIXRevocationChecker9);
        certPathValidator9.validate(generateCertPath2, pKIXParameters9);
        ocspCertChainTest();
        dispPointCertChainTest();
    }

    private void ocspCertChainTest() throws Exception {
        X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) new PEMParser(new InputStreamReader(getClass().getResourceAsStream("ee.pem"))).readObject();
        X509CertificateHolder x509CertificateHolder2 = (X509CertificateHolder) new PEMParser(new InputStreamReader(getClass().getResourceAsStream("ca.pem"))).readObject();
        X509CertificateHolder x509CertificateHolder3 = (X509CertificateHolder) new PEMParser(new InputStreamReader(getClass().getResourceAsStream("ta.pem"))).readObject();
        JcaX509CertificateConverter provider = new JcaX509CertificateConverter().setProvider(BC);
        ArrayList arrayList = new ArrayList();
        arrayList.add(provider.getCertificate(x509CertificateHolder));
        arrayList.add(provider.getCertificate(x509CertificateHolder2));
        System.setProperty("org.bouncycastle.x509.enableCRLDP", "true");
        CertPath generateCertPath = CertificateFactory.getInstance("X.509", BC).generateCertPath(arrayList);
        HashSet hashSet = new HashSet();
        hashSet.add(new TrustAnchor(provider.getCertificate(x509CertificateHolder3), null));
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", BC);
        PKIXRevocationChecker pKIXRevocationChecker = (PKIXRevocationChecker) certPathValidator.getRevocationChecker();
        pKIXRevocationChecker.setOptions(Collections.singleton(PKIXRevocationChecker.Option.NO_FALLBACK));
        PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
        pKIXParameters.addCertPathChecker(pKIXRevocationChecker);
        certPathValidator.validate(generateCertPath, pKIXParameters);
    }

    private void dispPointCertChainTest() throws Exception {
        X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) new PEMParser(new InputStreamReader(getClass().getResourceAsStream("ee.pem"))).readObject();
        X509CertificateHolder x509CertificateHolder2 = (X509CertificateHolder) new PEMParser(new InputStreamReader(getClass().getResourceAsStream("ca.pem"))).readObject();
        X509CertificateHolder x509CertificateHolder3 = (X509CertificateHolder) new PEMParser(new InputStreamReader(getClass().getResourceAsStream("ta.pem"))).readObject();
        JcaX509CertificateConverter provider = new JcaX509CertificateConverter().setProvider(BC);
        ArrayList arrayList = new ArrayList();
        arrayList.add(provider.getCertificate(x509CertificateHolder));
        arrayList.add(provider.getCertificate(x509CertificateHolder2));
        System.setProperty("org.bouncycastle.x509.enableCRLDP", "true");
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", BC);
        CertPath generateCertPath = certificateFactory.generateCertPath(arrayList);
        HashSet hashSet = new HashSet();
        hashSet.add(new TrustAnchor(provider.getCertificate(x509CertificateHolder3), null));
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", BC);
        PKIXRevocationChecker pKIXRevocationChecker = (PKIXRevocationChecker) certPathValidator.getRevocationChecker();
        pKIXRevocationChecker.setOptions(Collections.singleton(PKIXRevocationChecker.Option.PREFER_CRLS));
        PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
        pKIXParameters.addCertPathChecker(pKIXRevocationChecker);
        certPathValidator.validate(generateCertPath, pKIXParameters);
        CertPath generateCertPath2 = certificateFactory.generateCertPath(arrayList);
        HashSet hashSet2 = new HashSet();
        hashSet2.add(new TrustAnchor(provider.getCertificate(x509CertificateHolder3), null));
        CertPathValidator certPathValidator2 = CertPathValidator.getInstance("PKIX", BC);
        PKIXRevocationChecker pKIXRevocationChecker2 = (PKIXRevocationChecker) certPathValidator2.getRevocationChecker();
        pKIXRevocationChecker2.setOptions(Collections.singleton(PKIXRevocationChecker.Option.PREFER_CRLS));
        PKIXParameters pKIXParameters2 = new PKIXParameters(hashSet2);
        pKIXParameters2.addCertPathChecker(pKIXRevocationChecker2);
        certPathValidator2.validate(generateCertPath2, pKIXParameters2);
        System.setProperty("org.bouncycastle.x509.enableCRLDP", "");
    }

    private byte[] getOcspResponse(KeyPair keyPair, DigestCalculatorProvider digestCalculatorProvider, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws Exception {
        JcaBasicOCSPRespBuilder jcaBasicOCSPRespBuilder = new JcaBasicOCSPRespBuilder(keyPair.getPublic(), digestCalculatorProvider.get(RespID.HASH_SHA1));
        jcaBasicOCSPRespBuilder.addResponse(new CertificateID(digestCalculatorProvider.get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(x509Certificate), x509Certificate2.getSerialNumber()), CertificateStatus.GOOD);
        return new OCSPRespBuilder().build(0, jcaBasicOCSPRespBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(keyPair.getPrivate()), (X509CertificateHolder[]) null, new Date())).getEncoded();
    }

    private byte[] getOcspResponseName(KeyPair keyPair, DigestCalculatorProvider digestCalculatorProvider, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws Exception {
        JcaBasicOCSPRespBuilder jcaBasicOCSPRespBuilder = new JcaBasicOCSPRespBuilder(x509Certificate.getSubjectX500Principal());
        jcaBasicOCSPRespBuilder.addResponse(new CertificateID(digestCalculatorProvider.get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(x509Certificate), x509Certificate2.getSerialNumber()), CertificateStatus.GOOD);
        return new OCSPRespBuilder().build(0, jcaBasicOCSPRespBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(keyPair.getPrivate()), (X509CertificateHolder[]) null, new Date())).getEncoded();
    }

    private byte[] getOcspResponse(KeyPair keyPair, DigestCalculatorProvider digestCalculatorProvider, X509Certificate x509Certificate, X509Certificate x509Certificate2, byte[] bArr) throws Exception {
        JcaBasicOCSPRespBuilder jcaBasicOCSPRespBuilder = new JcaBasicOCSPRespBuilder(keyPair.getPublic(), digestCalculatorProvider.get(RespID.HASH_SHA1));
        jcaBasicOCSPRespBuilder.addResponse(new CertificateID(digestCalculatorProvider.get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(x509Certificate), x509Certificate2.getSerialNumber()), CertificateStatus.GOOD);
        jcaBasicOCSPRespBuilder.setResponseExtensions(new Extensions(new org.bouncycastle.asn1.x509.Extension[]{new org.bouncycastle.asn1.x509.Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, bArr)}));
        return new OCSPRespBuilder().build(0, jcaBasicOCSPRespBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(keyPair.getPrivate()), (X509CertificateHolder[]) null, new Date())).getEncoded();
    }

    private byte[] getOcspResponse(KeyPair keyPair, X509Certificate x509Certificate, DigestCalculatorProvider digestCalculatorProvider, X509Certificate x509Certificate2, X509Certificate x509Certificate3) throws Exception {
        JcaBasicOCSPRespBuilder jcaBasicOCSPRespBuilder = new JcaBasicOCSPRespBuilder(keyPair.getPublic(), digestCalculatorProvider.get(RespID.HASH_SHA1));
        jcaBasicOCSPRespBuilder.addResponse(new CertificateID(digestCalculatorProvider.get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(x509Certificate2), x509Certificate3.getSerialNumber()), CertificateStatus.GOOD);
        return new OCSPRespBuilder().build(0, jcaBasicOCSPRespBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(keyPair.getPrivate()), new X509CertificateHolder[]{new JcaX509CertificateHolder(x509Certificate)}, new Date())).getEncoded();
    }

    private byte[] getRevokedOcspResponse(KeyPair keyPair, DigestCalculatorProvider digestCalculatorProvider, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws Exception {
        JcaBasicOCSPRespBuilder jcaBasicOCSPRespBuilder = new JcaBasicOCSPRespBuilder(keyPair.getPublic(), digestCalculatorProvider.get(RespID.HASH_SHA1));
        jcaBasicOCSPRespBuilder.addResponse(new CertificateID(digestCalculatorProvider.get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(x509Certificate), x509Certificate2.getSerialNumber()), new RevokedStatus(new Date(), 1));
        return new OCSPRespBuilder().build(0, jcaBasicOCSPRespBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(keyPair.getPrivate()), (X509CertificateHolder[]) null, new Date())).getEncoded();
    }

    private byte[] getFailedOcspResponse(KeyPair keyPair, DigestCalculatorProvider digestCalculatorProvider, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws Exception {
        JcaBasicOCSPRespBuilder jcaBasicOCSPRespBuilder = new JcaBasicOCSPRespBuilder(keyPair.getPublic(), digestCalculatorProvider.get(RespID.HASH_SHA1));
        jcaBasicOCSPRespBuilder.addResponse(new CertificateID(digestCalculatorProvider.get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(x509Certificate), x509Certificate2.getSerialNumber()), new RevokedStatus(new Date(), 1));
        return new OCSPRespBuilder().build(6, jcaBasicOCSPRespBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(keyPair.getPrivate()), (X509CertificateHolder[]) null, new Date())).getEncoded();
    }

    public static void main(String[] strArr) throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        runTest(new PKIXRevocationTest());
    }
}
