package org.bouncycastle.tls.test;

import java.security.SecureRandom;
import java.security.Security;
import java.util.Vector;
import junit.framework.Test;
import junit.framework.TestSuite;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.SignatureScheme;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider;

/* loaded from: input_file:org/bouncycastle/tls/test/TlsTestSuite.class */
public class TlsTestSuite extends TestSuite {
    static BcTlsCrypto BC_CRYPTO = new BcTlsCrypto();
    static JcaTlsCrypto JCA_CRYPTO = new JcaTlsCryptoProvider().setProvider(new BouncyCastleProvider()).create(new SecureRandom());

    /* loaded from: input_file:org/bouncycastle/tls/test/TlsTestSuite$C.class */
    static abstract class C extends TlsTestConfig {
        C() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TlsCrypto getCrypto(TlsTestConfig tlsTestConfig) {
        switch (tlsTestConfig.clientCrypto) {
            case 0:
            default:
                return BC_CRYPTO;
            case 1:
                return JCA_CRYPTO;
        }
    }

    public TlsTestSuite() {
        super("TLS");
    }

    public static Test suite() {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        } else {
            Security.removeProvider("BC");
            Security.addProvider(new BouncyCastleProvider());
        }
        TlsTestSuite tlsTestSuite = new TlsTestSuite();
        addAllTests(tlsTestSuite, 0, 0);
        addAllTests(tlsTestSuite, 1, 0);
        addAllTests(tlsTestSuite, 0, 1);
        addAllTests(tlsTestSuite, 1, 1);
        return tlsTestSuite;
    }

    private static void addAllTests(TestSuite testSuite, int i, int i2) {
        addFallbackTests(testSuite, i, i2);
        addVersionTests(testSuite, ProtocolVersion.SSLv3, i, i2);
        addVersionTests(testSuite, ProtocolVersion.TLSv10, i, i2);
        addVersionTests(testSuite, ProtocolVersion.TLSv11, i, i2);
        addVersionTests(testSuite, ProtocolVersion.TLSv12, i, i2);
        addVersionTests(testSuite, ProtocolVersion.TLSv13, i, i2);
    }

    private static void addFallbackTests(TestSuite testSuite, int i, int i2) {
        String str = getCryptoName(i) + "_" + getCryptoName(i2) + "_";
        TlsTestConfig createTlsTestConfig = createTlsTestConfig(ProtocolVersion.TLSv12, i, i2);
        createTlsTestConfig.clientFallback = true;
        addTestCase(testSuite, createTlsTestConfig, str + "FallbackGood");
        TlsTestConfig createTlsTestConfig2 = createTlsTestConfig(ProtocolVersion.TLSv12, i, i2);
        createTlsTestConfig2.clientFallback = true;
        createTlsTestConfig2.clientSupportedVersions = ProtocolVersion.TLSv11.downTo(ProtocolVersion.TLSv10);
        createTlsTestConfig2.expectServerFatalAlert((short) 86);
        addTestCase(testSuite, createTlsTestConfig2, str + "FallbackBad");
        TlsTestConfig createTlsTestConfig3 = createTlsTestConfig(ProtocolVersion.TLSv12, i, i2);
        createTlsTestConfig3.clientSupportedVersions = ProtocolVersion.TLSv11.downTo(ProtocolVersion.TLSv10);
        addTestCase(testSuite, createTlsTestConfig3, str + "FallbackNone");
    }

    private static void addVersionTests(TestSuite testSuite, ProtocolVersion protocolVersion, int i, int i2) {
        String str = getCryptoName(i) + "_" + getCryptoName(i2) + "_" + protocolVersion.toString().replaceAll("[ \\.]", "") + "_";
        boolean isTLSv12 = TlsUtils.isTLSv12(protocolVersion);
        boolean isTLSv13 = TlsUtils.isTLSv13(protocolVersion);
        boolean z = isTLSv12 && !isTLSv13;
        short s = TlsUtils.isTLSv13(protocolVersion) ? (short) 116 : (short) 40;
        addTestCase(testSuite, createTlsTestConfig(protocolVersion, i, i2), str + "GoodDefault");
        if (isTLSv13) {
            TlsTestConfig createTlsTestConfig = createTlsTestConfig(protocolVersion, i, i2);
            createTlsTestConfig.clientEmptyKeyShare = true;
            addTestCase(testSuite, createTlsTestConfig, str + "GoodEmptyKeyShare");
        }
        if (z) {
            TlsTestConfig createTlsTestConfig2 = createTlsTestConfig(protocolVersion, i, i2);
            createTlsTestConfig2.clientAuth = 1;
            createTlsTestConfig2.clientAuthSigAlg = new SignatureAndHashAlgorithm((short) 4, (short) 1);
            createTlsTestConfig2.serverCertReqSigAlgs = TlsUtils.vectorOfOne(new SignatureAndHashAlgorithm((short) 4, (short) 3));
            createTlsTestConfig2.expectClientFatalAlert((short) 80);
            addTestCase(testSuite, createTlsTestConfig2, str + "BadCertVerifySigAlgClient");
        }
        if (isTLSv12) {
            TlsTestConfig createTlsTestConfig3 = createTlsTestConfig(protocolVersion, i, i2);
            createTlsTestConfig3.clientAuth = 1;
            createTlsTestConfig3.clientAuthSigAlg = SignatureAndHashAlgorithm.rsa_pss_rsae_sha256;
            createTlsTestConfig3.clientAuthSigAlgClaimed = SignatureScheme.getSignatureAndHashAlgorithm(1027);
            createTlsTestConfig3.serverCertReqSigAlgs = TlsUtils.vectorOfOne(SignatureAndHashAlgorithm.rsa_pss_rsae_sha256);
            createTlsTestConfig3.serverCheckSigAlgOfClientCerts = false;
            createTlsTestConfig3.expectServerFatalAlert((short) 47);
            addTestCase(testSuite, createTlsTestConfig3, str + "BadCertVerifySigAlgServer1");
        }
        if (isTLSv12) {
            TlsTestConfig createTlsTestConfig4 = createTlsTestConfig(protocolVersion, i, i2);
            createTlsTestConfig4.clientAuth = 1;
            createTlsTestConfig4.clientAuthSigAlg = SignatureAndHashAlgorithm.rsa_pss_rsae_sha256;
            createTlsTestConfig4.clientAuthSigAlgClaimed = SignatureScheme.getSignatureAndHashAlgorithm(1027);
            createTlsTestConfig4.serverCertReqSigAlgs = new Vector(2);
            createTlsTestConfig4.serverCertReqSigAlgs.addElement(SignatureAndHashAlgorithm.rsa_pss_rsae_sha256);
            createTlsTestConfig4.serverCertReqSigAlgs.addElement(SignatureScheme.getSignatureAndHashAlgorithm(1027));
            createTlsTestConfig4.expectServerFatalAlert((short) 42);
            addTestCase(testSuite, createTlsTestConfig4, str + "BadCertVerifySigAlgServer2");
        }
        TlsTestConfig createTlsTestConfig5 = createTlsTestConfig(protocolVersion, i, i2);
        createTlsTestConfig5.clientAuth = 3;
        createTlsTestConfig5.expectServerFatalAlert((short) 51);
        addTestCase(testSuite, createTlsTestConfig5, str + "BadCertVerifySignature");
        TlsTestConfig createTlsTestConfig6 = createTlsTestConfig(protocolVersion, i, i2);
        createTlsTestConfig6.clientAuth = 2;
        createTlsTestConfig6.expectServerFatalAlert((short) 42);
        addTestCase(testSuite, createTlsTestConfig6, str + "BadClientCertificate");
        if (isTLSv13) {
            TlsTestConfig createTlsTestConfig7 = createTlsTestConfig(protocolVersion, i, i2);
            createTlsTestConfig7.clientSendSignatureAlgorithms = false;
            createTlsTestConfig7.clientSendSignatureAlgorithmsCert = false;
            createTlsTestConfig7.expectServerFatalAlert((short) 109);
            addTestCase(testSuite, createTlsTestConfig7, str + "BadClientSigAlgs");
        }
        TlsTestConfig createTlsTestConfig8 = createTlsTestConfig(protocolVersion, i, i2);
        createTlsTestConfig8.clientAuth = 0;
        createTlsTestConfig8.serverCertReq = 2;
        createTlsTestConfig8.expectServerFatalAlert(s);
        addTestCase(testSuite, createTlsTestConfig8, str + "BadMandatoryCertReqDeclined");
        if (z) {
            TlsTestConfig createTlsTestConfig9 = createTlsTestConfig(protocolVersion, i, i2);
            createTlsTestConfig9.clientSendSignatureAlgorithms = false;
            createTlsTestConfig9.clientSendSignatureAlgorithmsCert = false;
            createTlsTestConfig9.serverAuthSigAlg = new SignatureAndHashAlgorithm((short) 4, (short) 1);
            createTlsTestConfig9.expectClientFatalAlert((short) 42);
            addTestCase(testSuite, createTlsTestConfig9, str + "BadServerCertSigAlg");
        }
        if (TlsUtils.isTLSv12(protocolVersion)) {
            TlsTestConfig createTlsTestConfig10 = createTlsTestConfig(protocolVersion, i, i2);
            createTlsTestConfig10.clientCHSigAlgs = TlsUtils.vectorOfOne(new SignatureAndHashAlgorithm((short) 4, (short) 1));
            createTlsTestConfig10.serverAuthSigAlg = new SignatureAndHashAlgorithm((short) 5, (short) 1);
            createTlsTestConfig10.expectClientFatalAlert((short) 47);
            addTestCase(testSuite, createTlsTestConfig10, str + "BadServerKeyExchangeSigAlg");
        }
        if (z) {
            TlsTestConfig createTlsTestConfig11 = createTlsTestConfig(protocolVersion, i, i2);
            createTlsTestConfig11.clientCheckSigAlgOfServerCerts = false;
            createTlsTestConfig11.clientSendSignatureAlgorithms = false;
            createTlsTestConfig11.clientSendSignatureAlgorithmsCert = false;
            createTlsTestConfig11.serverAuthSigAlg = new SignatureAndHashAlgorithm((short) 4, (short) 1);
            createTlsTestConfig11.expectClientFatalAlert((short) 47);
            addTestCase(testSuite, createTlsTestConfig11, str + "BadServerKeyExchangeSigAlg2");
        }
        TlsTestConfig createTlsTestConfig12 = createTlsTestConfig(protocolVersion, i, i2);
        createTlsTestConfig12.serverCertReq = 0;
        addTestCase(testSuite, createTlsTestConfig12, str + "GoodNoCertReq");
        TlsTestConfig createTlsTestConfig13 = createTlsTestConfig(protocolVersion, i, i2);
        createTlsTestConfig13.clientAuth = 0;
        addTestCase(testSuite, createTlsTestConfig13, str + "GoodOptionalCertReqDeclined");
        if (isTLSv13) {
            return;
        }
        TlsTestConfig createTlsTestConfig14 = createTlsTestConfig(protocolVersion, i, i2);
        createTlsTestConfig14.serverNegotiateVersion = protocolVersion;
        createTlsTestConfig14.serverSupportedVersions = ProtocolVersion.TLSv13.downTo(protocolVersion);
        createTlsTestConfig14.expectClientFatalAlert((short) 47);
        addTestCase(testSuite, createTlsTestConfig14, str + "BadDowngrade");
    }

    private static void addTestCase(TestSuite testSuite, TlsTestConfig tlsTestConfig, String str) {
        testSuite.addTest(new TlsTestCase(tlsTestConfig, str));
    }

    private static TlsTestConfig createTlsTestConfig(ProtocolVersion protocolVersion, int i, int i2) {
        TlsTestConfig tlsTestConfig = new TlsTestConfig();
        tlsTestConfig.clientCrypto = i;
        tlsTestConfig.clientSupportedVersions = ProtocolVersion.TLSv13.downTo(ProtocolVersion.SSLv3);
        tlsTestConfig.serverCrypto = i2;
        tlsTestConfig.serverSupportedVersions = protocolVersion.downTo(ProtocolVersion.SSLv3);
        return tlsTestConfig;
    }

    private static String getCryptoName(int i) {
        switch (i) {
            case 0:
            default:
                return "BC";
            case 1:
                return "JCA";
        }
    }
}
