package org.bouncycastle.jce.provider.test.nist;

import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.jcajce.PKIXExtendedParameters;
import org.bouncycastle.test.TestResourceFinder;

/* loaded from: input_file:org/bouncycastle/jce/provider/test/nist/PKITSTest.class */
class PKITSTest {
    private CertPath certPath;
    private CertStore certStore;
    private PKIXCertPathValidatorResult validatorResult;
    private X509Certificate endCert;
    private Boolean explicitPolicyRequired;
    private Boolean inhibitAnyPolicy;
    private Boolean policyMappingInhibited;
    private boolean deltaCRLsEnabled;
    private static final Map certBuffer = new HashMap();
    private static final Map crlBuffer = new HashMap();
    private static final HashMap<String, ASN1ObjectIdentifier> policiesByName = new HashMap<>();
    private Set trustAnchors = new HashSet();
    private ArrayList certs = new ArrayList();
    private ArrayList crls = new ArrayList();
    private Set policies = new HashSet();
    private HashMap certsByName = new HashMap();
    private HashMap crlsByName = new HashMap();

    public static ASN1ObjectIdentifier[] resolvePolicyOid(String... strArr) {
        ASN1ObjectIdentifier[] aSN1ObjectIdentifierArr = new ASN1ObjectIdentifier[strArr.length];
        int i = 0;
        for (String str : strArr) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = policiesByName.get(str);
            if (aSN1ObjectIdentifier == null) {
                aSN1ObjectIdentifier = new ASN1ObjectIdentifier(str);
            }
            int i2 = i;
            i++;
            aSN1ObjectIdentifierArr[i2] = aSN1ObjectIdentifier;
        }
        return aSN1ObjectIdentifierArr;
    }

    public PKITSTest() throws Exception {
        this.trustAnchors.add(getTrustAnchor("TrustAnchorRootCertificate"));
        withCrls("TrustAnchorRootCRL");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PKITSTest enableDeltaCRLs(boolean z) {
        this.deltaCRLsEnabled = z;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PKITSTest withCrls(String... strArr) throws Exception {
        for (String str : strArr) {
            this.crls.add(loadCrl(str.replace(" ", "").replace("-", "")));
        }
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PKITSTest withCACert(String... strArr) {
        for (String str : strArr) {
            this.certs.add(loadCert(str.replace(" ", "").replace("-", "")));
        }
        return this;
    }

    public PKITSTest withPolicyByName(String... strArr) {
        withPolicyByOids(resolvePolicyOid(strArr));
        return this;
    }

    public PKITSTest withExplicitPolicyRequired(boolean z) {
        this.explicitPolicyRequired = Boolean.valueOf(z);
        return this;
    }

    public PKITSTest withPolicyByOids(ASN1ObjectIdentifier... aSN1ObjectIdentifierArr) {
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier : aSN1ObjectIdentifierArr) {
            this.policies.add(aSN1ObjectIdentifier.toString());
        }
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PKIXCertPathValidatorResult doTest() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.endCert);
        arrayList.addAll(this.certs);
        this.certPath = CertificateFactory.getInstance("X.509", "BC").generateCertPath(arrayList);
        arrayList.addAll(this.crls);
        this.certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC");
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", "BC");
        PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) this.trustAnchors);
        pKIXParameters.addCertStore(this.certStore);
        pKIXParameters.setRevocationEnabled(true);
        pKIXParameters.setDate(new GregorianCalendar(2010, 1, 1).getTime());
        if (this.explicitPolicyRequired != null) {
            pKIXParameters.setExplicitPolicyRequired(this.explicitPolicyRequired.booleanValue());
        }
        if (this.inhibitAnyPolicy != null) {
            pKIXParameters.setAnyPolicyInhibited(this.inhibitAnyPolicy.booleanValue());
        }
        if (this.policyMappingInhibited != null) {
            pKIXParameters.setPolicyMappingInhibited(this.policyMappingInhibited.booleanValue());
        }
        if (!this.policies.isEmpty()) {
            pKIXParameters.setExplicitPolicyRequired(true);
            pKIXParameters.setInitialPolicies(this.policies);
        }
        PKIXExtendedParameters.Builder builder = new PKIXExtendedParameters.Builder(pKIXParameters);
        builder.setUseDeltasEnabled(this.deltaCRLsEnabled);
        this.validatorResult = (PKIXCertPathValidatorResult) certPathValidator.validate(this.certPath, builder.build());
        return this.validatorResult;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void doExceptionTest(int i, String str) throws Exception {
        try {
            doTest();
            throw new RuntimeException("path accepted when should be rejected");
        } catch (CertPathValidatorException e) {
            if (i != e.getIndex()) {
                throw new RuntimeException("Index did not match: " + i + " got " + e.getIndex());
            }
            if (!str.equals(e.getMessage())) {
                throw new RuntimeException("Message did not match: '" + str + "', got '" + e.getMessage() + "'");
            }
        }
    }

    X509Certificate pathCert(int i) {
        List<? extends Certificate> certificates = this.certPath.getCertificates();
        if (i >= certificates.size()) {
            throw new IllegalArgumentException("Index " + i + "  exceeds available certificates in path, " + certificates.size());
        }
        return (X509Certificate) certificates.get(i);
    }

    TBSCertificate pathTBSCert(int i) throws Exception {
        List<? extends Certificate> certificates = this.certPath.getCertificates();
        if (i >= certificates.size()) {
            throw new IllegalArgumentException("Index " + i + "  exceeds available certificates in path, " + certificates.size());
        }
        return TBSCertificate.getInstance(((X509Certificate) certificates.get(i)).getTBSCertificate());
    }

    public boolean certHasKeyUsage(int i, int i2) throws Exception {
        return KeyUsage.fromExtensions(pathTBSCert(i).getExtensions()).hasUsages(i2);
    }

    public BasicConstraints certBasicConstraints(int i) throws Exception {
        return BasicConstraints.fromExtensions(pathTBSCert(i).getExtensions());
    }

    public Set getTrustAnchors() {
        return this.trustAnchors;
    }

    public ArrayList getCerts() {
        return this.certs;
    }

    public ArrayList getCrls() {
        return this.crls;
    }

    public Set getPolicies() {
        return this.policies;
    }

    public static Map getCertBuffer() {
        return certBuffer;
    }

    public static Map getCrlBuffer() {
        return crlBuffer;
    }

    public CertPath getCertPath() {
        return this.certPath;
    }

    public CertStore getCertStore() {
        return this.certStore;
    }

    public PKIXCertPathValidatorResult getValidatorResult() {
        return this.validatorResult;
    }

    public X509Certificate getEndCert() {
        return this.endCert;
    }

    private X509Certificate loadCert(String str) {
        X509Certificate x509Certificate;
        synchronized (certBuffer) {
            x509Certificate = (X509Certificate) certBuffer.get(str);
        }
        if (x509Certificate != null) {
            this.certsByName.put(str, x509Certificate);
            return x509Certificate;
        }
        try {
            X509Certificate x509Certificate2 = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(TestResourceFinder.findTestResource("PKITS/certs", str + ".crt"));
            synchronized (certBuffer) {
                this.certsByName.put(str, x509Certificate2);
                certBuffer.put(str, x509Certificate2);
            }
            return x509Certificate2;
        } catch (Exception e) {
            throw new IllegalStateException("exception loading certificate " + str + ": " + e);
        }
    }

    private X509CRL loadCrl(String str) throws Exception {
        X509CRL x509crl;
        synchronized (crlBuffer) {
            x509crl = (X509CRL) crlBuffer.get(str);
        }
        if (x509crl != null) {
            this.crlsByName.put(str, x509crl);
            return x509crl;
        }
        try {
            X509CRL x509crl2 = (X509CRL) CertificateFactory.getInstance("X.509", "BC").generateCRL(TestResourceFinder.findTestResource("PKITS/crls", str + ".crl"));
            synchronized (crlBuffer) {
                this.crlsByName.put(str, x509crl2);
                crlBuffer.put(str, x509crl2);
            }
            return x509crl2;
        } catch (Exception e) {
            throw new IllegalStateException("exception loading CRL: " + str);
        }
    }

    private TrustAnchor getTrustAnchor(String str) throws Exception {
        X509Certificate loadCert = loadCert(str);
        byte[] extensionValue = loadCert.getExtensionValue(Extension.nameConstraints.getId());
        return extensionValue != null ? new TrustAnchor(loadCert, ASN1Primitive.fromByteArray(ASN1OctetString.getInstance(extensionValue).getOctets()).toASN1Primitive().getEncoded("DER")) : new TrustAnchor(loadCert, null);
    }

    public PKITSTest withEndEntity(String str) {
        this.endCert = loadCert(str.replace(" ", "").replace("-", ""));
        return this;
    }

    public boolean endCertMatchesPathCert(int i) {
        return this.endCert.equals(pathCert(i));
    }

    public PKITSTest withInhibitAnyPolicy(boolean z) {
        this.inhibitAnyPolicy = Boolean.valueOf(z);
        return this;
    }

    public PKITSTest withPolicyMappingInhibited(boolean z) {
        this.policyMappingInhibited = Boolean.valueOf(z);
        return this;
    }

    static {
        policiesByName.put("anyPolicy", new ASN1ObjectIdentifier("2.5.29.32.0"));
        policiesByName.put("NIST-test-policy-1", new ASN1ObjectIdentifier("2.16.840.1.101.3.2.1.48.1"));
        policiesByName.put("NIST-test-policy-2", new ASN1ObjectIdentifier("2.16.840.1.101.3.2.1.48.2"));
        policiesByName.put("NIST-test-policy-3", new ASN1ObjectIdentifier("2.16.840.1.101.3.2.1.48.3"));
        policiesByName.put("NIST-test-policy-4", new ASN1ObjectIdentifier("2.16.840.1.101.3.2.1.48.4"));
        policiesByName.put("NIST-test-policy-5", new ASN1ObjectIdentifier("2.16.840.1.101.3.2.1.48.5"));
        policiesByName.put("NIST-test-policy-6", new ASN1ObjectIdentifier("2.16.840.1.101.3.2.1.48.6"));
        policiesByName.put("NIST-test-policy-7", new ASN1ObjectIdentifier("2.16.840.1.101.3.2.1.48.7"));
        policiesByName.put("NIST-test-policy-8", new ASN1ObjectIdentifier("2.16.840.1.101.3.2.1.48.8"));
        policiesByName.put("NIST-test-policy-9", new ASN1ObjectIdentifier("2.16.840.1.101.3.2.1.48.9"));
        policiesByName.put("NIST-test-policy-10", new ASN1ObjectIdentifier("2.16.840.1.101.3.2.1.48.10"));
    }
}
