package org.bouncycastle.pkcs.test;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Date;
import junit.framework.TestCase;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.PrivateKeyStatement;
import org.bouncycastle.asn1.x509.X509AttributeIdentifiers;
import org.bouncycastle.cert.CertException;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jcajce.spec.MLDSAParameterSpec;
import org.bouncycastle.jcajce.spec.MLKEMParameterSpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;

/* loaded from: input_file:org/bouncycastle/pkcs/test/PQCPKCS10Test.class */
public class PQCPKCS10Test extends TestCase {
    public void setUp() {
        Security.addProvider(new BouncyCastleProvider());
    }

    public void testKEMPKCS10() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ML-DSA", "BC");
        keyPairGenerator.initialize((AlgorithmParameterSpec) MLDSAParameterSpec.ml_dsa_65);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        X509CertificateHolder makeV3Certificate = makeV3Certificate("CN=ML-KEM Client", generateKeyPair);
        KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("ML-KEM", "BC");
        keyPairGenerator2.initialize((AlgorithmParameterSpec) MLKEMParameterSpec.ml_kem_768);
        JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name("CN=ML-KEM Client"), keyPairGenerator2.generateKeyPair().getPublic());
        jcaPKCS10CertificationRequestBuilder.addAttribute(X509AttributeIdentifiers.id_at_privateKeyStatement, new PrivateKeyStatement(makeV3Certificate.toASN1Structure()));
        assertTrue(jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder("ML-DSA").setProvider("BC").build(generateKeyPair.getPrivate())).isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(makeV3Certificate.getSubjectPublicKeyInfo())));
    }

    private static X509CertificateHolder makeV3Certificate(String str, KeyPair keyPair) throws OperatorCreationException, CertException, CertIOException {
        PrivateKey privateKey = keyPair.getPrivate();
        PublicKey publicKey = keyPair.getPublic();
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(new X500Name(str), BigInteger.valueOf(System.currentTimeMillis()), new Date(System.currentTimeMillis() - 5000), new Date(System.currentTimeMillis() + 8640000000L), new X500Name(str), keyPair.getPublic());
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
        X509CertificateHolder build = jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("ML-DSA").build(privateKey));
        assertTrue(build.isSignatureValid(new JcaContentVerifierProviderBuilder().build(publicKey)));
        return build;
    }
}
