package org.bouncycastle.cert.test;

import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Date;
import java.util.Iterator;
import org.bouncycastle.asn1.rosstandart.RosstandartObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
import org.bouncycastle.jce.interfaces.ECPrivateKey;
import org.bouncycastle.jce.interfaces.ECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcECContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.Store;
import org.bouncycastle.util.test.SimpleTest;

/* loaded from: input_file:org/bouncycastle/cert/test/GOST3410_2012CMSTest.class */
public class GOST3410_2012CMSTest extends SimpleTest {
    @Override // org.bouncycastle.util.test.SimpleTest, org.bouncycastle.util.test.Test
    public String getName() {
        return "GOST3410 2012 CMS TEST";
    }

    @Override // org.bouncycastle.util.test.SimpleTest
    public void performTest() throws Exception {
        if (Security.getProvider("BC").containsKey("KeyFactory.ECGOST3410-2012")) {
            cmsTest("GOST-3410-2012", "Tc26-Gost-3410-12-512-paramSetA", "GOST3411-2012-512WITHECGOST3410-2012-512", RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512.getId());
            cmsTest("GOST-3410-2012", "Tc26-Gost-3410-12-512-paramSetB", "GOST3411-2012-512WITHECGOST3410-2012-512", RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512.getId());
            cmsTest("GOST-3410-2012", "Tc26-Gost-3410-12-512-paramSetC", "GOST3411-2012-512WITHECGOST3410-2012-512", RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512.getId());
            cmsTest("GOST-3410-2012", "Tc26-Gost-3410-12-256-paramSetA", "GOST3411-2012-256WITHECGOST3410-2012-256", RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256.getId());
        }
    }

    public void cmsTest(String str, String str2, String str3, String str4) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, "BC");
            keyPairGenerator.initialize((AlgorithmParameterSpec) new ECNamedCurveGenParameterSpec(str2), new SecureRandom());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            X509CertificateHolder selfSignedCertificate = selfSignedCertificate(generateKeyPair, str3);
            CMSTypedData cMSProcessableByteArray = new CMSProcessableByteArray(new byte[]{1, 2, 3, 4, 33, 22, 11, 33, 52, 21, 23});
            SignerInfoGenerator build = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(new JcaContentSignerBuilder(str3).setProvider("BC").build(generateKeyPair.getPrivate()), selfSignedCertificate);
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            cMSSignedDataGenerator.addCertificate(selfSignedCertificate);
            cMSSignedDataGenerator.addSignerInfoGenerator(build);
            CMSSignedData generate = cMSSignedDataGenerator.generate(cMSProcessableByteArray, false);
            if (generate == null) {
                fail("Cant create CMS");
            }
            boolean z = false;
            Iterator it = generate.getDigestAlgorithmIDs().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                } else if (((AlgorithmIdentifier) it.next()).getAlgorithm().getId().equals(str4)) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                fail("identifier not valid");
            }
            if (!verify(generate, cMSProcessableByteArray)) {
                fail("Verification fails ");
            }
        } catch (Exception e) {
            e.printStackTrace();
            fail("fail with exception:", e);
        }
    }

    private boolean verify(CMSSignedData cMSSignedData, CMSTypedData cMSTypedData) throws CertificateException, OperatorCreationException, IOException, CMSException {
        CMSSignedData cMSSignedData2 = new CMSSignedData(cMSTypedData, cMSSignedData.getEncoded());
        Store certificates = cMSSignedData2.getCertificates();
        for (SignerInformation signerInformation : cMSSignedData2.getSignerInfos().getSigners()) {
            if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build((X509CertificateHolder) certificates.getMatches(signerInformation.getSID()).iterator().next()))) {
                return true;
            }
        }
        return false;
    }

    private X509CertificateHolder selfSignedCertificate(KeyPair keyPair, String str) throws IOException, OperatorCreationException {
        X500Name x500Name = new X500Name("CN=BB, C=aa");
        ECPublicKey eCPublicKey = keyPair.getPublic();
        ECParameterSpec parameters = eCPublicKey.getParameters();
        ECPublicKeyParameters eCPublicKeyParameters = new ECPublicKeyParameters(eCPublicKey.getQ(), new ECDomainParameters(parameters.getCurve(), parameters.getG(), parameters.getN()));
        ECPrivateKey eCPrivateKey = keyPair.getPrivate();
        ECParameterSpec parameters2 = eCPrivateKey.getParameters();
        ECPrivateKeyParameters eCPrivateKeyParameters = new ECPrivateKeyParameters(eCPrivateKey.getD(), new ECDomainParameters(parameters2.getCurve(), parameters2.getG(), parameters2.getN()));
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, BigInteger.ONE, new Date(), new Date(new Date().getTime() + 65520000), x500Name, SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(eCPublicKeyParameters));
        DefaultSignatureAlgorithmIdentifierFinder defaultSignatureAlgorithmIdentifierFinder = new DefaultSignatureAlgorithmIdentifierFinder();
        DefaultDigestAlgorithmIdentifierFinder defaultDigestAlgorithmIdentifierFinder = new DefaultDigestAlgorithmIdentifierFinder();
        AlgorithmIdentifier find = defaultSignatureAlgorithmIdentifierFinder.find(str);
        BcECContentSignerBuilder bcECContentSignerBuilder = new BcECContentSignerBuilder(find, defaultDigestAlgorithmIdentifierFinder.find(find));
        x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(2 | 16 | 32768 | 128 | 1 | 8 | 32 | 64));
        x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
        x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping));
        return x509v3CertificateBuilder.build(bcECContentSignerBuilder.build(eCPrivateKeyParameters));
    }

    public static void main(String[] strArr) {
        Security.addProvider(new BouncyCastleProvider());
        System.out.println(new GOST3410_2012CMSTest().perform());
    }
}
