package org.bouncycastle.jce.provider.test;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.Date;
import java.util.Enumeration;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.bc.EncryptedObjectStoreData;
import org.bouncycastle.asn1.bc.ObjectStore;
import org.bouncycastle.asn1.bc.ObjectStoreIntegrityCheck;
import org.bouncycastle.asn1.bc.PbkdMacIntegrityCheck;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PBES2Parameters;
import org.bouncycastle.asn1.pkcs.PBKDF2Params;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.crypto.util.PBKDF2Config;
import org.bouncycastle.crypto.util.PBKDFConfig;
import org.bouncycastle.crypto.util.ScryptConfig;
import org.bouncycastle.internal.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.internal.asn1.misc.ScryptParams;
import org.bouncycastle.jcajce.BCFKSLoadStoreParameter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.test.SimpleTest;

/* loaded from: input_file:org/bouncycastle/jce/provider/test/BCFKSStoreTest.class */
public class BCFKSStoreTest extends SimpleTest {
    private static byte[] trustedCertData = Base64.decode("MIIB/DCCAaagAwIBAgIBATANBgkqhkiG9w0BAQQFADCBhjELMAkGA1UEBhMCQVUxKDAmBgNVBAoMH1RoZSBMZWdpb24gb2YgdGhlIEJvdW5jeSBDYXN0bGUxEjAQBgNVBAcMCU1lbGJvdXJuZTERMA8GA1UECAwIVmljdG9yaWExJjAkBgkqhkiG9w0BCQEWF2lzc3VlckBib3VuY3ljYXN0bGUub3JnMB4XDTE0MDIyODExMjcxMVoXDTE0MDQyOTExMjcxMVowgYcxCzAJBgNVBAYTAkFVMSgwJgYDVQQKDB9UaGUgTGVnaW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMRIwEAYDVQQHDAlNZWxib3VybmUxETAPBgNVBAgMCFZpY3RvcmlhMScwJQYJKoZIhvcNAQkBFhhzdWJqZWN0QGJvdW5jeWNhc3RsZS5vcmcwWjANBgkqhkiG9w0BAQEFAANJADBGAkEAtKfkYXBXTxapcIKyK+WLaipil5hBm+EocqS9umJs+umQD3ar+xITnc5d5WVk+rK2VDFloEDGBoh0IOM9ke1+1wIBETANBgkqhkiG9w0BAQQFAANBAJ/ZhfF21NykhbEYRQrAo/yRr9XfpmBTVUSlLJXYoNVVRT5u9SGQqmPNfHElrTvNMZQPC0ridDZtBWb6S2tg9/E=");
    static char[] testPassword = {'h', 'e', 'l', 'l', 'o', ' ', 'w', 'o', 'r', 'l', 'd'};
    static char[] invalidTestPassword = {'Y', 'e', 'l', 'l', 'o', ' ', 'w', 'o', 'r', 'l', 'd'};
    static byte[] kwpKeyStore = Base64.decode("MIIJ/TCCCT8wgZUGCSqGSIb3DQEFDTCBhzBlBgkqhkiG9w0BBQwwWARAKXQjiKdsRc8lgCbMh8wLqjNPCiLcXVxArXA4/n6Y72G8jnjWUsXqvMQFmruTbQF6USSVaMgS1UlTbdLtu7yH9wIDAMgAAgEgMAwGCCqGSIb3DQILBQAwHgYJYIZIAWUDBAEvMBEEDJMoeNdAkcnMQjtxowIBCASCCKMU5dCIAkTb84CUiUGy4no3nGgVZL+2t4MNPKhMiL+2Xv7Ok9rucD2SMitzm+kxnkVU+aYGLVUrwEPFCvq5GWdnzOyjCd3XzTieySlfxhIxYMixGfz8NAvPu+P2LwtE+j2C4poHS7+MG22OXpxTTLGzWGuYusxb1zVLTujP6gSVGbtBikLxOXRiYXapZQzL32bOIKV/tHLv3JCKvIGyJAnTQBDlHQxVsm8fcYBhc101qc9vd3qMborJEZK3E+znJ++lI0yIb+WcZJ3PDI11Fzf22M1D6qtV8RELsLb5zfLheFLc4rJcY0YSja24se0tFvT7X9cSyrpvXdNDmzBlBThPdINsKPf3N6fO/9ibn/0QIJPY5bQc3SwbN8c7vboHOJzbWjq7n7Q71ZkFeiYO/NIXKZ4/KN8sqlRLjvEy4BFnbGoufim+K1zpFGdUPbYpDkuzCkfQfiEaQ9Zt69p5w5e6qh04kgHue0Ac/0IsnRIFy78k4JlK5TlrB3exqpuISZEWP72WDa+0yTaRM6ecMfIqieDNQmpD9U3HpmdMgiWZXTpCTtM/3I62Bv7EkwcVccRP9z4QUcoGZy81EemQ4d3eOVfYgvgZBCsbSpf+V8HlsnApTbJubTY1wJQAA19h49E7l3VCxSmeNcUSSE68xJjdJPPAzU1v83+RkYUDPlRx1YsO77zYBSuOwJr0g4BDTfnyd1vZCM6APt9N7Z2MfALoSSg4EF68nr144GLAMZw4ZVjfUeZ+kF3mjTDPujOoyI3vDztA5ZFa0JCQpp8Yh0CuO+sGnWLh+7TbirH2ifEscmNI++csUwDPSInjfGzv722JY6c9XzbaqDGqstpykwwUVN01IceolCvgeHZW7P0feDyqbpgmpdRxiGuBWshFEdcttXDSl9mQVEyYAMHQFVQKIx2RrFD7QPWZhITGqCvF44GNst/3962Au9oyGAY6rRQfN/HdF4+ygWjOS0t/50c1eAyBj1Rfk/M4sHBi8dKDjOpXQzqfqLqHjevxQPw1761q629iTagOO/3AIebbraD2qLqDHjmqUAW0ZVLkdS5n8zYyiqGsVeKok7SSDDKQfqwouPHJvRmKzHAK6bZDdrqMBqNfNcRghWHSH0jM4j8G1w3H2FQsNfBHqTb+kiFx1jEovKkf2HumctWwI5hqV2R2I23ThRNQbh6bdtFc8D3a8YnuXpUK+Tw/RTzMeGtUsVeakGOZDHh9AlxsdcLChY9xTLMzbpLfb6VAE9kpZ86Uwe60i+S4ropyIp5cwXizAgJPh1T51ZWTzEu+s8BDEAkXSDgxs1PFMLHa2pWnHPMNSs4VF6eeyK0Vj66m4LcQ0AgE35jAGxWQm31KbWI/h8EMxiC/tDJfMJ3UUKxYCRdbcneDBRc4E4cNmZVqajc8o9Fexr97GLQ6Is1HVoG65qtq6I9Wt6wmA/5i8ptG7bl7NrIzn3Fg0bMbwHEaKIoXrFHTM0EjwnOkVtQWBNDhnBa66IDJXMxJzXDB2uoMU/wX2y4dGpM+mgomJt0U3i29HqeihEQjHDc0hTJLkp2SJ2tKw3+VtoXUinV1W7tsG9TMj3F+XNSeiGFrcZpryi6+Fml3Tohg/FaiJQLpB9pLtzNd61ln1Q6RTHcOMChNocCRaagH6ntX5j8GcVp0auPfw8zyR5iNGueQdnV38Q6MhiGxlMQKC/gjBdKAHRI2q+31tGK8ZslHFxDee1fy3wtRZpLDwgecH74g4+1TYTLPj/PNeYRQicRCa1BbvI3zB1d8t+LKTg/f34MeEzdMpRT8fRb6vw/O1CRhtdl/0pBQ7RZQSrZFPdErKPRv4/1IG46crTCw1/AOMTXKjPeaUeADjff7aLKizJHUSPr6sTRxoMWQeOYfBDnRiLDZ/XYvSDkjnzesa0hdQIIe/tHnqSZ23Jbi46bLD7Lhf3lfZzbEOqKXAlq0m/ooidubndc0K1xVex4M/T+M0mMPRwO0uICJM4EtivU9Fp5/12GXdvimGEhr/adGodf+JduhsUoIUiz5TghRV0dSuLtQkcD2d0GkfxgHkCBlhbS3WifMWLTa3lHWrCVyhdIf6m5UOtqfzj5CEEkwE+L6urNBo3D4zHUjm8XJekjI3xjGbQHjBosr+BFHkwGNfTXXBHVqRE0L8lH6kSpLaCF5iMpU2NuAeaJ/xdS7LUXBtn4Zvi34PR3/akwMYIr4X+uDM0eB0KkOyyqSXZVPsT7uGMefwOHmbx1eHe22mR/q1r1iczDwOtXNYo8OB9jSsL3XWFdt4STxdA7kFEsAvK001x0pjrpTa/j/4ixjKhBGu8V/WVuBl0Hlicybtdl7xFCgoeF3FrAsn2Rw0EjVJm4uLpdEHGIVCWWTgadhZ9YyMWoMenLOUoGMlWXGE9hLGUfJG1wOMlFg33zq4dwCj17O0ULdpHh7QFQFEEpM+zscDhOHKmrZZEuiJvhR0JFkZz2rml0TEfSjCmdQ8XfJMzLbQ8BKZhWLOQdVh8Scn96Hm0EGkFBkcb4dO/Ubw+cu+bGskxHL1Q6uW0hGOdejiS7yWclE//uzSlSTa7GRtZ1F/vziWIVno0IInEyiOsCGagagWmxMvv1GTnRJwJl8Bt0BPJmWS2L4CClD6ocH2DrCEEYjMraPdquGbe0/0eYv3qANDWjvzJs4o4/4SoKZuRBuVj5YQMs69XdaxPgnC3Xfx59pf1Q5qOQe94R8oVTnT6z6G1Radsoweh1UnwItjjt4ptpfjyUn4bF2Ovz6bs/Tprbo2B4gmBraimCVHT5pruScBY2q4Vd8XiGbiviS8SgqUnxhH/4XmRRdeYpHpZyet1DT+nNTdJdOCfrsE6309CEQNhQRXt9j5c9S8fnwEA3x/FsriCOAnXsmjVZTnMmctnEYs0aChPxnCBgW1vb2dVUTJQ+KR+2CD3xPNiIEwdk9rA+80k1z3JXek8tac4cwgbcwDAYIKoZIhvcNAgsFADBlBgkqhkiG9w0BBQwwWARAvH3U5H5R/XeTJYthNF/5aUAsqnHPEeperLR1iXVAiVH8t4iby2WPFbvQtoKDbREOo9NaULKIWlDlimxCJosvygIDAMgAAgFAMAwGCCqGSIb3DQILBQAEQGeIvocQlW6yjPCczqj+yNdn6sTcmuHI9AnFtnaY0K7Ki2oIlXl5D9TLznFhJuHDtrIA3VYy2XTCvyrY3qEIySo=");
    static byte[] oldKeyStoreNoPW = Base64.decode("MIIF/jCCBUEwgZQGCSqGSIb3DQEFDTCBhjBkBgkqhkiG9w0BBQwwVwRAr1ik7Ut78AkRAXYcwhwjOjlSjfjzLzCqFFFsT2OHXWtCK1hFEnbVpdi5OFL+TQ6g8kU9w8EYrIZH7elwkMt+6wICBAACASAwDAYIKoZIhvcNAgsFADAeBglghkgBZQMEAS8wEQQMi3d/cdRmlkhW1B43AgEIBIIEpvp3Y9FgZwdOCGGd3pJmhTy4z3FQ+xQD5yQizR3GtuNwLQvrsDfaZOPdmt6bKSLQdjVXX214d2JmBlKNOj9MD6SDIsW+yEVoqk4asmQjY5KZi/l7o9IRMTAVFBSKyXYcmnV/0Wqpv/AEOaV1ytrxwu2TOW3gZcbNHs3YQvAArxMcqCLyyGJYJ73Qt2xuccZa8YgagCovr0t2KJYHdpeTIFvhaAU7/iHKa0z4ES0YjZoEKNu7jA91WCnKIaFdJCRLS5NKqcuHw93KgGNelEEJt9BbhmddlzZ3upxdw9QvZsaasD30ezK6viROxAkerfXzI5QVS8Qlz1/TQ10/ri8Lf04H3+HNRV5YS0cH9ghoBxKvvu8whcA43FdvGE7MREIEykJBWWWK5bgulduf2ONNA5cIBTLwLOmPdT2I4PkXUjCROHBmX9m4F0p41+9DCpqS2z5H2oS4+n+sBLHFWZbsOu/NAXKswLDVRaBbSGJW270dc8Gv1VoB9VWlkqX4wLZTLp+Gbk2aJaKlp9zeN5EHG/vh1wJWYq138h2MB+cYZ2TCl3+orhzlzx6xfRVAtbBz9kpPDpfgpnahM0+IdcuVc5B2sUR6hBM/GQY4cgFdsBI1XhoEjLxzD8PxF4Se2KbseB6fq0+h1GKSB8YXv+IVvroF1ueqsi8DisNcrkN3Bdbl28gopF7kG+aJ84JkEHPbmN+EaYIZZ6yRBHa/nfXltblCIRbSfB0x4L8Uz+/lbEen5hov7v/60+v+6nAlNWs3Af0ZlmOU4KAcSgmLBJzh3+83qld8BlJH1t1HICt/md7BQLXn4fRWeKUhbwvSvlut7knai1ZKaLxEhNCh+/7UDE7Y1wvzBfWJYfyAFkCxW9U0erkwp8euea7OgMd1U+6R9H8FEgEjzajmaMCKqmAizZromgxsiPzZgMkz9J1eY/VtWqk1Gu3mq7O/6ilWh/dogxVfeVZ2kyS17rXL152pcJHIx20Vsd4gnFx8sLqfqiO5n/qoA8BkbbwdrBmURNCVmDMuqlMl/yiOpqohQ8kcp81l6B6NHAtxAWCSz7ypfKw43G80tTKhHYDguCUvdbLCuR43DJj22SuuxoRKHjnhtYDxKL58W5HhIcSFliI5qBuRc+EHVOdHfFfqNhisitOzuTk9z1Emg0lweVFzaWkpqxiwtNfOmiYrg+EzDYiGmiQ7/r5Uxqku+aX69khXNOKQbx1d48PI/0mNJV7qUY6k1hhU3ZkMSnuR1akaq/Skds7BnC3yj8byDlWouJ5AYreHPc4uxoH6YwSrBGBWw9omxGPFE6aGWze8pV/95HOrftINptVRDPtuBvV8fo9qPJ7Xr6unG3kEbKoflYTbolguI4YN338+QIc6+53I7N7H+3kkb8TJhUPj4ImS1dvN5KfkSwYuKX8sQr4MGUVTfJwbRCKkbimtJ1MY/Rcpe9No1xQObp/3G4Tfam1KlhhLaM3A9fCLm+WwS7zlemJ+KcWa7iOyoS5f646+aLRZ7sNeuoxYecq9ybT5W8mYitUdvxcPwMlh2w1DqwmDqXVqkevs8WnDBJM2FYWVJenoU98oPd3pbFicZsjuMIG2MAwGCCqGSIb3DQILBQAwZAYJKoZIhvcNAQUMMFcEQAI9+HvmFMWhbl/EmZBy/B2CDIKcCs4AuhrKu50UVHSHobnuX7phOAtxdI9VevE2ehMCbWkLrUa3Qtkv4CmozFwCAgQAAgFAMAwGCCqGSIb3DQILBQAEQHGAl3x6ij1f4oSoeKX/KQOYByXY/Kk4BinJM0cG0zXapG4vYidgmTMPTguuWXxL1u3+ncAGmW2EYgEAHiOUu5c=");
    static byte[] oldKeyStore = Base64.decode("MIIF/jCCBUEwgZQGCSqGSIb3DQEFDTCBhjBkBgkqhkiG9w0BBQwwVwRA1njcCRF+e+s3pQsVaifZNKCablZ+5cLEeJXEdsAtJt7ZG26dq5iYzBhbol5L5D0n9RLYFW5IoK9rCd8UpD61GAICBAACASAwDAYIKoZIhvcNAgsFADAeBglghkgBZQMEAS8wEQQMhT2rGv09UX8PpmcZAgEIBIIEpu8KeIMyG7FZL+rxPCJ7YFNRXEjykNt70W1BD8VDsN/bGuW4kCnKXNlzV2SAx/44mhdR47qiKrXziCwZUgpck9d1R5nQQtTKw0Q2F1EuWGm9ErFpCMYl6E43/URmkmjuCMIpEbrKHTmuEjqsdHJ7+CST4cFU3lCsBj7dMl9G7tLxJhq5aCTYxhFX6R5kM5QHt/pkxE/5Ei94nh606cKNjLA7Zlrbn1c5WlTpesOjE1pZp/QY9UuSiSA0nucNd8Ir0H4PK120QerdQQ4EWY/KHEDn4EqGpaE1Z6WVASqyYING7g1q4YeYeJjFA2V8fqsj0j/wxG29x5J5ghcERnrcQGTL2P3uLvy2chgHdqIaFxKStANVntW+dy9MD/uCZnYi7DzeS3qWEZclcpp5oImL79k08uc9jpfOnNaqbxz8b76ABH39OVQVSGRhh7fkYYSlUEWpSlaFoKaywV3yJwXlilhX7JqyiqRt/hrlVLTlQZZeJbYMrEKA/Fn2ePmNt5hJRiHzF5w/YVd5My27QtPvInCgJ2bV+Z0Di3l+Sd4SCS1NiHtR6uB7G3xlI8E3uQVV4dRNXM8drb1Uu/eTGxGSH0hY2Z0N8TvSGdz+TAQRNn/nXaMA2nZdfhVmwiRPPP3BaiBCJM6y5FroOT1rkPupA+gpmlw1M7Ey+rABphsqEig2XyRe4FMMmIc4i8ga6mKH+F0e26ycsb+nSycdhLIs5Dcdo42wzmvmoG8fvM+/C1N98TfB0m2KbtS1TV9dohagJi4l685iUMnUbH3nmha7RPYUVnpZdDokiATVWjuSezCdpIxv1m6HOqXuArvDtvExDzyVZnPoIF4DEuRypDpW8tkppvLGA6VEo1TPJvjvyrX6SqorwDa1JINVnQGPpx5StjL+eIQBzVRHoy+NP2dcPBHUlAfwWrkk7V7CwST6uNYBL+YVhTYYIN1HnJY0CkmmraqMvkMks17WAd9hONzSLmNT3St6s3VIQMMPC7qNatB+570QBxgiQC7ieFu1wqy9ZNnNLU9DC69HR37uUFyiCnbCb54XY/zmCUhc8ONBi3L8DwmiDZ2oF7WIEmWvblcbWaQNFPNBMS9KzejHLpvopW+XcfRX4jCz9PwZ9HhUwGk8R7b1MALgJhXxuAD/a4VQK2OtlTHeAgSGBrGcGgjzSa7JWM5ks+EHdTuLaiU3ViVXLrZq4lr/D8ni1IptkKPaVcWnl56i7AXZtPj5xVE5v2eVual3sBOkObpoObyrDfmouZW0A9GPk69jGTm5j2FU+50p7JxSfR78BZJitBqrcYS4boVDFmTZYNMBpgGkHqW79gWKIde/pf6nf9cSnDEjZEIZJQI5rnLqmGG6+vKxJQJt7be4vCzGTVMqiY3+QgVCuwtK7Vd44RaPDnzQDxC9OwJOhIUFs1UwoS/vU/n5kbaYmD+py3dgffw4EicaOv5hG7NELZRKxueCjnVwdeCGH+WgJL7AIUdruK/SvsQbJX1asEFKU5KCG4Z9Sw0Sw4MjL+OAiyIbpQpMfHtG+9ORfWWmlH8McA3rjT07fKelhPn1YauY2jGZLfBrpBrQKxvcL82og7rUMIG2MAwGCCqGSIb3DQILBQAwZAYJKoZIhvcNAQUMMFcEQOchs+KAXDWhUaENOgpSls0plNpIUYDkgnMa/iL4RzEOCwiZBOuBdGsEfP3oKLWUS3wO83vrgetSLK5fkN6QNnoCAgQAAgFAMAwGCCqGSIb3DQILBQAEQBLCR5e4teCd8JX0xJbGadSCFaO1oEehyXSZrnKahsYJ7yTHqJTvlcWvqTiwn7Gud/SJmMXPQkZCSQhMQ5k+xZ4=");

    public void shouldCreateEmptyBCFKSNoPassword() throws Exception {
        checkEmptyStore(null);
    }

    public void shouldCreateEmptyBCFKSPassword() throws Exception {
        checkEmptyStore(testPassword);
    }

    public void shouldWorkWithNullLoadStoreParameter() throws Exception {
        KeyStore.getInstance("BCFKS", "BC").load(null);
    }

    private void checkEmptyStore(char[] cArr) throws KeyStoreException, NoSuchProviderException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance("BCFKS", "BC");
        keyStore.load(null, null);
        isTrue("", 0 == keyStore.size());
        isTrue("", !keyStore.aliases().hasMoreElements());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, cArr);
        KeyStore keyStore2 = KeyStore.getInstance("BCFKS", "BC");
        keyStore2.load(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), cArr);
        isTrue("", 0 == keyStore2.size());
        isTrue("", !keyStore2.aliases().hasMoreElements());
        checkInvalidLoad(keyStore2, cArr, byteArrayOutputStream.toByteArray());
    }

    private void checkInvalidLoad(KeyStore keyStore, char[] cArr, byte[] bArr) throws NoSuchAlgorithmException, CertificateException, KeyStoreException {
        checkInvalidLoadForPassword(keyStore, invalidTestPassword, bArr);
        if (cArr != null) {
            checkInvalidLoadForPassword(keyStore, null, bArr);
        }
    }

    private void checkInvalidLoadForPassword(KeyStore keyStore, char[] cArr, byte[] bArr) throws NoSuchAlgorithmException, CertificateException, KeyStoreException {
        try {
            keyStore.load(new ByteArrayInputStream(bArr), cArr);
        } catch (IOException e) {
            isTrue("wrong message", "BCFKS KeyStore corrupted: MAC calculation failed".equals(e.getMessage()));
        }
        isTrue("", 0 == keyStore.size());
        isTrue("", !keyStore.aliases().hasMoreElements());
    }

    public void shouldStoreOneCertificate() throws Exception {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(trustedCertData));
        checkOneCertificate(x509Certificate, null);
        checkOneCertificate(x509Certificate, testPassword);
    }

    public void shouldStoreOneCertificateWithECDSASignature() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "BC");
        keyPairGenerator.initialize(new ECGenParameterSpec("P-256"));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(trustedCertData));
        KeyStore keyStore = KeyStore.getInstance("BCFKS", "BC");
        keyStore.load(null, null);
        keyStore.setCertificateEntry("cert", x509Certificate);
        isTrue("", 1 == keyStore.size());
        Enumeration<String> aliases = keyStore.aliases();
        isTrue("", "cert".equals(aliases.nextElement()));
        isTrue("", !aliases.hasMoreElements());
        certStorageCheck(keyStore, "cert", x509Certificate);
        keyStore.getCreationDate("cert");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(new BCFKSLoadStoreParameter.Builder(byteArrayOutputStream, generateKeyPair.getPrivate()).withStoreSignatureAlgorithm(BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withECDSA).build());
        KeyStore.getInstance("BCFKS", "BC").load(new BCFKSLoadStoreParameter.Builder(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), generateKeyPair.getPublic()).withStoreSignatureAlgorithm(BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withECDSA).build());
    }

    public void shouldStoreOneCertificateWithECDSASignatureAndCertificates() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "BC");
        keyPairGenerator.initialize(new ECGenParameterSpec("P-256"));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(trustedCertData));
        KeyStore keyStore = KeyStore.getInstance("BCFKS", "BC");
        keyStore.load(null, null);
        keyStore.setCertificateEntry("cert", x509Certificate);
        isTrue("", 1 == keyStore.size());
        Enumeration<String> aliases = keyStore.aliases();
        isTrue("", "cert".equals(aliases.nextElement()));
        isTrue("", !aliases.hasMoreElements());
        certStorageCheck(keyStore, "cert", x509Certificate);
        keyStore.getCreationDate("cert");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        final X509Certificate createSelfSignedCert = TestUtils.createSelfSignedCert("CN=ECDSA", "SHA256withECDSA", generateKeyPair);
        keyStore.store(new BCFKSLoadStoreParameter.Builder(byteArrayOutputStream, generateKeyPair.getPrivate()).withStoreSignatureAlgorithm(BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withECDSA).withCertificates(new X509Certificate[]{createSelfSignedCert}).build());
        KeyStore keyStore2 = KeyStore.getInstance("BCFKS", "BC");
        final AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        keyStore2.load(new BCFKSLoadStoreParameter.Builder(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), new BCFKSLoadStoreParameter.CertChainValidator() { // from class: org.bouncycastle.jce.provider.test.BCFKSStoreTest.1
            public boolean isValid(X509Certificate[] x509CertificateArr) {
                BCFKSStoreTest.this.isEquals(createSelfSignedCert, x509CertificateArr[0]);
                atomicBoolean.set(true);
                return true;
            }
        }).withStoreSignatureAlgorithm(BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withECDSA).build());
        isTrue(atomicBoolean.get());
        try {
            keyStore2.load(new BCFKSLoadStoreParameter.Builder(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), new BCFKSLoadStoreParameter.CertChainValidator() { // from class: org.bouncycastle.jce.provider.test.BCFKSStoreTest.2
                public boolean isValid(X509Certificate[] x509CertificateArr) {
                    BCFKSStoreTest.this.isEquals(createSelfSignedCert, x509CertificateArr[0]);
                    return false;
                }
            }).withStoreSignatureAlgorithm(BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withECDSA).build());
            fail("no exception");
        } catch (IOException e) {
            isEquals("certificate chain in key store signature not valid", e.getMessage());
        }
    }

    public void shouldStoreOneCertificateWithDSASignature() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA", "BC");
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(trustedCertData));
        KeyStore keyStore = KeyStore.getInstance("BCFKS", "BC");
        keyStore.load(null, null);
        keyStore.setCertificateEntry("cert", x509Certificate);
        isTrue("", 1 == keyStore.size());
        Enumeration<String> aliases = keyStore.aliases();
        isTrue("", "cert".equals(aliases.nextElement()));
        isTrue("", !aliases.hasMoreElements());
        certStorageCheck(keyStore, "cert", x509Certificate);
        keyStore.getCreationDate("cert");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(new BCFKSLoadStoreParameter.Builder(byteArrayOutputStream, generateKeyPair.getPrivate()).withStoreSignatureAlgorithm(BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withDSA).build());
        KeyStore.getInstance("BCFKS", "BC").load(new BCFKSLoadStoreParameter.Builder(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), generateKeyPair.getPublic()).withStoreSignatureAlgorithm(BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withDSA).build());
    }

    public void shouldStoreOneCertificateWithRSASignature() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(trustedCertData));
        KeyStore keyStore = KeyStore.getInstance("BCFKS", "BC");
        keyStore.load(null, null);
        keyStore.setCertificateEntry("cert", x509Certificate);
        isTrue("", 1 == keyStore.size());
        Enumeration<String> aliases = keyStore.aliases();
        isTrue("", "cert".equals(aliases.nextElement()));
        isTrue("", !aliases.hasMoreElements());
        certStorageCheck(keyStore, "cert", x509Certificate);
        keyStore.getCreationDate("cert");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(new BCFKSLoadStoreParameter.Builder(byteArrayOutputStream, generateKeyPair.getPrivate()).withStoreSignatureAlgorithm(BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withRSA).build());
        KeyStore.getInstance("BCFKS", "BC").load(new BCFKSLoadStoreParameter.Builder(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), generateKeyPair.getPublic()).withStoreSignatureAlgorithm(BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withRSA).build());
    }

    private void checkOneCertificate(X509Certificate x509Certificate, char[] cArr) throws KeyStoreException, NoSuchProviderException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance("BCFKS", "BC");
        keyStore.load(null, null);
        keyStore.setCertificateEntry("cert", x509Certificate);
        isTrue("", 1 == keyStore.size());
        Enumeration<String> aliases = keyStore.aliases();
        isTrue("", "cert".equals(aliases.nextElement()));
        isTrue("", !aliases.hasMoreElements());
        certStorageCheck(keyStore, "cert", x509Certificate);
        Date creationDate = keyStore.getCreationDate("cert");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, cArr);
        KeyStore keyStore2 = KeyStore.getInstance("BCFKS", "BC");
        keyStore2.load(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), cArr);
        isTrue("", creationDate.equals(keyStore2.getCreationDate("cert")));
        isTrue("", 1 == keyStore2.size());
        Enumeration<String> aliases2 = keyStore2.aliases();
        isTrue("", "cert".equals(aliases2.nextElement()));
        isTrue("", !aliases2.hasMoreElements());
        certStorageCheck(keyStore2, "cert", x509Certificate);
        checkInvalidLoad(keyStore2, cArr, byteArrayOutputStream.toByteArray());
        keyStore.deleteEntry("cert");
        isTrue("", 0 == keyStore.size());
        isTrue("", !keyStore.aliases().hasMoreElements());
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream2, cArr);
        KeyStore keyStore3 = KeyStore.getInstance("BCFKS", "BC");
        keyStore3.load(new ByteArrayInputStream(byteArrayOutputStream2.toByteArray()), cArr);
        isTrue("", 0 == keyStore3.size());
        isTrue("", !keyStore3.aliases().hasMoreElements());
    }

    public void shouldStoreOnePrivateKey() throws Exception {
        PrivateKey privateKey = getPrivateKey();
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(trustedCertData));
        checkOnePrivateKeyFips(privateKey, new X509Certificate[]{x509Certificate}, null);
        checkOnePrivateKeyFips(privateKey, new X509Certificate[]{x509Certificate}, testPassword);
        checkOnePrivateKeyDef(privateKey, new X509Certificate[]{x509Certificate}, null);
        checkOnePrivateKeyDef(privateKey, new X509Certificate[]{x509Certificate}, testPassword);
    }

    public void shouldStoreOnePrivateKeyWithChain() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(512);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        KeyPair generateKeyPair2 = keyPairGenerator.generateKeyPair();
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
        X509Certificate createSelfSignedCert = TestUtils.createSelfSignedCert("CN=Final", "SHA1withRSA", generateKeyPair2);
        X509Certificate createCert = TestUtils.createCert(TestUtils.getCertSubject(createSelfSignedCert), generateKeyPair2.getPrivate(), "CN=EE", "SHA1withRSA", extensionsGenerator.generate(), generateKeyPair.getPublic());
        checkOnePrivateKeyFips(generateKeyPair.getPrivate(), new X509Certificate[]{createCert, createSelfSignedCert}, null);
        checkOnePrivateKeyFips(generateKeyPair.getPrivate(), new X509Certificate[]{createCert, createSelfSignedCert}, testPassword);
        checkOnePrivateKeyDef(generateKeyPair.getPrivate(), new X509Certificate[]{createCert, createSelfSignedCert}, null);
        checkOnePrivateKeyDef(generateKeyPair.getPrivate(), new X509Certificate[]{createCert, createSelfSignedCert}, testPassword);
    }

    public void shouldStoreOnePrivateKeyWithChainEdDSA() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EDDSA", "BC");
        keyPairGenerator.initialize(448);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        KeyPair generateKeyPair2 = keyPairGenerator.generateKeyPair();
        X509Certificate createSelfSignedCert = TestUtils.createSelfSignedCert("CN=Final", "Ed448", generateKeyPair2);
        X509Certificate createCert = TestUtils.createCert(TestUtils.getCertSubject(createSelfSignedCert), generateKeyPair2.getPrivate(), "CN=EE", "Ed448", (Extensions) null, generateKeyPair.getPublic());
        checkOnePrivateKeyFips(generateKeyPair.getPrivate(), new X509Certificate[]{createCert, createSelfSignedCert}, null);
        checkOnePrivateKeyFips(generateKeyPair.getPrivate(), new X509Certificate[]{createCert, createSelfSignedCert}, testPassword);
        checkOnePrivateKeyDef(generateKeyPair.getPrivate(), new X509Certificate[]{createCert, createSelfSignedCert}, null);
        checkOnePrivateKeyDef(generateKeyPair.getPrivate(), new X509Certificate[]{createCert, createSelfSignedCert}, testPassword);
    }

    public void shouldStoreOneECKeyWithChain() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "BC");
        keyPairGenerator.initialize(256);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        KeyPair generateKeyPair2 = keyPairGenerator.generateKeyPair();
        X509Certificate createSelfSignedCert = TestUtils.createSelfSignedCert("CN=Final", "SHA1withECDSA", generateKeyPair2);
        X509Certificate createCert = TestUtils.createCert(TestUtils.getCertSubject(createSelfSignedCert), generateKeyPair2.getPrivate(), "CN=EE", "SHA1withECDSA", (Extensions) null, generateKeyPair.getPublic());
        checkOnePrivateKeyFips(generateKeyPair.getPrivate(), new X509Certificate[]{createCert, createSelfSignedCert}, null);
        checkOnePrivateKeyFips(generateKeyPair.getPrivate(), new X509Certificate[]{createCert, createSelfSignedCert}, testPassword);
        checkOnePrivateKeyDef(generateKeyPair.getPrivate(), new X509Certificate[]{createCert, createSelfSignedCert}, null);
        checkOnePrivateKeyDef(generateKeyPair.getPrivate(), new X509Certificate[]{createCert, createSelfSignedCert}, testPassword);
    }

    public void shouldRejectInconsistentKeys() throws Exception {
        PrivateKey privateKey = getPrivateKey();
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(CertPathTest.interCertBin));
        KeyStore keyStore = KeyStore.getInstance("BCFKS", "BC");
        keyStore.load(null, null);
        try {
            keyStore.setKeyEntry("privkey", privateKey, "hello".toCharArray(), new X509Certificate[]{x509Certificate});
            fail("no exception");
        } catch (KeyStoreException e) {
            isTrue("", "RSA keys do not have the same modulus".equals(e.getCause().getMessage()));
        }
    }

    private void checkOnePrivateKeyFips(PrivateKey privateKey, X509Certificate[] x509CertificateArr, char[] cArr) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("BCFKS", "BC");
        keyStore.load(null, null);
        checkOnePrivateKey(privateKey, keyStore, x509CertificateArr, cArr);
    }

    private void checkOnePrivateKeyDef(PrivateKey privateKey, X509Certificate[] x509CertificateArr, char[] cArr) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("BCFKS-DEF", "BC");
        keyStore.load(null, null);
        checkOnePrivateKey(privateKey, keyStore, x509CertificateArr, cArr);
    }

    private void checkOnePrivateKey(PrivateKey privateKey, KeyStore keyStore, X509Certificate[] x509CertificateArr, char[] cArr) throws Exception {
        keyStore.setKeyEntry("privkey", privateKey, cArr, x509CertificateArr);
        isTrue("", 1 == keyStore.size());
        Enumeration<String> aliases = keyStore.aliases();
        isTrue("", "privkey".equals(aliases.nextElement()));
        isTrue("", !aliases.hasMoreElements());
        privateKeyStorageCheck(keyStore, "privkey", privateKey, x509CertificateArr[0], cArr);
        Date creationDate = keyStore.getCreationDate("privkey");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, cArr);
        KeyStore keyStore2 = KeyStore.getInstance("BCFKS", "BC");
        keyStore2.load(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), cArr);
        isTrue("", keyStore2.getCertificateChain("privkey").length == x509CertificateArr.length);
        Certificate[] certificateChain = keyStore2.getCertificateChain("privkey");
        for (int i = 0; i != certificateChain.length; i++) {
            isTrue("", x509CertificateArr[i].equals(certificateChain[i]));
        }
        isTrue("", creationDate.equals(keyStore2.getCreationDate("privkey")));
        isTrue("", 1 == keyStore2.size());
        Enumeration<String> aliases2 = keyStore2.aliases();
        isTrue("", "privkey".equals(aliases2.nextElement()));
        isTrue("", !aliases2.hasMoreElements());
        privateKeyStorageCheck(keyStore2, "privkey", privateKey, x509CertificateArr[0], cArr);
        checkInvalidLoad(keyStore2, cArr, byteArrayOutputStream.toByteArray());
        keyStore.deleteEntry("privkey");
        isTrue("", 0 == keyStore.size());
        isTrue("", !keyStore.aliases().hasMoreElements());
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream2, cArr);
        KeyStore keyStore3 = KeyStore.getInstance("BCFKS", "BC");
        keyStore3.load(new ByteArrayInputStream(byteArrayOutputStream2.toByteArray()), cArr);
        isTrue("", 0 == keyStore3.size());
        isTrue("", !keyStore3.aliases().hasMoreElements());
    }

    public void shouldStoreMultipleKeys() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(512);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        KeyPair generateKeyPair2 = keyPairGenerator.generateKeyPair();
        X509Certificate createSelfSignedCert = TestUtils.createSelfSignedCert("CN=Final", "SHA1withRSA", generateKeyPair2);
        X509Certificate createCert = TestUtils.createCert(TestUtils.getCertSubject(createSelfSignedCert), generateKeyPair2.getPrivate(), "CN=EE", "SHA1withRSA", (Extensions) null, generateKeyPair.getPublic());
        PrivateKey privateKey = generateKeyPair.getPrivate();
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(trustedCertData));
        KeyStore keyStore = KeyStore.getInstance("BCFKS", "BC");
        keyStore.load(null, null);
        keyStore.setKeyEntry("privkey", privateKey, testPassword, new X509Certificate[]{createCert, createSelfSignedCert});
        keyStore.setCertificateEntry("trusted", x509Certificate);
        SecretKeySpec secretKeySpec = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"), "AES");
        keyStore.setKeyEntry("secret1", secretKeySpec, "secretPwd1".toCharArray(), null);
        SecretKeySpec secretKeySpec2 = new SecretKeySpec(Hex.decode("010102020404070708080b0b0d0d0e0e"), "DESede");
        keyStore.setKeyEntry("secret2", secretKeySpec2, "secretPwd2".toCharArray(), null);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, testPassword);
        KeyStore keyStore2 = KeyStore.getInstance("BCFKS", "BC");
        keyStore2.load(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), testPassword);
        isTrue("", 4 == keyStore2.size());
        Key key = keyStore2.getKey("secret2", "secretPwd2".toCharArray());
        isTrue("", secretKeySpec2.getAlgorithm().equals(key.getAlgorithm()));
        isTrue("", Arrays.areEqual(secretKeySpec2.getEncoded(), key.getEncoded()));
        Key key2 = keyStore2.getKey("secret1", "secretPwd1".toCharArray());
        isTrue("", Arrays.areEqual(secretKeySpec.getEncoded(), key2.getEncoded()));
        isTrue("", secretKeySpec.getAlgorithm().equals(key2.getAlgorithm()));
        isTrue("", privateKey.equals(keyStore2.getKey("privkey", testPassword)));
        isTrue("", 2 == keyStore2.getCertificateChain("privkey").length);
        isTrue("", x509Certificate.equals(keyStore2.getCertificate("trusted")));
        isTrue("", null == keyStore2.getCertificate("unknown"));
        isTrue("", null == keyStore2.getCertificateChain("unknown"));
        isTrue("", !keyStore2.isCertificateEntry("unknown"));
        isTrue("", !keyStore2.isKeyEntry("unknown"));
        isTrue("", !keyStore2.containsAlias("unknown"));
    }

    public void shouldParseKWPKeyStore() throws Exception {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(trustedCertData));
        SecretKeySpec secretKeySpec = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"), "AES");
        SecretKeySpec secretKeySpec2 = new SecretKeySpec(Hex.decode("010102020404070708080b0b0d0d0e0e"), "DESede");
        KeyStore keyStore = KeyStore.getInstance("BCFKS", "BC");
        keyStore.load(new ByteArrayInputStream(kwpKeyStore), testPassword);
        isTrue("", 4 == keyStore.size());
        Key key = keyStore.getKey("secret2", "secretPwd2".toCharArray());
        isTrue("", secretKeySpec2.getAlgorithm().equals(key.getAlgorithm()));
        isTrue("", Arrays.areEqual(secretKeySpec2.getEncoded(), key.getEncoded()));
        Key key2 = keyStore.getKey("secret1", "secretPwd1".toCharArray());
        isTrue("", Arrays.areEqual(secretKeySpec.getEncoded(), key2.getEncoded()));
        isTrue("", secretKeySpec.getAlgorithm().equals(key2.getAlgorithm()));
        Key key3 = keyStore.getKey("privkey", testPassword);
        isTrue("", 2 == keyStore.getCertificateChain("privkey").length);
        isTrue("", key3 instanceof RSAPrivateCrtKey);
        isTrue("", x509Certificate.equals(keyStore.getCertificate("trusted")));
        isTrue("", null == keyStore.getCertificate("unknown"));
        isTrue("", null == keyStore.getCertificateChain("unknown"));
        isTrue("", !keyStore.isCertificateEntry("unknown"));
        isTrue("", !keyStore.isKeyEntry("unknown"));
        isTrue("", !keyStore.containsAlias("unknown"));
    }

    public void shouldStoreSecretKeys() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("BCFKS", "BC");
        keyStore.load(null, null);
        SecretKey secretKeySpec = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"), "AES");
        SecretKey secretKeySpec2 = new SecretKeySpec(Hex.decode("010102020404070708080b0b0d0d0e0e"), "DESede");
        Key secretKeySpec3 = new SecretKeySpec(Hex.decode("010102020404070708080b0b0d0d0e0e"), "TripleDES");
        Key secretKeySpec4 = new SecretKeySpec(Hex.decode("010102020404070708080b0b0d0d0e0e"), "TDEA");
        SecretKey secretKeySpec5 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0eff"), "HmacSHA1");
        SecretKey secretKeySpec6 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0eff"), "HmacSHA224");
        SecretKey secretKeySpec7 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0eff01ff"), "HmacSHA256");
        SecretKey secretKeySpec8 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0eff0102ff"), "HmacSHA384");
        SecretKey secretKeySpec9 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0eff010203ff"), "HmacSHA512");
        SecretKey secretKeySpec10 = new SecretKeySpec(Hex.decode("ff0102030405060708090a0b0c0d0eff"), "HmacSHA512/224");
        SecretKey secretKeySpec11 = new SecretKeySpec(Hex.decode("ff0102030405060708090a0b0c0d0eff01ff"), "HmacSHA512/256");
        SecretKey secretKeySpec12 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0eff"), "HmacSHA3-224");
        SecretKey secretKeySpec13 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0eff01ff"), "HmacSHA3-256");
        SecretKey secretKeySpec14 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0eff0102ff"), "HmacSHA3-384");
        SecretKey secretKeySpec15 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0eff010203ff"), "HmacSHA3-512");
        SecretKey secretKeySpec16 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0eff01fd"), "KMAC128");
        SecretKey secretKeySpec17 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0eff010203fd"), "KMAC256");
        SecretKey secretKeySpec18 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f"), "Camellia");
        SecretKey secretKeySpec19 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f0001020304050607"), "Camellia");
        SecretKey secretKeySpec20 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"), "Camellia");
        SecretKey secretKeySpec21 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f"), "SEED");
        SecretKey secretKeySpec22 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f"), "ARIA");
        SecretKey secretKeySpec23 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f0001020304050607"), "ARIA");
        SecretKey secretKeySpec24 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"), "ARIA");
        keyStore.setKeyEntry("secret1", secretKeySpec, "secretPwd1".toCharArray(), null);
        keyStore.setKeyEntry("secret2", secretKeySpec2, "secretPwd2".toCharArray(), null);
        keyStore.setKeyEntry("secret3", secretKeySpec3, "secretPwd3".toCharArray(), null);
        keyStore.setKeyEntry("secret4", secretKeySpec4, "secretPwd4".toCharArray(), null);
        keyStore.setKeyEntry("secret5", secretKeySpec5, "secretPwd5".toCharArray(), null);
        keyStore.setKeyEntry("secret6", secretKeySpec6, "secretPwd6".toCharArray(), null);
        keyStore.setKeyEntry("secret7", secretKeySpec7, "secretPwd7".toCharArray(), null);
        keyStore.setKeyEntry("secret8", secretKeySpec8, "secretPwd8".toCharArray(), null);
        keyStore.setKeyEntry("secret9", secretKeySpec9, "secretPwd9".toCharArray(), null);
        keyStore.setKeyEntry("secret10", secretKeySpec10, "secretPwd10".toCharArray(), null);
        keyStore.setKeyEntry("secret11", secretKeySpec11, "secretPwd11".toCharArray(), null);
        keyStore.setKeyEntry("secret12", secretKeySpec12, "secretPwd12".toCharArray(), null);
        keyStore.setKeyEntry("secret13", secretKeySpec13, "secretPwd13".toCharArray(), null);
        keyStore.setKeyEntry("secret14", secretKeySpec14, "secretPwd14".toCharArray(), null);
        keyStore.setKeyEntry("secret15", secretKeySpec15, "secretPwd15".toCharArray(), null);
        keyStore.setKeyEntry("secret16", secretKeySpec18, "secretPwd16".toCharArray(), null);
        keyStore.setKeyEntry("secret17", secretKeySpec19, "secretPwd17".toCharArray(), null);
        keyStore.setKeyEntry("secret18", secretKeySpec20, "secretPwd18".toCharArray(), null);
        keyStore.setKeyEntry("secret19", secretKeySpec21, "secretPwd19".toCharArray(), null);
        keyStore.setKeyEntry("secret20", secretKeySpec22, "secretPwd20".toCharArray(), null);
        keyStore.setKeyEntry("secret21", secretKeySpec23, "secretPwd21".toCharArray(), null);
        keyStore.setKeyEntry("secret22", secretKeySpec24, "secretPwd22".toCharArray(), null);
        keyStore.setKeyEntry("secret23", secretKeySpec16, "secretPwd23".toCharArray(), null);
        keyStore.setKeyEntry("secret24", secretKeySpec17, "secretPwd24".toCharArray(), null);
        checkSecretKey(keyStore, "secret1", "secretPwd1".toCharArray(), secretKeySpec);
        checkSecretKey(keyStore, "secret2", "secretPwd2".toCharArray(), secretKeySpec2);
        checkSecretKey(keyStore, "secret3", "secretPwd3".toCharArray(), secretKeySpec2);
        checkSecretKey(keyStore, "secret4", "secretPwd4".toCharArray(), secretKeySpec2);
        checkSecretKey(keyStore, "secret5", "secretPwd5".toCharArray(), secretKeySpec5);
        checkSecretKey(keyStore, "secret6", "secretPwd6".toCharArray(), secretKeySpec6);
        checkSecretKey(keyStore, "secret7", "secretPwd7".toCharArray(), secretKeySpec7);
        checkSecretKey(keyStore, "secret8", "secretPwd8".toCharArray(), secretKeySpec8);
        checkSecretKey(keyStore, "secret9", "secretPwd9".toCharArray(), secretKeySpec9);
        checkSecretKey(keyStore, "secret10", "secretPwd10".toCharArray(), secretKeySpec10);
        checkSecretKey(keyStore, "secret11", "secretPwd11".toCharArray(), secretKeySpec11);
        checkSecretKey(keyStore, "secret16", "secretPwd16".toCharArray(), secretKeySpec18);
        checkSecretKey(keyStore, "secret17", "secretPwd17".toCharArray(), secretKeySpec19);
        checkSecretKey(keyStore, "secret18", "secretPwd18".toCharArray(), secretKeySpec20);
        checkSecretKey(keyStore, "secret19", "secretPwd19".toCharArray(), secretKeySpec21);
        checkSecretKey(keyStore, "secret20", "secretPwd20".toCharArray(), secretKeySpec22);
        checkSecretKey(keyStore, "secret21", "secretPwd21".toCharArray(), secretKeySpec23);
        checkSecretKey(keyStore, "secret22", "secretPwd22".toCharArray(), secretKeySpec24);
        checkSecretKey(keyStore, "secret23", "secretPwd23".toCharArray(), secretKeySpec16);
        checkSecretKey(keyStore, "secret24", "secretPwd24".toCharArray(), secretKeySpec17);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, "secretkeytest".toCharArray());
        KeyStore keyStore2 = KeyStore.getInstance("BCFKS", "BC");
        keyStore2.load(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), "secretkeytest".toCharArray());
        checkSecretKey(keyStore2, "secret1", "secretPwd1".toCharArray(), secretKeySpec);
        checkSecretKey(keyStore2, "secret2", "secretPwd2".toCharArray(), secretKeySpec2);
        checkSecretKey(keyStore2, "secret3", "secretPwd3".toCharArray(), secretKeySpec2);
        checkSecretKey(keyStore2, "secret4", "secretPwd4".toCharArray(), secretKeySpec2);
        checkSecretKey(keyStore2, "secret5", "secretPwd5".toCharArray(), secretKeySpec5);
        checkSecretKey(keyStore2, "secret6", "secretPwd6".toCharArray(), secretKeySpec6);
        checkSecretKey(keyStore2, "secret7", "secretPwd7".toCharArray(), secretKeySpec7);
        checkSecretKey(keyStore2, "secret8", "secretPwd8".toCharArray(), secretKeySpec8);
        checkSecretKey(keyStore2, "secret9", "secretPwd9".toCharArray(), secretKeySpec9);
        checkSecretKey(keyStore2, "secret10", "secretPwd10".toCharArray(), secretKeySpec10);
        checkSecretKey(keyStore2, "secret11", "secretPwd11".toCharArray(), secretKeySpec11);
        checkSecretKey(keyStore2, "secret12", "secretPwd12".toCharArray(), secretKeySpec12);
        checkSecretKey(keyStore2, "secret13", "secretPwd13".toCharArray(), secretKeySpec13);
        checkSecretKey(keyStore2, "secret14", "secretPwd14".toCharArray(), secretKeySpec14);
        checkSecretKey(keyStore2, "secret15", "secretPwd15".toCharArray(), secretKeySpec15);
        checkSecretKey(keyStore2, "secret23", "secretPwd23".toCharArray(), secretKeySpec16);
        checkSecretKey(keyStore2, "secret24", "secretPwd24".toCharArray(), secretKeySpec17);
        isTrue("", null == keyStore2.getKey("secret27", new char[0]));
    }

    public void shouldFailOnWrongPassword() throws Exception {
        failOnWrongPasswordTest("IBCFKS");
        failOnWrongPasswordTest("IBCFKS-DEF");
    }

    public void failOnWrongPasswordTest(String str) throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(512);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        KeyPair generateKeyPair2 = keyPairGenerator.generateKeyPair();
        X509Certificate createSelfSignedCert = TestUtils.createSelfSignedCert("CN=Final", "SHA1withRSA", generateKeyPair2);
        X509Certificate createCert = TestUtils.createCert(X500Name.getInstance(createSelfSignedCert.getSubjectX500Principal().getEncoded()), generateKeyPair2.getPrivate(), "CN=EE", "SHA1withRSA", (Extensions) null, generateKeyPair.getPublic());
        KeyStore keyStore = KeyStore.getInstance("BCFKS", "BC");
        keyStore.load(null, null);
        keyStore.setKeyEntry("privkey", generateKeyPair.getPrivate(), testPassword, new X509Certificate[]{createCert, createSelfSignedCert});
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, testPassword);
        KeyStore keyStore2 = KeyStore.getInstance(str, "BC");
        keyStore2.load(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), testPassword);
        isTrue("privKey test 1", keyStore2.getKey("privkey", testPassword) != null);
        try {
            keyStore2.getKey("privkey", invalidTestPassword);
            fail("no exception");
        } catch (UnrecoverableKeyException e) {
            isEquals("wrong message, got : " + e.getMessage(), "unable to recover key (privkey)", e.getMessage());
        }
        isTrue("privKey test 2", keyStore2.getKey("privkey", testPassword) != null);
    }

    private void checkSecretKey(KeyStore keyStore, String str, char[] cArr, SecretKey secretKey) throws Exception {
        SecretKey secretKey2 = (SecretKey) keyStore.getKey(str, cArr);
        isTrue("", Arrays.areEqual(secretKey.getEncoded(), secretKey2.getEncoded()));
        isTrue("", secretKey.getAlgorithm().equals(secretKey2.getAlgorithm()));
        if (!keyStore.isKeyEntry(str)) {
            fail("key not identified as key entry");
        }
        if (keyStore.entryInstanceOf(str, KeyStore.SecretKeyEntry.class)) {
            return;
        }
        fail("not identified as key entry via SecretKeyEntry");
    }

    private PrivateKey getPrivateKey() {
        PrivateKey privateKey = null;
        try {
            privateKey = KeyFactory.getInstance("RSA", "BC").generatePrivate(new RSAPrivateCrtKeySpec(new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), new BigInteger("11", 16), new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16), new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16), new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16), new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16), new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16), new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16)));
        } catch (Exception e) {
            fail("error setting up keys - " + e.toString());
        }
        return privateKey;
    }

    public void shouldFailOnRemovesOrOverwrite() throws Exception {
        failOnRemovesOrOverwrite("IBCFKS");
        failOnRemovesOrOverwrite("IBCFKS-DEF");
    }

    private void failOnRemovesOrOverwrite(String str) throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(512);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        KeyPair generateKeyPair2 = keyPairGenerator.generateKeyPair();
        X509Certificate createSelfSignedCert = TestUtils.createSelfSignedCert("CN=Final", "SHA1withRSA", generateKeyPair2);
        X509Certificate createCert = TestUtils.createCert(X500Name.getInstance(createSelfSignedCert.getSubjectX500Principal().getEncoded()), generateKeyPair2.getPrivate(), "CN=EE", "SHA1withRSA", (Extensions) null, generateKeyPair.getPublic());
        KeyStore keyStore = KeyStore.getInstance(str, "BC");
        keyStore.load(new ByteArrayInputStream(oldKeyStoreNoPW), null);
        try {
            keyStore.setKeyEntry("privkey", generateKeyPair.getPrivate(), testPassword, new X509Certificate[]{createCert, createSelfSignedCert});
            fail("no exception");
        } catch (KeyStoreException e) {
            isTrue("set operation not supported in shared mode".equals(e.getMessage()));
        }
        try {
            keyStore.setKeyEntry("privkey", generateKeyPair.getPrivate().getEncoded(), new X509Certificate[]{createCert, createSelfSignedCert});
            fail("no exception");
        } catch (KeyStoreException e2) {
            isTrue("set operation not supported in shared mode".equals(e2.getMessage()));
        }
        try {
            keyStore.setCertificateEntry("cert", createCert);
            fail("no exception");
        } catch (KeyStoreException e3) {
            isTrue("set operation not supported in shared mode".equals(e3.getMessage()));
        }
        try {
            keyStore.deleteEntry("privkey");
            fail("no exception");
        } catch (KeyStoreException e4) {
            isTrue("delete operation not supported in shared mode".equals(e4.getMessage()));
        }
    }

    public void shouldStoreOneSecretKey() throws Exception {
        checkOneSecretKey(new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f"), "AES"), null);
        checkOneSecretKey(new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f"), "AES"), testPassword);
    }

    private void checkOneSecretKey(SecretKey secretKey, char[] cArr) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("BCFKS", "BC");
        keyStore.load(null, null);
        keyStore.setKeyEntry("seckey", secretKey, cArr, null);
        isTrue("", 1 == keyStore.size());
        Enumeration<String> aliases = keyStore.aliases();
        isTrue("", "seckey".equals(aliases.nextElement()));
        isTrue("", !aliases.hasMoreElements());
        secretKeyStorageCheck(keyStore, "seckey", secretKey, cArr);
        Date creationDate = keyStore.getCreationDate("seckey");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, cArr);
        KeyStore keyStore2 = KeyStore.getInstance("BCFKS", "BC");
        keyStore2.load(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), cArr);
        isTrue("", creationDate.equals(keyStore2.getCreationDate("seckey")));
        isTrue("", 1 == keyStore2.size());
        Enumeration<String> aliases2 = keyStore2.aliases();
        isTrue("", "seckey".equals(aliases2.nextElement()));
        isTrue("", !aliases2.hasMoreElements());
        secretKeyStorageCheck(keyStore2, "seckey", secretKey, cArr);
        checkInvalidLoad(keyStore2, cArr, byteArrayOutputStream.toByteArray());
        keyStore.deleteEntry("seckey");
        isTrue("", 0 == keyStore.size());
        isTrue("", !keyStore.aliases().hasMoreElements());
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream2, cArr);
        KeyStore keyStore3 = KeyStore.getInstance("BCFKS", "BC");
        keyStore3.load(new ByteArrayInputStream(byteArrayOutputStream2.toByteArray()), cArr);
        isTrue("", 0 == keyStore3.size());
        isTrue("", !keyStore3.aliases().hasMoreElements());
    }

    private void privateKeyStorageCheck(KeyStore keyStore, String str, PrivateKey privateKey, Certificate certificate, char[] cArr) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        if (!keyStore.containsAlias(str)) {
            fail("couldn't find alias privateKey");
        }
        if (keyStore.isCertificateEntry(str)) {
            fail("key identified as certificate entry");
        }
        if (!keyStore.isKeyEntry(str)) {
            fail("key not identified as key entry");
        }
        Key key = keyStore.getKey(str, cArr);
        if (keyStore.getType().equals("BCFKS")) {
            isTrue("", privateKey.equals(key));
        }
        if (cArr != null) {
            try {
                keyStore.getKey(str, null);
            } catch (UnrecoverableKeyException e) {
                isTrue("", e.getMessage().startsWith("BCFKS KeyStore unable to recover private key (privkey)"));
            }
        }
        Certificate[] certificateChain = keyStore.getCertificateChain(str);
        if (certificateChain == null) {
            fail("Did not return certificate chain");
        }
        isTrue("", certificate.equals(certificateChain[0]));
        isTrue("", str.equals(keyStore.getCertificateAlias(certificate)));
        if (keyStore.entryInstanceOf(str, KeyStore.TrustedCertificateEntry.class)) {
            fail("identified as TrustedCertificateEntry");
        }
        if (!keyStore.entryInstanceOf(str, KeyStore.PrivateKeyEntry.class)) {
            fail("not identified as key entry via PrivateKeyEntry");
        }
        if (keyStore.entryInstanceOf(str, KeyStore.SecretKeyEntry.class)) {
            fail("identified as key entry via SecretKeyEntry");
        }
    }

    private void certStorageCheck(KeyStore keyStore, String str, Certificate certificate) throws KeyStoreException {
        if (!keyStore.containsAlias(str)) {
            fail("couldn't find alias " + str);
        }
        if (!keyStore.isCertificateEntry(str)) {
            fail("cert not identified as certificate entry");
        }
        if (keyStore.isKeyEntry(str)) {
            fail("cert identified as key entry");
        }
        if (!keyStore.entryInstanceOf(str, KeyStore.TrustedCertificateEntry.class)) {
            fail("cert not identified as TrustedCertificateEntry");
        }
        if (keyStore.entryInstanceOf(str, KeyStore.PrivateKeyEntry.class)) {
            fail("cert identified as key entry via PrivateKeyEntry");
        }
        if (keyStore.entryInstanceOf(str, KeyStore.SecretKeyEntry.class)) {
            fail("cert identified as key entry via SecretKeyEntry");
        }
        if (str.equals(keyStore.getCertificateAlias(certificate))) {
            return;
        }
        fail("Did not return alias for certificate entry");
    }

    private void secretKeyStorageCheck(KeyStore keyStore, String str, SecretKey secretKey, char[] cArr) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        if (!keyStore.containsAlias(str)) {
            fail("couldn't find alias privateKey");
        }
        if (keyStore.isCertificateEntry(str)) {
            fail("key identified as certificate entry");
        }
        if (!keyStore.isKeyEntry(str)) {
            fail("key not identified as key entry");
        }
        isTrue("", Arrays.areEqual(secretKey.getEncoded(), keyStore.getKey(str, cArr).getEncoded()));
        if (cArr != null) {
            try {
                keyStore.getKey(str, null);
            } catch (UnrecoverableKeyException e) {
                isTrue("", e.getMessage().startsWith("BCFKS KeyStore unable to recover secret key (seckey)"));
            }
        }
        if (keyStore.getCertificateChain(str) != null) {
            fail("returned certificates!");
        }
        if (keyStore.entryInstanceOf(str, KeyStore.TrustedCertificateEntry.class)) {
            fail("identified as TrustedCertificateEntry");
        }
        if (keyStore.entryInstanceOf(str, KeyStore.PrivateKeyEntry.class)) {
            fail("identified as key entry via PrivateKeyEntry");
        }
        if (keyStore.entryInstanceOf(str, KeyStore.SecretKeyEntry.class)) {
            return;
        }
        fail("not identified as key entry via SecretKeyEntry");
    }

    private void shouldParseOldStores() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("BCFKS", "BC");
        keyStore.load(new ByteArrayInputStream(oldKeyStore), testPassword);
        checkStore(keyStore, oldKeyStore, testPassword);
        keyStore.load(new ByteArrayInputStream(oldKeyStoreNoPW), null);
        checkStore(keyStore, oldKeyStoreNoPW, null);
    }

    private void checkStore(KeyStore keyStore, byte[] bArr, char[] cArr) throws Exception {
        isEquals(keyStore.getCertificateChain("privkey").length, 2);
        isEquals(1, keyStore.size());
        Enumeration<String> aliases = keyStore.aliases();
        isEquals("privkey", aliases.nextElement());
        isTrue(!aliases.hasMoreElements());
        checkInvalidLoad(keyStore, cArr, bArr);
        try {
            keyStore.store(new ByteArrayOutputStream(), cArr);
            fail("no exception");
        } catch (IOException e) {
            isEquals("KeyStore not initialized", e.getMessage());
        }
        keyStore.load(new ByteArrayInputStream(bArr), cArr);
        keyStore.deleteEntry("privkey");
        isEquals(0, keyStore.size());
        isTrue(!keyStore.aliases().hasMoreElements());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, cArr);
        KeyStore keyStore2 = KeyStore.getInstance("BCFKS", "BC");
        keyStore2.load(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), cArr);
        isEquals(0, keyStore2.size());
        isTrue(!keyStore2.aliases().hasMoreElements());
    }

    private void shouldStoreUsingSCRYPT() throws Exception {
        ObjectStore objectStore = ObjectStore.getInstance(doStoreUsingStoreParameter(new ScryptConfig.Builder(1024, 8, 1).withSaltLength(20).build()));
        ObjectStoreIntegrityCheck integrityCheck = objectStore.getIntegrityCheck();
        isEquals(integrityCheck.getType(), 0);
        PbkdMacIntegrityCheck pbkdMacIntegrityCheck = PbkdMacIntegrityCheck.getInstance(integrityCheck.getIntegrityCheck());
        isTrue("wrong MAC", pbkdMacIntegrityCheck.getMacAlgorithm().getAlgorithm().equals(PKCSObjectIdentifiers.id_hmacWithSHA512));
        isTrue("wrong PBE", pbkdMacIntegrityCheck.getPbkdAlgorithm().getAlgorithm().equals(MiscObjectIdentifiers.id_scrypt));
        ScryptParams scryptParams = ScryptParams.getInstance(pbkdMacIntegrityCheck.getPbkdAlgorithm().getParameters());
        isEquals(20, scryptParams.getSalt().length);
        isEquals(1024, scryptParams.getCostParameter().intValue());
        isEquals(8, scryptParams.getBlockSize().intValue());
        isEquals(1, scryptParams.getParallelizationParameter().intValue());
        AlgorithmIdentifier encryptionAlgorithm = EncryptedObjectStoreData.getInstance(objectStore.getStoreData()).getEncryptionAlgorithm();
        isTrue(encryptionAlgorithm.getAlgorithm().equals(PKCSObjectIdentifiers.id_PBES2));
        PBES2Parameters pBES2Parameters = PBES2Parameters.getInstance(encryptionAlgorithm.getParameters());
        isTrue(pBES2Parameters.getKeyDerivationFunc().getAlgorithm().equals(MiscObjectIdentifiers.id_scrypt));
        ScryptParams scryptParams2 = ScryptParams.getInstance(pBES2Parameters.getKeyDerivationFunc().getParameters());
        isEquals(20, scryptParams2.getSalt().length);
        isEquals(1024, scryptParams2.getCostParameter().intValue());
        isEquals(8, scryptParams2.getBlockSize().intValue());
        isEquals(1, scryptParams2.getParallelizationParameter().intValue());
    }

    private void shouldStoreUsingKWP() throws Exception {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(trustedCertData));
        KeyStore keyStore = KeyStore.getInstance("BCFKS", "BC");
        keyStore.load(new BCFKSLoadStoreParameter.Builder().withStoreEncryptionAlgorithm(BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_KWP).build());
        keyStore.setCertificateEntry("cert", x509Certificate);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, testPassword);
        ObjectStore objectStore = ObjectStore.getInstance(byteArrayOutputStream.toByteArray());
        ObjectStoreIntegrityCheck integrityCheck = objectStore.getIntegrityCheck();
        isEquals(integrityCheck.getType(), 0);
        PbkdMacIntegrityCheck pbkdMacIntegrityCheck = PbkdMacIntegrityCheck.getInstance(integrityCheck.getIntegrityCheck());
        isTrue("wrong MAC", pbkdMacIntegrityCheck.getMacAlgorithm().getAlgorithm().equals(PKCSObjectIdentifiers.id_hmacWithSHA512));
        isTrue("wrong PBE", pbkdMacIntegrityCheck.getPbkdAlgorithm().getAlgorithm().equals(PKCSObjectIdentifiers.id_PBKDF2));
        AlgorithmIdentifier encryptionAlgorithm = EncryptedObjectStoreData.getInstance(objectStore.getStoreData()).getEncryptionAlgorithm();
        isTrue(encryptionAlgorithm.getAlgorithm().equals(PKCSObjectIdentifiers.id_PBES2));
        PBES2Parameters pBES2Parameters = PBES2Parameters.getInstance(encryptionAlgorithm.getParameters());
        isTrue(pBES2Parameters.getKeyDerivationFunc().getAlgorithm().equals(PKCSObjectIdentifiers.id_PBKDF2));
        isTrue(pBES2Parameters.getEncryptionScheme().getAlgorithm().equals(NISTObjectIdentifiers.id_aes256_wrap_pad));
    }

    private void shouldStoreUsingPBKDF2() throws Exception {
        doStoreUsingPBKDF2(PBKDF2Config.PRF_SHA512);
        doStoreUsingPBKDF2(PBKDF2Config.PRF_SHA3_512);
    }

    private void doStoreUsingPBKDF2(AlgorithmIdentifier algorithmIdentifier) throws Exception {
        ObjectStore objectStore = ObjectStore.getInstance(doStoreUsingStoreParameter(new PBKDF2Config.Builder().withPRF(algorithmIdentifier).withIterationCount(1024).withSaltLength(20).build()));
        ObjectStoreIntegrityCheck integrityCheck = objectStore.getIntegrityCheck();
        isEquals(integrityCheck.getType(), 0);
        PbkdMacIntegrityCheck pbkdMacIntegrityCheck = PbkdMacIntegrityCheck.getInstance(integrityCheck.getIntegrityCheck());
        isTrue("wrong MAC", pbkdMacIntegrityCheck.getMacAlgorithm().getAlgorithm().equals(PKCSObjectIdentifiers.id_hmacWithSHA512));
        isTrue("wrong PBE", pbkdMacIntegrityCheck.getPbkdAlgorithm().getAlgorithm().equals(PKCSObjectIdentifiers.id_PBKDF2));
        PBKDF2Params pBKDF2Params = PBKDF2Params.getInstance(pbkdMacIntegrityCheck.getPbkdAlgorithm().getParameters());
        isTrue(pBKDF2Params.getPrf().equals(algorithmIdentifier));
        isEquals(20, pBKDF2Params.getSalt().length);
        isEquals(1024, pBKDF2Params.getIterationCount().intValue());
        AlgorithmIdentifier encryptionAlgorithm = EncryptedObjectStoreData.getInstance(objectStore.getStoreData()).getEncryptionAlgorithm();
        isTrue(encryptionAlgorithm.getAlgorithm().equals(PKCSObjectIdentifiers.id_PBES2));
        isTrue(PBES2Parameters.getInstance(encryptionAlgorithm.getParameters()).getKeyDerivationFunc().getAlgorithm().equals(PKCSObjectIdentifiers.id_PBKDF2));
        PBKDF2Params pBKDF2Params2 = PBKDF2Params.getInstance(pbkdMacIntegrityCheck.getPbkdAlgorithm().getParameters());
        isTrue(pBKDF2Params2.getPrf().equals(algorithmIdentifier));
        isEquals(20, pBKDF2Params2.getSalt().length);
        isEquals(1024, pBKDF2Params2.getIterationCount().intValue());
    }

    private byte[] doStoreUsingStoreParameter(PBKDFConfig pBKDFConfig) throws Exception {
        Certificate certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(trustedCertData));
        KeyStore keyStore = KeyStore.getInstance("BCFKS", "BC");
        keyStore.load(null, null);
        keyStore.setCertificateEntry("cert", certificate);
        isTrue("", 1 == keyStore.size());
        Enumeration<String> aliases = keyStore.aliases();
        isTrue("", "cert".equals(aliases.nextElement()));
        isTrue("", !aliases.hasMoreElements());
        certStorageCheck(keyStore, "cert", certificate);
        Date creationDate = keyStore.getCreationDate("cert");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(new BCFKSLoadStoreParameter.Builder(byteArrayOutputStream, testPassword).withStorePBKDFConfig(pBKDFConfig).build());
        KeyStore keyStore2 = KeyStore.getInstance("BCFKS", "BC");
        keyStore2.load(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), testPassword);
        isTrue("", creationDate.equals(keyStore2.getCreationDate("cert")));
        isTrue("", 1 == keyStore2.size());
        Enumeration<String> aliases2 = keyStore2.aliases();
        isTrue("", "cert".equals(aliases2.nextElement()));
        isTrue("", !aliases2.hasMoreElements());
        certStorageCheck(keyStore2, "cert", certificate);
        checkInvalidLoad(keyStore2, testPassword, byteArrayOutputStream.toByteArray());
        keyStore.deleteEntry("cert");
        isTrue("", 0 == keyStore.size());
        isTrue("", !keyStore.aliases().hasMoreElements());
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream2, testPassword);
        KeyStore keyStore3 = KeyStore.getInstance("BCFKS", "BC");
        keyStore3.load(new ByteArrayInputStream(byteArrayOutputStream2.toByteArray()), testPassword);
        isTrue("", 0 == keyStore3.size());
        isTrue("", !keyStore3.aliases().hasMoreElements());
        return byteArrayOutputStream2.toByteArray();
    }

    private void testJKS() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("FIPS", "BC");
        keyStore.load(new ByteArrayInputStream(PKCS12StoreTest.JKS_Store), PKCS12StoreTest.JKS_TEST_PWD);
        isTrue(keyStore.isCertificateEntry("cert0"));
        KeyStore keyStore2 = KeyStore.getInstance("IFIPS", "BC");
        keyStore2.load(new ByteArrayInputStream(PKCS12StoreTest.JKS_Store), PKCS12StoreTest.JKS_TEST_PWD);
        isTrue(keyStore2.isCertificateEntry("cert0"));
    }

    @Override // org.bouncycastle.util.test.SimpleTest, org.bouncycastle.util.test.Test
    public String getName() {
        return "BCFKS";
    }

    @Override // org.bouncycastle.util.test.SimpleTest
    public void performTest() throws Exception {
        shouldCreateEmptyBCFKSNoPassword();
        shouldCreateEmptyBCFKSPassword();
        shouldStoreMultipleKeys();
        shouldStoreOneCertificate();
        shouldStoreOneCertificateWithECDSASignature();
        shouldStoreOneCertificateWithDSASignature();
        shouldStoreOneCertificateWithRSASignature();
        shouldStoreOneCertificateWithECDSASignatureAndCertificates();
        shouldStoreOneECKeyWithChain();
        shouldStoreOnePrivateKey();
        shouldStoreOnePrivateKeyWithChain();
        shouldStoreOneSecretKey();
        shouldStoreSecretKeys();
        shouldStoreUsingSCRYPT();
        shouldStoreUsingPBKDF2();
        shouldFailOnWrongPassword();
        shouldParseKWPKeyStore();
        shouldFailOnRemovesOrOverwrite();
        shouldParseOldStores();
        shouldStoreUsingKWP();
        shouldStoreOnePrivateKeyWithChainEdDSA();
        shouldWorkWithNullLoadStoreParameter();
        testJKS();
    }

    public static void main(String[] strArr) {
        Security.addProvider(new BouncyCastleProvider());
        runTest(new BCFKSStoreTest());
    }
}
