package cn.com.suresec.cert.test;

import cn.com.suresec.asn1.ASN1Encodable;
import cn.com.suresec.asn1.x500.X500Name;
import cn.com.suresec.asn1.x509.BasicConstraints;
import cn.com.suresec.asn1.x509.Extension;
import cn.com.suresec.asn1.x509.KeyUsage;
import cn.com.suresec.asn1.x509.SubjectPublicKeyInfo;
import cn.com.suresec.cert.X509CRLHolder;
import cn.com.suresec.cert.X509CertificateHolder;
import cn.com.suresec.cert.X509v2CRLBuilder;
import cn.com.suresec.cert.X509v3CertificateBuilder;
import cn.com.suresec.cert.jcajce.JcaX509CRLConverter;
import cn.com.suresec.cert.jcajce.JcaX509CertificateConverter;
import cn.com.suresec.jce.provider.SuresecProvider;
import cn.com.suresec.operator.ContentSigner;
import cn.com.suresec.operator.jcajce.JcaContentSignerBuilder;
import cn.com.suresec.util.test.SimpleTest;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertStore;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

/* loaded from: classes.dex */
public class CertPathLoopTest extends SimpleTest {
    private static List<Object> otherList;
    private static Set<TrustAnchor> taSet;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        static final KeyPairGenerator f493a;

        /* renamed from: b, reason: collision with root package name */
        TrustAnchor f494b;
        X509Certificate d;
        X509Certificate e;
        X509CRL f;
        private ContentSigner i;
        private ContentSigner j;
        private int k;
        private KeyPair g = f493a.generateKeyPair();
        private KeyPair h = f493a.generateKeyPair();

        /* renamed from: c, reason: collision with root package name */
        X500Name f495c = new X500Name("CN=AC_0");

        static {
            try {
                f493a = KeyPairGenerator.getInstance("RSA");
                f493a.initialize(512);
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        }

        public a() throws Exception {
            this.k = 1;
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            Date time = gregorianCalendar.getTime();
            gregorianCalendar.add(6, 1);
            Date time2 = gregorianCalendar.getTime();
            this.j = new JcaContentSignerBuilder("SHA1withRSA").build(this.g.getPrivate());
            X500Name x500Name = this.f495c;
            ContentSigner contentSigner = this.j;
            int i = this.k;
            this.k = i + 1;
            this.d = a(new X509v3CertificateBuilder(x500Name, BigInteger.valueOf(i), time, time2, this.f495c, a(this.g.getPublic())).addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true)).addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(4)).build(contentSigner));
            this.f494b = new TrustAnchor(this.d, null);
            this.i = new JcaContentSignerBuilder("SHA1withRSA").build(this.h.getPrivate());
            int i2 = this.k;
            this.k = i2 + 1;
            this.e = a(new X509v3CertificateBuilder(x500Name, BigInteger.valueOf(i2), time, time2, this.f495c, a(this.h.getPublic())).addExtension(Extension.basicConstraints, false, (ASN1Encodable) new BasicConstraints(false)).addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(2)).build(contentSigner));
            this.f = a(new X509v2CRLBuilder(this.f495c, time).setNextUpdate(time2).build(this.i));
        }

        static SubjectPublicKeyInfo a(PublicKey publicKey) throws Exception {
            return SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
        }

        static X509CRL a(X509CRLHolder x509CRLHolder) throws Exception {
            return new JcaX509CRLConverter().getCRL(x509CRLHolder);
        }

        static X509Certificate a(X509CertificateHolder x509CertificateHolder) throws Exception {
            return new JcaX509CertificateConverter().getCertificate(x509CertificateHolder);
        }

        public X509Certificate a() throws Exception {
            PublicKey publicKey = f493a.generateKeyPair().getPublic();
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            Date time = gregorianCalendar.getTime();
            gregorianCalendar.add(6, 1);
            Date time2 = gregorianCalendar.getTime();
            int i = this.k;
            this.k = i + 1;
            BigInteger valueOf = BigInteger.valueOf(i);
            return a(new X509v3CertificateBuilder(this.f495c, valueOf, time, time2, new X500Name("CN=EU_" + valueOf.toString()), a(publicKey)).addExtension(Extension.basicConstraints, false, (ASN1Encodable) new BasicConstraints(false)).addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(0)).build(this.j));
        }
    }

    private static void checkUseDistinctCAs(a aVar, a aVar2) {
        taSet = new HashSet();
        taSet.add(aVar.f494b);
        otherList = new ArrayList();
        otherList.add(aVar.e);
        otherList.add(aVar.f);
        taSet.add(aVar2.f494b);
        otherList.add(aVar2.e);
        otherList.add(aVar2.f);
    }

    static CertStore getStore(Collection collection) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        return CertStore.getInstance("Collection", new CollectionCertStoreParameters(collection));
    }

    public static void main(String[] strArr) {
        runTest(new CertPathLoopTest());
    }

    @Override // cn.com.suresec.util.test.SimpleTest, cn.com.suresec.util.test.Test
    public String getName() {
        return "CertPath Loop Test";
    }

    @Override // cn.com.suresec.util.test.SimpleTest
    public void performTest() throws Exception {
        Security.addProvider(new SuresecProvider());
        a aVar = new a();
        checkUseDistinctCAs(aVar, new a());
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setCertificate(aVar.a());
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(taSet, x509CertSelector);
        pKIXBuilderParameters.addCertStore(getStore(Collections.singleton(x509CertSelector.getCertificate())));
        pKIXBuilderParameters.addCertStore(getStore(otherList));
        pKIXBuilderParameters.setRevocationEnabled(true);
        try {
            CertPathBuilder.getInstance("PKIX", SuresecProvider.PROVIDER_NAME).build(pKIXBuilderParameters);
            fail("invalid path build");
        } catch (CertPathBuilderException e) {
            if (e.getCause().getMessage().equals("CertPath for CRL signer failed to validate.")) {
                return;
            }
            fail("Exception thrown, but wrong one", e.getCause());
        }
    }
}
