package cn.com.bouncycastle.tls.test;

import cn.com.bouncycastle.tls.Certificate;
import cn.com.bouncycastle.tls.crypto.TlsCertificate;
import cn.com.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import cn.com.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider;
import java.io.IOException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import junit.framework.TestCase;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.OCSPResponse;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.bouncycastle.cert.ocsp.SingleResp;
import org.bouncycastle.cert.ocsp.jcajce.JcaCertificateID;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.DigestCalculator;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;

/* loaded from: classes.dex */
public class OCSPTest extends TestCase {

    /* loaded from: classes.dex */
    public interface OCSPResponder {
        OCSPResponse[] getResponses(Certificate certificate) throws IOException;
    }

    /* loaded from: classes.dex */
    public class TestOCSPResponderImpl implements OCSPResponder {
        private final X509Certificate caCert;
        private final DigestCalculator digCalc = new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1);
        private final TestOCSPCertServer server;

        public TestOCSPResponderImpl(TestOCSPCertServer testOCSPCertServer) throws OperatorCreationException {
            this.server = testOCSPCertServer;
            this.caCert = testOCSPCertServer.getCACert();
        }

        @Override // cn.com.bouncycastle.tls.test.OCSPTest.OCSPResponder
        public OCSPResponse[] getResponses(Certificate certificate) throws IOException {
            TlsCertificate[] certificateList = certificate.getCertificateList();
            ArrayList arrayList = new ArrayList();
            for (int i2 = 0; i2 != certificateList.length; i2++) {
                try {
                    OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
                    oCSPReqBuilder.addRequest(new CertificateID(this.digCalc, new X509CertificateHolder(this.caCert.getEncoded()), certificateList[i2].getSerialNumber()));
                    arrayList.add(this.server.respond(oCSPReqBuilder.build()).toASN1Structure());
                } catch (Exception e2) {
                    throw new IOException("OCSP response issue: " + e2.getMessage());
                } catch (OCSPException e3) {
                    throw new IOException("OCSP issue: " + e3.getMessage());
                } catch (CertificateEncodingException e4) {
                    throw new IOException("CA encoding issue: " + e4.getMessage());
                }
            }
            return (OCSPResponse[]) arrayList.toArray(new OCSPResponse[arrayList.size()]);
        }
    }

    public void setUp() {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    public void testOCSPResponder() throws Exception {
        JcaTlsCrypto jcaTlsCrypto = (JcaTlsCrypto) new JcaTlsCryptoProvider().create(new SecureRandom());
        DigestCalculator digestCalculator = new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1);
        TestOCSPCertServer testOCSPCertServer = new TestOCSPCertServer();
        X509Certificate cACert = testOCSPCertServer.getCACert();
        X509CertificateHolder certificate = testOCSPCertServer.issueClientCert("CN=Okay", false).getCertificate();
        X509CertificateHolder certificate2 = testOCSPCertServer.issueClientCert("CN=Revoked", true).getCertificate();
        OCSPResponse[] responses = new TestOCSPResponderImpl(testOCSPCertServer).getResponses(new Certificate(new TlsCertificate[]{jcaTlsCrypto.createCertificate(certificate.getEncoded()), jcaTlsCrypto.createCertificate(certificate2.getEncoded())}));
        TestCase.assertEquals(2, responses.length);
        OCSPResponse oCSPResponse = responses[0];
        TestCase.assertEquals(0, oCSPResponse.getResponseStatus().getValue().intValue());
        ASN1ObjectIdentifier aSN1ObjectIdentifier = OCSPObjectIdentifiers.id_pkix_ocsp_basic;
        TestCase.assertEquals(aSN1ObjectIdentifier, oCSPResponse.getResponseBytes().getResponseType());
        SingleResp[] responses2 = new BasicOCSPResp(BasicOCSPResponse.getInstance(oCSPResponse.getResponseBytes().getResponse().getOctets())).getResponses();
        TestCase.assertEquals(1, responses2.length);
        TestCase.assertEquals(responses2[0].getCertID(), new JcaCertificateID(digestCalculator, cACert, certificate.getSerialNumber()));
        TestCase.assertNull(responses2[0].getCertStatus());
        OCSPResponse oCSPResponse2 = responses[1];
        TestCase.assertEquals(0, oCSPResponse2.getResponseStatus().getValue().intValue());
        TestCase.assertEquals(aSN1ObjectIdentifier, oCSPResponse2.getResponseBytes().getResponseType());
        SingleResp[] responses3 = new BasicOCSPResp(BasicOCSPResponse.getInstance(oCSPResponse2.getResponseBytes().getResponse().getOctets())).getResponses();
        TestCase.assertEquals(1, responses3.length);
        TestCase.assertEquals(responses3[0].getCertID(), new JcaCertificateID(digestCalculator, cACert, certificate2.getSerialNumber()));
        TestCase.assertNotNull(responses3[0].getCertStatus());
    }
}
