package com.extrus.ocsp.test;

import com.extrus.asn1.ASN1Object;
import com.extrus.asn1.ASN1OctetString;
import com.extrus.asn1.DEROctetString;
import com.extrus.asn1.ocsp.OCSPObjectIdentifiers;
import com.extrus.asn1.x509.GeneralName;
import com.extrus.asn1.x509.X509Extension;
import com.extrus.asn1.x509.X509Extensions;
import com.extrus.asn1.x509.X509Name;
import com.extrus.jce.X509Principal;
import com.extrus.jce.provider.ExecureProvider;
import com.extrus.ocsp.BasicOCSPRespGenerator;
import com.extrus.ocsp.CertificateID;
import com.extrus.ocsp.CertificateStatus;
import com.extrus.ocsp.OCSPReq;
import com.extrus.ocsp.OCSPReqGenerator;
import com.extrus.ocsp.OCSPRespGenerator;
import com.extrus.util.test.SimpleTest;
import com.extrus.x509.extension.X509ExtensionUtil;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Random;
import java.util.Vector;

/* loaded from: input_file:com/extrus/ocsp/test/OCSPTest.class */
public class OCSPTest extends SimpleTest {
    @Override // com.extrus.util.test.SimpleTest, com.extrus.util.test.Test
    public String getName() {
        return "OCSP";
    }

    private void testRSA() throws Exception {
        KeyPair makeKeyPair = OCSPTestUtil.makeKeyPair();
        X509Certificate makeCertificate = OCSPTestUtil.makeCertificate(makeKeyPair, "O=Extrus, C=KR", makeKeyPair, "O=Extrus, C=KR");
        new GeneralName(new X509Name("CN=Sungwook-Jang, E=sungwook.jang@extrus.co.kr, O=Extrus, C=KR"));
        CertificateID certificateID = new CertificateID(CertificateID.HASH_SHA1, makeCertificate, BigInteger.valueOf(1L));
        OCSPReqGenerator oCSPReqGenerator = new OCSPReqGenerator();
        oCSPReqGenerator.addRequest(new CertificateID(CertificateID.HASH_SHA1, makeCertificate, BigInteger.valueOf(1L)));
        OCSPReq generate = oCSPReqGenerator.generate();
        if (generate.isSigned()) {
            fail("signed but shouldn't be");
        }
        if (generate.getCerts("ExecureCrypto") != null) {
            fail("null certs expected, but not found");
        }
        if (!generate.getRequestList()[0].getCertID().equals(certificateID)) {
            fail("Failed isFor test");
        }
        OCSPReqGenerator oCSPReqGenerator2 = new OCSPReqGenerator();
        oCSPReqGenerator2.setRequestorName(new GeneralName(4, new X509Principal("CN=fred")));
        oCSPReqGenerator2.addRequest(new CertificateID(CertificateID.HASH_SHA1, makeCertificate, BigInteger.valueOf(1L)));
        OCSPReq generate2 = oCSPReqGenerator2.generate("SHA1withRSA", makeKeyPair.getPrivate(), new X509Certificate[]{makeCertificate}, "ExecureCrypto");
        if (!generate2.isSigned()) {
            fail("not signed but should be");
        }
        if (!generate2.verify(makeKeyPair.getPublic(), "ExecureCrypto")) {
            fail("signature failed to verify");
        }
        if (!generate2.getRequestList()[0].getCertID().equals(certificateID)) {
            fail("Failed isFor test");
        }
        X509Certificate[] certs = generate2.getCerts("ExecureCrypto");
        if (certs == null) {
            fail("null certs found");
        }
        if (certs.length != 1 || !certs[0].equals(makeCertificate)) {
            fail("incorrect certs found in request");
        }
        if (!new OCSPReq(generate2.getEncoded()).verify(makeKeyPair.getPublic(), "ExecureCrypto")) {
            fail("newReq signature failed to verify");
        }
        OCSPReqGenerator oCSPReqGenerator3 = new OCSPReqGenerator();
        Vector vector = new Vector();
        Vector vector2 = new Vector();
        byte[] bArr = new byte[16];
        new Random().nextBytes(bArr);
        oCSPReqGenerator3.setRequestorName(new GeneralName(4, new X509Principal("CN=fred")));
        vector.addElement(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
        vector2.addElement(new X509Extension(false, (ASN1OctetString) new DEROctetString(new DEROctetString(bArr))));
        oCSPReqGenerator3.setRequestExtensions(new X509Extensions(vector, vector2));
        oCSPReqGenerator3.addRequest(new CertificateID(CertificateID.HASH_SHA1, makeCertificate, BigInteger.valueOf(1L)));
        X509Certificate[] x509CertificateArr = {makeCertificate};
        OCSPReq generate3 = oCSPReqGenerator3.generate("SHA1withRSA", makeKeyPair.getPrivate(), x509CertificateArr, "ExecureCrypto");
        if (!generate3.isSigned()) {
            fail("not signed but should be");
        }
        if (!generate3.verify(makeKeyPair.getPublic(), "ExecureCrypto")) {
            fail("signature failed to verify");
        }
        if (generate3.getCriticalExtensionOIDs().size() != 0) {
            fail("wrong number of critical extensions in OCSP request.");
        }
        if (generate3.getNonCriticalExtensionOIDs().size() != 1) {
            fail("wrong number of non-critical extensions in OCSP request.");
        }
        ASN1Object fromExtensionValue = X509ExtensionUtil.fromExtensionValue(generate3.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId()));
        if (!(fromExtensionValue instanceof ASN1OctetString)) {
            fail("wrong extension type found.");
        }
        if (!areEqual(((ASN1OctetString) fromExtensionValue).getOctets(), bArr)) {
            fail("wrong extension value found.");
        }
        if (!generate3.getRequestList()[0].getCertID().equals(certificateID)) {
            fail("Failed isFor test");
        }
        BasicOCSPRespGenerator basicOCSPRespGenerator = new BasicOCSPRespGenerator(makeKeyPair.getPublic());
        basicOCSPRespGenerator.addResponse(certificateID, CertificateStatus.GOOD);
        new OCSPRespGenerator().generate(0, basicOCSPRespGenerator.generate("SHA1withRSA", makeKeyPair.getPrivate(), x509CertificateArr, new Date(), "ExecureCrypto")).getEncoded();
    }

    @Override // com.extrus.util.test.SimpleTest
    public void performTest() throws Exception {
        KeyPair makeKeyPair = OCSPTestUtil.makeKeyPair();
        X509Certificate makeCertificate = OCSPTestUtil.makeCertificate(makeKeyPair, "O=Extrus, C=KR", makeKeyPair, "O=Extrus, C=KR");
        new GeneralName(new X509Name("CN=Sungwook-Jang, E=sungwook.jang@extrus.co.kr, O=Extrus, C=KR"));
        new CertificateID(CertificateID.HASH_SHA1, makeCertificate, BigInteger.valueOf(1L));
        CertificateID certificateID = new CertificateID(CertificateID.HASH_SHA1, makeCertificate, BigInteger.valueOf(1L), null);
        OCSPReqGenerator oCSPReqGenerator = new OCSPReqGenerator();
        oCSPReqGenerator.addRequest(new CertificateID(CertificateID.HASH_SHA1, makeCertificate, BigInteger.valueOf(1L)));
        OCSPReq generate = oCSPReqGenerator.generate();
        if (generate.isSigned()) {
            fail("signed but shouldn't be");
        }
        if (generate.getCerts("ExecureCrypto") != null) {
            fail("null certs expected, but not found");
        }
        if (!generate.getRequestList()[0].getCertID().equals(certificateID)) {
            fail("Failed isFor test");
        }
        OCSPReqGenerator oCSPReqGenerator2 = new OCSPReqGenerator();
        oCSPReqGenerator2.setRequestorName(new GeneralName(4, new X509Principal("CN=fred")));
        oCSPReqGenerator2.addRequest(new CertificateID(CertificateID.HASH_SHA1, makeCertificate, BigInteger.valueOf(1L)));
        OCSPReq generate2 = oCSPReqGenerator2.generate("SHA1withRSA", makeKeyPair.getPrivate(), new X509Certificate[]{makeCertificate}, "ExecureCrypto");
        if (!generate2.isSigned()) {
            fail("not signed but should be");
        }
        if (!generate2.verify(makeKeyPair.getPublic(), "ExecureCrypto")) {
            fail("signature failed to verify");
        }
        if (!generate2.getRequestList()[0].getCertID().equals(certificateID)) {
            fail("Failed isFor test");
        }
        X509Certificate[] certs = generate2.getCerts("ExecureCrypto");
        if (certs == null) {
            fail("null certs found");
        }
        if (certs.length != 1 || !certs[0].equals(makeCertificate)) {
            fail("incorrect certs found in request");
        }
        if (!new OCSPReq(generate2.getEncoded()).verify(makeKeyPair.getPublic(), "ExecureCrypto")) {
            fail("newReq signature failed to verify");
        }
        OCSPReqGenerator oCSPReqGenerator3 = new OCSPReqGenerator();
        Vector vector = new Vector();
        Vector vector2 = new Vector();
        byte[] bArr = new byte[16];
        new Random().nextBytes(bArr);
        oCSPReqGenerator3.setRequestorName(new GeneralName(4, new X509Principal("CN=fred")));
        vector.addElement(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
        vector2.addElement(new X509Extension(false, (ASN1OctetString) new DEROctetString(new DEROctetString(bArr))));
        oCSPReqGenerator3.setRequestExtensions(new X509Extensions(vector, vector2));
        oCSPReqGenerator3.addRequest(new CertificateID(CertificateID.HASH_SHA1, makeCertificate, BigInteger.valueOf(1L)));
        OCSPReq generate3 = oCSPReqGenerator3.generate("SHA1withRSA", makeKeyPair.getPrivate(), new X509Certificate[]{makeCertificate}, "ExecureCrypto");
        if (!generate3.isSigned()) {
            fail("not signed but should be");
        }
        if (!generate3.verify(makeKeyPair.getPublic(), "ExecureCrypto")) {
            fail("signature failed to verify");
        }
        if (generate3.getCriticalExtensionOIDs().size() != 0) {
            fail("wrong number of critical extensions in OCSP request.");
        }
        if (generate3.getNonCriticalExtensionOIDs().size() != 1) {
            fail("wrong number of non-critical extensions in OCSP request.");
        }
        ASN1Object fromExtensionValue = X509ExtensionUtil.fromExtensionValue(generate3.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId()));
        if (!(fromExtensionValue instanceof ASN1OctetString)) {
            fail("wrong extension type found.");
        }
        if (!areEqual(((ASN1OctetString) fromExtensionValue).getOctets(), bArr)) {
            fail("wrong extension value found.");
        }
        if (!generate3.getRequestList()[0].getCertID().equals(certificateID)) {
            fail("Failed isFor test");
        }
        testRSA();
    }

    public static void main(String[] strArr) {
        Security.addProvider(new ExecureProvider());
        runTest(new OCSPTest());
    }
}
