package test.java.security.cert;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Calendar;
import java.util.HashSet;
import java.util.Iterator;
import org.testng.Assert;
import org.testng.annotations.Test;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;
import sun.security.x509.AuthorityKeyIdentifierExtension;
import sun.security.x509.CertificatePoliciesExtension;
import sun.security.x509.DNSName;
import sun.security.x509.GeneralName;
import sun.security.x509.GeneralNameInterface;
import sun.security.x509.GeneralNames;
import sun.security.x509.GeneralSubtree;
import sun.security.x509.GeneralSubtrees;
import sun.security.x509.KeyIdentifier;
import sun.security.x509.NameConstraintsExtension;
import sun.security.x509.PolicyInformation;
import sun.security.x509.PrivateKeyUsageExtension;
import sun.security.x509.SerialNumber;
import sun.security.x509.SubjectAlternativeNameExtension;
import sun.security.x509.X500Name;

/* loaded from: input_file:test/java/security/cert/X509CertSelectorTest.class */
public class X509CertSelectorTest {
    private static final String testCert = "-----BEGIN CERTIFICATE-----\nMIICLjCCAeygAwIBAgIEON+CuDALBgcqhkjOOAQDBQAwLTELMAkGA1UEBhMCdXMx\nDDAKBgNVBAoTA3N1bjEQMA4GA1UECxMHdGVzdGluZzAeFw0wMDAzMjcxNTQ4MDha\nFw0wMDA2MjUxNDQ4MDhaMD4xCzAJBgNVBAYTAnVzMQwwCgYDVQQKEwNzdW4xEDAO\nBgNVBAsTB3Rlc3RpbmcxDzANBgNVBAMTBm11bGxhbjAcMBQGByqGSM44BAEwCQIB\nAAIBAAIBAAMEAAIBAKOCASMwggEfMFAGA1UdHgEB/wRGMESgQjBApD4xCzAJBgNV\nBAYTAnVzMQwwCgYDVQQKEwNzdW4xEDAOBgNVBAsTB3Rlc3RpbmcxDzANBgNVBAMT\nBm11bGxhbjAdBgNVHQ4EFgQUVuiIrp21PyvLoExL4odTBzN3G98wHwYDVR0jBBgw\nFoAUjt2vb+4CEvRh6S/jZBpvcTIlIMAwHgYDVR0RBBcwFYETbXVsbGFuQGVhc3Qu\nc3VuLmNvbTArBgNVHRAEJDAigA8yMDAwMDEwMTA1MDAwMFqBDzIwMDEwMTAxMDUw\nMDAwWjAPBgNVHQ8BAf8EBQMDB4AAMC0GA1UdIAQmMCQwIgYEKoSAADAaMBgGCCsG\nAQUFBwICMAwSClRlc3RpbmcuLi4wCwYHKoZIzjgEAwUAAy8AMCwCFETHNUBdbCh1\nf3Oy+A1ybAlluIEUAhR2efXHNzsNm9twLyCANuOA6KbGcQ==\n-----END CERTIFICATE-----\n";
    private static final String testKey = "MIIBtjCCASsGByqGSM44BAEwggEeAoGBAIVWPEkcxbxhQRCqVzg55tNqbP5j0K4kdu4bkmXvfqC5\n+qA75DvnfzsOJseb+9AuKXWk/DvCzFDmrY1YaU3scZC3OQEO9lEO3F4VDKOaudY6OT1SI22pAIwz\nj5pvq+i7zOp4xUqkQUeh/4iQSfxOT5UrFGjkcbnbpVkCXD/GxAz7AhUAjtnm3dVIddUUHl6wxpZ7\nGcA6gSsCgYAf/PXzQtemgIDjpFrNNSgTEKkLposBXKatAM+gUKlMUjf8SQvquqPxDtRrscGjXkoL\noTkaR7/akULYFpBvUcFkeIFiCnJg8M9XhCWdLvn9MPt+jR2oxookvCb9xLtD6WvIM/wd/nZ1iK4u\niY1+q85xvns/Awbtwl7oZDAwE2TUKAOBhAACgYBDc9UZ+3xsZubUZvRG5cpyJceYpJp2exOPVJXn\njR4CcR+cT9bAJpFSxqE/8KtNHXxHdu4f3DU67IMOVDpugzihyzXJvNm3w2H9x+6xczHG2wjvAJeh\nX62EWbUatxPXFAoVKZWuUbaYaZzdWBDtNRrCuKKsLo0GFy8g2BZISuD3jw==\n";
    private final X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(testCert.getBytes()));

    @Test
    public void testSerialNumber() {
        System.out.println("X.509 Certificate Match on serialNumber");
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setSerialNumber(new BigInteger("999999999"));
        checkMatch(x509CertSelector, this.cert, false);
        x509CertSelector.setSerialNumber(this.cert.getSerialNumber());
        checkMatch(x509CertSelector, this.cert, true);
    }

    @Test
    public void testIssuer() throws IOException {
        System.out.println("X.509 Certificate Match on issuer");
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setIssuer("ou=bogus,ou=east,o=sun,c=us");
        checkMatch(x509CertSelector, this.cert, false);
        x509CertSelector.setIssuer(this.cert.getIssuerX500Principal().getName("RFC2253"));
        checkMatch(x509CertSelector, this.cert, true);
    }

    @Test
    public void testSubjectKeyIdentifier() throws IOException {
        System.out.println("X.509 Certificate Match on subjectKeyIdentifier");
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setSubjectKeyIdentifier(new byte[]{0, 1, 2, 3, 4, 5, 6, 7, 8, 9});
        checkMatch(x509CertSelector, this.cert, false);
        x509CertSelector.setSubjectKeyIdentifier(new DerInputStream(this.cert.getExtensionValue("2.5.29.14")).getOctetString());
        checkMatch(x509CertSelector, this.cert, true);
    }

    @Test
    public void testAuthorityKeyIdentifier() throws IOException {
        System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setAuthorityKeyIdentifier(new AuthorityKeyIdentifierExtension(new KeyIdentifier(new byte[]{0, 1, 2, 3, 4, 5, 6, 7, 8, 9}), (GeneralNames) null, (SerialNumber) null).getExtensionValue());
        checkMatch(x509CertSelector, this.cert, false);
        x509CertSelector.setAuthorityKeyIdentifier(new DerInputStream(this.cert.getExtensionValue("2.5.29.35")).getOctetString());
        checkMatch(x509CertSelector, this.cert, true);
    }

    @Test
    public void testCertificateValid() {
        System.out.println("X.509 Certificate Match on certificateValid");
        X509CertSelector x509CertSelector = new X509CertSelector();
        Calendar calendar = Calendar.getInstance();
        calendar.set(1968, 12, 31);
        x509CertSelector.setCertificateValid(calendar.getTime());
        checkMatch(x509CertSelector, this.cert, false);
        x509CertSelector.setCertificateValid(this.cert.getNotBefore());
        checkMatch(x509CertSelector, this.cert, true);
    }

    @Test
    public void testPrivateKeyValid() throws IOException, CertificateException {
        System.out.println("X.509 Certificate Match on privateKeyValid");
        X509CertSelector x509CertSelector = new X509CertSelector();
        Calendar calendar = Calendar.getInstance();
        calendar.set(1968, 12, 31);
        x509CertSelector.setPrivateKeyValid(calendar.getTime());
        checkMatch(x509CertSelector, this.cert, false);
        x509CertSelector.setPrivateKeyValid(new PrivateKeyUsageExtension(false, new DerInputStream(this.cert.getExtensionValue("2.5.29.16")).getOctetString()).get("not_before"));
        checkMatch(x509CertSelector, this.cert, true);
    }

    private ObjectIdentifier getCertPubKeyAlgOID(X509Certificate x509Certificate) throws IOException {
        DerValue derValue = new DerValue(x509Certificate.getPublicKey().getEncoded());
        if (derValue.tag != 48) {
            throw new RuntimeException("invalid key format");
        }
        return AlgorithmId.parse(derValue.data.getDerValue()).getOID();
    }

    @Test
    public void testSubjectPublicKeyAlgID() throws IOException {
        System.out.println("X.509 Certificate Match on subjectPublicKeyAlgID");
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setSubjectPublicKeyAlgID("2.5.29.14");
        checkMatch(x509CertSelector, this.cert, false);
        x509CertSelector.setSubjectPublicKeyAlgID(getCertPubKeyAlgOID(this.cert).toString());
        checkMatch(x509CertSelector, this.cert, true);
    }

    @Test
    public void testKeyUsage() {
        System.out.println("X.509 Certificate Match on keyUsage");
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setKeyUsage(new boolean[]{true, false, true, false, true, false, true, false});
        System.out.println("Selector = " + x509CertSelector.toString());
        checkMatch(x509CertSelector, this.cert, false);
        x509CertSelector.setKeyUsage(this.cert.getKeyUsage());
        System.out.println("Selector = " + x509CertSelector.toString());
        checkMatch(x509CertSelector, this.cert, true);
    }

    @Test
    public void testSubjectAltName() throws IOException {
        System.out.println("X.509 Certificate Match on subjectAltName");
        X509CertSelector x509CertSelector = new X509CertSelector();
        DNSName dNSName = new DNSName("foo.com");
        DerOutputStream derOutputStream = new DerOutputStream();
        dNSName.encode(derOutputStream);
        x509CertSelector.addSubjectAlternativeName(2, derOutputStream.toByteArray());
        checkMatch(x509CertSelector, this.cert, false);
        GeneralName generalName = new SubjectAlternativeNameExtension(false, new DerInputStream(this.cert.getExtensionValue("2.5.29.17")).getOctetString()).get("subject_name").get(0);
        x509CertSelector.setSubjectAlternativeNames(null);
        DerOutputStream derOutputStream2 = new DerOutputStream();
        generalName.getName().encode(derOutputStream2);
        x509CertSelector.addSubjectAlternativeName(generalName.getType(), derOutputStream2.toByteArray());
        checkMatch(x509CertSelector, this.cert, true);
        x509CertSelector.setMatchAllSubjectAltNames(false);
        x509CertSelector.addSubjectAlternativeName(2, "foo.com");
        checkMatch(x509CertSelector, this.cert, true);
    }

    @Test
    public void testPolicy() throws IOException {
        System.out.println("X.509 Certificate Match on certificatePolicies");
        X509CertSelector x509CertSelector = new X509CertSelector();
        HashSet hashSet = new HashSet();
        hashSet.add(new String("1.2.5.7.68"));
        x509CertSelector.setPolicy(hashSet);
        checkMatch(x509CertSelector, this.cert, false);
        PolicyInformation policyInformation = (PolicyInformation) new CertificatePoliciesExtension(false, new DerInputStream(this.cert.getExtensionValue("2.5.29.32")).getOctetString()).get("policies").get(0);
        hashSet.clear();
        hashSet.add(policyInformation.getPolicyIdentifier().getIdentifier().toString());
        x509CertSelector.setPolicy(hashSet);
        checkMatch(x509CertSelector, this.cert, true);
    }

    @Test
    public void testPathToName() throws IOException {
        System.out.println("X.509 Certificate Match on pathToName");
        NameConstraintsExtension nameConstraintsExtension = new NameConstraintsExtension(false, new DerInputStream(this.cert.getExtensionValue("2.5.29.30")).getOctetString());
        GeneralSubtrees generalSubtrees = nameConstraintsExtension.get("permitted_subtrees");
        GeneralSubtrees generalSubtrees2 = nameConstraintsExtension.get("excluded_subtrees");
        if (generalSubtrees2 != null) {
            Iterator it = generalSubtrees2.iterator();
            while (it.hasNext()) {
                GeneralSubtree generalSubtree = (GeneralSubtree) it.next();
                if (generalSubtree.getName().getType() == 4) {
                    X500Name x500Name = new X500Name(generalSubtree.getName().toString());
                    X500Name x500Name2 = new X500Name("CN=Bogus, " + generalSubtree.getName().toString());
                    DerOutputStream derOutputStream = new DerOutputStream();
                    DerOutputStream derOutputStream2 = new DerOutputStream();
                    x500Name.encode(derOutputStream);
                    x500Name2.encode(derOutputStream2);
                    X509CertSelector x509CertSelector = new X509CertSelector();
                    x509CertSelector.addPathToName(4, derOutputStream.toByteArray());
                    checkMatch(x509CertSelector, this.cert, false);
                    x509CertSelector.setPathToNames(null);
                    x509CertSelector.addPathToName(4, derOutputStream2.toByteArray());
                    checkMatch(x509CertSelector, this.cert, false);
                }
            }
        }
        if (generalSubtrees != null) {
            Iterator it2 = generalSubtrees.iterator();
            while (it2.hasNext()) {
                GeneralSubtree generalSubtree2 = (GeneralSubtree) it2.next();
                if (generalSubtree2.getName().getType() == 4) {
                    X500Name x500Name3 = new X500Name(generalSubtree2.getName().toString());
                    X500Name x500Name4 = new X500Name("CN=good, " + generalSubtree2.getName().toString());
                    DerOutputStream derOutputStream3 = new DerOutputStream();
                    DerOutputStream derOutputStream4 = new DerOutputStream();
                    x500Name3.encode(derOutputStream3);
                    x500Name4.encode(derOutputStream4);
                    X509CertSelector x509CertSelector2 = new X509CertSelector();
                    x509CertSelector2.addPathToName(4, derOutputStream3.toByteArray());
                    checkMatch(x509CertSelector2, this.cert, true);
                    x509CertSelector2.setPathToNames(null);
                    x509CertSelector2.addPathToName(4, derOutputStream4.toByteArray());
                    checkMatch(x509CertSelector2, this.cert, true);
                }
            }
        }
    }

    @Test
    public void testSubject() throws IOException {
        System.out.println("X.509 Certificate Match on subject");
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setSubject("ou=bogus,ou=east,o=sun,c=us");
        checkMatch(x509CertSelector, this.cert, false);
        x509CertSelector.setSubject(this.cert.getSubjectX500Principal().getName("RFC2253"));
        checkMatch(x509CertSelector, this.cert, true);
    }

    @Test
    public void testSubjectPublicKey() throws IOException, GeneralSecurityException {
        System.out.println("X.509 Certificate Match on subject public key");
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setSubjectPublicKey(KeyFactory.getInstance("DSA").generatePublic(new X509EncodedKeySpec(Base64.getMimeDecoder().decode(testKey.getBytes()))));
        checkMatch(x509CertSelector, this.cert, false);
        x509CertSelector.setSubjectPublicKey(this.cert.getPublicKey());
        checkMatch(x509CertSelector, this.cert, true);
    }

    private void testNameConstraints() throws IOException {
        System.out.println("X.509 Certificate Match on name constraints");
        GeneralSubtrees generalSubtrees = new GeneralSubtrees();
        generalSubtrees.add(getGeneralSubtree(this.cert.getSubjectDN()));
        NameConstraintsExtension nameConstraintsExtension = new NameConstraintsExtension((GeneralSubtrees) null, generalSubtrees);
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setNameConstraints(nameConstraintsExtension.getExtensionValue());
        checkMatch(x509CertSelector, this.cert, false);
        x509CertSelector.setNameConstraints(new NameConstraintsExtension(generalSubtrees, (GeneralSubtrees) null).getExtensionValue());
        checkMatch(x509CertSelector, this.cert, true);
    }

    @Test
    public void testBasicConstraints() {
        System.out.println("X.509 Certificate Match on basic constraints");
        X509CertSelector x509CertSelector = new X509CertSelector();
        int basicConstraints = this.cert.getBasicConstraints();
        x509CertSelector.setBasicConstraints(0);
        checkMatch(x509CertSelector, this.cert, false);
        x509CertSelector.setBasicConstraints(basicConstraints);
        checkMatch(x509CertSelector, this.cert, true);
    }

    @Test
    public void testCertificate() {
        System.out.println("X.509 Certificate Match on certificateEquals criterion");
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setCertificate(this.cert);
        checkMatch(x509CertSelector, this.cert, true);
    }

    private void checkMatch(X509CertSelector x509CertSelector, X509Certificate x509Certificate, boolean z) {
        boolean match = x509CertSelector.match(x509Certificate);
        Assert.assertEquals(match, z, x509CertSelector + " match " + x509Certificate + " is " + match + ", but expect " + z);
    }

    private static GeneralSubtree getGeneralSubtree(GeneralNameInterface generalNameInterface) {
        return new GeneralSubtree(new GeneralName(generalNameInterface), 0, -1);
    }
}
