package com.sansec.jce.provider.test.nist;

import com.sansec.asn1.x509.X509Extensions;
import com.sansec.jce.provider.SwxaProvider;
import com.sansec.x509.extension.X509ExtensionUtil;
import java.io.FileInputStream;
import java.security.Security;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;
import junit.textui.TestRunner;

/* loaded from: input_file:com/sansec/jce/provider/test/nist/NistCertPathTest.class */
public class NistCertPathTest extends TestCase {
    private static final String TEST_DATA_HOME = "bc.test.data.home";
    private static final String GOOD_CA_CERT = "GoodCACert";
    private static final String GOOD_CA_CRL = "GoodCACRL";
    private static final String TRUST_ANCHOR_ROOT_CRL = "TrustAnchorRootCRL";
    private static final String TRUST_ANCHOR_ROOT_CERTIFICATE = "TrustAnchorRootCertificate";
    private static final char[] PKCS12_PASSWORD = "password".toCharArray();
    private static Map certs = new HashMap();
    private static Map crls = new HashMap();
    private static Set noPolicies = Collections.EMPTY_SET;
    private static final String ANY_POLICY = "2.5.29.32.0";
    private static Set anyPolicy = Collections.singleton(ANY_POLICY);
    private static final String NIST_TEST_POLICY_1 = "2.16.840.1.101.3.2.1.48.1";
    private static Set nistTestPolicy1 = Collections.singleton(NIST_TEST_POLICY_1);
    private static final String NIST_TEST_POLICY_2 = "2.16.840.1.101.3.2.1.48.2";
    private static Set nistTestPolicy2 = Collections.singleton(NIST_TEST_POLICY_2);
    private static final String NIST_TEST_POLICY_3 = "2.16.840.1.101.3.2.1.48.3";
    private static Set nistTestPolicy3 = Collections.singleton(NIST_TEST_POLICY_3);
    private static Set nistTestPolicy1And2 = new HashSet(Arrays.asList(NIST_TEST_POLICY_1, NIST_TEST_POLICY_2));

    public void setUp() {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new SwxaProvider());
        }
    }

    public void testValidSignaturesTest1() throws Exception {
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"ValidCertificatePathTest1EE", GOOD_CA_CERT}, new String[]{GOOD_CA_CRL, TRUST_ANCHOR_ROOT_CRL});
    }

    public void testInvalidCASignatureTest2() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"ValidCertificatePathTest1EE", "BadSignedCACert"}, new String[]{"BadSignedCACRL", TRUST_ANCHOR_ROOT_CRL}, 1, "TrustAnchor found but certificate validation failed.");
    }

    public void testInvalidEESignatureTest3() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{GOOD_CA_CERT, "InvalidEESignatureTest3EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, GOOD_CA_CRL}, 0, "Could not validate certificate signature.");
    }

    public void testValidDSASignaturesTest4() throws Exception {
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"DSACACert", "ValidDSASignaturesTest4EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "DSACACRL"});
    }

    public void testValidDSAParameterInheritanceTest5() throws Exception {
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"DSACACert", "DSAParametersInheritedCACert", "ValidDSAParameterInheritanceTest5EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "DSACACRL", "DSAParametersInheritedCACRL"});
    }

    public void testInvalidDSASignaturesTest6() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"DSACACert", "InvalidDSASignatureTest6EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "DSACACRL"}, 0, "Could not validate certificate signature.");
    }

    public void testCANotBeforeDateTest1() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"BadnotBeforeDateCACert", "InvalidCAnotBeforeDateTest1EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "BadnotBeforeDateCACRL"}, 1, "Could not validate certificate: certificate not valid till 20470101120100GMT+00:00");
    }

    public void testInvalidEENotBeforeDateTest2() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{GOOD_CA_CERT, "InvalidEEnotBeforeDateTest2EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, GOOD_CA_CRL}, 0, "Could not validate certificate: certificate not valid till 20470101120100GMT+00:00");
    }

    public void testValidPre2000UTCNotBeforeDateTest3() throws Exception {
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{GOOD_CA_CERT, "Validpre2000UTCnotBeforeDateTest3EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, GOOD_CA_CRL});
    }

    public void testValidGeneralizedTimeNotBeforeDateTest4() throws Exception {
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{GOOD_CA_CERT, "ValidGeneralizedTimenotBeforeDateTest4EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, GOOD_CA_CRL});
    }

    public void testInvalidCANotAfterDateTest5() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"BadnotAfterDateCACert", "InvalidCAnotAfterDateTest5EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "BadnotAfterDateCACRL"}, 1, "Could not validate certificate: certificate expired on 20020101120100GMT+00:00");
    }

    public void testInvalidEENotAfterDateTest6() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{GOOD_CA_CERT, "InvalidEEnotAfterDateTest6EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, GOOD_CA_CRL}, 0, "Could not validate certificate: certificate expired on 20020101120100GMT+00:00");
    }

    public void testInvalidValidPre2000UTCNotAfterDateTest7() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{GOOD_CA_CERT, "Invalidpre2000UTCEEnotAfterDateTest7EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, GOOD_CA_CRL}, 0, "Could not validate certificate: certificate expired on 19990101120100GMT+00:00");
    }

    public void testInvalidNegativeSerialNumberTest15() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"NegativeSerialNumberCACert", "InvalidNegativeSerialNumberTest15EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "NegativeSerialNumberCACRL"}, 0, "Certificate revocation after Fri Apr 20 00:57:20", "reason: keyCompromise");
    }

    public void testAllCertificatesSamePolicyTest1() throws Exception {
        String[] strArr = {GOOD_CA_CERT, "ValidCertificatePathTest1EE"};
        String[] strArr2 = {TRUST_ANCHOR_ROOT_CRL, GOOD_CA_CRL};
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, noPolicies);
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy1);
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy2, -1, "Path processing failed on policy.");
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy1And2);
    }

    public void testAllCertificatesNoPoliciesTest2() throws Exception {
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"NoPoliciesCACert", "AllCertificatesNoPoliciesTest2EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "NoPoliciesCACRL"});
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"NoPoliciesCACert", "AllCertificatesNoPoliciesTest2EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "NoPoliciesCACRL"}, noPolicies, 1, "No valid policy tree found when one expected.");
    }

    public void testDifferentPoliciesTest3() throws Exception {
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{GOOD_CA_CERT, "PoliciesP2subCACert", "DifferentPoliciesTest3EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, GOOD_CA_CRL, "PoliciesP2subCACRL"});
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{GOOD_CA_CERT, "PoliciesP2subCACert", "DifferentPoliciesTest3EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, GOOD_CA_CRL, "PoliciesP2subCACRL"}, noPolicies, 1, "No valid policy tree found when one expected.");
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{GOOD_CA_CERT, "PoliciesP2subCACert", "DifferentPoliciesTest3EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, GOOD_CA_CRL, "PoliciesP2subCACRL"}, nistTestPolicy1And2, 1, "No valid policy tree found when one expected.");
    }

    public void testDifferentPoliciesTest4() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{GOOD_CA_CERT, "GoodsubCACert", "DifferentPoliciesTest4EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, GOOD_CA_CRL, "GoodsubCACRL"}, 0, "No valid policy tree found when one expected.");
    }

    public void testDifferentPoliciesTest5() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{GOOD_CA_CERT, "PoliciesP2subCA2Cert", "DifferentPoliciesTest5EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, GOOD_CA_CRL, "PoliciesP2subCA2CRL"}, 0, "No valid policy tree found when one expected.");
    }

    public void testOverlappingPoliciesTest6() throws Exception {
        String[] strArr = {"PoliciesP1234CACert", "PoliciesP1234subCAP123Cert", "PoliciesP1234subsubCAP123P12Cert", "OverlappingPoliciesTest6EE"};
        String[] strArr2 = {TRUST_ANCHOR_ROOT_CRL, "PoliciesP1234CACRL", "PoliciesP1234subCAP123CRL", "PoliciesP1234subsubCAP123P12CRL"};
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2);
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy1);
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy2, -1, "Path processing failed on policy.");
    }

    public void testDifferentPoliciesTest7() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"PoliciesP123CACert", "PoliciesP123subCAP12Cert", "PoliciesP123subsubCAP12P1Cert", "DifferentPoliciesTest7EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "PoliciesP123CACRL", "PoliciesP123subCAP12CRL", "PoliciesP123subsubCAP12P1CRL"}, 0, "No valid policy tree found when one expected.");
    }

    public void testDifferentPoliciesTest8() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"PoliciesP12CACert", "PoliciesP12subCAP1Cert", "PoliciesP12subsubCAP1P2Cert", "DifferentPoliciesTest8EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "PoliciesP12CACRL", "PoliciesP12subCAP1CRL", "PoliciesP12subsubCAP1P2CRL"}, 1, "No valid policy tree found when one expected.");
    }

    public void testDifferentPoliciesTest9() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"PoliciesP123CACert", "PoliciesP123subCAP12Cert", "PoliciesP123subsubCAP12P2Cert", "PoliciesP123subsubsubCAP12P2P1Cert", "DifferentPoliciesTest9EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "PoliciesP123CACRL", "PoliciesP123subCAP12CRL", "PoliciesP123subsubCAP2P2CRL", "PoliciesP123subsubsubCAP12P2P1CRL"}, 1, "No valid policy tree found when one expected.");
    }

    public void testAllCertificatesSamePoliciesTest10() throws Exception {
        String[] strArr = {"PoliciesP12CACert", "AllCertificatesSamePoliciesTest10EE"};
        String[] strArr2 = {TRUST_ANCHOR_ROOT_CRL, "PoliciesP12CACRL"};
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2);
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy1);
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy2);
    }

    public void testAllCertificatesAnyPolicyTest11() throws Exception {
        String[] strArr = {"anyPolicyCACert", "AllCertificatesanyPolicyTest11EE"};
        String[] strArr2 = {TRUST_ANCHOR_ROOT_CRL, "anyPolicyCACRL"};
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2);
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy1);
    }

    public void testDifferentPoliciesTest12() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"PoliciesP3CACert", "DifferentPoliciesTest12EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "PoliciesP3CACRL"}, 0, "No valid policy tree found when one expected.");
    }

    public void testAllCertificatesSamePoliciesTest13() throws Exception {
        String[] strArr = {"PoliciesP123CACert", "AllCertificatesSamePoliciesTest13EE"};
        String[] strArr2 = {TRUST_ANCHOR_ROOT_CRL, "PoliciesP123CACRL"};
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy1);
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy2);
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy3);
    }

    public void testAnyPolicyTest14() throws Exception {
        String[] strArr = {"anyPolicyCACert", "AnyPolicyTest14EE"};
        String[] strArr2 = {TRUST_ANCHOR_ROOT_CRL, "anyPolicyCACRL"};
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy1);
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy2, -1, "Path processing failed on policy.");
    }

    public void testUserNoticeQualifierTest15() throws Exception {
        String[] strArr = {"UserNoticeQualifierTest15EE"};
        String[] strArr2 = {TRUST_ANCHOR_ROOT_CRL};
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2);
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy1);
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy2, -1, "Path processing failed on policy.");
    }

    public void testUserNoticeQualifierTest16() throws Exception {
        String[] strArr = {GOOD_CA_CERT, "UserNoticeQualifierTest16EE"};
        String[] strArr2 = {TRUST_ANCHOR_ROOT_CRL, GOOD_CA_CRL};
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2);
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy1);
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy2, -1, "Path processing failed on policy.");
    }

    public void testUserNoticeQualifierTest17() throws Exception {
        String[] strArr = {GOOD_CA_CERT, "UserNoticeQualifierTest17EE"};
        String[] strArr2 = {TRUST_ANCHOR_ROOT_CRL, GOOD_CA_CRL};
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2);
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy1);
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy2, -1, "Path processing failed on policy.");
    }

    public void testUserNoticeQualifierTest18() throws Exception {
        String[] strArr = {"PoliciesP12CACert", "UserNoticeQualifierTest18EE"};
        String[] strArr2 = {TRUST_ANCHOR_ROOT_CRL, "PoliciesP12CACRL"};
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy1);
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy2);
    }

    public void testUserNoticeQualifierTest19() throws Exception {
        String[] strArr = {"UserNoticeQualifierTest19EE"};
        String[] strArr2 = {TRUST_ANCHOR_ROOT_CRL};
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy1);
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, strArr, strArr2, nistTestPolicy2, -1, "Path processing failed on policy.");
    }

    public void testInvalidInhibitPolicyMappingTest1() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"inhibitPolicyMapping0CACert", "inhibitPolicyMapping0subCACert", "InvalidinhibitPolicyMappingTest1EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "inhibitPolicyMapping0CACRL", "inhibitPolicyMapping0subCACRL"}, (Set) null, 0, "No valid policy tree found when one expected.");
    }

    public void testValidinhibitPolicyMappingTest2() throws Exception {
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"inhibitPolicyMapping1P12CACert", "inhibitPolicyMapping1P12subCACert", "ValidinhibitPolicyMappingTest2EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "inhibitPolicyMapping1P12CACRL", "inhibitPolicyMapping1P12subCACRL"}, nistTestPolicy1);
    }

    public void testValidSelfIssuedinhibitAnyPolicyTest7() throws Exception {
        doBuilderTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"inhibitAnyPolicy1CACert", "inhibitAnyPolicy1SelfIssuedCACert", "inhibitAnyPolicy1subCA2Cert", "ValidSelfIssuedinhibitAnyPolicyTest7EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "inhibitAnyPolicy1CACRL", "inhibitAnyPolicy1subCA2CRL"}, null, false, false);
    }

    public void testValidSeparateCertificateandCRLKeysTest19() throws Exception {
        doBuilderTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"SeparateCertificateandCRLKeysCertificateSigningCACert", "SeparateCertificateandCRLKeysCRLSigningCert", "ValidSeparateCertificateandCRLKeysTest19EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "SeparateCertificateandCRLKeysCRL"}, null, false, false);
    }

    public void testValidpathLenConstraintTest13() throws Exception {
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"pathLenConstraint6CACert", "pathLenConstraint6subCA4Cert", "pathLenConstraint6subsubCA41Cert", "pathLenConstraint6subsubsubCA41XCert", "ValidpathLenConstraintTest13EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "pathLenConstraint6CACRL", "pathLenConstraint6subCA4CRL", "pathLenConstraint6subsubCA41CRL", "pathLenConstraint6subsubsubCA41XCRL"}, null);
    }

    public void testInvalidUnknownCRLExtensionTest10() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"UnknownCRLExtensionCACert", "InvalidUnknownCRLExtensionTest10EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "UnknownCRLExtensionCACRL"}, (Set) null, 0, "CRL contains unsupported critical extensions.");
    }

    public void testInvaliddistributionPointTest3() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"distributionPoint1CACert", "InvaliddistributionPointTest3EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "distributionPoint1CACRL"}, (Set) null, 0, "No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
    }

    public void testValiddistributionPointTest5() throws Exception {
        doTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"distributionPoint2CACert", "ValiddistributionPointTest5EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "distributionPoint2CACRL"}, null);
    }

    public void testInvaliddistributionPointTest8() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"distributionPoint2CACert", "InvaliddistributionPointTest8EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "distributionPoint2CACRL"}, (Set) null, 0, "No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
    }

    public void testInvaliddistributionPointTest9() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"distributionPoint2CACert", "InvaliddistributionPointTest9EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "distributionPoint2CACRL"}, (Set) null, 0, "No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
    }

    public void testInvalidonlySomeReasonsTest17() throws Exception {
        doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, new String[]{"onlySomeReasonsCA2Cert", "InvalidonlySomeReasonsTest17EE"}, new String[]{TRUST_ANCHOR_ROOT_CRL, "onlySomeReasonsCA2CRL1", "onlySomeReasonsCA2CRL2"}, (Set) null, 0, "Certificate status could not be determined.");
    }

    private void doExceptionTest(String str, String[] strArr, String[] strArr2, int i, String str2) throws Exception {
        try {
            doTest(str, strArr, strArr2);
            fail("path accepted when should be rejected");
        } catch (CertPathValidatorException e) {
            assertEquals(i, e.getIndex());
            assertEquals(str2, e.getMessage());
        }
    }

    private void doExceptionTest(String str, String[] strArr, String[] strArr2, Set set, int i, String str2) throws Exception {
        try {
            doTest(str, strArr, strArr2, set);
            fail("path accepted when should be rejected");
        } catch (CertPathValidatorException e) {
            assertEquals(i, e.getIndex());
            assertEquals(str2, e.getMessage());
        }
    }

    private void doExceptionTest(String str, String[] strArr, String[] strArr2, int i, String str2, String str3) throws Exception {
        try {
            doTest(str, strArr, strArr2);
            fail("path accepted when should be rejected");
        } catch (CertPathValidatorException e) {
            assertEquals(i, e.getIndex());
            assertTrue(e.getMessage().startsWith(str2));
            assertTrue(e.getMessage().endsWith(str3));
        }
    }

    private PKIXCertPathValidatorResult doTest(String str, String[] strArr, String[] strArr2) throws Exception {
        return doTest(str, strArr, strArr2, null);
    }

    private PKIXCertPathValidatorResult doTest(String str, String[] strArr, String[] strArr2, Set set) throws Exception {
        Set singleton = Collections.singleton(getTrustAnchor(str));
        ArrayList arrayList = new ArrayList();
        X509Certificate loadCert = loadCert(strArr[strArr.length - 1]);
        for (int i = 0; i != strArr.length - 1; i++) {
            arrayList.add(loadCert(strArr[i]));
        }
        arrayList.add(loadCert);
        CertPath generateCertPath = CertificateFactory.getInstance("X.509", "BC").generateCertPath(arrayList);
        for (int i2 = 0; i2 != strArr2.length; i2++) {
            arrayList.add(loadCrl(strArr2[i2]));
        }
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC");
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", "BC");
        PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) singleton);
        pKIXParameters.addCertStore(certStore);
        pKIXParameters.setRevocationEnabled(true);
        if (set != null) {
            pKIXParameters.setExplicitPolicyRequired(true);
            pKIXParameters.setInitialPolicies(set);
        }
        return (PKIXCertPathValidatorResult) certPathValidator.validate(generateCertPath, pKIXParameters);
    }

    private PKIXCertPathBuilderResult doBuilderTest(String str, String[] strArr, String[] strArr2, Set set, boolean z, boolean z2) throws Exception {
        Set singleton = Collections.singleton(getTrustAnchor(str));
        ArrayList arrayList = new ArrayList();
        X509Certificate loadCert = loadCert(strArr[strArr.length - 1]);
        for (int i = 0; i != strArr.length - 1; i++) {
            arrayList.add(loadCert(strArr[i]));
        }
        arrayList.add(loadCert);
        for (int i2 = 0; i2 != strArr2.length; i2++) {
            arrayList.add(loadCrl(strArr2[i2]));
        }
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC");
        CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "BC");
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setCertificate(loadCert);
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters((Set<TrustAnchor>) singleton, x509CertSelector);
        if (set != null) {
            pKIXBuilderParameters.setInitialPolicies(set);
            pKIXBuilderParameters.setExplicitPolicyRequired(true);
        }
        if (z) {
            pKIXBuilderParameters.setPolicyMappingInhibited(z);
        }
        if (z2) {
            pKIXBuilderParameters.setAnyPolicyInhibited(z2);
        }
        pKIXBuilderParameters.addCertStore(certStore);
        try {
            return (PKIXCertPathBuilderResult) certPathBuilder.build(pKIXBuilderParameters);
        } catch (CertPathBuilderException e) {
            throw ((Exception) e.getCause());
        }
    }

    private X509Certificate loadCert(String str) {
        X509Certificate x509Certificate = (X509Certificate) certs.get(str);
        if (x509Certificate != null) {
            return x509Certificate;
        }
        try {
            X509Certificate x509Certificate2 = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new FileInputStream(String.valueOf(getPkitsHome()) + "/certs/" + str + ".crt"));
            certs.put(str, x509Certificate2);
            return x509Certificate2;
        } catch (Exception e) {
            throw new IllegalStateException("exception loading certificate " + str + ": " + e);
        }
    }

    private X509CRL loadCrl(String str) throws Exception {
        X509CRL x509crl = (X509CRL) certs.get(str);
        if (x509crl != null) {
            return x509crl;
        }
        try {
            X509CRL x509crl2 = (X509CRL) CertificateFactory.getInstance("X.509", "BC").generateCRL(new FileInputStream(String.valueOf(getPkitsHome()) + "/crls/" + str + ".crl"));
            crls.put(str, x509crl2);
            return x509crl2;
        } catch (Exception e) {
            throw new IllegalStateException("exception loading CRL: " + str);
        }
    }

    private TrustAnchor getTrustAnchor(String str) throws Exception {
        X509Certificate loadCert = loadCert(str);
        byte[] extensionValue = loadCert.getExtensionValue(X509Extensions.NameConstraints.getId());
        return extensionValue != null ? new TrustAnchor(loadCert, X509ExtensionUtil.fromExtensionValue(extensionValue).getDEREncoded()) : new TrustAnchor(loadCert, null);
    }

    private String getPkitsHome() {
        String property = System.getProperty(TEST_DATA_HOME);
        if (property == null) {
            throw new IllegalStateException("bc.test.data.home property not set");
        }
        return String.valueOf(property) + "/PKITS";
    }

    public static void main(String[] strArr) throws Exception {
        TestRunner.run(suite());
    }

    public static Test suite() throws Exception {
        TestSuite testSuite = new TestSuite("NIST CertPath Tests");
        testSuite.addTestSuite(NistCertPathTest.class);
        return testSuite;
    }
}
