package cfca.sadk.org.bouncycastle.tsp.test;

import cfca.sadk.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import cfca.sadk.org.bouncycastle.asn1.cmp.PKIFailureInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.AttributeTable;
import cfca.sadk.org.bouncycastle.asn1.ess.ESSCertID;
import cfca.sadk.org.bouncycastle.asn1.ess.ESSCertIDv2;
import cfca.sadk.org.bouncycastle.asn1.ess.SigningCertificate;
import cfca.sadk.org.bouncycastle.asn1.ess.SigningCertificateV2;
import cfca.sadk.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import cfca.sadk.org.bouncycastle.asn1.x500.X500Name;
import cfca.sadk.org.bouncycastle.asn1.x509.GeneralName;
import cfca.sadk.org.bouncycastle.asn1.x509.GeneralNames;
import cfca.sadk.org.bouncycastle.asn1.x509.IssuerSerial;
import cfca.sadk.org.bouncycastle.cert.X509CertificateHolder;
import cfca.sadk.org.bouncycastle.cert.jcajce.JcaCertStore;
import cfca.sadk.org.bouncycastle.cms.CMSAttributeTableGenerationException;
import cfca.sadk.org.bouncycastle.cms.CMSAttributeTableGenerator;
import cfca.sadk.org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
import cfca.sadk.org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import cfca.sadk.org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
import cfca.sadk.org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import cfca.sadk.org.bouncycastle.jce.provider.BouncyCastleProvider;
import cfca.sadk.org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import cfca.sadk.org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import cfca.sadk.org.bouncycastle.tsp.GenTimeAccuracy;
import cfca.sadk.org.bouncycastle.tsp.TSPAlgorithms;
import cfca.sadk.org.bouncycastle.tsp.TSPException;
import cfca.sadk.org.bouncycastle.tsp.TSPValidationException;
import cfca.sadk.org.bouncycastle.tsp.TimeStampRequest;
import cfca.sadk.org.bouncycastle.tsp.TimeStampRequestGenerator;
import cfca.sadk.org.bouncycastle.tsp.TimeStampResponse;
import cfca.sadk.org.bouncycastle.tsp.TimeStampResponseGenerator;
import cfca.sadk.org.bouncycastle.tsp.TimeStampToken;
import cfca.sadk.org.bouncycastle.tsp.TimeStampTokenGenerator;
import cfca.sadk.org.bouncycastle.tsp.TimeStampTokenInfo;
import cfca.sadk.org.bouncycastle.util.Arrays;
import cfca.sadk.org.bouncycastle.util.Store;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Map;
import junit.framework.TestCase;

/* loaded from: input_file:BOOT-INF/lib/sadk-3.2.0.5.jar:cfca/sadk/org/bouncycastle/tsp/test/NewTSPTest.class */
public class NewTSPTest extends TestCase {
    private static final String BC = "BC";

    public void setUp() {
        Security.addProvider(new BouncyCastleProvider());
    }

    public void testGeneral() throws Exception {
        KeyPair makeKeyPair = TSPTestUtil.makeKeyPair();
        X509Certificate makeCACertificate = TSPTestUtil.makeCACertificate(makeKeyPair, "O=Bouncy Castle, C=AU", makeKeyPair, "O=Bouncy Castle, C=AU");
        KeyPair makeKeyPair2 = TSPTestUtil.makeKeyPair();
        X509Certificate makeCertificate = TSPTestUtil.makeCertificate(makeKeyPair2, "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU", makeKeyPair, "O=Bouncy Castle, C=AU");
        ArrayList arrayList = new ArrayList();
        arrayList.add(makeCertificate);
        arrayList.add(makeCACertificate);
        JcaCertStore jcaCertStore = new JcaCertStore(arrayList);
        basicTest(makeKeyPair2.getPrivate(), makeCertificate, jcaCertStore);
        basicSha256Test(makeKeyPair2.getPrivate(), makeCertificate, jcaCertStore);
        basicTestWithTSA(makeKeyPair2.getPrivate(), makeCertificate, jcaCertStore);
        overrideAttrsTest(makeKeyPair2.getPrivate(), makeCertificate, jcaCertStore);
        responseValidationTest(makeKeyPair2.getPrivate(), makeCertificate, jcaCertStore);
        incorrectHashTest(makeKeyPair2.getPrivate(), makeCertificate, jcaCertStore);
        badAlgorithmTest(makeKeyPair2.getPrivate(), makeCertificate, jcaCertStore);
        timeNotAvailableTest(makeKeyPair2.getPrivate(), makeCertificate, jcaCertStore);
        badPolicyTest(makeKeyPair2.getPrivate(), makeCertificate, jcaCertStore);
        tokenEncodingTest(makeKeyPair2.getPrivate(), makeCertificate, jcaCertStore);
        certReqTest(makeKeyPair2.getPrivate(), makeCertificate, jcaCertStore);
        testAccuracyZeroCerts(makeKeyPair2.getPrivate(), makeCertificate, jcaCertStore);
        testAccuracyWithCertsAndOrdering(makeKeyPair2.getPrivate(), makeCertificate, jcaCertStore);
        testNoNonse(makeKeyPair2.getPrivate(), makeCertificate, jcaCertStore);
    }

    private void basicTest(PrivateKey privateKey, X509Certificate x509Certificate, Store store) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(new JcaSimpleSignerInfoGeneratorBuilder().build("SHA1withRSA", privateKey, x509Certificate), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
        timeStampTokenGenerator.addCertificates(store);
        TimeStampToken timeStampToken = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(new TimeStampRequestGenerator().generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100L)), new BigInteger("23"), new Date()).getEncoded()).getTimeStampToken();
        timeStampToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(x509Certificate));
        assertNotNull("no signingCertificate attribute found", timeStampToken.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificate));
    }

    private void basicSha256Test(PrivateKey privateKey, X509Certificate x509Certificate, Store store) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(new JcaSimpleSignerInfoGeneratorBuilder().build("SHA256withRSA", privateKey, x509Certificate), new SHA256DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
        timeStampTokenGenerator.addCertificates(store);
        TimeStampResponse generate = new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(new TimeStampRequestGenerator().generate(TSPAlgorithms.SHA256, new byte[32], BigInteger.valueOf(100L)), new BigInteger("23"), new Date());
        assertEquals(0, generate.getStatus());
        TimeStampToken timeStampToken = new TimeStampResponse(generate.getEncoded()).getTimeStampToken();
        timeStampToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(x509Certificate));
        AttributeTable signedAttributes = timeStampToken.getSignedAttributes();
        assertNotNull("no signingCertificate attribute found", signedAttributes.get(PKCSObjectIdentifiers.id_aa_signingCertificateV2));
        SHA256DigestCalculator sHA256DigestCalculator = new SHA256DigestCalculator();
        OutputStream outputStream = sHA256DigestCalculator.getOutputStream();
        outputStream.write(x509Certificate.getEncoded());
        outputStream.close();
        assertTrue(Arrays.areEqual(sHA256DigestCalculator.getDigest(), SigningCertificateV2.getInstance(signedAttributes.get(PKCSObjectIdentifiers.id_aa_signingCertificateV2).getAttributeValues()[0]).getCerts()[0].getCertHash()));
    }

    private void overrideAttrsTest(PrivateKey privateKey, X509Certificate x509Certificate, Store store) throws Exception {
        JcaSimpleSignerInfoGeneratorBuilder provider = new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC");
        IssuerSerial issuerSerial = new IssuerSerial(new GeneralNames(new GeneralName(new X509CertificateHolder(x509Certificate.getEncoded()).getIssuer())), x509Certificate.getSerialNumber());
        SHA1DigestCalculator sHA1DigestCalculator = new SHA1DigestCalculator();
        OutputStream outputStream = sHA1DigestCalculator.getOutputStream();
        outputStream.write(x509Certificate.getEncoded());
        outputStream.close();
        byte[] digest = sHA1DigestCalculator.getDigest();
        SHA256DigestCalculator sHA256DigestCalculator = new SHA256DigestCalculator();
        OutputStream outputStream2 = sHA256DigestCalculator.getOutputStream();
        outputStream2.write(x509Certificate.getEncoded());
        outputStream2.close();
        byte[] digest2 = sHA256DigestCalculator.getDigest();
        provider.setSignedAttributeGenerator(new CMSAttributeTableGenerator(this, new ESSCertID(digest, issuerSerial), new ESSCertIDv2(digest2, issuerSerial)) { // from class: cfca.sadk.org.bouncycastle.tsp.test.NewTSPTest.1
            private final ESSCertID val$essCertid;
            private final ESSCertIDv2 val$essCertidV2;
            private final NewTSPTest this$0;

            {
                this.this$0 = this;
                this.val$essCertid = r5;
                this.val$essCertidV2 = r6;
            }

            @Override // cfca.sadk.org.bouncycastle.cms.CMSAttributeTableGenerator
            public AttributeTable getAttributes(Map map) throws CMSAttributeTableGenerationException {
                return new DefaultSignedAttributeTableGenerator().getAttributes(map).add(PKCSObjectIdentifiers.id_aa_signingCertificate, new SigningCertificate(this.val$essCertid)).add(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new SigningCertificateV2(new ESSCertIDv2[]{this.val$essCertidV2}));
            }
        });
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(provider.build("SHA1withRSA", privateKey, x509Certificate), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
        timeStampTokenGenerator.addCertificates(store);
        TimeStampToken timeStampToken = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(new TimeStampRequestGenerator().generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100L)), new BigInteger("23"), new Date()).getEncoded()).getTimeStampToken();
        timeStampToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(x509Certificate));
        AttributeTable signedAttributes = timeStampToken.getSignedAttributes();
        assertNotNull("no signingCertificate attribute found", signedAttributes.get(PKCSObjectIdentifiers.id_aa_signingCertificate));
        assertNotNull("no signingCertificateV2 attribute found", signedAttributes.get(PKCSObjectIdentifiers.id_aa_signingCertificateV2));
        SigningCertificate signingCertificate = SigningCertificate.getInstance(signedAttributes.get(PKCSObjectIdentifiers.id_aa_signingCertificate).getAttributeValues()[0]);
        assertEquals(new X509CertificateHolder(x509Certificate.getEncoded()).getIssuer(), signingCertificate.getCerts()[0].getIssuerSerial().getIssuer().getNames()[0].getName());
        assertEquals(x509Certificate.getSerialNumber(), signingCertificate.getCerts()[0].getIssuerSerial().getSerial().getValue());
        assertTrue(Arrays.areEqual(digest, signingCertificate.getCerts()[0].getCertHash()));
        SigningCertificateV2 signingCertificateV2 = SigningCertificateV2.getInstance(signedAttributes.get(PKCSObjectIdentifiers.id_aa_signingCertificateV2).getAttributeValues()[0]);
        assertEquals(new X509CertificateHolder(x509Certificate.getEncoded()).getIssuer(), signingCertificateV2.getCerts()[0].getIssuerSerial().getIssuer().getNames()[0].getName());
        assertEquals(x509Certificate.getSerialNumber(), signingCertificateV2.getCerts()[0].getIssuerSerial().getSerial().getValue());
        assertTrue(Arrays.areEqual(digest2, signingCertificateV2.getCerts()[0].getCertHash()));
    }

    private void basicTestWithTSA(PrivateKey privateKey, X509Certificate x509Certificate, Store store) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(new JcaSimpleSignerInfoGeneratorBuilder().build("SHA1withRSA", privateKey, x509Certificate), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
        timeStampTokenGenerator.addCertificates(store);
        timeStampTokenGenerator.setTSA(new GeneralName(new X500Name("CN=Test")));
        TimeStampToken timeStampToken = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(new TimeStampRequestGenerator().generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100L)), new BigInteger("23"), new Date()).getEncoded()).getTimeStampToken();
        timeStampToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(x509Certificate));
        assertNotNull("no signingCertificate attribute found", timeStampToken.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificate));
    }

    private void responseValidationTest(PrivateKey privateKey, X509Certificate x509Certificate, Store store) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(new JcaContentSignerBuilder("MD5withRSA").setProvider("BC").build(privateKey), x509Certificate), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
        timeStampTokenGenerator.addCertificates(store);
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        TimeStampRequest generate = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100L));
        TimeStampResponse timeStampResponse = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(generate, new BigInteger("23"), new Date()).getEncoded());
        timeStampResponse.getTimeStampToken().validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(x509Certificate));
        timeStampResponse.validate(generate);
        try {
            timeStampResponse.validate(timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(101L)));
            fail("response validation failed on invalid nonce.");
        } catch (TSPValidationException e) {
        }
        try {
            timeStampResponse.validate(timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[22], BigInteger.valueOf(100L)));
            fail("response validation failed on wrong digest.");
        } catch (TSPValidationException e2) {
        }
        try {
            timeStampResponse.validate(timeStampRequestGenerator.generate(TSPAlgorithms.MD5, new byte[20], BigInteger.valueOf(100L)));
            fail("response validation failed on wrong digest.");
        } catch (TSPValidationException e3) {
        }
    }

    private void incorrectHashTest(PrivateKey privateKey, X509Certificate x509Certificate, Store store) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey), x509Certificate), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
        timeStampTokenGenerator.addCertificates(store);
        TimeStampResponse timeStampResponse = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(new TimeStampRequestGenerator().generate(TSPAlgorithms.SHA1, new byte[16]), new BigInteger("23"), new Date()).getEncoded());
        if (timeStampResponse.getTimeStampToken() != null) {
            fail("incorrectHash - token not null.");
        }
        PKIFailureInfo failInfo = timeStampResponse.getFailInfo();
        if (failInfo == null) {
            fail("incorrectHash - failInfo set to null.");
        }
        if (failInfo.intValue() != 4) {
            fail("incorrectHash - wrong failure info returned.");
        }
    }

    private void badAlgorithmTest(PrivateKey privateKey, X509Certificate x509Certificate, Store store) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC").build("SHA1withRSA", privateKey, x509Certificate), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
        timeStampTokenGenerator.addCertificates(store);
        TimeStampResponse timeStampResponse = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(new TimeStampRequestGenerator().generate(new ASN1ObjectIdentifier("1.2.3.4.5"), new byte[20]), new BigInteger("23"), new Date()).getEncoded());
        if (timeStampResponse.getTimeStampToken() != null) {
            fail("badAlgorithm - token not null.");
        }
        PKIFailureInfo failInfo = timeStampResponse.getFailInfo();
        if (failInfo == null) {
            fail("badAlgorithm - failInfo set to null.");
        }
        if (failInfo.intValue() != 128) {
            fail("badAlgorithm - wrong failure info returned.");
        }
    }

    private void timeNotAvailableTest(PrivateKey privateKey, X509Certificate x509Certificate, Store store) throws Exception {
        TimeStampResponse generateRejectedResponse;
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey), x509Certificate), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
        timeStampTokenGenerator.addCertificates(store);
        TimeStampRequest generate = new TimeStampRequestGenerator().generate(new ASN1ObjectIdentifier("1.2.3.4.5"), new byte[20]);
        TimeStampResponseGenerator timeStampResponseGenerator = new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED);
        try {
            generateRejectedResponse = timeStampResponseGenerator.generateGrantedResponse(generate, new BigInteger("23"), null);
        } catch (TSPException e) {
            generateRejectedResponse = timeStampResponseGenerator.generateRejectedResponse(e);
        }
        TimeStampResponse timeStampResponse = new TimeStampResponse(generateRejectedResponse.getEncoded());
        if (timeStampResponse.getTimeStampToken() != null) {
            fail("timeNotAvailable - token not null.");
        }
        PKIFailureInfo failInfo = timeStampResponse.getFailInfo();
        if (failInfo == null) {
            fail("timeNotAvailable - failInfo set to null.");
        }
        if (failInfo.intValue() != 512) {
            fail("timeNotAvailable - wrong failure info returned.");
        }
    }

    private void badPolicyTest(PrivateKey privateKey, X509Certificate x509Certificate, Store store) throws Exception {
        TimeStampResponse generateRejectedResponse;
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey), x509Certificate), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
        timeStampTokenGenerator.addCertificates(store);
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        timeStampRequestGenerator.setReqPolicy(new ASN1ObjectIdentifier("1.1"));
        TimeStampRequest generate = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20]);
        TimeStampResponseGenerator timeStampResponseGenerator = new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED, new HashSet());
        try {
            generateRejectedResponse = timeStampResponseGenerator.generateGrantedResponse(generate, new BigInteger("23"), new Date());
        } catch (TSPException e) {
            generateRejectedResponse = timeStampResponseGenerator.generateRejectedResponse(e);
        }
        TimeStampResponse timeStampResponse = new TimeStampResponse(generateRejectedResponse.getEncoded());
        if (timeStampResponse.getTimeStampToken() != null) {
            fail("badPolicy - token not null.");
        }
        PKIFailureInfo failInfo = timeStampResponse.getFailInfo();
        if (failInfo == null) {
            fail("badPolicy - failInfo set to null.");
        }
        if (failInfo.intValue() != 256) {
            fail("badPolicy - wrong failure info returned.");
        }
    }

    private void certReqTest(PrivateKey privateKey, X509Certificate x509Certificate, Store store) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(new JcaContentSignerBuilder("MD5withRSA").setProvider("BC").build(privateKey), x509Certificate), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
        timeStampTokenGenerator.addCertificates(store);
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        timeStampRequestGenerator.setCertReq(false);
        TimeStampToken timeStampToken = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generateGrantedResponse(timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100L)), new BigInteger("23"), new Date()).getEncoded()).getTimeStampToken();
        assertNull(timeStampToken.getTimeStampInfo().getGenTimeAccuracy());
        assertEquals("1.2", timeStampToken.getTimeStampInfo().getPolicy().getId());
        try {
            timeStampToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(x509Certificate));
        } catch (TSPValidationException e) {
            fail("certReq(false) verification of token failed.");
        }
        if (timeStampToken.getCertificates().getMatches(null).isEmpty()) {
            return;
        }
        fail("certReq(false) found certificates in response.");
    }

    private void tokenEncodingTest(PrivateKey privateKey, X509Certificate x509Certificate, Store store) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey), x509Certificate), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2.3.4.5.6"));
        timeStampTokenGenerator.addCertificates(store);
        TimeStampResponse timeStampResponse = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(new TimeStampRequestGenerator().generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100L)), new BigInteger("23"), new Date()).getEncoded());
        TimeStampResponse timeStampResponse2 = new TimeStampResponse(timeStampResponse.getEncoded());
        if (Arrays.areEqual(timeStampResponse2.getEncoded(), timeStampResponse.getEncoded()) && Arrays.areEqual(timeStampResponse2.getTimeStampToken().getEncoded(), timeStampResponse.getTimeStampToken().getEncoded())) {
            return;
        }
        fail();
    }

    private void testAccuracyZeroCerts(PrivateKey privateKey, X509Certificate x509Certificate, Store store) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(new JcaContentSignerBuilder("MD5withRSA").setProvider("BC").build(privateKey), x509Certificate), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
        timeStampTokenGenerator.addCertificates(store);
        timeStampTokenGenerator.setAccuracySeconds(1);
        timeStampTokenGenerator.setAccuracyMillis(2);
        timeStampTokenGenerator.setAccuracyMicros(3);
        TimeStampRequest generate = new TimeStampRequestGenerator().generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100L));
        TimeStampResponse timeStampResponse = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(generate, new BigInteger("23"), new Date()).getEncoded());
        TimeStampToken timeStampToken = timeStampResponse.getTimeStampToken();
        timeStampToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(x509Certificate));
        timeStampResponse.validate(generate);
        TimeStampTokenInfo timeStampInfo = timeStampToken.getTimeStampInfo();
        GenTimeAccuracy genTimeAccuracy = timeStampInfo.getGenTimeAccuracy();
        assertEquals(1, genTimeAccuracy.getSeconds());
        assertEquals(2, genTimeAccuracy.getMillis());
        assertEquals(3, genTimeAccuracy.getMicros());
        assertEquals(new BigInteger("23"), timeStampInfo.getSerialNumber());
        assertEquals("1.2", timeStampInfo.getPolicy().getId());
        assertEquals(0, timeStampToken.getCertificates().getMatches(null).size());
    }

    private void testAccuracyWithCertsAndOrdering(PrivateKey privateKey, X509Certificate x509Certificate, Store store) throws Exception {
        TimeStampResponse generateRejectedResponse;
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(new JcaContentSignerBuilder("MD5withRSA").setProvider("BC").build(privateKey), x509Certificate), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2.3"));
        timeStampTokenGenerator.addCertificates(store);
        timeStampTokenGenerator.setAccuracySeconds(3);
        timeStampTokenGenerator.setAccuracyMillis(1);
        timeStampTokenGenerator.setAccuracyMicros(2);
        timeStampTokenGenerator.setOrdering(true);
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        timeStampRequestGenerator.setCertReq(true);
        TimeStampRequest generate = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100L));
        assertTrue(generate.getCertReq());
        TimeStampResponseGenerator timeStampResponseGenerator = new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED);
        try {
            generateRejectedResponse = timeStampResponseGenerator.generateGrantedResponse(generate, new BigInteger("23"), new Date());
        } catch (TSPException e) {
            generateRejectedResponse = timeStampResponseGenerator.generateRejectedResponse(e);
        }
        TimeStampResponse timeStampResponse = new TimeStampResponse(generateRejectedResponse.getEncoded());
        TimeStampToken timeStampToken = timeStampResponse.getTimeStampToken();
        timeStampToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(x509Certificate));
        timeStampResponse.validate(generate);
        TimeStampTokenInfo timeStampInfo = timeStampToken.getTimeStampInfo();
        GenTimeAccuracy genTimeAccuracy = timeStampInfo.getGenTimeAccuracy();
        assertEquals(3, genTimeAccuracy.getSeconds());
        assertEquals(1, genTimeAccuracy.getMillis());
        assertEquals(2, genTimeAccuracy.getMicros());
        assertEquals(new BigInteger("23"), timeStampInfo.getSerialNumber());
        assertEquals("1.2.3", timeStampInfo.getPolicy().getId());
        assertEquals(true, timeStampInfo.isOrdered());
        assertEquals(timeStampInfo.getNonce(), BigInteger.valueOf(100L));
        assertEquals(2, timeStampToken.getCertificates().getMatches(null).size());
    }

    private void testNoNonse(PrivateKey privateKey, X509Certificate x509Certificate, Store store) throws Exception {
        TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(new JcaContentSignerBuilder("MD5withRSA").setProvider("BC").build(privateKey), x509Certificate), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2.3"));
        timeStampTokenGenerator.addCertificates(store);
        TimeStampRequest generate = new TimeStampRequestGenerator().generate(TSPAlgorithms.SHA1, new byte[20]);
        assertFalse(generate.getCertReq());
        TimeStampResponse timeStampResponse = new TimeStampResponse(new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(generate, new BigInteger("24"), new Date()).getEncoded());
        TimeStampToken timeStampToken = timeStampResponse.getTimeStampToken();
        timeStampToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(x509Certificate));
        timeStampResponse.validate(generate);
        TimeStampTokenInfo timeStampInfo = timeStampToken.getTimeStampInfo();
        assertNull(timeStampInfo.getGenTimeAccuracy());
        assertEquals(new BigInteger("24"), timeStampInfo.getSerialNumber());
        assertEquals("1.2.3", timeStampInfo.getPolicy().getId());
        assertEquals(false, timeStampInfo.isOrdered());
        assertNull(timeStampInfo.getNonce());
        assertEquals(0, timeStampToken.getCertificates().getMatches(null).size());
    }
}
