package io.airlift.security.pem;

import com.google.common.collect.Iterables;
import java.io.File;
import java.net.URL;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Optional;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:io/airlift/security/pem/TestPemReader.class */
public class TestPemReader {
    @Test
    public void testLoadKeyStore() throws Exception {
        testLoadKeyStore("rsa.crt", "rsa.key");
        testLoadKeyStore("ec.crt", "ec.key");
        testLoadKeyStore("dsa.crt", "dsa.key");
    }

    private static void testLoadKeyStore(String str, String str2) throws Exception {
        KeyStore loadKeyStore = PemReader.loadKeyStore(getResourceFile(str), getResourceFile(str2), Optional.empty());
        assertCertificateChain(loadKeyStore);
        Assert.assertNotNull(loadKeyStore.getCertificate("key"));
        Key key = loadKeyStore.getKey("key", new char[0]);
        Assert.assertNotNull(key);
        Assert.assertTrue(key instanceof PrivateKey);
        Assert.assertEquals(key, PemReader.loadPrivateKey(PemWriter.writePrivateKey((PrivateKey) key), Optional.empty()));
    }

    @Test
    public void testLoadTrustStore() throws Exception {
        assertCertificateChain(PemReader.loadTrustStore(getResourceFile("rsa.crt")));
        assertCertificateChain(PemReader.loadTrustStore(getResourceFile("ec.crt")));
        assertCertificateChain(PemReader.loadTrustStore(getResourceFile("dsa.crt")));
    }

    private static void assertCertificateChain(KeyStore keyStore) throws Exception {
        ArrayList list = Collections.list(keyStore.aliases());
        Assert.assertEquals(list.size(), 1);
        Certificate certificate = keyStore.getCertificate((String) list.get(0));
        Assert.assertNotNull(certificate);
        Assert.assertTrue(certificate instanceof X509Certificate);
        X509Certificate x509Certificate = (X509Certificate) certificate;
        assertX509Certificate(x509Certificate);
        assertX509Certificate((X509Certificate) Iterables.getOnlyElement(PemReader.readCertificateChain(PemWriter.writeCertificate(x509Certificate))));
    }

    private static void assertX509Certificate(X509Certificate x509Certificate) throws InvalidNameException {
        Optional findFirst = new LdapName(x509Certificate.getSubjectX500Principal().getName()).getRdns().stream().filter(rdn -> {
            return rdn.getType().equals("CN");
        }).map((v0) -> {
            return v0.getValue();
        }).findFirst();
        Class<String> cls = String.class;
        String.class.getClass();
        Assert.assertEquals((String) findFirst.map(cls::cast).orElseThrow(() -> {
            return new AssertionError("Certificate subject name does not contain a CN");
        }), "Test User");
    }

    private static File getResourceFile(String str) {
        URL resource = TestPemReader.class.getClassLoader().getResource(str);
        if (resource == null) {
            throw new IllegalArgumentException("Resource not found " + str);
        }
        return new File(resource.getFile());
    }
}
