package io.airlift.security.cert;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.time.LocalDate;
import java.time.ZoneOffset;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:io/airlift/security/cert/TestCertificateBuilder.class */
public class TestCertificateBuilder {
    @Test
    public void test() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        X500Principal x500Principal = new X500Principal("CN=issuer,O=Airlift");
        X500Principal x500Principal2 = new X500Principal("CN=subject,O=Airlift");
        LocalDate now = LocalDate.now();
        LocalDate plus = now.plus(10L, (TemporalUnit) ChronoUnit.YEARS);
        X509Certificate buildSelfSigned = CertificateBuilder.certificateBuilder().setKeyPair(generateKeyPair).setSerialNumber(12345L).setIssuer(x500Principal).setNotBefore(now).setNotAfter(plus).setSubject(x500Principal2).buildSelfSigned();
        Assert.assertEquals(buildSelfSigned.getSerialNumber(), BigInteger.valueOf(12345L));
        Assert.assertEquals(buildSelfSigned.getIssuerX500Principal(), x500Principal);
        Assert.assertEquals(buildSelfSigned.getNotBefore().toInstant(), now.atStartOfDay().toInstant(ZoneOffset.UTC));
        Assert.assertEquals(buildSelfSigned.getNotAfter().toInstant(), plus.atTime(23, 59, 59).toInstant(ZoneOffset.UTC));
        Assert.assertEquals(buildSelfSigned.getSubjectX500Principal(), x500Principal2);
        Assert.assertEquals(buildSelfSigned.getPublicKey(), generateKeyPair.getPublic());
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, new char[0]);
        keyStore.setCertificateEntry("test", buildSelfSigned);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                ((X509TrustManager) trustManager).checkServerTrusted(new X509Certificate[]{buildSelfSigned}, "RSA");
            }
        }
    }
}
