package pl.edu.icm.unity.engine;

import eu.emi.security.authn.x509.impl.CertificateUtils;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import org.assertj.core.api.Assertions;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import pl.edu.icm.unity.engine.api.PKIManagement;
import pl.edu.icm.unity.engine.api.pki.NamedCertificate;
import pl.edu.icm.unity.exceptions.AuthorizationException;
import pl.edu.icm.unity.types.basic.EntityState;
import pl.edu.icm.unity.types.basic.IdentityParam;

/* loaded from: input_file:pl/edu/icm/unity/engine/TestPKICertificates.class */
public class TestPKICertificates extends DBIntegrationTestBase {

    @Autowired
    private PKIManagement pkiMan;

    @Override // pl.edu.icm.unity.engine.SecuredDBIntegrationTestBase
    @Before
    public void clear() throws Exception {
        this.insecureServerMan.resetDatabase();
        Iterator it = this.pkiMan.getVolatileCertificates().iterator();
        while (it.hasNext()) {
            this.pkiMan.removeCertificate(((NamedCertificate) it.next()).name);
        }
    }

    @Test
    public void shouldAddPersistedCert() throws Exception {
        this.pkiMan.addPersistedCertificate(new NamedCertificate("cert1", getX509Cert()));
        Assert.assertThat(this.pkiMan.getCertificate("cert1"), CoreMatchers.is(CoreMatchers.notNullValue()));
    }

    @Test
    public void shouldAddVolatileCert() throws Exception {
        this.pkiMan.addVolatileCertificate("cert1", getX509Cert());
        Assert.assertThat(this.pkiMan.getCertificate("cert1"), CoreMatchers.is(CoreMatchers.notNullValue()));
    }

    @Test
    public void shouldRemoveCert() throws Exception {
        this.pkiMan.addVolatileCertificate("cert1", getX509Cert());
        this.pkiMan.addPersistedCertificate(new NamedCertificate("cert2", getX509Cert()));
        this.pkiMan.removeCertificate("cert1");
        this.pkiMan.removeCertificate("cert2");
        Assert.assertThat(Integer.valueOf(this.pkiMan.getAllCertificateNames().size()), CoreMatchers.is(0));
    }

    @Test
    public void shouldBlockAddingCertWithTheSameName() throws Exception {
        this.pkiMan.addVolatileCertificate("cert1", getX509Cert());
        assertExceptionType(Assertions.catchThrowable(() -> {
            this.pkiMan.addPersistedCertificate(new NamedCertificate("cert1", getX509Cert()));
        }), IllegalArgumentException.class);
        assertExceptionType(Assertions.catchThrowable(() -> {
            this.pkiMan.addVolatileCertificate("cert1", getX509Cert());
        }), IllegalArgumentException.class);
    }

    @Test
    public void shouldListAllCertNames() throws Exception {
        this.pkiMan.addVolatileCertificate("cert1", getX509Cert());
        this.pkiMan.addVolatileCertificate("cert2", getX509Cert());
        this.pkiMan.addPersistedCertificate(new NamedCertificate("cert3", getX509Cert()));
        Assert.assertThat(Integer.valueOf(this.pkiMan.getAllCertificateNames().size()), CoreMatchers.is(3));
        Assert.assertThat(this.pkiMan.getAllCertificateNames(), CoreMatchers.hasItems(new String[]{"cert1", "cert2", "cert3"}));
    }

    @Test
    public void shouldBlockAddingCertByUnprivilagedUser() throws Exception {
        setupPasswordAuthn();
        this.idsMan.addEntity(new IdentityParam("userName", "tuser"), DBIntegrationTestBase.CRED_REQ_PASS, EntityState.valid);
        setupUserContext("tuser", null);
        assertExceptionType(Assertions.catchThrowable(() -> {
            this.pkiMan.addPersistedCertificate(new NamedCertificate("cert1", getX509Cert()));
        }), AuthorizationException.class);
    }

    private X509Certificate getX509Cert() throws IOException {
        return CertificateUtils.loadCertificate(new ByteArrayInputStream("-----BEGIN CERTIFICATE-----\nMIIDbDCCAlSgAwIBAgIJAPm9oVHHE5w+MA0GCSqGSIb3DQEBBQUAMDoxCzAJBgNVBAYTAkVVMQ4w\nDAYDVQQKDAVVbml0eTEbMBkGA1UEAwwSVW5pdHkgTG93IFRydXN0IENBMB4XDTE2MDMyNDEzNTk0\nNFoXDTIxMDMyMzEzNTk0NFowQjELMAkGA1UEBhMCRVUxDzANBgNVBAcMBldhcnNhdzEOMAwGA1UE\nCgwFVW5pdHkxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAN6S2OegRYU11rM8w4uGwp4g3HToZ5dHjWIAeU3ngtpJ6yHMVwAqWwmPvOJTYg+Hed4tFwbr\n5+xt9kbZwNVjojbSFueoRjD6c5ycTkUjPA+ORKawflCxp8kUuggyr2abcp3+C+AuY76OcxttGBaR\niyzkAca+I0LzcU3wdSl2/h5guEdUobyzBGmt8Kmm2lHqhj1iTPz6Chg5yFnsdCXTDUCVAoxB0Mf/\nbm0/1BDElCpA/pqE9ktGxFErUDtHr8K03eW3U5DZ48/3jKtSEPg443YfffDn81PDvvxRzebJP0T9\nqKzUYshMeZZr5kN9hwMwmpzLSYHYnL1mx+lhvZivRVkCAwEAAaNtMGswCQYDVR0TBAIwADARBglg\nhkgBhvhCAQEEBAMCBPAwCwYDVR0PBAQDAgTwMB0GA1UdDgQWBBTBrFcGtlUpRgdy9otQNqZZP/QN\nnTAfBgNVHSMEGDAWgBRm3s0c1pLap1K6RvAkez4McgfAFjANBgkqhkiG9w0BAQUFAAOCAQEAJN40\nmS+s2OU3t40h1ghTgLj3JNKtl5fucd3w8ZYawAHTgJGDw3l6eTUPwhDPGV6If1gNsIDzoGDUmb1i\nPwR27xzsP+iWZ5SO0q03tpH3lpYcFV1tnWJ8MrFYHgAvt/j7tRC1N9j2MMvRf9oSNYtlbj/pXq3f\n8MkLf4uGJK9SYTmd4EpCch5DiLYHHTkknmYLxMtdqwl2SRfpu2/Ch989Ha1yokQgkZfYJKFA3Bvg\nYgZc+Q6aeXeVUkBedE5SyDVpChGjdTN7iVgu9kL6l1aRGo1KnN78ce8JwhljjaAm9Fckt4OFMpuN\nhX879+8p8lQcNFBto0ILS+I4AjFR4Ljtlg==\n-----END CERTIFICATE-----\n".getBytes()), CertificateUtils.Encoding.PEM);
    }
}
