package net.ripe.rpki.commons.provisioning.x509;

import java.security.KeyPair;
import java.util.Arrays;
import javax.security.auth.x500.X500Principal;
import net.ripe.rpki.commons.provisioning.ProvisioningObjectMother;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:net/ripe/rpki/commons/provisioning/x509/ProvisioningIdentityCertificateBuilderTest.class */
public class ProvisioningIdentityCertificateBuilderTest {
    private ProvisioningIdentityCertificateBuilder subject;
    public static final X500Principal SELF_SIGNING_DN = new X500Principal("CN=test");
    public static final KeyPair TEST_IDENTITY_KEYPAIR = ProvisioningObjectMother.TEST_KEY_PAIR;
    public static final KeyPair TEST_IDENTITY_KEYPAIR_2 = ProvisioningObjectMother.TEST_KEY_PAIR_2;
    public static final ProvisioningIdentityCertificate TEST_IDENTITY_CERT = getTestProvisioningIdentityCertificate();
    public static final ProvisioningIdentityCertificate TEST_IDENTITY_CERT_2 = getProvisioningIdentityCertificateForKey2();

    private static ProvisioningIdentityCertificate getTestProvisioningIdentityCertificate() {
        return getTestBuilder(TEST_IDENTITY_KEYPAIR).build();
    }

    private static ProvisioningIdentityCertificate getProvisioningIdentityCertificateForKey2() {
        return getTestBuilder(TEST_IDENTITY_KEYPAIR_2).build();
    }

    private static ProvisioningIdentityCertificateBuilder getTestBuilder(KeyPair keyPair) {
        ProvisioningIdentityCertificateBuilder provisioningIdentityCertificateBuilder = new ProvisioningIdentityCertificateBuilder();
        provisioningIdentityCertificateBuilder.withSelfSigningKeyPair(keyPair);
        provisioningIdentityCertificateBuilder.withSelfSigningSubject(SELF_SIGNING_DN);
        return provisioningIdentityCertificateBuilder;
    }

    @Before
    public void setUp() {
        this.subject = getTestBuilder(TEST_IDENTITY_KEYPAIR);
    }

    @Test
    public void shouldBuild() {
        Assert.assertNotNull(this.subject.build());
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldRequireSelfSigningKeyPair() {
        this.subject = new ProvisioningIdentityCertificateBuilder();
        this.subject.withSelfSigningSubject(SELF_SIGNING_DN);
        this.subject.build();
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldRequireSelfSigningDN() {
        this.subject.withSelfSigningSubject((X500Principal) null);
        this.subject.build();
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldRequireSignatureProvider() {
        this.subject.withSignatureProvider((String) null);
        this.subject.build();
    }

    @Test
    public void shouldUseSHA256withRSA() {
        Assert.assertEquals("SHA256withRSA", this.subject.build().getCertificate().getSigAlgName());
    }

    @Test
    public void shouldUseProvidedSigningKey() {
        Assert.assertEquals(TEST_IDENTITY_KEYPAIR.getPublic(), TEST_IDENTITY_CERT.getPublicKey());
    }

    @Test
    public void shouldHaveNoRsyncCrlPointer() {
        Assert.assertNull(TEST_IDENTITY_CERT.findFirstRsyncCrlDistributionPoint());
    }

    @Test
    public void shouldNotHaveAiaPointer() {
        Assert.assertNull(TEST_IDENTITY_CERT.getAuthorityInformationAccess());
    }

    @Test
    public void shouldHaveSiaPointerToDirectoryOnly() {
        Assert.assertNull(TEST_IDENTITY_CERT.getSubjectInformationAccess());
    }

    @Test
    public void shouldBeACACertificate() {
        Assert.assertTrue(TEST_IDENTITY_CERT.isCa());
    }

    @Test
    public void shouldIncludeKeyUsageBitsCertSignAndCrlCertSign() {
        boolean[] keyUsage = TEST_IDENTITY_CERT.getCertificate().getKeyUsage();
        Assert.assertNotNull(keyUsage);
        Assert.assertTrue(Arrays.equals(new boolean[]{false, false, false, false, false, true, true, false, false}, keyUsage));
    }
}
