package net.ripe.rpki.commons.provisioning.x509;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.PublicKey;
import java.util.Arrays;
import javax.security.auth.x500.X500Principal;
import net.ripe.rpki.commons.crypto.util.PregeneratedKeyPairFactory;
import net.ripe.rpki.commons.provisioning.ProvisioningObjectMother;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:net/ripe/rpki/commons/provisioning/x509/ProvisioningCmsCertificateBuilderTest.class */
public class ProvisioningCmsCertificateBuilderTest {
    public static final KeyPair EE_KEYPAIR = PregeneratedKeyPairFactory.getInstance().generate();
    public static final ProvisioningCmsCertificate TEST_CMS_CERT = getTestProvisioningCmsCertificate();
    private ProvisioningCmsCertificateBuilder subject;

    private static ProvisioningCmsCertificate getTestProvisioningCmsCertificate() {
        return getTestBuilder().build();
    }

    private static ProvisioningCmsCertificateBuilder getTestBuilder() {
        ProvisioningCmsCertificateBuilder provisioningCmsCertificateBuilder = new ProvisioningCmsCertificateBuilder();
        provisioningCmsCertificateBuilder.withIssuerDN(ProvisioningIdentityCertificateBuilderTest.TEST_IDENTITY_CERT.getSubject());
        provisioningCmsCertificateBuilder.withSerial(BigInteger.TEN);
        provisioningCmsCertificateBuilder.withPublicKey(EE_KEYPAIR.getPublic());
        provisioningCmsCertificateBuilder.withSubjectDN(new X500Principal("CN=end-entity"));
        provisioningCmsCertificateBuilder.withSigningKeyPair(ProvisioningObjectMother.TEST_KEY_PAIR);
        provisioningCmsCertificateBuilder.withSignatureProvider("SunRsaSign");
        return provisioningCmsCertificateBuilder;
    }

    @Before
    public void setUp() {
        this.subject = getTestBuilder();
    }

    @Test
    public void shouldBuild() {
        Assert.assertNotNull(this.subject.build());
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldRequirePublicKey() {
        this.subject.withPublicKey((PublicKey) null);
        this.subject.build();
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldRequireIssuerDN() {
        this.subject.withIssuerDN((X500Principal) null);
        this.subject.build();
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldRequireSubjectDN() {
        this.subject.withSubjectDN((X500Principal) null);
        this.subject.build();
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldRequireSerial() {
        this.subject.withSerial((BigInteger) null);
        this.subject.build();
    }

    @Test
    public void shouldUseSHA256withRSA() {
        Assert.assertEquals("SHA256withRSA", TEST_CMS_CERT.getCertificate().getSigAlgName());
    }

    @Test
    public void shouldUseProvidedSubjectKey() {
        Assert.assertEquals(EE_KEYPAIR.getPublic(), TEST_CMS_CERT.getCertificate().getPublicKey());
    }

    @Test
    public void shouldNotHaveRsyncCrlPointer() {
        Assert.assertNull(TEST_CMS_CERT.findFirstRsyncCrlDistributionPoint());
    }

    @Test
    public void shouldNotHaveAiaPointer() {
        Assert.assertNull(TEST_CMS_CERT.getAuthorityInformationAccess());
    }

    @Test
    public void shouldHaveNoSiaPointer() {
        Assert.assertNull(TEST_CMS_CERT.getSubjectInformationAccess());
    }

    @Test
    public void shouldBeAnEECertificate() {
        Assert.assertFalse(TEST_CMS_CERT.isCa());
    }

    @Test
    public void shouldHaveKeyUsageExtensionDigitalSignature() {
        Assert.assertTrue(Arrays.equals(new boolean[]{true, false, false, false, false, false, false, false, false}, TEST_CMS_CERT.getCertificate().getKeyUsage()));
    }
}
