package net.ripe.rpki.commons.crypto.x509cert;

import java.math.BigInteger;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.security.auth.x500.X500Principal;
import net.ripe.rpki.commons.crypto.ValidityPeriod;
import net.ripe.rpki.commons.crypto.util.KeyPairFactoryTest;
import net.ripe.rpki.commons.util.UTC;
import org.joda.time.DateTime;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:net/ripe/rpki/commons/crypto/x509cert/X509RouterCertificateTest.class */
public class X509RouterCertificateTest {
    private static final URI MFT_URI = URI.create("rsync://host.foo/bar/ta.mft");
    private static final URI PUB_DIR_URI = URI.create("rsync://host.foo/bar/");
    public static final X500Principal TEST_SELF_SIGNED_CERTIFICATE_NAME = new X500Principal("CN=TEST-SELF-SIGNED-CERT");
    private static final ValidityPeriod TEST_VALIDITY_PERIOD;
    private static final BigInteger TEST_SERIAL_NUMBER;

    public static X509RouterCertificateBuilder createBasicBuilder() {
        X509RouterCertificateBuilder x509RouterCertificateBuilder = new X509RouterCertificateBuilder();
        x509RouterCertificateBuilder.withSubjectDN(TEST_SELF_SIGNED_CERTIFICATE_NAME);
        x509RouterCertificateBuilder.withIssuerDN(TEST_SELF_SIGNED_CERTIFICATE_NAME);
        x509RouterCertificateBuilder.withSerial(TEST_SERIAL_NUMBER);
        x509RouterCertificateBuilder.withValidityPeriod(TEST_VALIDITY_PERIOD);
        x509RouterCertificateBuilder.withPublicKey(KeyPairFactoryTest.TEST_KEY_PAIR.getPublic());
        x509RouterCertificateBuilder.withSigningKeyPair(KeyPairFactoryTest.TEST_KEY_PAIR);
        x509RouterCertificateBuilder.withAuthorityKeyIdentifier(true);
        x509RouterCertificateBuilder.withAsns(new int[]{1, 22, 333});
        return x509RouterCertificateBuilder;
    }

    public static X509RouterCertificateBuilder createSelfSignedRouterCertificateBuilder() {
        return createBasicBuilder().withCa(false).withSubjectDN(TEST_SELF_SIGNED_CERTIFICATE_NAME).withIssuerDN(TEST_SELF_SIGNED_CERTIFICATE_NAME);
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldRequireCertificate() {
        new X509RouterCertificate((X509Certificate) null);
    }

    @Test
    public void shouldSupportCaCertificate() {
        X509RouterCertificate build = createSelfSignedRouterCertificateBuilder().build();
        Assert.assertFalse(build.isCa());
        Assert.assertTrue(build.isRouter());
    }

    @Test
    public void shouldSupportAuthorityInformationAccessExtension() throws URISyntaxException {
        X509CertificateInformationAccessDescriptor[] x509CertificateInformationAccessDescriptorArr = {new X509CertificateInformationAccessDescriptor(X509CertificateInformationAccessDescriptor.ID_CA_CA_ISSUERS, new URI("rsync://foo.host/bar/baz.cer")), new X509CertificateInformationAccessDescriptor(X509CertificateInformationAccessDescriptor.ID_CA_CA_ISSUERS, new URI("http://foo.host/bar/baz.cer"))};
        X509RouterCertificateBuilder createSelfSignedRouterCertificateBuilder = createSelfSignedRouterCertificateBuilder();
        createSelfSignedRouterCertificateBuilder.withAuthorityInformationAccess(x509CertificateInformationAccessDescriptorArr);
        X509RouterCertificate build = createSelfSignedRouterCertificateBuilder.build();
        Assert.assertArrayEquals(x509CertificateInformationAccessDescriptorArr, build.getAuthorityInformationAccess());
        Assert.assertEquals(x509CertificateInformationAccessDescriptorArr[0].getLocation(), build.findFirstAuthorityInformationAccessByMethod(X509CertificateInformationAccessDescriptor.ID_CA_CA_ISSUERS));
        Assert.assertNull(build.findFirstAuthorityInformationAccessByMethod(X509CertificateInformationAccessDescriptor.ID_AD_RPKI_MANIFEST));
        Assert.assertNotNull(build.findFirstAuthorityInformationAccessByMethod(X509CertificateInformationAccessDescriptor.ID_CA_CA_ISSUERS));
    }

    @Test
    public void shouldSupportSubjectInformationAccessExtension() throws URISyntaxException {
        X509CertificateInformationAccessDescriptor[] x509CertificateInformationAccessDescriptorArr = {new X509CertificateInformationAccessDescriptor(X509CertificateInformationAccessDescriptor.ID_AD_CA_REPOSITORY, new URI("rsync://foo.host/bar/")), new X509CertificateInformationAccessDescriptor(X509CertificateInformationAccessDescriptor.ID_AD_CA_REPOSITORY, new URI("http://foo.host/bar/"))};
        X509RouterCertificateBuilder createSelfSignedRouterCertificateBuilder = createSelfSignedRouterCertificateBuilder();
        createSelfSignedRouterCertificateBuilder.withSubjectInformationAccess(x509CertificateInformationAccessDescriptorArr);
        X509RouterCertificate build = createSelfSignedRouterCertificateBuilder.build();
        Assert.assertArrayEquals(x509CertificateInformationAccessDescriptorArr, build.getSubjectInformationAccess());
        Assert.assertNotNull(build.findFirstSubjectInformationAccessByMethod(X509CertificateInformationAccessDescriptor.ID_AD_CA_REPOSITORY));
    }

    @Test
    public void shouldSupportCrlDistributionPoints() {
        URI[] uriArr = {URI.create("rsync://localhost/ca.crl")};
        X509RouterCertificateBuilder createSelfSignedRouterCertificateBuilder = createSelfSignedRouterCertificateBuilder();
        createSelfSignedRouterCertificateBuilder.withCrlDistributionPoints(uriArr);
        X509RouterCertificate build = createSelfSignedRouterCertificateBuilder.build();
        Assert.assertArrayEquals(uriArr, build.getCrlDistributionPoints());
        Assert.assertNotNull(build.findFirstRsyncCrlDistributionPoint());
    }

    @Test
    public void shouldHaveValidSignature() throws InvalidKeyException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
        createSelfSignedRouterCertificateBuilder().build().getCertificate().verify(KeyPairFactoryTest.TEST_KEY_PAIR.getPublic());
    }

    @Test(expected = SignatureException.class)
    public void shouldFailOnInvalidSignature() throws InvalidKeyException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
        createSelfSignedRouterCertificateBuilder().build().getCertificate().verify(KeyPairFactoryTest.SECOND_TEST_KEY_PAIR.getPublic());
    }

    static {
        DateTime dateTime = UTC.dateTime();
        TEST_VALIDITY_PERIOD = new ValidityPeriod(dateTime.minusMinutes(1), dateTime.plusYears(100));
        TEST_SERIAL_NUMBER = BigInteger.valueOf(900L);
    }
}
