package net.ripe.rpki.commons.crypto.x509cert;

import com.google.common.io.Files;
import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateEncodingException;
import javax.security.auth.x500.X500Principal;
import net.ripe.ipresource.IpResourceSet;
import net.ripe.rpki.commons.crypto.ValidityPeriod;
import net.ripe.rpki.commons.crypto.util.KeyPairFactoryTest;
import net.ripe.rpki.commons.util.UTC;
import net.ripe.rpki.commons.validation.ValidationCheck;
import net.ripe.rpki.commons.validation.ValidationLocation;
import net.ripe.rpki.commons.validation.ValidationStatus;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:net/ripe/rpki/commons/crypto/x509cert/X509RouterCertificateParserTest.class */
public class X509RouterCertificateParserTest {
    private X509RouterCertificateParser subject = new X509RouterCertificateParser();

    @Test(expected = IllegalArgumentException.class)
    public void shouldRequireResourceCertificatePolicy() {
        X509ResourceCertificateBuilder createSelfSignedCaResourceCertificateBuilder = X509ResourceCertificateTest.createSelfSignedCaResourceCertificateBuilder();
        X509CertificateBuilderTestUtils.setPoliciesOnBuilderHelperAttribute(createSelfSignedCaResourceCertificateBuilder, new PolicyInformation[0]);
        this.subject.parse("certificate", createSelfSignedCaResourceCertificateBuilder.build().getEncoded());
        this.subject.getCertificate();
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldNotParseResourceCertificateWhenResourceExtensionsArePresent() {
        this.subject.parse("certificate", X509ResourceCertificateTest.createSelfSignedCaResourceCertificateBuilder().build().getEncoded());
        this.subject.getCertificate();
    }

    @Test
    public void shouldFailOnInvalidInput() {
        this.subject.parse("badly", new byte[]{1, 3, 35});
        Assert.assertTrue(this.subject.getValidationResult().getFailures(new ValidationLocation("badly")).contains(new ValidationCheck(ValidationStatus.ERROR, "cert.parsed", new String[0])));
    }

    @Test
    public void shouldFailOnInvalidSignatureAlgorithm() throws CertificateEncodingException {
        X509CertificateBuilderHelper x509CertificateBuilderHelper = new X509CertificateBuilderHelper();
        x509CertificateBuilderHelper.withSubjectDN(new X500Principal("CN=zz.subject")).withIssuerDN(new X500Principal("CN=zz.issuer"));
        x509CertificateBuilderHelper.withSerial(BigInteger.ONE);
        x509CertificateBuilderHelper.withPublicKey(KeyPairFactoryTest.TEST_KEY_PAIR.getPublic());
        x509CertificateBuilderHelper.withSigningKeyPair(KeyPairFactoryTest.SECOND_TEST_KEY_PAIR);
        DateTime dateTime = UTC.dateTime();
        x509CertificateBuilderHelper.withValidityPeriod(new ValidityPeriod(dateTime, new DateTime(dateTime.getYear() + 1, 1, 1, 0, 0, 0, 0, DateTimeZone.UTC)));
        x509CertificateBuilderHelper.withResources(IpResourceSet.ALL_PRIVATE_USE_RESOURCES);
        x509CertificateBuilderHelper.withSignatureAlgorithm("MD5withRSA");
        this.subject.parse("certificate", x509CertificateBuilderHelper.generateCertificate().getEncoded());
        Assert.assertTrue(this.subject.getValidationResult().hasFailures());
        Assert.assertFalse(this.subject.getValidationResult().getResult(new ValidationLocation("certificate"), "cert.signature.algorithm").isOk());
    }

    @Test
    public void should_validate_key_algorithm_and_size() {
        this.subject.parse("certificate", X509ResourceCertificateTest.createSelfSignedCaResourceCertificateBuilder().build().getEncoded());
        Assert.assertTrue(this.subject.getValidationResult().getResult(new ValidationLocation("certificate"), "cert.public.key.algorithm").isOk());
        Assert.assertTrue(this.subject.getValidationResult().getResult(new ValidationLocation("certificate"), "cert.public.key.size").isOk());
    }

    @Test
    public void should_parse_the_real_router_certificate() throws IOException {
        this.subject.parse("certificate", Files.toByteArray(new File("src/test/resources/router/router_certificate.cer")));
        Assert.assertFalse(this.subject.getValidationResult().hasFailureForCurrentLocation());
        Assert.assertNotNull(this.subject.getCertificate());
    }
}
