package net.ripe.rpki.commons.crypto.cms.aspa;

import com.google.common.collect.ImmutableSortedSet;
import com.pholser.junit.quickcheck.Property;
import com.pholser.junit.quickcheck.When;
import com.pholser.junit.quickcheck.runner.JUnitQuickcheck;
import java.math.BigInteger;
import java.net.URI;
import java.security.KeyPair;
import java.util.Comparator;
import java.util.List;
import java.util.Optional;
import javax.security.auth.x500.X500Principal;
import net.ripe.ipresource.Asn;
import net.ripe.ipresource.IpResource;
import net.ripe.ipresource.IpResourceSet;
import net.ripe.rpki.commons.crypto.ValidityPeriod;
import net.ripe.rpki.commons.crypto.rfc3779.AddressFamily;
import net.ripe.rpki.commons.crypto.util.KeyPairFactoryTest;
import net.ripe.rpki.commons.crypto.x509cert.X509CertificateInformationAccessDescriptor;
import net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate;
import net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificateBuilder;
import net.ripe.rpki.commons.util.UTC;
import org.assertj.core.api.Assertions;
import org.joda.time.DateTime;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;

@RunWith(JUnitQuickcheck.class)
/* loaded from: input_file:net/ripe/rpki/commons/crypto/cms/aspa/AspaCmsTest.class */
public class AspaCmsTest {
    private static final KeyPair TEST_KEY_PAIR = KeyPairFactoryTest.TEST_KEY_PAIR;
    private static final X500Principal TEST_DN = new X500Principal("CN=issuer");
    private static final URI TEST_LOCATION = URI.create("rsync://certificate/repository/filename.asa");
    private static final URI TEST_CA_LOCATION = URI.create("rsync://certificate/repository/ca.cer");
    private static final BigInteger ROA_CERT_SERIAL = BigInteger.TEN;
    private static final ImmutableSortedSet<ProviderAS> PROVIDER_AS_SET = ImmutableSortedSet.naturalOrder().add(new ProviderAS(Asn.parse("AS65001"), Optional.empty())).add(new ProviderAS(Asn.parse("AS65002"), Optional.of(AddressFamily.IPV4))).build();
    private static final Asn CUSTOMER_ASN = Asn.parse("AS65000");

    @Test
    public void should_reject_creating_aspa_with_empty_provider_as_set() {
        Assertions.assertThatThrownBy(() -> {
            createAspa(CUSTOMER_ASN, ImmutableSortedSet.of());
        }).isInstanceOfSatisfying(IllegalArgumentException.class, illegalArgumentException -> {
            Assertions.assertThat(illegalArgumentException.getMessage()).isEqualTo("ProviderASSet must not be empty");
        });
    }

    @Property(trials = 100)
    public void should_generate_aspa(int i, @When(satisfies = "!#_.isEmpty") List<ProviderAS> list) {
        Asn asn = new Asn(Integer.toUnsignedLong(i));
        ImmutableSortedSet immutableSortedSet = (ImmutableSortedSet) list.stream().collect(ImmutableSortedSet.toImmutableSortedSet(Comparator.naturalOrder()));
        AspaCms createAspa = createAspa(asn, immutableSortedSet);
        Assert.assertEquals(0L, createAspa.getVersion());
        Assert.assertEquals(asn, createAspa.getCustomerAsn());
        Assert.assertEquals(immutableSortedSet, createAspa.getProviderASSet());
    }

    public static AspaCms createAspa() {
        return createAspa(CUSTOMER_ASN, PROVIDER_AS_SET);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static AspaCms createAspa(Asn asn, ImmutableSortedSet<ProviderAS> immutableSortedSet) {
        AspaCmsBuilder aspaCmsBuilder = new AspaCmsBuilder();
        aspaCmsBuilder.withCertificate(createCertificate(new IpResourceSet(new IpResource[]{asn})));
        aspaCmsBuilder.withCustomerAsn(asn);
        aspaCmsBuilder.withProviderASSet(immutableSortedSet);
        aspaCmsBuilder.withSignatureProvider("SunRsaSign");
        return aspaCmsBuilder.build(TEST_KEY_PAIR.getPrivate());
    }

    private static X509ResourceCertificate createCertificate(IpResourceSet ipResourceSet) {
        X509ResourceCertificateBuilder x509ResourceCertificateBuilder = new X509ResourceCertificateBuilder();
        x509ResourceCertificateBuilder.withCa(false).withIssuerDN(TEST_DN).withSubjectDN(TEST_DN).withSerial(ROA_CERT_SERIAL);
        x509ResourceCertificateBuilder.withPublicKey(TEST_KEY_PAIR.getPublic());
        x509ResourceCertificateBuilder.withSigningKeyPair(TEST_KEY_PAIR);
        DateTime dateTime = UTC.dateTime();
        x509ResourceCertificateBuilder.withKeyUsage(128);
        x509ResourceCertificateBuilder.withValidityPeriod(new ValidityPeriod(dateTime.minusMinutes(1), dateTime.plusYears(1)));
        x509ResourceCertificateBuilder.withResources(ipResourceSet);
        x509ResourceCertificateBuilder.withSubjectInformationAccess(new X509CertificateInformationAccessDescriptor[]{new X509CertificateInformationAccessDescriptor(X509CertificateInformationAccessDescriptor.ID_AD_SIGNED_OBJECT, TEST_LOCATION)});
        x509ResourceCertificateBuilder.withAuthorityInformationAccess(new X509CertificateInformationAccessDescriptor[]{new X509CertificateInformationAccessDescriptor(X509CertificateInformationAccessDescriptor.ID_CA_CA_ISSUERS, TEST_CA_LOCATION)});
        return x509ResourceCertificateBuilder.build();
    }
}
