package net.ripe.rpki.commons.crypto.x509cert;

import java.math.BigInteger;
import java.net.URI;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.CertificateParsingException;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import net.ripe.ipresource.IpResourceSet;
import net.ripe.rpki.commons.crypto.ValidityPeriod;
import net.ripe.rpki.commons.crypto.rfc3779.ResourceExtensionEncoder;
import net.ripe.rpki.commons.crypto.rfc3779.ResourceExtensionParser;
import net.ripe.rpki.commons.crypto.rfc8209.RouterExtensionEncoder;
import net.ripe.rpki.commons.crypto.util.KeyPairFactoryTest;
import net.ripe.rpki.commons.util.UTC;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:net/ripe/rpki/commons/crypto/x509cert/X509RouterCertificateBuilderTest.class */
public class X509RouterCertificateBuilderTest {
    private X509RouterCertificateBuilder subject;

    @Before
    public void setUp() {
        this.subject = new X509RouterCertificateBuilder();
        this.subject.withSubjectDN(new X500Principal("CN=zz.subject")).withIssuerDN(new X500Principal("CN=zz.issuer"));
        this.subject.withSerial(BigInteger.ONE);
        this.subject.withPublicKey(KeyPairFactoryTest.TEST_KEY_PAIR.getPublic());
        this.subject.withSigningKeyPair(KeyPairFactoryTest.SECOND_TEST_KEY_PAIR);
        DateTime dateTime = UTC.dateTime();
        this.subject.withValidityPeriod(new ValidityPeriod(dateTime, new DateTime(dateTime.getYear() + 1, 1, 1, 0, 0, 0, 0, DateTimeZone.UTC)));
        this.subject.withAsns(new int[]{1, 2, 3, 4, 5});
    }

    @Test(expected = NullPointerException.class)
    public void shouldRequireResourcesForResourceCertificates() {
        this.subject.withAsns((int[]) null);
        this.subject.build();
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldRequireNonEmptyResourceSetForResourceCertificates() {
        this.subject.withAsns(new int[0]);
        this.subject.build();
    }

    @Test(expected = NullPointerException.class)
    public void shouldRequireIssuer() {
        this.subject.withIssuerDN((X500Principal) null);
        this.subject.build();
    }

    @Test(expected = NullPointerException.class)
    public void shouldRequireSubject() {
        this.subject.withSubjectDN((X500Principal) null);
        this.subject.build();
    }

    @Test(expected = NullPointerException.class)
    public void shouldRequireSerial() {
        this.subject.withSerial((BigInteger) null);
        this.subject.build();
    }

    @Test(expected = NullPointerException.class)
    public void shouldRequirePublicKey() {
        this.subject.withPublicKey((PublicKey) null);
        this.subject.build();
    }

    @Test(expected = NullPointerException.class)
    public void shouldRequireSigningKeyPair() {
        this.subject.withSigningKeyPair((KeyPair) null);
        this.subject.build();
    }

    @Test(expected = NullPointerException.class)
    public void shouldRequireValidityPeriod() {
        this.subject.withValidityPeriod((ValidityPeriod) null);
        this.subject.build();
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldNotAllowKeyCertSignForNonCAs() {
        this.subject.withCa(false);
        this.subject.withKeyUsage(4);
        this.subject.build();
    }

    @Test
    public void shouldHaveExtendedKeyUsage() throws CertificateParsingException {
        List<String> extendedKeyUsage = this.subject.build().getCertificate().getExtendedKeyUsage();
        Assert.assertEquals(1L, extendedKeyUsage.size());
        Assert.assertEquals(RouterExtensionEncoder.OID_KP_BGPSEC_ROUTER.toString(), extendedKeyUsage.get(0));
    }

    @Test
    public void shouldIgnoreBasicConstraintsForCAs() {
        this.subject.withCa(true);
        Assert.assertEquals(-1L, this.subject.build().getCertificate().getBasicConstraints());
    }

    @Test
    public void shouldNotSetBasicConstraintsForNonCAs() {
        this.subject.withCa(false);
        Assert.assertEquals(-1L, this.subject.build().getCertificate().getBasicConstraints());
    }

    @Test
    public void shouldHaveCrlDistributionPoints() {
        URI create = URI.create("rsync://foo/bar.crl");
        this.subject.withCrlDistributionPoints(new URI[]{create});
        Assert.assertEquals(create, this.subject.build().getCrlDistributionPoints()[0]);
    }

    @Test
    public void shouldHaveAsnExtension() {
        this.subject.withAsns(new int[]{1, 22, 333});
        Assert.assertEquals(IpResourceSet.parse("AS1, AS22, AS333"), new ResourceExtensionParser().parseAsIdentifiers(this.subject.build().getCertificate().getExtensionValue(ResourceExtensionEncoder.OID_AUTONOMOUS_SYS_IDS.getId())));
    }

    @Test
    public void shouldHaveBgpExtension() {
        this.subject.withAsns(new int[]{1, 22, 333});
        Assert.assertTrue(this.subject.build().isRouter());
    }

    @Test(expected = X509ResourceCertificateBuilderException.class)
    public void shouldFailOnIncorrectProvider() {
        this.subject.withSignatureProvider("foo");
        this.subject.build();
    }
}
