package net.ripe.rpki.commons.provisioning.cms;

import com.google.common.io.Files;
import java.io.File;
import java.io.IOException;
import java.util.Optional;
import net.ripe.rpki.commons.provisioning.x509.ProvisioningIdentityCertificate;
import net.ripe.rpki.commons.provisioning.x509.ProvisioningIdentityCertificateParser;
import net.ripe.rpki.commons.validation.ValidationOptions;
import net.ripe.rpki.commons.validation.ValidationResult;
import org.assertj.core.api.Assertions;
import org.joda.time.DateTime;
import org.joda.time.DateTimeUtils;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:net/ripe/rpki/commons/provisioning/cms/ProvisioningCmsObjectValidatorTimeRelatedTest.class */
public class ProvisioningCmsObjectValidatorTimeRelatedTest {
    private ProvisioningCmsObject ca1CmsObject;
    private ProvisioningIdentityCertificate ca1IdCert;
    private ProvisioningIdentityCertificate ca2IdCert;
    private ValidationResult validationResult;

    @BeforeEach
    public void setup() {
        this.validationResult = ValidationResult.withLocation("n/a");
        this.ca1CmsObject = readProvisioningPDU("src/test/resources/interop/up-down/krill-ca1-list-pdu.der");
        this.ca1IdCert = readProvisioningIdentityCertificate("src/test/resources/interop/up-down/krill-ca1-id-cert.der");
        this.ca2IdCert = readProvisioningIdentityCertificate("src/test/resources/interop/up-down/krill-ca2-id-cert.der");
    }

    @AfterEach
    public void restoreClock() {
        DateTimeUtils.setCurrentMillisSystem();
    }

    private static ProvisioningCmsObject readProvisioningPDU(String str) {
        ProvisioningCmsObjectParser provisioningCmsObjectParser = new ProvisioningCmsObjectParser();
        provisioningCmsObjectParser.parseCms("cms", Files.toByteArray(new File(str)));
        return provisioningCmsObjectParser.getProvisioningCmsObject();
    }

    private static ProvisioningIdentityCertificate readProvisioningIdentityCertificate(String str) {
        ProvisioningIdentityCertificateParser provisioningIdentityCertificateParser = new ProvisioningIdentityCertificateParser();
        provisioningIdentityCertificateParser.parse("id-cert", Files.toByteArray(new File(str)));
        return provisioningIdentityCertificateParser.getCertificate();
    }

    private static void validateObjects(ValidationResult validationResult, ProvisioningCmsObject provisioningCmsObject, ProvisioningIdentityCertificate provisioningIdentityCertificate) {
        validateObjectsWithLastSigningTime(validationResult, null, provisioningCmsObject, provisioningIdentityCertificate);
    }

    private static void validateObjectsWithLastSigningTime(ValidationResult validationResult, DateTime dateTime, ProvisioningCmsObject provisioningCmsObject, ProvisioningIdentityCertificate provisioningIdentityCertificate) {
        new ProvisioningCmsObjectValidator(ValidationOptions.strictValidation(), Optional.ofNullable(dateTime), provisioningCmsObject, provisioningIdentityCertificate).validate(validationResult);
    }

    @Test
    public void testValidateProvisioningCmsAndIdentityCertificate_cms_sig_not_from_id_cert() throws IOException {
        DateTimeUtils.setCurrentMillisFixed(DateTime.parse("2022-01-11T12:39:46.000Z").getMillis());
        Assertions.assertThat(this.ca1IdCert.getPublicKey()).isNotEqualTo(this.ca2IdCert.getPublicKey());
        validateObjects(this.validationResult, this.ca1CmsObject, this.ca2IdCert);
        Assertions.assertThat(this.validationResult.hasFailures()).isTrue();
    }

    @Test
    public void testValidateProvisioningCmsAndIdentityCertificate_cms_ee_not_valid_yet() throws IOException {
        DateTimeUtils.setCurrentMillisFixed(DateTime.parse("2022-01-11T10:00:00Z").getMillis());
        validateObjects(this.validationResult, this.ca1CmsObject, this.ca1IdCert);
        Assertions.assertThat(this.validationResult.hasFailures()).isTrue();
    }

    @Test
    public void testValidateProvisioningCmsAndIdentityCertificate_both_certs_not_valid_yet() throws IOException {
        DateTimeUtils.setCurrentMillisFixed(DateTime.parse("2021-01-11T10:00:00Z").getMillis());
        validateObjects(this.validationResult, this.ca1CmsObject, this.ca1IdCert);
        Assertions.assertThat(this.validationResult.hasFailures()).isTrue();
    }

    @Test
    public void testValidateProvisioningCmsAndIdentityCertificate_current_certs() throws IOException {
        DateTimeUtils.setCurrentMillisFixed(DateTime.parse("2022-01-11T12:39:46.000Z").getMillis());
        validateObjects(this.validationResult, this.ca1CmsObject, this.ca1IdCert);
        Assertions.assertThat(this.validationResult.hasFailures()).isFalse();
    }

    @Test
    public void testValidateProvisioningCmsAndIdentityCertificate_cms_ee_expired() throws IOException {
        DateTimeUtils.setCurrentMillisFixed(DateTime.parse("2022-01-13T12:39:46.000Z").getMillis());
        validateObjects(this.validationResult, this.ca1CmsObject, this.ca1IdCert);
        Assertions.assertThat(this.validationResult.hasFailures()).isTrue();
    }

    @Test
    public void testValidateProvisioningCmsAndIdentityCertificate_two_expired_certs() throws IOException {
        DateTimeUtils.setCurrentMillisFixed(DateTime.parse("2040-01-11T10:00:00Z").getMillis());
        validateObjects(this.validationResult, this.ca1CmsObject, this.ca1IdCert);
        Assertions.assertThat(this.validationResult.hasFailures()).isTrue();
    }

    @Test
    public void testValidateProvisioningCmsAndIdentityCertificate_signing_time_no_last() throws IOException {
        DateTimeUtils.setCurrentMillisFixed(DateTime.parse("2022-01-11T12:39:46.000Z").getMillis());
        validateObjectsWithLastSigningTime(this.validationResult, null, this.ca1CmsObject, this.ca1IdCert);
        Assertions.assertThat(this.validationResult.hasFailures()).isFalse();
    }

    @Test
    public void testValidateProvisioningCmsAndIdentityCertificate_signing_time_after_last() throws IOException {
        DateTimeUtils.setCurrentMillisFixed(DateTime.parse("2022-01-11T12:39:46.000Z").getMillis());
        validateObjectsWithLastSigningTime(this.validationResult, DateTime.parse("2022-01-11T11:00:00.000Z"), this.ca1CmsObject, this.ca1IdCert);
        Assertions.assertThat(this.validationResult.hasFailures()).isFalse();
    }

    @Test
    public void testValidateProvisioningCmsAndIdentityCertificate_signing_time_at_last() throws IOException {
        DateTimeUtils.setCurrentMillisFixed(DateTime.parse("2022-01-11T12:39:46.000Z").getMillis());
        validateObjectsWithLastSigningTime(this.validationResult, this.ca1CmsObject.getSigningTime(), this.ca1CmsObject, this.ca1IdCert);
        Assertions.assertThat(this.validationResult.hasFailures()).isFalse();
    }

    @Test
    public void testValidateProvisioningCmsAndIdentityCertificate_signing_time_before_last() throws IOException {
        DateTimeUtils.setCurrentMillisFixed(DateTime.parse("2022-01-11T12:39:46.000Z").getMillis());
        validateObjectsWithLastSigningTime(this.validationResult, DateTime.parse("2022-01-11T13:00:00.000Z"), this.ca1CmsObject, this.ca1IdCert);
        Assertions.assertThat(this.validationResult.hasFailures()).isTrue();
    }
}
