package net.ripe.rpki.commons.crypto.crl;

import java.math.BigInteger;
import java.net.URI;
import java.security.KeyPair;
import javax.security.auth.x500.X500Principal;
import net.ripe.rpki.commons.crypto.ValidityPeriod;
import net.ripe.rpki.commons.crypto.util.KeyPairFactoryTest;
import net.ripe.rpki.commons.crypto.util.KeyPairUtil;
import net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificateTest;
import net.ripe.rpki.commons.util.UTC;
import net.ripe.rpki.commons.validation.ValidationCheck;
import net.ripe.rpki.commons.validation.ValidationLocation;
import net.ripe.rpki.commons.validation.ValidationOptions;
import net.ripe.rpki.commons.validation.ValidationResult;
import net.ripe.rpki.commons.validation.objectvalidators.CertificateRepositoryObjectValidationContext;
import org.joda.time.DateTime;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:net/ripe/rpki/commons/crypto/crl/X509CrlTest.class */
public class X509CrlTest {
    private static final URI ROOT_MANIFEST_CRL_LOCATION = URI.create("rsync://foo.host/bar/bar%20space.crl");
    private static final ValidationOptions VALIDATION_OPTIONS = ValidationOptions.strictValidation();

    public static X509Crl createCrl() {
        return getCrlBuilder().build(KeyPairFactoryTest.TEST_KEY_PAIR.getPrivate());
    }

    public static X509CrlBuilder getCrlBuilder() {
        X509CrlBuilder x509CrlBuilder = new X509CrlBuilder();
        x509CrlBuilder.withIssuerDN(new X500Principal("CN=issuer"));
        DateTime dateTime = UTC.dateTime();
        x509CrlBuilder.withValidityPeriod(new ValidityPeriod(dateTime, dateTime.plusHours(8)));
        x509CrlBuilder.withNumber(BigInteger.TEN);
        x509CrlBuilder.withAuthorityKeyIdentifier(KeyPairFactoryTest.TEST_KEY_PAIR.getPublic());
        x509CrlBuilder.withSignatureProvider("SunRsaSign");
        return x509CrlBuilder;
    }

    private X509Crl getCrlWithKeyPair(KeyPair keyPair) {
        X509CrlBuilder crlBuilder = getCrlBuilder();
        crlBuilder.withAuthorityKeyIdentifier(keyPair.getPublic());
        return crlBuilder.build(keyPair.getPrivate());
    }

    @Test
    public void shouldHaveAuthorityKeyIdentifier() {
        Assert.assertArrayEquals(KeyPairUtil.getKeyIdentifier(KeyPairFactoryTest.TEST_KEY_PAIR.getPublic()), createCrl().getAuthorityKeyIdentifier());
    }

    @Test
    public void shouldValidateCrl() {
        X509Crl createCrl = createCrl();
        ValidationResult withLocation = ValidationResult.withLocation(ROOT_MANIFEST_CRL_LOCATION);
        CrlLocator crlLocator = (CrlLocator) Mockito.mock(CrlLocator.class);
        createCrl.validate(ROOT_MANIFEST_CRL_LOCATION.toString(), new CertificateRepositoryObjectValidationContext(ROOT_MANIFEST_CRL_LOCATION, X509ResourceCertificateTest.createSelfSignedCaResourceCertificate()), crlLocator, VALIDATION_OPTIONS, withLocation);
        Assert.assertFalse(withLocation.hasFailures());
    }

    @Test
    public void shouldNotValidateInvalidCrl() {
        X509Crl crlWithKeyPair = getCrlWithKeyPair(KeyPairFactoryTest.SECOND_TEST_KEY_PAIR);
        ValidationResult withLocation = ValidationResult.withLocation(ROOT_MANIFEST_CRL_LOCATION);
        crlWithKeyPair.validate(ROOT_MANIFEST_CRL_LOCATION.toString(), new CertificateRepositoryObjectValidationContext(ROOT_MANIFEST_CRL_LOCATION, X509ResourceCertificateTest.createSelfSignedCaResourceCertificate()), (CrlLocator) Mockito.mock(CrlLocator.class), VALIDATION_OPTIONS, withLocation);
        Assert.assertTrue(withLocation.hasFailures());
        Assert.assertTrue(withLocation.getValidatedLocations().size() == 1);
        ValidationLocation validationLocation = new ValidationLocation(ROOT_MANIFEST_CRL_LOCATION);
        Assert.assertTrue(withLocation.hasFailureForLocation(validationLocation));
        Assert.assertEquals("cert.crl.signature", ((ValidationCheck) withLocation.getFailures(validationLocation).get(0)).getKey());
    }

    @Test
    public void shouldBePastValidityTime() {
        Assert.assertFalse(createCrl().isPastValidityTime());
    }
}
