package net.ripe.rpki.commons.crypto.x509cert;

import java.math.BigInteger;
import java.net.URI;
import java.security.KeyPair;
import java.security.PublicKey;
import javax.security.auth.x500.X500Principal;
import net.ripe.ipresource.IpResourceSet;
import net.ripe.rpki.commons.crypto.ValidityPeriod;
import net.ripe.rpki.commons.crypto.rfc3779.ResourceExtensionEncoder;
import net.ripe.rpki.commons.crypto.util.KeyPairFactoryTest;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:net/ripe/rpki/commons/crypto/x509cert/X509ResourceCertificateBuilderTest.class */
public class X509ResourceCertificateBuilderTest {
    private X509ResourceCertificateBuilder subject;

    @Before
    public void setUp() {
        this.subject = new X509ResourceCertificateBuilder();
        this.subject.withSubjectDN(new X500Principal("CN=zz.subject")).withIssuerDN(new X500Principal("CN=zz.issuer"));
        this.subject.withSerial(BigInteger.ONE);
        this.subject.withPublicKey(KeyPairFactoryTest.TEST_KEY_PAIR.getPublic());
        this.subject.withSigningKeyPair(KeyPairFactoryTest.SECOND_TEST_KEY_PAIR);
        DateTime dateTime = new DateTime(DateTimeZone.UTC);
        this.subject.withValidityPeriod(new ValidityPeriod(dateTime, new DateTime(dateTime.getYear() + 1, 1, 1, 0, 0, 0, 0, DateTimeZone.UTC)));
        this.subject.withResources(IpResourceSet.ALL_PRIVATE_USE_RESOURCES);
    }

    @Test
    public void shouldUseOnlyTheEncodedFormOfThePublicKey() {
        this.subject.withPublicKey(new PublicKey() { // from class: net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificateBuilderTest.1
            private static final long serialVersionUID = 1;

            @Override // java.security.Key
            public String getFormat() {
                throw new UnsupportedOperationException();
            }

            @Override // java.security.Key
            public byte[] getEncoded() {
                return KeyPairFactoryTest.TEST_KEY_PAIR.getPublic().getEncoded();
            }

            @Override // java.security.Key
            public String getAlgorithm() {
                throw new UnsupportedOperationException();
            }

            public boolean equals(Object obj) {
                throw new UnsupportedOperationException();
            }
        });
        this.subject.build();
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldRequireResourcesForResourceCertificates() {
        this.subject.withResources((IpResourceSet) null);
        this.subject.build();
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldRequireNonEmptyResourceSetForResourceCertificates() {
        this.subject.withResources(IpResourceSet.parse(""));
        this.subject.build();
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldRequireIssuer() {
        this.subject.withIssuerDN((X500Principal) null);
        this.subject.build();
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldRequireSubject() {
        this.subject.withSubjectDN((X500Principal) null);
        this.subject.build();
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldRequireSerial() {
        this.subject.withSerial((BigInteger) null);
        this.subject.build();
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldRequirePublicKey() {
        this.subject.withPublicKey((PublicKey) null);
        this.subject.build();
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldRequireSigningKeyPair() {
        this.subject.withSigningKeyPair((KeyPair) null);
        this.subject.build();
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldRequireValidityPeriod() {
        this.subject.withValidityPeriod((ValidityPeriod) null);
        this.subject.build();
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldNotAllowKeyCertSignForNonCAs() {
        this.subject.withCa(false);
        this.subject.withKeyUsage(4);
        this.subject.build();
    }

    @Test
    public void shouldSetBasicConstraintsForCAs() {
        this.subject.withCa(true);
        Assert.assertEquals(2147483647L, this.subject.build().getCertificate().getBasicConstraints());
    }

    @Test
    public void shouldNotSetBasicConstraintsForNonCAs() {
        this.subject.withCa(false);
        Assert.assertEquals(-1L, this.subject.build().getCertificate().getBasicConstraints());
    }

    @Test
    public void shouldHaveSubjectKeyIdentifierForResourceCertificates() {
        this.subject.withResources(IpResourceSet.parse("10/8"));
        this.subject.withSubjectKeyIdentifier(true);
        Assert.assertNotNull(this.subject.build().getSubjectKeyIdentifier());
    }

    @Test
    public void shouldHaveAuthorityKeyIdentifierForResourceCertificates() {
        this.subject.withResources(IpResourceSet.parse("10/8"));
        this.subject.withAuthorityKeyIdentifier(true);
        Assert.assertNotNull(this.subject.build().getAuthorityKeyIdentifier());
    }

    @Test
    public void shouldHaveResourceExtensionForResourceCertificates() {
        this.subject.withResources(IpResourceSet.parse("10/8, AS123"));
        X509ResourceCertificate build = this.subject.build();
        Assert.assertNotNull(build.getCertificate().getExtensionValue(ResourceExtensionEncoder.OID_IP_ADDRESS_BLOCKS.getId()));
        Assert.assertNotNull(build.getCertificate().getExtensionValue(ResourceExtensionEncoder.OID_AUTONOMOUS_SYS_IDS.getId()));
    }

    @Test
    public void shouldHaveKeyUsageIfSet() {
        this.subject.withCa(true);
        this.subject.withKeyUsage(6);
        this.subject.withResources(IpResourceSet.parse("10/8"));
        Assert.assertNotNull(this.subject.build().getCertificate().getKeyUsage());
    }

    @Test
    public void shouldHaveCrlDistributionPoints() {
        URI create = URI.create("rsync://foo/bar.crl");
        this.subject.withCrlDistributionPoints(new URI[]{create});
        Assert.assertEquals(create, this.subject.build().getCrlDistributionPoints()[0]);
    }

    @Test(expected = X509ResourceCertificateBuilderException.class)
    public void shouldFailOnIncorrectProvider() {
        this.subject.withSignatureProvider("foo");
        this.subject.build();
    }
}
