package org.graylog.security.certutil;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.graylog.events.JobSchedulerTestClock;
import org.graylog2.plugin.certificates.RenewalPolicy;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/graylog/security/certutil/CertRenewalServiceTest.class */
public class CertRenewalServiceTest {
    private X509Certificate generate(DateTime dateTime, int i, int i2) throws OperatorCreationException, CertificateException, NoSuchAlgorithmException {
        Date date = dateTime.minusMinutes(i).toDate();
        Date date2 = dateTime.plusMinutes(i2).toDate();
        KeyPair generateKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
        ContentSigner build = new JcaContentSignerBuilder("SHA256withRSA").build(generateKeyPair.getPrivate());
        X500Name x500Name = new X500Name("CN=graylog.test");
        return new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(new JcaX509v3CertificateBuilder(x500Name, BigInteger.valueOf(dateTime.getMillis()), date, date2, x500Name, generateKeyPair.getPublic()).build(build));
    }

    @Test
    public void testCertRenewalCalculation() throws CertificateException, NoSuchAlgorithmException, OperatorCreationException {
        DateTime now = DateTime.now(DateTimeZone.UTC);
        JobSchedulerTestClock jobSchedulerTestClock = new JobSchedulerTestClock(now);
        DateTime plusMinutes = jobSchedulerTestClock.nowUTC().plusMinutes(30);
        CertRenewalServiceImpl certRenewalServiceImpl = new CertRenewalServiceImpl(jobSchedulerTestClock);
        RenewalPolicy renewalPolicy = new RenewalPolicy(RenewalPolicy.Mode.MANUAL, "PT2H");
        Assertions.assertFalse(certRenewalServiceImpl.needsRenewal(plusMinutes, renewalPolicy, generate(now, 0, 35)));
        Assertions.assertTrue(certRenewalServiceImpl.needsRenewal(plusMinutes, renewalPolicy, generate(now, 0, 5)));
        Assertions.assertTrue(certRenewalServiceImpl.needsRenewal(plusMinutes, renewalPolicy, generate(now, 0, 15)));
        Assertions.assertTrue(certRenewalServiceImpl.needsRenewal(plusMinutes, renewalPolicy, generate(now, 1440, 25)));
    }
}
