package org.graylog.security.certutil.csr;

import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.Enumeration;
import java.util.List;
import org.graylog.security.certutil.CertRequest;
import org.graylog.security.certutil.CertificateGenerator;
import org.graylog.security.certutil.KeyPair;
import org.graylog.security.certutil.cert.CertificateChain;
import org.graylog.security.certutil.privatekey.PrivateKeyEncryptedStorage;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:org/graylog/security/certutil/csr/CertificateAndPrivateKeyMergerTest.class */
public class CertificateAndPrivateKeyMergerTest {

    @Mock
    KeyPairChecker keyPairChecker;

    @Mock
    PrivateKeyEncryptedStorage privateKeyEncryptedStorage;
    CertificateAndPrivateKeyMerger toTest;

    @BeforeEach
    void setUp() {
        this.toTest = new CertificateAndPrivateKeyMerger(this.keyPairChecker);
    }

    @Test
    void testThrowsExceptionIfPrivateKeyAndCertificateDoNotMatch() throws Exception {
        PrivateKey privateKey = (PrivateKey) Mockito.mock(PrivateKey.class);
        PublicKey publicKey = (PublicKey) Mockito.mock(PublicKey.class);
        X509Certificate x509Certificate = (X509Certificate) Mockito.mock(X509Certificate.class);
        ((X509Certificate) Mockito.doReturn(publicKey).when(x509Certificate)).getPublicKey();
        ((KeyPairChecker) Mockito.doReturn(false).when(this.keyPairChecker)).matchingKeys(privateKey, publicKey);
        ((PrivateKeyEncryptedStorage) Mockito.doReturn(privateKey).when(this.privateKeyEncryptedStorage)).readEncryptedKey("privPass".toCharArray());
        Assertions.assertThrows(GeneralSecurityException.class, () -> {
            this.toTest.merge(new CertificateChain(x509Certificate, List.of()), this.privateKeyEncryptedStorage, "privPass".toCharArray(), "certPass".toCharArray(), "data-node");
        });
    }

    @Test
    void testMergingOnRealPairImplementation() throws Exception {
        KeyPair generate = CertificateGenerator.generate(CertRequest.selfSigned("localhost").validity(Duration.ZERO));
        char[] charArray = "privPass".toCharArray();
        char[] charArray2 = "certPass".toCharArray();
        ((PrivateKeyEncryptedStorage) Mockito.doReturn(generate.privateKey()).when(this.privateKeyEncryptedStorage)).readEncryptedKey(charArray);
        ((KeyPairChecker) Mockito.doReturn(true).when(this.keyPairChecker)).matchingKeys(generate.privateKey(), generate.publicKey());
        KeyStore merge = this.toTest.merge(new CertificateChain(generate.certificate(), List.of()), this.privateKeyEncryptedStorage, charArray, charArray2, "data-node");
        Assertions.assertEquals(generate.privateKey(), merge.getKey("data-node", charArray2));
        Assertions.assertEquals(generate.certificate(), merge.getCertificate("data-node"));
        Enumeration<String> aliases = merge.aliases();
        Assertions.assertEquals("data-node", aliases.nextElement());
        Assertions.assertFalse(aliases.hasMoreElements());
    }
}
