package org.pgpainless.encryption_signing;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.encryption_signing.EncryptionOptions;
import org.pgpainless.exception.KeyValidationException;
import org.pgpainless.key.SubkeyIdentifier;
import org.pgpainless.key.generation.KeySpec;
import org.pgpainless.key.generation.type.KeyType;
import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
import org.pgpainless.key.generation.type.xdh.XDHSpec;
import org.pgpainless.key.util.KeyRingUtils;
import org.pgpainless.util.Passphrase;

/* loaded from: input_file:org/pgpainless/encryption_signing/EncryptionOptionsTest.class */
public class EncryptionOptionsTest {
    private static PGPSecretKeyRing secretKeys;
    private static PGPPublicKeyRing publicKeys;
    private static SubkeyIdentifier primaryKey;
    private static SubkeyIdentifier encryptComms;
    private static SubkeyIdentifier encryptStorage;

    @BeforeAll
    public static void generateKey() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        secretKeys = PGPainless.generateKeyRing().withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)).withKeyFlags(new KeyFlag[]{KeyFlag.ENCRYPT_COMMS}).withDefaultAlgorithms()).withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)).withKeyFlags(new KeyFlag[]{KeyFlag.ENCRYPT_STORAGE}).withDefaultAlgorithms()).withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)).withKeyFlags(new KeyFlag[]{KeyFlag.CERTIFY_OTHER}).withDefaultAlgorithms()).withPrimaryUserId("test@pgpainless.org").withoutPassphrase().build();
        publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);
        Iterator it = publicKeys.iterator();
        primaryKey = new SubkeyIdentifier(publicKeys, ((PGPPublicKey) it.next()).getKeyID());
        encryptComms = new SubkeyIdentifier(publicKeys, ((PGPPublicKey) it.next()).getKeyID());
        encryptStorage = new SubkeyIdentifier(publicKeys, ((PGPPublicKey) it.next()).getKeyID());
    }

    @Test
    public void testOverrideEncryptionAlgorithmFailsForNULL() {
        EncryptionOptions encryptionOptions = new EncryptionOptions();
        Assertions.assertNull(encryptionOptions.getEncryptionAlgorithmOverride());
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            encryptionOptions.overrideEncryptionAlgorithm(SymmetricKeyAlgorithm.NULL);
        });
        Assertions.assertNull(encryptionOptions.getEncryptionAlgorithmOverride());
    }

    @Test
    public void testOverrideEncryptionOptions() {
        EncryptionOptions encryptionOptions = new EncryptionOptions();
        Assertions.assertNull(encryptionOptions.getEncryptionAlgorithmOverride());
        encryptionOptions.overrideEncryptionAlgorithm(SymmetricKeyAlgorithm.AES_128);
        Assertions.assertEquals(SymmetricKeyAlgorithm.AES_128, encryptionOptions.getEncryptionAlgorithmOverride());
    }

    @Test
    public void testAddRecipients_EncryptCommunications() {
        EncryptionOptions encryptCommunications = EncryptionOptions.encryptCommunications();
        encryptCommunications.addRecipient(publicKeys);
        Set encryptionKeyIdentifiers = encryptCommunications.getEncryptionKeyIdentifiers();
        Assertions.assertEquals(1, encryptionKeyIdentifiers.size());
        Assertions.assertEquals(encryptComms, encryptionKeyIdentifiers.iterator().next());
    }

    @Test
    public void testAddRecipients_EncryptDataAtRest() {
        EncryptionOptions encryptDataAtRest = EncryptionOptions.encryptDataAtRest();
        encryptDataAtRest.addRecipient(publicKeys);
        Set encryptionKeyIdentifiers = encryptDataAtRest.getEncryptionKeyIdentifiers();
        Assertions.assertEquals(1, encryptionKeyIdentifiers.size());
        Assertions.assertEquals(encryptStorage, encryptionKeyIdentifiers.iterator().next());
    }

    @Test
    public void testAddRecipients_AllKeys() {
        EncryptionOptions encryptionOptions = new EncryptionOptions();
        encryptionOptions.addRecipient(publicKeys, EncryptionOptions.encryptToAllCapableSubkeys());
        Set encryptionKeyIdentifiers = encryptionOptions.getEncryptionKeyIdentifiers();
        Assertions.assertEquals(2, encryptionKeyIdentifiers.size());
        Assertions.assertTrue(encryptionKeyIdentifiers.contains(encryptComms));
        Assertions.assertTrue(encryptionKeyIdentifiers.contains(encryptStorage));
    }

    @Test
    public void testAddEmptyPassphraseFails() {
        EncryptionOptions encryptionOptions = new EncryptionOptions();
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            encryptionOptions.addPassphrase(Passphrase.emptyPassphrase());
        });
    }

    @Test
    public void testAddRecipient_KeyWithoutEncryptionKeyFails() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        EncryptionOptions encryptionOptions = new EncryptionOptions();
        PGPPublicKeyRing publicKeyRingFrom = KeyRingUtils.publicKeyRingFrom(PGPainless.generateKeyRing().withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)).withKeyFlags(new KeyFlag[]{KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA}).withDefaultAlgorithms()).withPrimaryUserId("test@pgpainless.org").withoutPassphrase().build());
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            encryptionOptions.addRecipient(publicKeyRingFrom);
        });
    }

    @Test
    public void testEncryptionKeySelectionStrategyEmpty_ThrowsAssertionError() {
        EncryptionOptions encryptionOptions = new EncryptionOptions();
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            encryptionOptions.addRecipient(publicKeys, new EncryptionOptions.EncryptionKeySelector() { // from class: org.pgpainless.encryption_signing.EncryptionOptionsTest.1
                public List<PGPPublicKey> selectEncryptionSubkeys(List<PGPPublicKey> list) {
                    return Collections.emptyList();
                }
            });
        });
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            encryptionOptions.addRecipient(publicKeys, "test@pgpainless.org", new EncryptionOptions.EncryptionKeySelector() { // from class: org.pgpainless.encryption_signing.EncryptionOptionsTest.2
                public List<PGPPublicKey> selectEncryptionSubkeys(List<PGPPublicKey> list) {
                    return Collections.emptyList();
                }
            });
        });
    }

    @Test
    public void testAddRecipients_PGPPublicKeyRingCollection() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
        PGPPublicKeyRingCollection pGPPublicKeyRingCollection = new PGPPublicKeyRingCollection(Arrays.asList(publicKeys, KeyRingUtils.publicKeyRingFrom(PGPainless.generateKeyRing().modernKeyRing("other@pgpainless.org", (String) null))));
        EncryptionOptions encryptionOptions = new EncryptionOptions();
        encryptionOptions.addRecipients(pGPPublicKeyRingCollection);
        Assertions.assertEquals(2, encryptionOptions.getEncryptionKeyIdentifiers().size());
    }

    @Test
    public void testAddRecipient_withValidUserId() {
        EncryptionOptions encryptionOptions = new EncryptionOptions();
        encryptionOptions.addRecipient(publicKeys, "test@pgpainless.org");
        Assertions.assertEquals(1, encryptionOptions.getEncryptionMethods().size());
    }

    @Test
    public void testAddRecipient_withInvalidUserId() {
        EncryptionOptions encryptionOptions = new EncryptionOptions();
        Assertions.assertThrows(KeyValidationException.class, () -> {
            encryptionOptions.addRecipient(publicKeys, "invalid@user.id");
        });
    }
}
