package org.pgpainless.key.modification;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.Iterator;
import org.bouncycastle.bcpg.sig.IssuerFingerprint;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSignature;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestTemplate;
import org.junit.jupiter.api.extension.ExtendWith;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.EncryptionPurpose;
import org.pgpainless.algorithm.SignatureType;
import org.pgpainless.key.OpenPgpV4Fingerprint;
import org.pgpainless.key.TestKeys;
import org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface;
import org.pgpainless.key.protection.PasswordBasedSecretKeyRingProtector;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.key.util.RevocationAttributes;
import org.pgpainless.signature.SignatureUtils;
import org.pgpainless.signature.subpackets.RevocationSignatureSubpackets;
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
import org.pgpainless.util.Passphrase;
import org.pgpainless.util.TestAllImplementations;

/* loaded from: input_file:org/pgpainless/key/modification/RevokeSubKeyTest.class */
public class RevokeSubKeyTest {
    @ExtendWith({TestAllImplementations.class})
    @TestTemplate
    public void revokeSukeyTest() throws IOException, PGPException {
        PGPSecretKeyRing cryptieSecretKeyRing = TestKeys.getCryptieSecretKeyRing();
        Iterator it = cryptieSecretKeyRing.iterator();
        PGPSecretKey pGPSecretKey = (PGPSecretKey) it.next();
        Assertions.assertFalse(pGPSecretKey.getPublicKey().hasRevocation());
        Iterator it2 = PGPainless.modifyKeyRing(cryptieSecretKeyRing).revokeSubKey(new OpenPgpV4Fingerprint(pGPSecretKey), PasswordBasedSecretKeyRingProtector.forKey(cryptieSecretKeyRing, Passphrase.fromPassword(TestKeys.CRYPTIE_PASSWORD))).done().iterator();
        Assertions.assertTrue(((PGPSecretKey) it2.next()).getPublicKey().hasRevocation());
    }

    @ExtendWith({TestAllImplementations.class})
    @TestTemplate
    public void detachedRevokeSubkeyTest() throws IOException, PGPException {
        PGPSecretKeyRing cryptieSecretKeyRing = TestKeys.getCryptieSecretKeyRing();
        PGPSignature createRevocationCertificate = PGPainless.modifyKeyRing(cryptieSecretKeyRing).createRevocationCertificate(new OpenPgpV4Fingerprint(cryptieSecretKeyRing), PasswordBasedSecretKeyRingProtector.forKey(cryptieSecretKeyRing, Passphrase.fromPassword(TestKeys.CRYPTIE_PASSWORD)), RevocationAttributes.createKeyRevocation().withReason(RevocationAttributes.Reason.KEY_RETIRED).withDescription("Key no longer used."));
        PGPPublicKey publicKey = cryptieSecretKeyRing.getPublicKey();
        Assertions.assertFalse(publicKey.hasRevocation());
        Assertions.assertTrue(PGPPublicKey.addCertification(publicKey, createRevocationCertificate).hasRevocation());
    }

    @ExtendWith({TestAllImplementations.class})
    @TestTemplate
    public void testRevocationSignatureTypeCorrect() throws IOException, PGPException {
        PGPSecretKeyRing cryptieSecretKeyRing = TestKeys.getCryptieSecretKeyRing();
        Iterator publicKeys = cryptieSecretKeyRing.getPublicKeys();
        PGPPublicKey pGPPublicKey = (PGPPublicKey) publicKeys.next();
        PGPPublicKey pGPPublicKey2 = (PGPPublicKey) publicKeys.next();
        PasswordBasedSecretKeyRingProtector forKey = PasswordBasedSecretKeyRingProtector.forKey(cryptieSecretKeyRing, Passphrase.fromPassword(TestKeys.CRYPTIE_PASSWORD));
        SecretKeyRingEditorInterface modifyKeyRing = PGPainless.modifyKeyRing(cryptieSecretKeyRing);
        PGPSignature createRevocationCertificate = modifyKeyRing.createRevocationCertificate(pGPPublicKey.getKeyID(), forKey, (RevocationAttributes) null);
        PGPSignature createRevocationCertificate2 = modifyKeyRing.createRevocationCertificate(pGPPublicKey2.getKeyID(), forKey, (RevocationAttributes) null);
        Assertions.assertEquals(SignatureType.KEY_REVOCATION.getCode(), createRevocationCertificate.getSignatureType());
        Assertions.assertEquals(SignatureType.SUBKEY_REVOCATION.getCode(), createRevocationCertificate2.getSignatureType());
    }

    @Test
    public void testThrowsIfRevocationReasonTypeMismatch() {
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            RevocationAttributes.createKeyRevocation().withReason(RevocationAttributes.Reason.USER_ID_NO_LONGER_VALID);
        });
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            RevocationAttributes.createCertificateRevocation().withReason(RevocationAttributes.Reason.KEY_SUPERSEDED);
        });
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            RevocationAttributes.createCertificateRevocation().withReason(RevocationAttributes.Reason.KEY_COMPROMISED);
        });
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            RevocationAttributes.createCertificateRevocation().withReason(RevocationAttributes.Reason.KEY_RETIRED);
        });
    }

    @Test
    public void testReasonToString() {
        Assertions.assertEquals("2 - KEY_COMPROMISED", RevocationAttributes.Reason.KEY_COMPROMISED.toString());
    }

    @Test
    public void inspectSubpacketsOnDefaultRevocationSignature() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        PGPSecretKeyRing modernKeyRing = PGPainless.generateKeyRing().modernKeyRing("Alice");
        SecretKeyRingProtector unprotectedKeys = SecretKeyRingProtector.unprotectedKeys();
        PGPPublicKey pGPPublicKey = (PGPPublicKey) PGPainless.inspectKeyRing(modernKeyRing).getEncryptionSubkeys(EncryptionPurpose.ANY).get(0);
        PGPSecretKeyRing done = PGPainless.modifyKeyRing(modernKeyRing).revokeSubKey(pGPPublicKey.getKeyID(), unprotectedKeys).done();
        PGPSignature pGPSignature = (PGPSignature) done.getPublicKey(pGPPublicKey.getKeyID()).getSignaturesOfType(SignatureType.SUBKEY_REVOCATION.getCode()).next();
        Assertions.assertNotNull(pGPSignature);
        Assertions.assertArrayEquals(done.getPublicKey().getFingerprint(), pGPSignature.getHashedSubPackets().getIssuerFingerprint().getFingerprint());
        Assertions.assertEquals(done.getPublicKey().getKeyID(), pGPSignature.getHashedSubPackets().getIssuerKeyID());
        Assertions.assertNull(SignatureSubpacketsUtil.getRevocationReason(pGPSignature));
        Assertions.assertTrue(SignatureUtils.isHardRevocation(pGPSignature));
    }

    @Test
    public void inspectSubpacketsOnModifiedRevocationSignature() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        PGPSecretKeyRing modernKeyRing = PGPainless.generateKeyRing().modernKeyRing("Alice");
        SecretKeyRingProtector unprotectedKeys = SecretKeyRingProtector.unprotectedKeys();
        PGPPublicKey pGPPublicKey = (PGPPublicKey) PGPainless.inspectKeyRing(modernKeyRing).getEncryptionSubkeys(EncryptionPurpose.ANY).get(0);
        PGPSecretKeyRing done = PGPainless.modifyKeyRing(modernKeyRing).revokeSubKey(pGPPublicKey.getKeyID(), unprotectedKeys, new RevocationSignatureSubpackets.Callback() { // from class: org.pgpainless.key.modification.RevokeSubKeyTest.1
            public void modifyHashedSubpackets(RevocationSignatureSubpackets revocationSignatureSubpackets) {
                revocationSignatureSubpackets.setRevocationReason(RevocationAttributes.createKeyRevocation().withReason(RevocationAttributes.Reason.KEY_RETIRED).withDescription("I have a new Key."));
                revocationSignatureSubpackets.setIssuerFingerprint((IssuerFingerprint) null);
            }
        }).done();
        PGPSignature pGPSignature = (PGPSignature) done.getPublicKey(pGPPublicKey.getKeyID()).getSignaturesOfType(SignatureType.SUBKEY_REVOCATION.getCode()).next();
        Assertions.assertNotNull(pGPSignature);
        Assertions.assertNull(pGPSignature.getHashedSubPackets().getIssuerFingerprint());
        Assertions.assertEquals(done.getPublicKey().getKeyID(), pGPSignature.getHashedSubPackets().getIssuerKeyID());
        Assertions.assertNotNull(SignatureSubpacketsUtil.getRevocationReason(pGPSignature));
        Assertions.assertFalse(SignatureUtils.isHardRevocation(pGPSignature));
    }
}
