package org.pgpainless.key.certification;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import org.bouncycastle.bcpg.sig.TrustSignature;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.util.Arrays;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.CertificationType;
import org.pgpainless.algorithm.SignatureType;
import org.pgpainless.algorithm.Trustworthiness;
import org.pgpainless.key.certification.CertifyCertificate;
import org.pgpainless.key.info.KeyRingInfo;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.signature.consumer.SignatureVerifier;
import org.pgpainless.signature.subpackets.CertificationSubpackets;
import org.pgpainless.util.CollectionUtils;
import org.pgpainless.util.DateUtil;

/* loaded from: input_file:org/pgpainless/key/certification/CertifyCertificateTest.class */
public class CertifyCertificateTest {
    @Test
    public void testUserIdCertification() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
        SecretKeyRingProtector unprotectedKeys = SecretKeyRingProtector.unprotectedKeys();
        PGPSecretKeyRing modernKeyRing = PGPainless.generateKeyRing().modernKeyRing("Alice <alice@pgpainless.org>");
        PGPSecretKeyRing modernKeyRing2 = PGPainless.generateKeyRing().modernKeyRing("Bob <bob@pgpainless.org>");
        PGPPublicKeyRing extractCertificate = PGPainless.extractCertificate(modernKeyRing2);
        CertifyCertificate.CertificationResult build = PGPainless.certify().userIdOnCertificate("Bob <bob@pgpainless.org>", extractCertificate).withKey(modernKeyRing, unprotectedKeys).build();
        Assertions.assertNotNull(build);
        PGPSignature certification = build.getCertification();
        Assertions.assertNotNull(certification);
        Assertions.assertEquals(SignatureType.GENERIC_CERTIFICATION, SignatureType.valueOf(certification.getSignatureType()));
        Assertions.assertEquals(modernKeyRing.getPublicKey().getKeyID(), certification.getKeyID());
        Assertions.assertTrue(SignatureVerifier.verifyUserIdCertification("Bob <bob@pgpainless.org>", certification, modernKeyRing.getPublicKey(), modernKeyRing2.getPublicKey(), PGPainless.getPolicy(), DateUtil.now()));
        PGPPublicKeyRing certifiedCertificate = build.getCertifiedCertificate();
        PGPPublicKey publicKey = certifiedCertificate.getPublicKey();
        Assertions.assertEquals(2, CollectionUtils.iteratorToList(publicKey.getSignaturesForID("Bob <bob@pgpainless.org>")).size());
        List iteratorToList = CollectionUtils.iteratorToList(publicKey.getSignaturesForKeyID(modernKeyRing.getPublicKey().getKeyID()));
        Assertions.assertEquals(1, iteratorToList.size());
        Assertions.assertEquals(certification, iteratorToList.get(0));
        Assertions.assertFalse(Arrays.areEqual(extractCertificate.getEncoded(), certifiedCertificate.getEncoded()));
    }

    @Test
    public void testKeyDelegation() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
        SecretKeyRingProtector unprotectedKeys = SecretKeyRingProtector.unprotectedKeys();
        PGPSecretKeyRing modernKeyRing = PGPainless.generateKeyRing().modernKeyRing("Alice <alice@pgpainless.org>");
        PGPSecretKeyRing modernKeyRing2 = PGPainless.generateKeyRing().modernKeyRing("Bob <bob@pgpainless.org>");
        PGPPublicKeyRing extractCertificate = PGPainless.extractCertificate(modernKeyRing2);
        CertifyCertificate.CertificationResult build = PGPainless.certify().certificate(extractCertificate, Trustworthiness.fullyTrusted().introducer()).withKey(modernKeyRing, unprotectedKeys).build();
        Assertions.assertNotNull(build);
        PGPSignature certification = build.getCertification();
        Assertions.assertNotNull(certification);
        Assertions.assertEquals(SignatureType.DIRECT_KEY, SignatureType.valueOf(certification.getSignatureType()));
        Assertions.assertEquals(modernKeyRing.getPublicKey().getKeyID(), certification.getKeyID());
        TrustSignature trust = certification.getHashedSubPackets().getTrust();
        Assertions.assertNotNull(trust);
        Trustworthiness trustworthiness = new Trustworthiness(trust.getTrustAmount(), trust.getDepth());
        Assertions.assertTrue(trustworthiness.isFullyTrusted());
        Assertions.assertTrue(trustworthiness.isIntroducer());
        Assertions.assertFalse(trustworthiness.canIntroduce(1));
        Assertions.assertTrue(SignatureVerifier.verifyDirectKeySignature(certification, modernKeyRing.getPublicKey(), modernKeyRing2.getPublicKey(), PGPainless.getPolicy(), DateUtil.now()));
        PGPPublicKeyRing certifiedCertificate = build.getCertifiedCertificate();
        List iteratorToList = CollectionUtils.iteratorToList(certifiedCertificate.getPublicKey().getSignaturesForKeyID(modernKeyRing.getPublicKey().getKeyID()));
        Assertions.assertEquals(1, iteratorToList.size());
        Assertions.assertEquals(certification, iteratorToList.get(0));
        Assertions.assertFalse(Arrays.areEqual(extractCertificate.getEncoded(), certifiedCertificate.getEncoded()));
    }

    @Test
    public void testPetNameCertification() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        PGPSecretKeyRing modernKeyRing = PGPainless.generateKeyRing().modernKeyRing("Alice <alice@pgpainless.org>");
        CertifyCertificate.CertificationResult buildWithSubpackets = PGPainless.certify().userIdOnCertificate("Bobby", PGPainless.extractCertificate(PGPainless.generateKeyRing().modernKeyRing("Bob <bob@pgpainless.org>"))).withKey(modernKeyRing, SecretKeyRingProtector.unprotectedKeys()).buildWithSubpackets(new CertificationSubpackets.Callback() { // from class: org.pgpainless.key.certification.CertifyCertificateTest.1
            public void modifyHashedSubpackets(CertificationSubpackets certificationSubpackets) {
                certificationSubpackets.setExportable(false);
            }
        });
        PGPSignature certification = buildWithSubpackets.getCertification();
        Assertions.assertEquals(modernKeyRing.getPublicKey().getKeyID(), certification.getKeyID());
        Assertions.assertEquals(CertificationType.GENERIC.asSignatureType().getCode(), certification.getSignatureType());
        KeyRingInfo inspectKeyRing = PGPainless.inspectKeyRing(buildWithSubpackets.getCertifiedCertificate());
        Assertions.assertTrue(inspectKeyRing.getUserIds().contains("Bobby"));
        Assertions.assertFalse(inspectKeyRing.getValidUserIds().contains("Bobby"));
    }

    @Test
    public void testScopedDelegation() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        PGPSignature certification = PGPainless.certify().certificate(PGPainless.extractCertificate(PGPainless.generateKeyRing().modernKeyRing("CA <ca@example.com>")), Trustworthiness.fullyTrusted().introducer()).withKey(PGPainless.generateKeyRing().modernKeyRing("Alice <alice@pgpainless.org>"), SecretKeyRingProtector.unprotectedKeys()).buildWithSubpackets(new CertificationSubpackets.Callback() { // from class: org.pgpainless.key.certification.CertifyCertificateTest.2
            public void modifyHashedSubpackets(CertificationSubpackets certificationSubpackets) {
                certificationSubpackets.setRegularExpression("^.*<.+@example.com>.*$");
            }
        }).getCertification();
        Assertions.assertEquals(SignatureType.DIRECT_KEY.getCode(), certification.getSignatureType());
        Assertions.assertEquals("^.*<.+@example.com>.*$", certification.getHashedSubPackets().getRegularExpression().getRegex());
    }
}
