package se.swedenconnect.security.credential;

import java.io.InputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.List;
import org.cryptacular.io.ClassPathResource;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import se.swedenconnect.security.credential.factory.KeyStoreFactory;
import se.swedenconnect.security.credential.pkcs11.FilePkcs11Configuration;
import se.swedenconnect.security.credential.pkcs11.MockSunPkcs11Provider;
import se.swedenconnect.security.credential.pkcs11.Pkcs11CredentialTest;
import se.swedenconnect.security.credential.pkcs11.Pkcs11KeyStoreReloader;
import se.swedenconnect.security.credential.utils.X509Utils;

/* loaded from: input_file:se/swedenconnect/security/credential/KeyStoreCredentialTest.class */
public class KeyStoreCredentialTest {
    private static final char[] PW = "secret".toCharArray();
    private static final String ALIAS = "test";
    private final KeyStore keyStore;
    private final PrivateKey privateKey;
    private final X509Certificate cert;
    private final X509Certificate cert2;

    public KeyStoreCredentialTest() throws Exception {
        InputStream inputStream = new ClassPathResource("rsa1.jks").getInputStream();
        try {
            this.keyStore = KeyStoreFactory.loadKeyStore(inputStream, PW, (String) null, (String) null);
            if (inputStream != null) {
                inputStream.close();
            }
            this.cert = (X509Certificate) this.keyStore.getCertificate(ALIAS);
            this.privateKey = (PrivateKey) this.keyStore.getKey(ALIAS, PW);
            InputStream inputStream2 = new ClassPathResource("rsa2.crt").getInputStream();
            try {
                this.cert2 = X509Utils.decodeCertificate(inputStream2);
                if (inputStream2 != null) {
                    inputStream2.close();
                }
            } catch (Throwable th) {
                if (inputStream2 != null) {
                    try {
                        inputStream2.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    @Test
    void testExtraCerts() {
        Assertions.assertDoesNotThrow(() -> {
            return new KeyStoreCredential(this.keyStore, ALIAS, PW, List.of(this.cert));
        });
        Assertions.assertEquals("certificateChain must not be empty", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            new KeyStoreCredential(this.keyStore, ALIAS, PW, List.of());
        })).getMessage());
    }

    @Test
    void testKeyStore() throws Exception {
        Assertions.assertNotNull(new KeyStoreCredential(this.keyStore, ALIAS, PW).getKeyStore());
    }

    @Test
    void testDefaultName() throws Exception {
        KeyStoreCredential keyStoreCredential = new KeyStoreCredential(this.keyStore, ALIAS, PW);
        Assertions.assertTrue(keyStoreCredential.getName().startsWith("RSA-test-"));
        Assertions.assertNull(keyStoreCredential.getTestFunction());
    }

    @Test
    public void testDefaultNamePkcs11() throws Exception {
        KeyStore keyStore = (KeyStore) Mockito.mock(KeyStore.class);
        Mockito.when(keyStore.getType()).thenReturn("PKCS11");
        Mockito.when(keyStore.getKey((String) Mockito.any(), (char[]) Mockito.any())).thenReturn(this.privateKey);
        Mockito.when(keyStore.getCertificate((String) Mockito.any())).thenReturn(this.cert);
        Mockito.when(keyStore.getCertificateChain((String) Mockito.any())).thenReturn((Object) null);
        Provider provider = (Provider) Mockito.mock(Provider.class);
        Mockito.when(keyStore.getProvider()).thenReturn(provider);
        Mockito.when(provider.getName()).thenReturn("SunPKCS11");
        KeyStoreCredential keyStoreCredential = new KeyStoreCredential(keyStore, ALIAS, PW);
        keyStoreCredential.getName();
        Assertions.assertTrue(keyStoreCredential.getName().startsWith("SunPKCS11-test-"));
    }

    @Test
    public void testReloadNotPkcs11() throws Exception {
        KeyStore keyStore = (KeyStore) Mockito.spy(this.keyStore);
        new KeyStoreCredential(keyStore, ALIAS, PW).reload();
        ((KeyStore) Mockito.verify(keyStore, Mockito.times(1))).getKey((String) Mockito.any(), (char[]) Mockito.any());
    }

    @Test
    public void testReloadPkcs11() throws Exception {
        try {
            initPkcs11Mock();
            FilePkcs11Configuration filePkcs11Configuration = new FilePkcs11Configuration(Pkcs11CredentialTest.getAbsolutePath("cfg1.txt"), MockSunPkcs11Provider.PROVIDER_BASE_NAME);
            filePkcs11Configuration.init();
            KeyStore keyStore = (KeyStore) Mockito.spy(KeyStoreFactory.loadPkcs11KeyStore(filePkcs11Configuration, PW));
            KeyStoreCredential keyStoreCredential = new KeyStoreCredential(keyStore, ALIAS, PW);
            keyStoreCredential.setName("mock");
            keyStoreCredential.setReloader(new Pkcs11KeyStoreReloader(PW));
            Assertions.assertNotNull(keyStoreCredential.getTestFunction());
            ((KeyStore) Mockito.verify(keyStore, Mockito.times(1))).getKey((String) Mockito.any(), (char[]) Mockito.any());
            ((KeyStore) Mockito.doAnswer(invocationOnMock -> {
                return null;
            }).when(keyStore)).load((InputStream) Mockito.any(), (char[]) Mockito.any());
            keyStoreCredential.reload();
            ((KeyStore) Mockito.verify(keyStore, Mockito.times(2))).getKey((String) Mockito.any(), (char[]) Mockito.any());
        } finally {
            cleanupPkcs11Mock();
        }
    }

    public static void initPkcs11Mock() {
        Security.insertProviderAt(new MockSunPkcs11Provider(), 1);
        MockSunPkcs11Provider.MockedPkcs11ResourceHolder.getInstance().setResource(new ClassPathResource("rsa1.jks"));
    }

    public static void cleanupPkcs11Mock() {
        Security.removeProvider(MockSunPkcs11Provider.PROVIDER_BASE_NAME);
        for (Provider provider : Security.getProviders()) {
            if (provider.getName().contains(MockSunPkcs11Provider.PROVIDER_BASE_NAME)) {
                Security.removeProvider(provider.getName());
            }
        }
        MockSunPkcs11Provider.MockedPkcs11ResourceHolder.getInstance().setResource(null);
        MockSunPkcs11Provider.MockedPkcs11ResourceHolder.getInstance().setMockNoCertificate(false);
    }
}
