package se.swedenconnect.security.credential.container;

import java.io.IOException;
import java.lang.reflect.Method;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.time.Duration;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import lombok.Generated;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.swedenconnect.security.credential.PkiCredential;
import se.swedenconnect.security.credential.container.keytype.ECParameterSpecs;
import se.swedenconnect.security.credential.container.keytype.EcKeyPairGeneratorFactory;
import se.swedenconnect.security.credential.container.keytype.KeyPairGeneratorFactory;
import se.swedenconnect.security.credential.container.keytype.KeyPairGeneratorFactoryRegistry;

/* loaded from: input_file:se/swedenconnect/security/credential/container/PkiCredentialContainerTest.class */
public class PkiCredentialContainerTest {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(PkiCredentialContainerTest.class);

    @BeforeAll
    static void init() {
        if (Security.getProvider("BC") == null) {
            Security.insertProviderAt(new BouncyCastleProvider(), 2);
        }
    }

    @Test
    void createCredentialContainer() throws Exception {
        SoftPkiCredentialContainer softPkiCredentialContainer = new SoftPkiCredentialContainer(Security.getProvider("BC"), "Test1234");
        Assertions.assertNotNull(softPkiCredentialContainer.getCredential(softPkiCredentialContainer.generateCredential("EC-256")));
        SoftPkiCredentialContainer softPkiCredentialContainer2 = new SoftPkiCredentialContainer("BC", "Test456");
        Assertions.assertEquals("BC", softPkiCredentialContainer2.getProvider().getName());
        Assertions.assertNotNull(softPkiCredentialContainer2.getCredential(softPkiCredentialContainer2.generateCredential("EC-521")));
    }

    @Test
    void testCleanup() throws Exception {
        SoftPkiCredentialContainer softPkiCredentialContainer = new SoftPkiCredentialContainer("BC", "Test1234");
        softPkiCredentialContainer.setKeyValidity(Duration.ofMillis(200L));
        String generateCredential = softPkiCredentialContainer.generateCredential("EC-256");
        softPkiCredentialContainer.generateCredential("EC-256");
        Assertions.assertEquals(2, softPkiCredentialContainer.listCredentials().size());
        Thread.sleep(200L);
        Assertions.assertThrows(PkiCredentialContainerException.class, () -> {
            softPkiCredentialContainer.getCredential(generateCredential);
        });
        Assertions.assertEquals(1, softPkiCredentialContainer.listCredentials().size());
        softPkiCredentialContainer.cleanup();
        Assertions.assertEquals(0, softPkiCredentialContainer.listCredentials().size());
    }

    @Test
    void testAlgorithmTypes() throws Exception {
        List<String> fullKeyTypeList = getFullKeyTypeList();
        SoftPkiCredentialContainer softPkiCredentialContainer = new SoftPkiCredentialContainer("BC", "Test1234");
        softPkiCredentialContainer.setSupportedKeyTypes(fullKeyTypeList);
        Iterator<String> it = fullKeyTypeList.iterator();
        while (it.hasNext()) {
            softPkiCredentialContainer.generateCredential(it.next());
        }
        Assertions.assertEquals(fullKeyTypeList.size(), softPkiCredentialContainer.listCredentials().size());
        registerBrainPoolNamedCurveSpecs();
        Iterator<String> it2 = fullKeyTypeList.iterator();
        while (it2.hasNext()) {
            verifyKeyType(it2.next(), softPkiCredentialContainer);
        }
        KeyPairGeneratorFactory factory = KeyPairGeneratorFactoryRegistry.getFactory("EC-256");
        Assertions.assertTrue(factory.supports("EC-256"));
        Assertions.assertFalse(factory.supports("EC-BP-192"));
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            KeyPairGeneratorFactoryRegistry.getFactory("BAD_Alog");
        });
    }

    @Test
    void testCredentials() throws Exception {
        SoftPkiCredentialContainer softPkiCredentialContainer = new SoftPkiCredentialContainer("BC", "Test1234");
        softPkiCredentialContainer.setKeyValidity(Duration.ofDays(30L));
        String generateCredential = softPkiCredentialContainer.generateCredential("EC-256");
        ManagedPkiCredential credential = softPkiCredentialContainer.getCredential(generateCredential);
        Instant expiryTime = softPkiCredentialContainer.getExpiryTime(generateCredential);
        Instant ofEpochMilli = Instant.ofEpochMilli(System.currentTimeMillis() + Duration.ofDays(29L).toMillis());
        Instant ofEpochMilli2 = Instant.ofEpochMilli(System.currentTimeMillis() + Duration.ofDays(31L).toMillis());
        Assertions.assertTrue(expiryTime.isAfter(ofEpochMilli));
        Assertions.assertTrue(expiryTime.isBefore(ofEpochMilli2));
        Assertions.assertEquals(generateCredential, credential.getCertificate().getSerialNumber().toString(16));
        Method declaredMethod = AbstractKeyStorePkiCredentialContainer.class.getDeclaredMethod("generateKeyCertificate", KeyPair.class, BigInteger.class);
        declaredMethod.setAccessible(true);
        KeyPair keyPair = new KeyPair(credential.getPublicKey(), credential.getPrivateKey());
        BigInteger bigInteger = new BigInteger("1000ff", 16);
        credential.setCertificate((X509Certificate) declaredMethod.invoke(softPkiCredentialContainer, keyPair, bigInteger));
        Assertions.assertEquals(bigInteger, credential.getCertificate().getSerialNumber());
        Assertions.assertEquals(bigInteger, ((X509Certificate) credential.getCertificateChain().get(0)).getSerialNumber());
        BigInteger bigInteger2 = new BigInteger("9fee0012", 16);
        credential.setCertificateChain(List.of((X509Certificate) declaredMethod.invoke(softPkiCredentialContainer, keyPair, bigInteger2)));
        Assertions.assertEquals(bigInteger2, credential.getCertificate().getSerialNumber());
        Assertions.assertEquals(bigInteger2, ((X509Certificate) credential.getCertificateChain().get(0)).getSerialNumber());
        credential.reload();
        Assertions.assertEquals(generateCredential, credential.getName());
    }

    @Test
    public void testGenerateKeyPair() throws Exception {
        SoftPkiCredentialContainer softPkiCredentialContainer = new SoftPkiCredentialContainer(Security.getProvider("BC"), "Test1234");
        List<String> fullKeyTypeList = getFullKeyTypeList();
        softPkiCredentialContainer.setSupportedKeyTypes(fullKeyTypeList);
        List<PkiCredential> issueKeyTypes = issueKeyTypes(fullKeyTypeList, softPkiCredentialContainer);
        Assertions.assertEquals(fullKeyTypeList.size(), issueKeyTypes.size());
        List listCredentials = softPkiCredentialContainer.listCredentials();
        log.info("Available credentials: {}", listCredentials);
        Assertions.assertEquals(fullKeyTypeList.size(), listCredentials.size());
        Iterator<PkiCredential> it = issueKeyTypes.iterator();
        while (it.hasNext()) {
            it.next().destroy();
        }
        Assertions.assertEquals(0, softPkiCredentialContainer.listCredentials().size());
        Assertions.assertEquals(fullKeyTypeList.size(), issueKeyTypes(fullKeyTypeList, softPkiCredentialContainer).size());
        Iterator it2 = softPkiCredentialContainer.listCredentials().iterator();
        while (it2.hasNext()) {
            softPkiCredentialContainer.deleteCredential((String) it2.next());
        }
        Assertions.assertEquals(0, softPkiCredentialContainer.listCredentials().size());
    }

    List<PkiCredential> issueKeyTypes(List<String> list, PkiCredentialContainer pkiCredentialContainer) throws GeneralSecurityException, PkiCredentialContainerException {
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            log.info("Generating key of type: {}", str);
            ManagedPkiCredential credential = pkiCredentialContainer.getCredential(pkiCredentialContainer.generateCredential(str));
            Assertions.assertNotNull(credential);
            arrayList.add(credential);
        }
        return arrayList;
    }

    @Test
    void nullProviderTest() {
        Assertions.assertThrows(NullPointerException.class, () -> {
            new SoftPkiCredentialContainer((Provider) null, "Test1234");
        });
    }

    @Test
    void nullHsmPinTest() {
        Provider provider = (Provider) Mockito.mock(Provider.class);
        Assertions.assertThrows(NullPointerException.class, () -> {
            new HsmPkiCredentialContainer(provider, (String) null);
        });
    }

    @Test
    public void testNullPassword() throws Exception {
        SoftPkiCredentialContainer softPkiCredentialContainer = new SoftPkiCredentialContainer("BC");
        Assertions.assertNotNull(softPkiCredentialContainer.getCredential(softPkiCredentialContainer.generateCredential("EC-256")));
    }

    @Test
    void unsupportedAlgoTest() throws Exception {
        SoftPkiCredentialContainer softPkiCredentialContainer = new SoftPkiCredentialContainer("BC", "Test1234");
        Assertions.assertThrows(NoSuchAlgorithmException.class, () -> {
            softPkiCredentialContainer.generateCredential("DUMMY");
        });
    }

    @Test
    void excludedAlgoTest() throws Exception {
        SoftPkiCredentialContainer softPkiCredentialContainer = new SoftPkiCredentialContainer("BC", "Test1234");
        Assertions.assertTrue(((Exception) Assertions.assertThrows(NoSuchAlgorithmException.class, () -> {
            softPkiCredentialContainer.generateCredential("EC-BP-192");
        })).getMessage().contains("is not supported by this container"));
    }

    @Test
    void unknownKeyTest() throws Exception {
        SoftPkiCredentialContainer softPkiCredentialContainer = new SoftPkiCredentialContainer("BC", "Test1234");
        Assertions.assertThrows(PkiCredentialContainerException.class, () -> {
            softPkiCredentialContainer.getCredential("unknown");
        });
    }

    @Test
    void unknownKeyExpiryTest() throws Exception {
        SoftPkiCredentialContainer softPkiCredentialContainer = new SoftPkiCredentialContainer("BC", "Test1234");
        Assertions.assertThrows(PkiCredentialContainerException.class, () -> {
            softPkiCredentialContainer.getExpiryTime("unknown");
        });
    }

    @Test
    void deleteUnknownKeyTest() throws Exception {
        SoftPkiCredentialContainer softPkiCredentialContainer = new SoftPkiCredentialContainer("BC", "Test1234");
        Assertions.assertThrows(PkiCredentialContainerException.class, () -> {
            softPkiCredentialContainer.getCredential("unknown");
        });
    }

    private List<String> getFullKeyTypeList() {
        return List.of((Object[]) new String[]{"RSA-2048", "RSA-3072", "RSA-4096", "EC-192", "EC-224", "EC-256", "EC-384", "EC-521", "EC-BP-192", "EC-BP-224", "EC-BP-256", "EC-BP-320", "EC-BP-384", "EC-BP-512"});
    }

    private List<String> getTypicalKeyTypeList() {
        return List.of("RSA-3072", "RSA-4096", "EC-256", "EC-384", "EC-521");
    }

    private ASN1ObjectIdentifier getEcKeyNamedCureOid(ECPublicKey eCPublicKey) throws IOException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(eCPublicKey.getEncoded());
        try {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = ASN1ObjectIdentifier.getInstance(ASN1Sequence.getInstance(ASN1Sequence.getInstance(aSN1InputStream.readObject()).getObjectAt(0)).getObjectAt(1));
            aSN1InputStream.close();
            return aSN1ObjectIdentifier;
        } catch (Throwable th) {
            try {
                aSN1InputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private void verifyKeyType(String str, AbstractKeyStorePkiCredentialContainer abstractKeyStorePkiCredentialContainer) throws Exception {
        PublicKey publicKey = abstractKeyStorePkiCredentialContainer.getCredential(abstractKeyStorePkiCredentialContainer.generateCredential(str)).getPublicKey();
        boolean z = -1;
        switch (str.hashCode()) {
            case -566088497:
                if (str.equals("RSA-2048")) {
                    z = false;
                    break;
                }
                break;
            case -566058619:
                if (str.equals("RSA-3072")) {
                    z = true;
                    break;
                }
                break;
            case -566028762:
                if (str.equals("RSA-4096")) {
                    z = 2;
                    break;
                }
                break;
            case -403343078:
                if (str.equals("EC-BP-192")) {
                    z = 8;
                    break;
                }
                break;
            case -403342332:
                if (str.equals("EC-BP-224")) {
                    z = 9;
                    break;
                }
                break;
            case -403342237:
                if (str.equals("EC-BP-256")) {
                    z = 10;
                    break;
                }
                break;
            case -403341375:
                if (str.equals("EC-BP-320")) {
                    z = 11;
                    break;
                }
                break;
            case -403341185:
                if (str.equals("EC-BP-384")) {
                    z = 12;
                    break;
                }
                break;
            case -403339482:
                if (str.equals("EC-BP-512")) {
                    z = 13;
                    break;
                }
                break;
            case 2038676827:
                if (str.equals("EC-192")) {
                    z = 3;
                    break;
                }
                break;
            case 2038677573:
                if (str.equals("EC-224")) {
                    z = 4;
                    break;
                }
                break;
            case 2038677668:
                if (str.equals("EC-256")) {
                    z = 5;
                    break;
                }
                break;
            case 2038678720:
                if (str.equals("EC-384")) {
                    z = 6;
                    break;
                }
                break;
            case 2038680453:
                if (str.equals("EC-521")) {
                    z = 7;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                Assertions.assertEquals(2048, ((RSAPublicKey) publicKey).getModulus().bitLength());
                return;
            case true:
                Assertions.assertEquals(3072, ((RSAPublicKey) publicKey).getModulus().bitLength());
                return;
            case true:
                Assertions.assertEquals(4096, ((RSAPublicKey) publicKey).getModulus().bitLength());
                return;
            case true:
                Assertions.assertEquals(SECObjectIdentifiers.secp192r1, getEcKeyNamedCureOid((ECPublicKey) publicKey));
                return;
            case true:
                Assertions.assertEquals(SECObjectIdentifiers.secp224r1, getEcKeyNamedCureOid((ECPublicKey) publicKey));
                return;
            case true:
                Assertions.assertEquals(SECObjectIdentifiers.secp256r1, getEcKeyNamedCureOid((ECPublicKey) publicKey));
                return;
            case true:
                Assertions.assertEquals(SECObjectIdentifiers.secp384r1, getEcKeyNamedCureOid((ECPublicKey) publicKey));
                return;
            case true:
                Assertions.assertEquals(SECObjectIdentifiers.secp521r1, getEcKeyNamedCureOid((ECPublicKey) publicKey));
                return;
            case true:
                Assertions.assertEquals(new ASN1ObjectIdentifier("1.3.36.3.3.2.8.1.1.3"), getEcKeyNamedCureOid((ECPublicKey) publicKey));
                return;
            case true:
                Assertions.assertEquals(new ASN1ObjectIdentifier("1.3.36.3.3.2.8.1.1.5"), getEcKeyNamedCureOid((ECPublicKey) publicKey));
                return;
            case true:
                Assertions.assertEquals(new ASN1ObjectIdentifier("1.3.36.3.3.2.8.1.1.7"), getEcKeyNamedCureOid((ECPublicKey) publicKey));
                return;
            case true:
                Assertions.assertEquals(new ASN1ObjectIdentifier("1.3.36.3.3.2.8.1.1.9"), getEcKeyNamedCureOid((ECPublicKey) publicKey));
                return;
            case true:
                Assertions.assertEquals(new ASN1ObjectIdentifier("1.3.36.3.3.2.8.1.1.11"), getEcKeyNamedCureOid((ECPublicKey) publicKey));
                return;
            case true:
                Assertions.assertEquals(new ASN1ObjectIdentifier("1.3.36.3.3.2.8.1.1.13"), getEcKeyNamedCureOid((ECPublicKey) publicKey));
                return;
            default:
                throw new NoSuchAlgorithmException("Requested algorithm is not supported: " + str);
        }
    }

    private void registerBrainPoolNamedCurveSpecs() {
        KeyPairGeneratorFactoryRegistry.registerFactory("EC-BP-192", new EcKeyPairGeneratorFactory("EC-BP-192", ECParameterSpecs.APS_BRAINPOOL_P192R1));
        KeyPairGeneratorFactoryRegistry.registerFactory("EC-BP-224", new EcKeyPairGeneratorFactory("EC-BP-224", ECParameterSpecs.APS_BRAINPOOL_P224R1));
        KeyPairGeneratorFactoryRegistry.registerFactory("EC-BP-256", new EcKeyPairGeneratorFactory("EC-BP-256", ECParameterSpecs.APS_BRAINPOOL_P256R1));
        KeyPairGeneratorFactoryRegistry.registerFactory("EC-BP-320", new EcKeyPairGeneratorFactory("EC-BP-320", ECParameterSpecs.APS_BRAINPOOL_P320R1));
        KeyPairGeneratorFactoryRegistry.registerFactory("EC-BP-384", new EcKeyPairGeneratorFactory("EC-BP-384", ECParameterSpecs.APS_BRAINPOOL_P384R1));
        KeyPairGeneratorFactoryRegistry.registerFactory("EC-BP-512", new EcKeyPairGeneratorFactory("EC-BP-512", ECParameterSpecs.APS_BRAINPOOL_P512R1));
    }
}
