package se.swedenconnect.security.credential;

import java.io.InputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.List;
import org.cryptacular.io.ClassPathResource;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import se.swedenconnect.security.credential.factory.KeyStoreFactory;

/* loaded from: input_file:se/swedenconnect/security/credential/BasicCredentialTest.class */
class BasicCredentialTest {
    private final PrivateKey privateKey;
    private final X509Certificate cert;
    private final PrivateKey privateKey2;
    private final X509Certificate cert2;

    public BasicCredentialTest() throws Exception {
        InputStream inputStream = new ClassPathResource("rsa1.jks").getInputStream();
        try {
            KeyStore loadKeyStore = KeyStoreFactory.loadKeyStore(inputStream, "secret".toCharArray(), (String) null, (String) null);
            this.cert = (X509Certificate) loadKeyStore.getCertificate("test");
            this.privateKey = (PrivateKey) loadKeyStore.getKey("test", "secret".toCharArray());
            if (inputStream != null) {
                inputStream.close();
            }
            inputStream = new ClassPathResource("rsa-dsa-ec.jks").getInputStream();
            try {
                KeyStore loadKeyStore2 = KeyStoreFactory.loadKeyStore(inputStream, "secret".toCharArray(), (String) null, (String) null);
                this.cert2 = (X509Certificate) loadKeyStore2.getCertificate("rsa");
                this.privateKey2 = (PrivateKey) loadKeyStore2.getKey("rsa", "secret".toCharArray());
                if (inputStream != null) {
                    inputStream.close();
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    void testKeyPair() {
        BasicCredential basicCredential = new BasicCredential(new KeyPair(this.cert.getPublicKey(), this.privateKey));
        Assertions.assertTrue(basicCredential.getName().startsWith("RSA-"));
        Assertions.assertNotNull(basicCredential.getPrivateKey());
        Assertions.assertNotNull(basicCredential.getPublicKey());
        Assertions.assertNull(basicCredential.getCertificate());
        Assertions.assertTrue(basicCredential.getMetadata().getProperties().isEmpty());
    }

    @Test
    void testCertificate() {
        BasicCredential basicCredential = new BasicCredential(this.cert, this.privateKey);
        Assertions.assertNotNull(basicCredential.getPrivateKey());
        Assertions.assertNotNull(basicCredential.getPublicKey());
        Assertions.assertNotNull(basicCredential.getCertificate());
        Assertions.assertEquals(2, basicCredential.getMetadata().getProperties().size());
    }

    @Test
    void testMetadata() {
        BasicCredential basicCredential = new BasicCredential(this.cert, this.privateKey);
        Instant ofEpochMilli = Instant.ofEpochMilli(1668521306L);
        Instant ofEpochMilli2 = Instant.ofEpochMilli(1794751706L);
        basicCredential.getMetadata().getProperties().put("issued-at", ofEpochMilli);
        basicCredential.getMetadata().getProperties().put("expires-at", ofEpochMilli2);
        basicCredential.getMetadata().getProperties().put("key-id", "12345");
        basicCredential.getMetadata().getProperties().put("foo", "ABC");
        Assertions.assertEquals("12345", basicCredential.getMetadata().getKeyId());
        Assertions.assertEquals(ofEpochMilli, basicCredential.getMetadata().getIssuedAt());
        Assertions.assertEquals(ofEpochMilli2, basicCredential.getMetadata().getExpiresAt());
        Assertions.assertEquals("ABC", basicCredential.getMetadata().getProperties().get("foo"));
    }

    @Test
    void testTransform() {
        BasicCredential basicCredential = new BasicCredential(this.cert, this.privateKey);
        Assertions.assertNotNull((KeyPair) basicCredential.transform(pkiCredential -> {
            return new KeyPair(basicCredential.getPublicKey(), basicCredential.getPrivateKey());
        }));
    }

    @Test
    void testDefaultNameCertSet() {
        Assertions.assertEquals(this.cert.getSerialNumber().toString(10), new BasicCredential(this.cert, this.privateKey).getName());
    }

    @Test
    void testDefaultNamePubKeySet() {
        Assertions.assertTrue(new BasicCredential(this.cert.getPublicKey(), this.privateKey).getName().startsWith("RSA-"));
    }

    @Test
    void testBadKeyPair() {
        Assertions.assertEquals("Public and private key do not make up a valid key pair", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            new BasicCredential(this.cert.getPublicKey(), this.privateKey2);
        })).getMessage());
    }

    @Test
    void testBadKeyPair2() {
        Assertions.assertEquals("Public key from certificate and private key do not make up a valid key pair", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            new BasicCredential(this.cert, this.privateKey2);
        })).getMessage());
    }

    @Test
    void testBadKeyPair3() {
        Assertions.assertEquals("Public key from entity certificate and private key do not make up a valid key pair", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            new BasicCredential(List.of(this.cert), this.privateKey2);
        })).getMessage());
    }

    @Test
    void testEmptyChain() {
        Assertions.assertEquals("certificates must not be empty", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            new BasicCredential(List.of(), this.privateKey);
        })).getMessage());
    }
}
