package se.swedenconnect.security.credential.factory;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.time.Instant;
import java.util.function.Function;
import org.cryptacular.io.ClassPathResource;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import se.swedenconnect.security.credential.KeyStoreCredential;
import se.swedenconnect.security.credential.KeyStoreCredentialTest;
import se.swedenconnect.security.credential.PkiCredential;
import se.swedenconnect.security.credential.bundle.CredentialBundles;
import se.swedenconnect.security.credential.bundle.NoSuchCredentialException;
import se.swedenconnect.security.credential.bundle.NoSuchKeyStoreException;
import se.swedenconnect.security.credential.config.ConfigurationResourceLoader;
import se.swedenconnect.security.credential.config.properties.PemCredentialConfigurationProperties;
import se.swedenconnect.security.credential.config.properties.PkiCredentialConfigurationProperties;
import se.swedenconnect.security.credential.config.properties.StoreConfigurationProperties;
import se.swedenconnect.security.credential.config.properties.StoreCredentialConfigurationProperties;
import se.swedenconnect.security.credential.pkcs11.MockSunPkcs11Provider;
import se.swedenconnect.security.credential.pkcs11.Pkcs11CredentialTest;
import se.swedenconnect.security.credential.pkcs11.Pkcs11KeyStoreReloader;

/* loaded from: input_file:se/swedenconnect/security/credential/factory/PkiCredentialFactoryTest.class */
public class PkiCredentialFactoryTest {
    @Test
    void testInlinedPem() throws Exception {
        String contents = getContents("rsa1.crt");
        String contents2 = getContents("rsa1.pkcs8.enc.key");
        PemCredentialConfigurationProperties pemCredentialConfigurationProperties = new PemCredentialConfigurationProperties();
        pemCredentialConfigurationProperties.setName("test");
        pemCredentialConfigurationProperties.setCertificates(contents);
        pemCredentialConfigurationProperties.setPrivateKey(contents2);
        pemCredentialConfigurationProperties.setKeyPassword("secret");
        PkiCredentialFactory pkiCredentialFactory = new PkiCredentialFactory((CredentialBundles) null, (ConfigurationResourceLoader) null, false);
        PkiCredentialFactory pkiCredentialFactory2 = new PkiCredentialFactory((CredentialBundles) null, (ConfigurationResourceLoader) null, true);
        PkiCredential createCredential = PkiCredentialFactory.createCredential(pemCredentialConfigurationProperties, (ConfigurationResourceLoader) null);
        Assertions.assertNotNull(createCredential);
        Assertions.assertEquals("test", createCredential.getName());
        Assertions.assertEquals(1, createCredential.getCertificateChain().size());
        PkiCredential createCredential2 = pkiCredentialFactory.createCredential(pemCredentialConfigurationProperties);
        Assertions.assertNotNull(createCredential2);
        Assertions.assertEquals("test", createCredential2.getName());
        Assertions.assertEquals(1, createCredential2.getCertificateChain().size());
        PkiCredential createCredential3 = pkiCredentialFactory2.createCredential(pemCredentialConfigurationProperties);
        Assertions.assertNotNull(createCredential3);
        Assertions.assertEquals("test", createCredential3.getName());
        Assertions.assertEquals(1, createCredential3.getCertificateChain().size());
        PkiCredential createCredential4 = pkiCredentialFactory2.createCredential(pemCredentialConfigurationProperties);
        Assertions.assertNotNull(createCredential4);
        Assertions.assertTrue(createCredential3 == createCredential4);
        PkiCredentialConfigurationProperties pkiCredentialConfigurationProperties = new PkiCredentialConfigurationProperties();
        pkiCredentialConfigurationProperties.setPem(pemCredentialConfigurationProperties);
        PkiCredential createCredential5 = PkiCredentialFactory.createCredential(pkiCredentialConfigurationProperties, (ConfigurationResourceLoader) null, (Function) null, (Function) null, (Function) null);
        Assertions.assertNotNull(createCredential5);
        Assertions.assertEquals("test", createCredential5.getName());
        Assertions.assertEquals(1, createCredential5.getCertificateChain().size());
        PkiCredential createCredential6 = pkiCredentialFactory.createCredential(pkiCredentialConfigurationProperties);
        Assertions.assertNotNull(createCredential6);
        Assertions.assertEquals("test", createCredential6.getName());
        Assertions.assertEquals(1, createCredential6.getCertificateChain().size());
        PkiCredential createCredential7 = pkiCredentialFactory.createCredential(pkiCredentialConfigurationProperties);
        Assertions.assertNotNull(createCredential7);
        Assertions.assertEquals("test", createCredential7.getName());
        PkiCredential createCredential8 = pkiCredentialFactory2.createCredential(pkiCredentialConfigurationProperties);
        Assertions.assertNotNull(createCredential8);
        Assertions.assertEquals("test", createCredential8.getName());
        PkiCredential createCredential9 = pkiCredentialFactory2.createCredential(pkiCredentialConfigurationProperties);
        Assertions.assertNotNull(createCredential4);
        Assertions.assertTrue(createCredential8 == createCredential9);
    }

    @Test
    void testInlinedPemKey() throws Exception {
        String contents = getContents("rsa1.pubkey.pem");
        String contents2 = getContents("rsa1.pkcs8.enc.key");
        PemCredentialConfigurationProperties pemCredentialConfigurationProperties = new PemCredentialConfigurationProperties();
        pemCredentialConfigurationProperties.setName("test");
        pemCredentialConfigurationProperties.setPublicKey(contents);
        pemCredentialConfigurationProperties.setPrivateKey(contents2);
        pemCredentialConfigurationProperties.setKeyPassword("secret");
        PkiCredential createCredential = PkiCredentialFactory.createCredential(pemCredentialConfigurationProperties, (ConfigurationResourceLoader) null);
        Assertions.assertNotNull(createCredential);
        Assertions.assertEquals("test", createCredential.getName());
        Assertions.assertNotNull(createCredential.getPublicKey());
        Assertions.assertNull(createCredential.getCertificate());
        Assertions.assertEquals(0, createCredential.getCertificateChain().size());
        PkiCredentialConfigurationProperties pkiCredentialConfigurationProperties = new PkiCredentialConfigurationProperties();
        pkiCredentialConfigurationProperties.setPem(pemCredentialConfigurationProperties);
        PkiCredential createCredential2 = PkiCredentialFactory.createCredential(pkiCredentialConfigurationProperties, (ConfigurationResourceLoader) null, (Function) null, (Function) null, (Function) null);
        Assertions.assertNotNull(createCredential2);
        Assertions.assertEquals("test", createCredential2.getName());
        Assertions.assertNotNull(createCredential2.getPublicKey());
    }

    @Test
    void testPem() throws Exception {
        PemCredentialConfigurationProperties pemCredentialConfigurationProperties = new PemCredentialConfigurationProperties();
        pemCredentialConfigurationProperties.setName("test");
        pemCredentialConfigurationProperties.setCertificates("rsa1.crt");
        pemCredentialConfigurationProperties.setPrivateKey("rsa1.pkcs8.key");
        PkiCredential createCredential = PkiCredentialFactory.createCredential(pemCredentialConfigurationProperties, (ConfigurationResourceLoader) null);
        Assertions.assertNotNull(createCredential);
        Assertions.assertEquals("test", createCredential.getName());
        Assertions.assertEquals(1, createCredential.getCertificateChain().size());
    }

    @Test
    void testPemKey() throws Exception {
        PemCredentialConfigurationProperties pemCredentialConfigurationProperties = new PemCredentialConfigurationProperties();
        pemCredentialConfigurationProperties.setName("test");
        pemCredentialConfigurationProperties.setPublicKey("rsa1.pubkey.pem");
        pemCredentialConfigurationProperties.setPrivateKey("rsa1.pkcs8.key");
        PkiCredential createCredential = PkiCredentialFactory.createCredential(pemCredentialConfigurationProperties, (ConfigurationResourceLoader) null);
        Assertions.assertNotNull(createCredential);
        Assertions.assertEquals("test", createCredential.getName());
        Assertions.assertNotNull(createCredential.getPublicKey());
        Assertions.assertNull(createCredential.getCertificate());
        Assertions.assertEquals(0, createCredential.getCertificateChain().size());
    }

    @Test
    void testPemMissingCertificateAndKey() {
        PemCredentialConfigurationProperties pemCredentialConfigurationProperties = new PemCredentialConfigurationProperties();
        pemCredentialConfigurationProperties.setName("test");
        pemCredentialConfigurationProperties.setPrivateKey("rsa1.pkcs8.key");
        Assertions.assertEquals("Missing Certificate(s) or public key", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            PkiCredentialFactory.createCredential(pemCredentialConfigurationProperties, (ConfigurationResourceLoader) null);
        })).getMessage());
    }

    @Test
    void testBothCertificateAndKey() {
        PemCredentialConfigurationProperties pemCredentialConfigurationProperties = new PemCredentialConfigurationProperties();
        pemCredentialConfigurationProperties.setName("test");
        pemCredentialConfigurationProperties.setCertificates("rsa1.crt");
        pemCredentialConfigurationProperties.setPublicKey("rsa1.pubkey.pem");
        pemCredentialConfigurationProperties.setPrivateKey("rsa1.pkcs8.key");
        Assertions.assertEquals("Certificate(s) and public key must not both be present", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            PkiCredentialFactory.createCredential(pemCredentialConfigurationProperties, (ConfigurationResourceLoader) null);
        })).getMessage());
    }

    @Test
    void testPemMissingKey() {
        PemCredentialConfigurationProperties pemCredentialConfigurationProperties = new PemCredentialConfigurationProperties();
        pemCredentialConfigurationProperties.setName("test");
        pemCredentialConfigurationProperties.setCertificates("rsa1.crt");
        Assertions.assertEquals("No private key assigned", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            PkiCredentialFactory.createCredential(pemCredentialConfigurationProperties, (ConfigurationResourceLoader) null);
        })).getMessage());
    }

    @Test
    void testCredentialReference() throws Exception {
        InputStream inputStream = new ClassPathResource("rsa1.jks").getInputStream();
        try {
            KeyStore loadKeyStore = KeyStoreFactory.loadKeyStore(inputStream, "secret".toCharArray(), "JKS", (String) null);
            if (inputStream != null) {
                inputStream.close();
            }
            PkiCredential keyStoreCredential = new KeyStoreCredential(loadKeyStore, "test", "secret".toCharArray());
            PkiCredentialConfigurationProperties pkiCredentialConfigurationProperties = new PkiCredentialConfigurationProperties();
            pkiCredentialConfigurationProperties.setBundle("bundle");
            PkiCredential createCredential = PkiCredentialFactory.createCredential(pkiCredentialConfigurationProperties, (ConfigurationResourceLoader) null, str -> {
                return keyStoreCredential;
            }, (Function) null, (Function) null);
            Assertions.assertNotNull(createCredential);
            Assertions.assertTrue(keyStoreCredential == createCredential);
            PkiCredential createCredential2 = new PkiCredentialFactory(str2 -> {
                return keyStoreCredential;
            }, (Function) null, (ConfigurationResourceLoader) null, false).createCredential(pkiCredentialConfigurationProperties);
            Assertions.assertNotNull(createCredential2);
            Assertions.assertTrue(keyStoreCredential == createCredential2);
            CredentialBundles credentialBundles = (CredentialBundles) Mockito.mock(CredentialBundles.class);
            Mockito.when(credentialBundles.getCredentialProvider()).thenReturn(str3 -> {
                return keyStoreCredential;
            });
            PkiCredential createCredential3 = new PkiCredentialFactory(credentialBundles, (ConfigurationResourceLoader) null, false).createCredential(pkiCredentialConfigurationProperties);
            Assertions.assertNotNull(createCredential3);
            Assertions.assertTrue(keyStoreCredential == createCredential3);
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    void testCredentialReferenceNotFound() {
        PkiCredentialConfigurationProperties pkiCredentialConfigurationProperties = new PkiCredentialConfigurationProperties();
        pkiCredentialConfigurationProperties.setBundle("bundle");
        Assertions.assertEquals("bundle", Assertions.assertThrows(NoSuchCredentialException.class, () -> {
            PkiCredentialFactory.createCredential(pkiCredentialConfigurationProperties, (ConfigurationResourceLoader) null, str -> {
                return null;
            }, (Function) null, (Function) null);
        }).getCredentialId());
    }

    @Test
    void testCredentialReferenceNoProvider() {
        PkiCredentialConfigurationProperties pkiCredentialConfigurationProperties = new PkiCredentialConfigurationProperties();
        pkiCredentialConfigurationProperties.setBundle("bundle");
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            PkiCredentialFactory.createCredential(pkiCredentialConfigurationProperties, (ConfigurationResourceLoader) null, (Function) null, (Function) null, (Function) null);
        });
    }

    @Test
    void testCredentialReferenceOtherAssigned() {
        PkiCredentialConfigurationProperties pkiCredentialConfigurationProperties = new PkiCredentialConfigurationProperties();
        pkiCredentialConfigurationProperties.setBundle("bundle");
        pkiCredentialConfigurationProperties.setJks(new StoreCredentialConfigurationProperties());
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            PkiCredentialFactory.createCredential(pkiCredentialConfigurationProperties, (ConfigurationResourceLoader) null, (Function) null, (Function) null, (Function) null);
        });
        pkiCredentialConfigurationProperties.setJks((StoreCredentialConfigurationProperties) null);
        pkiCredentialConfigurationProperties.setPem(new PemCredentialConfigurationProperties());
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            PkiCredentialFactory.createCredential(pkiCredentialConfigurationProperties, (ConfigurationResourceLoader) null, (Function) null, (Function) null, (Function) null);
        });
    }

    @Test
    void testStoreReference() throws Exception {
        InputStream inputStream = new ClassPathResource("rsa1.jks").getInputStream();
        try {
            KeyStore loadKeyStore = KeyStoreFactory.loadKeyStore(inputStream, "secret".toCharArray(), "JKS", (String) null);
            if (inputStream != null) {
                inputStream.close();
            }
            Pkcs11KeyStoreReloader pkcs11KeyStoreReloader = new Pkcs11KeyStoreReloader("secret".toCharArray());
            StoreCredentialConfigurationProperties storeCredentialConfigurationProperties = new StoreCredentialConfigurationProperties();
            storeCredentialConfigurationProperties.setName("test");
            storeCredentialConfigurationProperties.setStoreReference("myKeyStore");
            storeCredentialConfigurationProperties.setKey(new StoreCredentialConfigurationProperties.KeyConfigurationProperties());
            storeCredentialConfigurationProperties.getKey().setAlias("test");
            storeCredentialConfigurationProperties.getKey().setKeyPassword("secret");
            PkiCredentialFactory pkiCredentialFactory = new PkiCredentialFactory((Function) null, str -> {
                return loadKeyStore;
            }, (ConfigurationResourceLoader) null, false);
            PkiCredentialFactory pkiCredentialFactory2 = new PkiCredentialFactory((Function) null, str2 -> {
                return loadKeyStore;
            }, (ConfigurationResourceLoader) null, true);
            PkiCredential createCredential = PkiCredentialFactory.createCredential(storeCredentialConfigurationProperties, (ConfigurationResourceLoader) null, str3 -> {
                return loadKeyStore;
            }, str4 -> {
                return pkcs11KeyStoreReloader;
            });
            Assertions.assertNotNull(createCredential);
            Assertions.assertEquals("test", createCredential.getName());
            Assertions.assertEquals(1, createCredential.getCertificateChain().size());
            PkiCredential createCredential2 = pkiCredentialFactory.createCredential(storeCredentialConfigurationProperties);
            Assertions.assertNotNull(createCredential2);
            Assertions.assertEquals("test", createCredential2.getName());
            Assertions.assertEquals(1, createCredential2.getCertificateChain().size());
            PkiCredential createCredential3 = pkiCredentialFactory2.createCredential(storeCredentialConfigurationProperties);
            Assertions.assertNotNull(createCredential3);
            Assertions.assertEquals("test", createCredential3.getName());
            PkiCredential createCredential4 = pkiCredentialFactory2.createCredential(storeCredentialConfigurationProperties);
            Assertions.assertNotNull(createCredential4);
            Assertions.assertEquals("test", createCredential4.getName());
            Assertions.assertTrue(createCredential4 == pkiCredentialFactory2.createCredential(storeCredentialConfigurationProperties));
            PkiCredentialConfigurationProperties pkiCredentialConfigurationProperties = new PkiCredentialConfigurationProperties();
            pkiCredentialConfigurationProperties.setJks(storeCredentialConfigurationProperties);
            PkiCredential createCredential5 = PkiCredentialFactory.createCredential(pkiCredentialConfigurationProperties, (ConfigurationResourceLoader) null, (Function) null, str5 -> {
                return loadKeyStore;
            }, str6 -> {
                return pkcs11KeyStoreReloader;
            });
            Assertions.assertNotNull(createCredential5);
            Assertions.assertEquals("test", createCredential5.getName());
            Assertions.assertEquals(1, createCredential5.getCertificateChain().size());
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    void testStoreReferenceNoSupplier() {
        StoreCredentialConfigurationProperties storeCredentialConfigurationProperties = new StoreCredentialConfigurationProperties();
        storeCredentialConfigurationProperties.setName("test");
        storeCredentialConfigurationProperties.setStoreReference("myKeyStore");
        storeCredentialConfigurationProperties.setKey(new StoreCredentialConfigurationProperties.KeyConfigurationProperties());
        storeCredentialConfigurationProperties.getKey().setAlias("test");
        storeCredentialConfigurationProperties.getKey().setKeyPassword("secret");
        Assertions.assertEquals("No key store provider provided - can not resolve store reference", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            PkiCredentialFactory.createCredential(storeCredentialConfigurationProperties, (ConfigurationResourceLoader) null, (Function) null, (Function) null);
        })).getMessage());
    }

    @Test
    void testStoreReferenceNoStoreFound() {
        StoreCredentialConfigurationProperties storeCredentialConfigurationProperties = new StoreCredentialConfigurationProperties();
        storeCredentialConfigurationProperties.setName("test");
        storeCredentialConfigurationProperties.setStoreReference("myKeyStore");
        storeCredentialConfigurationProperties.setKey(new StoreCredentialConfigurationProperties.KeyConfigurationProperties());
        storeCredentialConfigurationProperties.getKey().setAlias("test");
        storeCredentialConfigurationProperties.getKey().setKeyPassword("secret");
        NoSuchKeyStoreException assertThrows = Assertions.assertThrows(NoSuchKeyStoreException.class, () -> {
            PkiCredentialFactory.createCredential(storeCredentialConfigurationProperties, (ConfigurationResourceLoader) null, str -> {
                return null;
            }, str2 -> {
                return null;
            });
        });
        Assertions.assertEquals("myKeyStore", assertThrows.getKeyStoreId());
        Assertions.assertEquals("Referenced store 'myKeyStore' is not present", assertThrows.getMessage());
    }

    @Test
    void testNoStore() {
        StoreCredentialConfigurationProperties storeCredentialConfigurationProperties = new StoreCredentialConfigurationProperties();
        storeCredentialConfigurationProperties.setName("test");
        storeCredentialConfigurationProperties.setKey(new StoreCredentialConfigurationProperties.KeyConfigurationProperties());
        storeCredentialConfigurationProperties.getKey().setAlias("test");
        storeCredentialConfigurationProperties.getKey().setKeyPassword("secret");
        Assertions.assertEquals("No store or store-reference assigned", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            PkiCredentialFactory.createCredential(storeCredentialConfigurationProperties, (ConfigurationResourceLoader) null, (Function) null, (Function) null);
        })).getMessage());
    }

    @Test
    void testStore() throws Exception {
        StoreCredentialConfigurationProperties storeCredentialConfigurationProperties = new StoreCredentialConfigurationProperties();
        storeCredentialConfigurationProperties.setName("test");
        storeCredentialConfigurationProperties.setStore(new StoreConfigurationProperties());
        storeCredentialConfigurationProperties.getStore().setLocation("rsa1.jks");
        storeCredentialConfigurationProperties.getStore().setPassword("secret");
        storeCredentialConfigurationProperties.setKey(new StoreCredentialConfigurationProperties.KeyConfigurationProperties());
        storeCredentialConfigurationProperties.getKey().setAlias("test");
        PkiCredential createCredential = PkiCredentialFactory.createCredential(storeCredentialConfigurationProperties, (ConfigurationResourceLoader) null, (Function) null, (Function) null);
        Assertions.assertNotNull(createCredential);
        Assertions.assertEquals("test", createCredential.getName());
        Assertions.assertEquals(1, createCredential.getCertificateChain().size());
    }

    @Test
    void testStoreAndReference() {
        StoreCredentialConfigurationProperties storeCredentialConfigurationProperties = new StoreCredentialConfigurationProperties();
        storeCredentialConfigurationProperties.setName("test");
        storeCredentialConfigurationProperties.setStoreReference("ref");
        storeCredentialConfigurationProperties.setStore(new StoreConfigurationProperties());
        storeCredentialConfigurationProperties.getStore().setLocation("rsa1.jks");
        storeCredentialConfigurationProperties.getStore().setPassword("secret");
        storeCredentialConfigurationProperties.setKey(new StoreCredentialConfigurationProperties.KeyConfigurationProperties());
        storeCredentialConfigurationProperties.getKey().setAlias("test");
        Assertions.assertEquals("Both store and store-reference can not be set", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            PkiCredentialFactory.createCredential(storeCredentialConfigurationProperties, (ConfigurationResourceLoader) null, (Function) null, (Function) null);
        })).getMessage());
    }

    @Test
    void testStoreReferenceNoKeyPassword() throws Exception {
        InputStream inputStream = new ClassPathResource("rsa1.jks").getInputStream();
        try {
            KeyStore loadKeyStore = KeyStoreFactory.loadKeyStore(inputStream, "secret".toCharArray(), "JKS", (String) null);
            if (inputStream != null) {
                inputStream.close();
            }
            StoreCredentialConfigurationProperties storeCredentialConfigurationProperties = new StoreCredentialConfigurationProperties();
            storeCredentialConfigurationProperties.setName("test");
            storeCredentialConfigurationProperties.setStoreReference("myKeyStore");
            storeCredentialConfigurationProperties.setKey(new StoreCredentialConfigurationProperties.KeyConfigurationProperties());
            storeCredentialConfigurationProperties.getKey().setAlias("test");
            Assertions.assertEquals("No key password given, and can not get store password since store reference was used", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
                PkiCredentialFactory.createCredential(storeCredentialConfigurationProperties, (ConfigurationResourceLoader) null, str -> {
                    return loadKeyStore;
                }, (Function) null);
            })).getMessage());
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    void testStoreMissingKey() {
        StoreCredentialConfigurationProperties storeCredentialConfigurationProperties = new StoreCredentialConfigurationProperties();
        storeCredentialConfigurationProperties.setName("test");
        storeCredentialConfigurationProperties.setStore(new StoreConfigurationProperties());
        storeCredentialConfigurationProperties.getStore().setLocation("rsa1.jks");
        storeCredentialConfigurationProperties.getStore().setPassword("secret");
        Assertions.assertEquals("No key entry assigned", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            PkiCredentialFactory.createCredential(storeCredentialConfigurationProperties, (ConfigurationResourceLoader) null, (Function) null, (Function) null);
        })).getMessage());
    }

    @Test
    void testStoreMissingAlias() {
        StoreCredentialConfigurationProperties storeCredentialConfigurationProperties = new StoreCredentialConfigurationProperties();
        storeCredentialConfigurationProperties.setName("test");
        storeCredentialConfigurationProperties.setStore(new StoreConfigurationProperties());
        storeCredentialConfigurationProperties.getStore().setLocation("rsa1.jks");
        storeCredentialConfigurationProperties.getStore().setPassword("secret");
        storeCredentialConfigurationProperties.setKey(new StoreCredentialConfigurationProperties.KeyConfigurationProperties());
        Assertions.assertEquals("No key entry alias assigned", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            PkiCredentialFactory.createCredential(storeCredentialConfigurationProperties, (ConfigurationResourceLoader) null, (Function) null, (Function) null);
        })).getMessage());
    }

    @Test
    void testStoreAdditionalCert() throws Exception {
        StoreCredentialConfigurationProperties storeCredentialConfigurationProperties = new StoreCredentialConfigurationProperties();
        storeCredentialConfigurationProperties.setName("test");
        storeCredentialConfigurationProperties.setStore(new StoreConfigurationProperties());
        storeCredentialConfigurationProperties.getStore().setLocation("rsa1.jks");
        storeCredentialConfigurationProperties.getStore().setPassword("secret");
        storeCredentialConfigurationProperties.setKey(new StoreCredentialConfigurationProperties.KeyConfigurationProperties());
        storeCredentialConfigurationProperties.getKey().setAlias("test");
        storeCredentialConfigurationProperties.getKey().setKeyPassword("secret");
        storeCredentialConfigurationProperties.getKey().setCertificates("rsa1.crt");
        PkiCredential createCredential = PkiCredentialFactory.createCredential(storeCredentialConfigurationProperties, (ConfigurationResourceLoader) null, (Function) null, (Function) null);
        Assertions.assertNotNull(createCredential);
        Assertions.assertEquals("test", createCredential.getName());
        Assertions.assertEquals(1, createCredential.getCertificateChain().size());
    }

    @Test
    void testStoreAdditionalCertInlined() throws Exception {
        StoreCredentialConfigurationProperties storeCredentialConfigurationProperties = new StoreCredentialConfigurationProperties();
        storeCredentialConfigurationProperties.setName("test");
        storeCredentialConfigurationProperties.setStore(new StoreConfigurationProperties());
        storeCredentialConfigurationProperties.getStore().setLocation("rsa1.jks");
        storeCredentialConfigurationProperties.getStore().setPassword("secret");
        storeCredentialConfigurationProperties.setKey(new StoreCredentialConfigurationProperties.KeyConfigurationProperties());
        storeCredentialConfigurationProperties.getKey().setAlias("test");
        storeCredentialConfigurationProperties.getKey().setKeyPassword("secret");
        storeCredentialConfigurationProperties.getKey().setCertificates(getContents("rsa1.crt"));
        PkiCredential createCredential = PkiCredentialFactory.createCredential(storeCredentialConfigurationProperties, (ConfigurationResourceLoader) null, (Function) null, (Function) null);
        Assertions.assertNotNull(createCredential);
        Assertions.assertEquals("test", createCredential.getName());
        Assertions.assertEquals(1, createCredential.getCertificateChain().size());
    }

    @Test
    void testInvalidPkiCredentialConfiguration() {
        PkiCredentialConfigurationProperties pkiCredentialConfigurationProperties = new PkiCredentialConfigurationProperties();
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            PkiCredentialFactory.createCredential(pkiCredentialConfigurationProperties, (ConfigurationResourceLoader) null, (Function) null, (Function) null, (Function) null);
        });
        PkiCredentialConfigurationProperties pkiCredentialConfigurationProperties2 = new PkiCredentialConfigurationProperties();
        pkiCredentialConfigurationProperties2.setPem(new PemCredentialConfigurationProperties());
        pkiCredentialConfigurationProperties2.setJks(new StoreCredentialConfigurationProperties());
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            PkiCredentialFactory.createCredential(pkiCredentialConfigurationProperties2, (ConfigurationResourceLoader) null, (Function) null, (Function) null, (Function) null);
        });
    }

    @Test
    void testMetadata() throws Exception {
        StoreCredentialConfigurationProperties storeCredentialConfigurationProperties = new StoreCredentialConfigurationProperties();
        storeCredentialConfigurationProperties.setName("test");
        storeCredentialConfigurationProperties.setStore(new StoreConfigurationProperties());
        storeCredentialConfigurationProperties.getStore().setLocation("rsa1.jks");
        storeCredentialConfigurationProperties.getStore().setPassword("secret");
        storeCredentialConfigurationProperties.setKey(new StoreCredentialConfigurationProperties.KeyConfigurationProperties());
        storeCredentialConfigurationProperties.getKey().setAlias("test");
        storeCredentialConfigurationProperties.setKeyId("12345");
        Instant ofEpochMilli = Instant.ofEpochMilli(1668521306L);
        Instant ofEpochMilli2 = Instant.ofEpochMilli(1794751706L);
        storeCredentialConfigurationProperties.setIssuedAt(ofEpochMilli);
        storeCredentialConfigurationProperties.setExpiresAt(ofEpochMilli2);
        storeCredentialConfigurationProperties.getMetadata().put("foo", "ABC");
        PkiCredential createCredential = PkiCredentialFactory.createCredential(storeCredentialConfigurationProperties, (ConfigurationResourceLoader) null, (Function) null, (Function) null);
        Assertions.assertNotNull(createCredential);
        Assertions.assertEquals("test", createCredential.getName());
        Assertions.assertEquals(1, createCredential.getCertificateChain().size());
        Assertions.assertEquals("12345", createCredential.getMetadata().getKeyId());
        Assertions.assertEquals(ofEpochMilli, createCredential.getMetadata().getIssuedAt());
        Assertions.assertEquals(ofEpochMilli2, createCredential.getMetadata().getExpiresAt());
        Assertions.assertEquals("ABC", createCredential.getMetadata().getProperties().get("foo"));
    }

    @Test
    void testPkcs11() throws Exception {
        KeyStoreCredentialTest.initPkcs11Mock();
        try {
            StoreCredentialConfigurationProperties storeCredentialConfigurationProperties = new StoreCredentialConfigurationProperties();
            storeCredentialConfigurationProperties.setName("test");
            storeCredentialConfigurationProperties.setStore(new StoreConfigurationProperties());
            storeCredentialConfigurationProperties.getStore().setType("PKCS11");
            storeCredentialConfigurationProperties.getStore().setProvider(MockSunPkcs11Provider.PROVIDER_BASE_NAME);
            storeCredentialConfigurationProperties.getStore().setPassword("secret");
            storeCredentialConfigurationProperties.getStore().setPkcs11(new StoreConfigurationProperties.Pkcs11ConfigurationProperties());
            storeCredentialConfigurationProperties.getStore().getPkcs11().setConfigurationFile(Pkcs11CredentialTest.getAbsolutePath("cfg1.txt"));
            storeCredentialConfigurationProperties.setMonitor(true);
            storeCredentialConfigurationProperties.setKey(new StoreCredentialConfigurationProperties.KeyConfigurationProperties());
            storeCredentialConfigurationProperties.getKey().setAlias("test");
            storeCredentialConfigurationProperties.getKey().setKeyPassword("secret");
            storeCredentialConfigurationProperties.getKey().setCertificates("rsa1.crt");
            PkiCredential createCredential = PkiCredentialFactory.createCredential(storeCredentialConfigurationProperties, (ConfigurationResourceLoader) null, (Function) null, (Function) null);
            Assertions.assertNotNull(createCredential);
            Assertions.assertTrue(createCredential.isHardwareCredential());
        } finally {
            KeyStoreCredentialTest.cleanupPkcs11Mock();
        }
    }

    private static String getContents(String str) throws IOException {
        InputStream inputStream = new ClassPathResource(str).getInputStream();
        try {
            String str2 = new String(inputStream.readAllBytes());
            if (inputStream != null) {
                inputStream.close();
            }
            return str2;
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
