package org.eclipse.californium.elements.util;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;

/* loaded from: input_file:org/eclipse/californium/elements/util/CertPathUtilTest.class */
public class CertPathUtilTest {
    private static final char[] KEY_STORE_PASSWORD = "endPass".toCharArray();
    private static final String KEY_STORE_LOCATION = "certs/keyStore.jks";

    @Rule
    public ExpectedException exception = ExpectedException.none();
    private X509Certificate[] clientChainExtUsage;
    private X509Certificate[] clientSelfsigned;
    private List<X509Certificate> clientChainExtUsageList;
    private List<X509Certificate> clientSelfsignedList;

    @Before
    public void init() throws IOException, GeneralSecurityException {
        this.clientChainExtUsage = SslContextUtil.loadCredentials("classpath://certs/keyStore.jks", "clientext", KEY_STORE_PASSWORD, KEY_STORE_PASSWORD).getCertificateChain();
        this.clientSelfsigned = SslContextUtil.loadCredentials("classpath://certs/keyStore.jks", "self", KEY_STORE_PASSWORD, KEY_STORE_PASSWORD).getCertificateChain();
        this.clientChainExtUsageList = Arrays.asList(this.clientChainExtUsage);
        this.clientSelfsignedList = Arrays.asList(this.clientSelfsigned);
    }

    @Test
    public void testGenerateCertPath() throws Exception {
        Assert.assertEquals(this.clientChainExtUsageList, CertPathUtil.generateCertPath(this.clientChainExtUsageList).getCertificates());
    }

    @Test
    public void testGenerateTruncatedCertPath() throws Exception {
        ArrayList arrayList = new ArrayList(this.clientChainExtUsageList);
        arrayList.remove(arrayList.size() - 1);
        arrayList.remove(arrayList.size() - 1);
        CertPath generateCertPath = CertPathUtil.generateCertPath(this.clientChainExtUsageList, this.clientChainExtUsageList.size() - 2);
        Assert.assertEquals(arrayList.size(), generateCertPath.getCertificates().size());
        Assert.assertEquals(arrayList, generateCertPath.getCertificates());
    }

    @Test
    public void testToX509CertificatesList() throws Exception {
        ArrayList arrayList = new ArrayList(this.clientChainExtUsageList);
        Assert.assertEquals(arrayList, CertPathUtil.toX509CertificatesList(arrayList));
    }

    @Test
    public void testToX509CertificatesListUsingInvalidCertificate() throws Exception {
        this.exception.expect(IllegalArgumentException.class);
        this.exception.expectMessage("Given certificate is not X.509! Dummy");
        ArrayList arrayList = new ArrayList(this.clientChainExtUsageList);
        arrayList.add(new Certificate("Dummy") { // from class: org.eclipse.californium.elements.util.CertPathUtilTest.1
            @Override // java.security.cert.Certificate
            public void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
            }

            @Override // java.security.cert.Certificate
            public void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
            }

            @Override // java.security.cert.Certificate
            public String toString() {
                return "Dummy";
            }

            @Override // java.security.cert.Certificate
            public PublicKey getPublicKey() {
                return null;
            }

            @Override // java.security.cert.Certificate
            public byte[] getEncoded() throws CertificateEncodingException {
                return Bytes.EMPTY;
            }
        });
        CertPathUtil.toX509CertificatesList(arrayList);
    }

    @Test
    public void testCanBeUsedToVerifySignature() throws Exception {
        X509Certificate[] trustedCertificates = TestCertificatesTools.getTrustedCertificates();
        X509Certificate[] clientCertificateChain = TestCertificatesTools.getClientCertificateChain();
        X509Certificate[] serverCertificateChain = TestCertificatesTools.getServerCertificateChain();
        Assert.assertTrue(CertPathUtil.canBeUsedToVerifySignature(trustedCertificates[0]));
        Assert.assertTrue(CertPathUtil.canBeUsedToVerifySignature(trustedCertificates[1]));
        Assert.assertFalse(CertPathUtil.canBeUsedToVerifySignature(clientCertificateChain[0]));
        Assert.assertFalse(CertPathUtil.canBeUsedToVerifySignature(serverCertificateChain[0]));
        Assert.assertFalse(CertPathUtil.canBeUsedToVerifySignature(this.clientSelfsigned[0]));
    }

    @Test
    public void testCanBeUsedForClientAuthentication() throws Exception {
        X509Certificate trustedCA = TestCertificatesTools.getTrustedCA();
        X509Certificate[] clientCertificateChain = TestCertificatesTools.getClientCertificateChain();
        Assert.assertFalse(CertPathUtil.canBeUsedForAuthentication(trustedCA, true));
        Assert.assertTrue(CertPathUtil.canBeUsedForAuthentication(clientCertificateChain[0], true));
        Assert.assertTrue(CertPathUtil.canBeUsedForAuthentication(this.clientChainExtUsage[0], true));
        Assert.assertTrue(CertPathUtil.canBeUsedForAuthentication(this.clientSelfsigned[0], true));
    }

    @Test
    public void testCanBeUsedForServerAuthentication() throws Exception {
        X509Certificate trustedCA = TestCertificatesTools.getTrustedCA();
        X509Certificate[] serverCertificateChain = TestCertificatesTools.getServerCertificateChain();
        Assert.assertFalse(CertPathUtil.canBeUsedForAuthentication(trustedCA, false));
        Assert.assertTrue(CertPathUtil.canBeUsedForAuthentication(serverCertificateChain[0], false));
        Assert.assertFalse(CertPathUtil.canBeUsedForAuthentication(this.clientChainExtUsage[0], false));
        Assert.assertTrue(CertPathUtil.canBeUsedForAuthentication(this.clientSelfsigned[0], false));
    }

    @Test
    public void testServerCertificateValidationWithoutTrust() throws Exception {
        this.exception.expect(CertPathValidatorException.class);
        this.exception.expectMessage("certificates are not trusted!");
        CertPathUtil.validateCertificatePath(false, CertPathUtil.generateCertPath(Arrays.asList(TestCertificatesTools.getServerCertificateChain())), (X509Certificate[]) null);
    }

    @Test
    public void testServerCertificateValidation() throws Exception {
        X509Certificate[] serverCertificateChain = TestCertificatesTools.getServerCertificateChain();
        Assert.assertEquals(Arrays.asList(serverCertificateChain), CertPathUtil.validateCertificatePath(false, CertPathUtil.generateCertPath(Arrays.asList(serverCertificateChain)), new X509Certificate[0]).getCertificates());
    }

    @Test
    public void testServerCertificateValidationUnknownTrust() throws Exception {
        this.exception.expect(CertPathValidatorException.class);
        this.exception.expectMessage("Path does not chain with any of the trust anchors");
        CertPathUtil.validateCertificatePath(false, CertPathUtil.generateCertPath(Arrays.asList(TestCertificatesTools.getServerCertificateChain())), this.clientSelfsigned);
    }

    @Test
    public void testServerCertificateValidationWithThrust() throws Exception {
        X509Certificate[] serverCertificateChain = TestCertificatesTools.getServerCertificateChain();
        Assert.assertEquals(Arrays.asList(serverCertificateChain), CertPathUtil.validateCertificatePath(false, CertPathUtil.generateCertPath(Arrays.asList(serverCertificateChain)), TestCertificatesTools.getTrustedCertificates()).getCertificates());
    }

    @Test
    public void testClientExtCertificateValidationWithThrust() throws Exception {
        Assert.assertEquals(this.clientChainExtUsage.length, CertPathUtil.validateCertificatePath(false, CertPathUtil.generateCertPath(this.clientChainExtUsageList), TestCertificatesTools.getTrustedCertificates()).getCertificates().size());
    }

    @Test
    public void testServerCertificateInvalidPath() throws Exception {
        this.exception.expect(IllegalArgumentException.class);
        this.exception.expectMessage("Given certificates do not form a chain");
        X509Certificate[] serverCertificateChain = TestCertificatesTools.getServerCertificateChain();
        serverCertificateChain[1] = this.clientChainExtUsage[0];
        CertPathUtil.validateCertificatePath(false, CertPathUtil.generateCertPath(Arrays.asList(serverCertificateChain)), TestCertificatesTools.getTrustedCertificates());
    }

    @Test
    public void testServerCertificateInvalidPath2() throws Exception {
        this.exception.expect(IllegalArgumentException.class);
        this.exception.expectMessage("Given certificates do not form a chain, root is not the last!");
        X509Certificate[] serverCertificateChain = TestCertificatesTools.getServerCertificateChain();
        serverCertificateChain[0] = this.clientSelfsigned[0];
        CertPathUtil.validateCertificatePath(false, CertPathUtil.generateCertPath(Arrays.asList(serverCertificateChain)), TestCertificatesTools.getTrustedCertificates());
    }

    @Test
    public void testSelfSignedValidation() throws Exception {
        Assert.assertEquals(this.clientSelfsignedList, CertPathUtil.validateCertificatePath(false, CertPathUtil.generateCertPath(this.clientSelfsignedList), new X509Certificate[0]).getCertificates());
    }

    @Test
    public void testSelfSignedValidationThrust() throws Exception {
        Assert.assertEquals(this.clientSelfsignedList, CertPathUtil.validateCertificatePath(false, CertPathUtil.generateCertPath(this.clientSelfsignedList), this.clientSelfsigned).getCertificates());
    }

    @Test
    public void testGenerateValidationCertPath() throws Exception {
        ArrayList arrayList = new ArrayList(this.clientChainExtUsageList);
        arrayList.remove(arrayList.size() - 1);
        Assert.assertEquals(arrayList, CertPathUtil.generateValidatableCertPath(this.clientChainExtUsageList, (List) null).getCertificates());
    }

    @Test
    public void testGenerateValidationCertPathForIssuer() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.clientChainExtUsage[1].getSubjectX500Principal());
        ArrayList arrayList2 = new ArrayList(this.clientChainExtUsageList);
        arrayList2.remove(arrayList2.size() - 1);
        arrayList2.remove(arrayList2.size() - 1);
        CertPath generateValidatableCertPath = CertPathUtil.generateValidatableCertPath(this.clientChainExtUsageList, arrayList);
        Assert.assertEquals(arrayList2.size(), generateValidatableCertPath.getCertificates().size());
        Assert.assertEquals(arrayList2, generateValidatableCertPath.getCertificates());
    }

    @Test
    public void testGenerateValidationCertPathForUnknownIssuer() throws Exception {
        new ArrayList().add(this.clientSelfsigned[0].getSubjectX500Principal());
        Assert.assertEquals(0L, CertPathUtil.generateValidatableCertPath(this.clientChainExtUsageList, r0).getCertificates().size());
    }

    @Test
    public void testGenerateValidationCertPathSelfSigned() throws Exception {
        Assert.assertEquals(this.clientSelfsignedList, CertPathUtil.generateValidatableCertPath(this.clientSelfsignedList, (List) null).getCertificates());
    }
}
