package org.eclipse.californium.elements.util;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;

/* loaded from: input_file:org/eclipse/californium/elements/util/CertPathUtilTest.class */
public class CertPathUtilTest {
    private static final String KEY_STORE_LOCATION = "certs/keyStore.jks";

    @Rule
    public ExpectedException exception = ExpectedException.none();
    private X509Certificate[] clientChainExtUsage;
    private X509Certificate[] clientSelfsigned;
    private X509Certificate[] serverLarge;
    private List<X509Certificate> clientChainExtUsageList;
    private List<X509Certificate> clientSelfsignedList;
    private List<X509Certificate> serverLargeList;
    private static final char[] KEY_STORE_PASSWORD = "endPass".toCharArray();
    private static final X509Certificate[] ALL = new X509Certificate[0];

    @Before
    public void init() throws IOException, GeneralSecurityException {
        this.clientChainExtUsage = SslContextUtil.loadCredentials("classpath://certs/keyStore.jks", "clientext", KEY_STORE_PASSWORD, KEY_STORE_PASSWORD).getCertificateChain();
        Assume.assumeThat(Integer.valueOf(this.clientChainExtUsage.length), CoreMatchers.is(3));
        this.clientSelfsigned = SslContextUtil.loadCredentials("classpath://certs/keyStore.jks", "self", KEY_STORE_PASSWORD, KEY_STORE_PASSWORD).getCertificateChain();
        Assume.assumeThat(Integer.valueOf(this.clientSelfsigned.length), CoreMatchers.is(1));
        this.serverLarge = SslContextUtil.loadCredentials("classpath://certs/keyStore.jks", "serverlarge", KEY_STORE_PASSWORD, KEY_STORE_PASSWORD).getCertificateChain();
        Assume.assumeThat(Integer.valueOf(this.serverLarge.length), CoreMatchers.is(3));
        this.clientChainExtUsageList = Arrays.asList(this.clientChainExtUsage);
        this.clientSelfsignedList = Arrays.asList(this.clientSelfsigned);
        this.serverLargeList = Arrays.asList(this.serverLarge);
    }

    @Test
    public void testGenerateCertPath() throws Exception {
        Assert.assertEquals(this.clientChainExtUsageList, CertPathUtil.generateCertPath(this.clientChainExtUsageList).getCertificates());
    }

    @Test
    public void testGenerateTruncatedCertPath() throws Exception {
        ArrayList arrayList = new ArrayList(this.clientChainExtUsageList);
        arrayList.remove(arrayList.size() - 1);
        arrayList.remove(arrayList.size() - 1);
        CertPath generateCertPath = CertPathUtil.generateCertPath(this.clientChainExtUsageList, this.clientChainExtUsageList.size() - 2);
        Assert.assertEquals(arrayList.size(), generateCertPath.getCertificates().size());
        Assert.assertEquals(arrayList, generateCertPath.getCertificates());
    }

    @Test
    public void testToX509CertificatesList() throws Exception {
        ArrayList arrayList = new ArrayList(this.clientChainExtUsageList);
        Assert.assertEquals(arrayList, CertPathUtil.toX509CertificatesList(arrayList));
    }

    @Test
    public void testToX509CertificatesListUsingInvalidCertificate() throws Exception {
        this.exception.expect(IllegalArgumentException.class);
        this.exception.expectMessage("Given certificate is not X.509! Dummy");
        ArrayList arrayList = new ArrayList(this.clientChainExtUsageList);
        arrayList.add(new Certificate("Dummy") { // from class: org.eclipse.californium.elements.util.CertPathUtilTest.1
            @Override // java.security.cert.Certificate
            public void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
            }

            @Override // java.security.cert.Certificate
            public void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
            }

            @Override // java.security.cert.Certificate
            public String toString() {
                return "Dummy";
            }

            @Override // java.security.cert.Certificate
            public PublicKey getPublicKey() {
                return null;
            }

            @Override // java.security.cert.Certificate
            public byte[] getEncoded() throws CertificateEncodingException {
                return Bytes.EMPTY;
            }
        });
        CertPathUtil.toX509CertificatesList(arrayList);
    }

    @Test
    public void testCanBeUsedToVerifySignature() throws Exception {
        X509Certificate[] trustedCertificates = TestCertificatesTools.getTrustedCertificates();
        X509Certificate[] clientCertificateChain = TestCertificatesTools.getClientCertificateChain();
        X509Certificate[] serverCertificateChain = TestCertificatesTools.getServerCertificateChain();
        Assert.assertTrue(CertPathUtil.canBeUsedToVerifySignature(trustedCertificates[0]));
        Assert.assertTrue(CertPathUtil.canBeUsedToVerifySignature(trustedCertificates[1]));
        Assert.assertFalse(CertPathUtil.canBeUsedToVerifySignature(clientCertificateChain[0]));
        Assert.assertFalse(CertPathUtil.canBeUsedToVerifySignature(serverCertificateChain[0]));
        Assert.assertFalse(CertPathUtil.canBeUsedToVerifySignature(this.clientSelfsigned[0]));
    }

    @Test
    public void testCanBeUsedForClientAuthentication() throws Exception {
        X509Certificate trustedCA = TestCertificatesTools.getTrustedCA();
        X509Certificate[] clientCertificateChain = TestCertificatesTools.getClientCertificateChain();
        Assert.assertFalse(CertPathUtil.canBeUsedForAuthentication(trustedCA, true));
        Assert.assertTrue(CertPathUtil.canBeUsedForAuthentication(clientCertificateChain[0], true));
        Assert.assertTrue(CertPathUtil.canBeUsedForAuthentication(this.clientChainExtUsage[0], true));
        Assert.assertTrue(CertPathUtil.canBeUsedForAuthentication(this.clientSelfsigned[0], true));
    }

    @Test
    public void testCanBeUsedForServerAuthentication() throws Exception {
        X509Certificate trustedCA = TestCertificatesTools.getTrustedCA();
        X509Certificate[] serverCertificateChain = TestCertificatesTools.getServerCertificateChain();
        Assert.assertFalse(CertPathUtil.canBeUsedForAuthentication(trustedCA, false));
        Assert.assertTrue(CertPathUtil.canBeUsedForAuthentication(serverCertificateChain[0], false));
        Assert.assertFalse(CertPathUtil.canBeUsedForAuthentication(this.clientChainExtUsage[0], false));
        Assert.assertTrue(CertPathUtil.canBeUsedForAuthentication(this.clientSelfsigned[0], false));
    }

    @Test
    public void testServerCertificateValidationWithoutTrust() throws Exception {
        this.exception.expect(CertPathValidatorException.class);
        this.exception.expectMessage("certificates are not trusted!");
        CertPathUtil.validateCertificatePathWithIssuer(false, CertPathUtil.generateCertPath(Arrays.asList(TestCertificatesTools.getServerCertificateChain())), (X509Certificate[]) null);
    }

    @Test
    public void testServerCertificateValidation() throws Exception {
        List<X509Certificate> serverCertificateChainAsList = TestCertificatesTools.getServerCertificateChainAsList();
        TestCertificatesTools.assertEquals(serverCertificateChainAsList, CertPathUtil.validateCertificatePathWithIssuer(false, CertPathUtil.generateCertPath(serverCertificateChainAsList), ALL).getCertificates());
    }

    @Test
    public void testServerCertificateValidationUnknownTrust() throws Exception {
        this.exception.expect(CertPathValidatorException.class);
        this.exception.expectMessage("Path does not chain with any of the trust anchors");
        CertPathUtil.validateCertificatePathWithIssuer(false, CertPathUtil.generateCertPath(TestCertificatesTools.getServerCertificateChainAsList()), this.clientSelfsigned);
    }

    @Test
    public void testServerCertificateValidationWithTrust() throws Exception {
        List<X509Certificate> serverCertificateChainAsList = TestCertificatesTools.getServerCertificateChainAsList();
        ArrayList arrayList = new ArrayList(serverCertificateChainAsList);
        arrayList.add(TestCertificatesTools.getTrustedRootCA());
        TestCertificatesTools.assertEquals(arrayList, CertPathUtil.validateCertificatePathWithIssuer(false, CertPathUtil.generateCertPath(serverCertificateChainAsList), TestCertificatesTools.getTrustedCertificates()).getCertificates());
    }

    @Test
    public void testServerCertificateValidationTruncatedWithTrust() throws Exception {
        List<X509Certificate> serverCertificateChainAsList = TestCertificatesTools.getServerCertificateChainAsList();
        TestCertificatesTools.assertEquals(serverCertificateChainAsList, CertPathUtil.validateCertificatePathWithIssuer(true, CertPathUtil.generateCertPath(serverCertificateChainAsList), TestCertificatesTools.getTrustedCertificates()).getCertificates());
    }

    @Test
    public void testServerLargeCertificateValidationWithTrust() throws Exception {
        ArrayList arrayList = new ArrayList(this.serverLargeList);
        arrayList.add(TestCertificatesTools.getTrustedRootCA());
        TestCertificatesTools.assertEquals(arrayList, CertPathUtil.validateCertificatePathWithIssuer(false, CertPathUtil.generateCertPath(this.serverLargeList), TestCertificatesTools.getTrustedCertificates()).getCertificates());
    }

    @Test
    public void testServerLargeCertificateValidationTruncatedWithTrust() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.serverLarge[0]);
        arrayList.add(this.serverLarge[1]);
        TestCertificatesTools.assertEquals(arrayList, CertPathUtil.validateCertificatePathWithIssuer(true, CertPathUtil.generateCertPath(this.serverLargeList), TestCertificatesTools.getTrustedCertificates()).getCertificates());
    }

    @Test
    public void testServerLargeCertificateValidationTruncatedWithAmbiguousTrust() throws Exception {
        X509Certificate trustedCA = TestCertificatesTools.getTrustedCA();
        X509Certificate alternativeCA = TestCertificatesTools.getAlternativeCA();
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.serverLarge[0]);
        arrayList.add(this.serverLarge[1]);
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(this.serverLarge[0]);
        arrayList2.add(this.serverLarge[1]);
        arrayList2.add(trustedCA);
        X509Certificate[] x509CertificateArr = {trustedCA, alternativeCA};
        CertPath generateCertPath = CertPathUtil.generateCertPath(arrayList);
        TestCertificatesTools.assertEquals(arrayList2, CertPathUtil.validateCertificatePathWithIssuer(true, generateCertPath, x509CertificateArr).getCertificates());
        TestCertificatesTools.assertEquals(arrayList2, CertPathUtil.validateCertificatePathWithIssuer(true, generateCertPath, new X509Certificate[]{alternativeCA, trustedCA}).getCertificates());
    }

    @Test
    public void testServerCertificateValidationWithRootTrust() throws Exception {
        X509Certificate trustedRootCA = TestCertificatesTools.getTrustedRootCA();
        List<X509Certificate> serverCertificateChainAsList = TestCertificatesTools.getServerCertificateChainAsList();
        X509Certificate[] x509CertificateArr = {trustedRootCA};
        ArrayList arrayList = new ArrayList(serverCertificateChainAsList);
        arrayList.add(trustedRootCA);
        TestCertificatesTools.assertEquals(arrayList, CertPathUtil.validateCertificatePathWithIssuer(true, CertPathUtil.generateCertPath(serverCertificateChainAsList), x509CertificateArr).getCertificates());
    }

    @Test
    public void testServerCertificateValidationWithIntermediateTrustFails() throws Exception {
        this.exception.expect(CertPathValidatorException.class);
        this.exception.expectMessage("Path does not chain with any of the trust anchors");
        CertPathUtil.validateCertificatePathWithIssuer(false, CertPathUtil.generateCertPath(TestCertificatesTools.getServerCertificateChainAsList()), new X509Certificate[]{TestCertificatesTools.getTrustedCA()});
    }

    @Test
    public void testServerCertificateTruncatingValidationWithIntermediateTrust() throws Exception {
        List<X509Certificate> serverCertificateChainAsList = TestCertificatesTools.getServerCertificateChainAsList();
        TestCertificatesTools.assertEquals(serverCertificateChainAsList, CertPathUtil.validateCertificatePathWithIssuer(true, CertPathUtil.generateCertPath(serverCertificateChainAsList), new X509Certificate[]{TestCertificatesTools.getTrustedCA()}).getCertificates());
    }

    @Test
    public void testServerCertificateValidationWithAmbiguousTrust() throws Exception {
        X509Certificate x509Certificate = TestCertificatesTools.getServerCertificateChain()[0];
        X509Certificate trustedCA = TestCertificatesTools.getTrustedCA();
        X509Certificate alternativeCA = TestCertificatesTools.getAlternativeCA();
        X509Certificate[] x509CertificateArr = {x509Certificate};
        X509Certificate[] x509CertificateArr2 = {trustedCA, alternativeCA};
        X509Certificate[] x509CertificateArr3 = {x509Certificate, trustedCA};
        CertPath generateCertPath = CertPathUtil.generateCertPath(Arrays.asList(x509CertificateArr));
        TestCertificatesTools.assertEquals(x509CertificateArr3, CertPathUtil.validateCertificatePathWithIssuer(false, generateCertPath, x509CertificateArr2).getCertificates());
        TestCertificatesTools.assertEquals(x509CertificateArr3, CertPathUtil.validateCertificatePathWithIssuer(false, generateCertPath, new X509Certificate[]{alternativeCA, trustedCA}).getCertificates());
    }

    @Test
    public void testServerCertificateTruncatingValidationWithTruncatedAmbiguousTrust() throws Exception {
        X509Certificate x509Certificate = TestCertificatesTools.getServerCertificateChain()[0];
        X509Certificate trustedCA = TestCertificatesTools.getTrustedCA();
        X509Certificate alternativeCA = TestCertificatesTools.getAlternativeCA();
        X509Certificate[] x509CertificateArr = {x509Certificate};
        X509Certificate[] x509CertificateArr2 = {trustedCA, alternativeCA};
        X509Certificate[] x509CertificateArr3 = {x509Certificate, trustedCA};
        CertPath generateCertPath = CertPathUtil.generateCertPath(Arrays.asList(x509CertificateArr));
        TestCertificatesTools.assertEquals(x509CertificateArr3, CertPathUtil.validateCertificatePathWithIssuer(true, generateCertPath, x509CertificateArr2).getCertificates());
        TestCertificatesTools.assertEquals(x509CertificateArr3, CertPathUtil.validateCertificatePathWithIssuer(true, generateCertPath, new X509Certificate[]{alternativeCA, trustedCA}).getCertificates());
    }

    @Test
    public void testServerCertificateValidationWithSelfTrustFails() throws Exception {
        this.exception.expect(CertPathValidatorException.class);
        this.exception.expectMessage("Path does not chain with any of the trust anchors");
        X509Certificate[] serverCertificateChain = TestCertificatesTools.getServerCertificateChain();
        CertPathUtil.validateCertificatePathWithIssuer(false, CertPathUtil.generateCertPath(Arrays.asList(serverCertificateChain)), new X509Certificate[]{serverCertificateChain[0]});
    }

    @Test
    public void testServerCertificateTruncatingValidationWithSelfTrust() throws Exception {
        X509Certificate[] serverCertificateChain = TestCertificatesTools.getServerCertificateChain();
        TestCertificatesTools.assertEquals(new X509Certificate[]{serverCertificateChain[0]}, CertPathUtil.validateCertificatePathWithIssuer(true, CertPathUtil.generateCertPath(Arrays.asList(serverCertificateChain)), new X509Certificate[]{serverCertificateChain[0]}).getCertificates());
    }

    @Test
    public void testClientExtCertificateValidationWithTrust() throws Exception {
        TestCertificatesTools.assertEquals(this.clientChainExtUsageList, CertPathUtil.validateCertificatePathWithIssuer(false, CertPathUtil.generateCertPath(this.clientChainExtUsageList), TestCertificatesTools.getTrustedCertificates()).getCertificates());
    }

    @Test
    public void testServerCertificateInvalidPath() throws Exception {
        this.exception.expect(IllegalArgumentException.class);
        this.exception.expectMessage("Given certificates do not form a chain");
        X509Certificate[] serverCertificateChain = TestCertificatesTools.getServerCertificateChain();
        serverCertificateChain[1] = this.clientChainExtUsage[0];
        CertPathUtil.validateCertificatePathWithIssuer(false, CertPathUtil.generateCertPath(Arrays.asList(serverCertificateChain)), TestCertificatesTools.getTrustedCertificates());
    }

    @Test
    public void testServerCertificateInvalidPath2() throws Exception {
        this.exception.expect(IllegalArgumentException.class);
        this.exception.expectMessage("Given certificates do not form a chain, root is not the last!");
        X509Certificate[] serverCertificateChain = TestCertificatesTools.getServerCertificateChain();
        serverCertificateChain[0] = this.clientSelfsigned[0];
        CertPathUtil.validateCertificatePathWithIssuer(false, CertPathUtil.generateCertPath(Arrays.asList(serverCertificateChain)), TestCertificatesTools.getTrustedCertificates());
    }

    @Test
    public void testSelfSignedValidation() throws Exception {
        TestCertificatesTools.assertEquals(this.clientSelfsignedList, CertPathUtil.validateCertificatePathWithIssuer(false, CertPathUtil.generateCertPath(this.clientSelfsignedList), ALL).getCertificates());
    }

    @Test
    public void testSelfSignedValidationTrust() throws Exception {
        TestCertificatesTools.assertEquals(this.clientSelfsignedList, CertPathUtil.validateCertificatePathWithIssuer(false, CertPathUtil.generateCertPath(this.clientSelfsignedList), this.clientSelfsigned).getCertificates());
    }

    @Test
    public void testSelfSignedValidationTruncatedTrust() throws Exception {
        TestCertificatesTools.assertEquals(this.clientSelfsignedList, CertPathUtil.validateCertificatePathWithIssuer(true, CertPathUtil.generateCertPath(this.clientSelfsignedList), this.clientSelfsigned).getCertificates());
    }

    @Test
    public void testGenerateValidationCertPath() throws Exception {
        ArrayList arrayList = new ArrayList(this.clientChainExtUsageList);
        arrayList.remove(arrayList.size() - 1);
        TestCertificatesTools.assertEquals(arrayList, CertPathUtil.generateValidatableCertPath(this.clientChainExtUsageList, (List) null).getCertificates());
    }

    @Test
    public void testGenerateValidationCertPathForIssuer() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.clientChainExtUsage[1].getSubjectX500Principal());
        ArrayList arrayList2 = new ArrayList(this.clientChainExtUsageList);
        arrayList2.remove(arrayList2.size() - 1);
        arrayList2.remove(arrayList2.size() - 1);
        TestCertificatesTools.assertEquals(arrayList2, CertPathUtil.generateValidatableCertPath(this.clientChainExtUsageList, arrayList).getCertificates());
    }

    @Test
    public void testGenerateValidationCertPathForUnknownIssuer() throws Exception {
        new ArrayList().add(this.clientSelfsigned[0].getSubjectX500Principal());
        Assert.assertEquals(0L, CertPathUtil.generateValidatableCertPath(this.clientChainExtUsageList, r0).getCertificates().size());
    }

    @Test
    public void testGenerateValidationCertPathForSingleCertificateAndUnknownIssuer() throws Exception {
        new ArrayList().add(this.clientChainExtUsage[0]);
        new ArrayList().add(this.clientSelfsigned[0].getSubjectX500Principal());
        Assert.assertEquals(0L, CertPathUtil.generateValidatableCertPath(r0, r0).getCertificates().size());
    }

    @Test
    public void testGenerateValidationCertPathSelfSigned() throws Exception {
        Assert.assertEquals(this.clientSelfsignedList, CertPathUtil.generateValidatableCertPath(this.clientSelfsignedList, (List) null).getCertificates());
    }
}
