package net.jsign;

import java.io.File;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.ProviderException;
import net.jsign.jca.OpenPGPCardTest;
import net.jsign.jca.PIVCardTest;
import org.apache.commons.io.FileUtils;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Test;

/* loaded from: input_file:net/jsign/KeyStoreBuilderTest.class */
public class KeyStoreBuilderTest {
    @Test
    public void testCreateFile() throws Exception {
        KeyStoreBuilder keyStoreBuilder = new KeyStoreBuilder();
        Assert.assertNull(keyStoreBuilder.createFile((String) null));
        File createFile = keyStoreBuilder.createFile("keystore.p12");
        Assert.assertEquals(new File(".").getCanonicalFile(), createFile.getCanonicalFile().getParentFile());
        Assert.assertEquals("keystore.p12", createFile.getName());
        keyStoreBuilder.setBaseDir(new File("target/test-classes"));
        File createFile2 = keyStoreBuilder.createFile("keystores/keystore.p12");
        Assert.assertEquals(new File("target/test-classes/keystores").getCanonicalFile(), createFile2.getCanonicalFile().getParentFile());
        Assert.assertEquals("keystore.p12", createFile2.getName());
        keyStoreBuilder.setBaseDir(new File("target/test-classes/keystores"));
        File createFile3 = keyStoreBuilder.createFile(new File("keystore.p12").getAbsolutePath());
        Assert.assertEquals(new File(".").getCanonicalFile(), createFile3.getCanonicalFile().getParentFile());
        Assert.assertEquals("keystore.p12", createFile3.getName());
    }

    @Test
    public void testReadPasswordFromEnvironment() {
        Assume.assumeTrue("STOREPASS environment variable not defined", System.getenv().containsKey("STOREPASS"));
        Assert.assertEquals("password", new KeyStoreBuilder().storepass("env:STOREPASS").storepass());
    }

    @Test
    public void testReadPasswordFromEnvironmentFailed() {
        Assume.assumeFalse(System.getenv().containsKey("MISSING_VAR"));
        KeyStoreBuilder storepass = new KeyStoreBuilder().storepass("env:MISSING_VAR");
        storepass.getClass();
        Assert.assertEquals("message", "Failed to read the storepass parameter, the 'MISSING_VAR' environment variable is not defined", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storepass::storepass)).getMessage());
    }

    @Test
    public void testReadPasswordFromFile() throws Exception {
        Files.write(new File("target/test-classes/storepass.txt").toPath(), "password".getBytes(), new OpenOption[0]);
        Assert.assertEquals("password", new KeyStoreBuilder().storepass("file:target/test-classes/storepass.txt").storepass());
    }

    @Test
    public void testReadPasswordFromFileFailed() {
        KeyStoreBuilder storepass = new KeyStoreBuilder().storepass("file:/path/to/missing/file");
        storepass.getClass();
        Assert.assertEquals("message", "Failed to read the storepass parameter from the file '/path/to/missing/file'", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storepass::storepass)).getMessage());
    }

    @Test
    public void testBuildAWS() throws Exception {
        KeyStoreBuilder storetype = new KeyStoreBuilder().storetype(KeyStoreType.AWS);
        storetype.getClass();
        Assert.assertEquals("message", "keystore parameter must specify the AWS region", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.keystore("eu-west-1");
        storetype.getClass();
        Assert.assertEquals("message", "certfile parameter must be set", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.certfile("keystores/jsign-test-certificate.pem");
        storetype.getClass();
        Assert.assertTrue("message", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage().matches("storepass parameter must specify the AWS credentials\\: \\<accessKey\\>\\|\\<secretKey\\>\\[\\|\\<sessionToken\\>\\], when not running from an EC2 instance \\(.*\\)"));
        storetype.storepass("<accessKey>|<secretKey>|<sessionToken>");
        Assert.assertNotNull("keystore", storetype.build());
    }

    @Test
    public void testBuildAzureKeyVault() throws Exception {
        KeyStoreBuilder storetype = new KeyStoreBuilder().storetype(KeyStoreType.AZUREKEYVAULT);
        storetype.getClass();
        Assert.assertEquals("message", "keystore parameter must specify the Azure vault name", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.keystore("jsigntestkeyvault");
        storetype.getClass();
        Assert.assertEquals("message", "storepass parameter must specify the Azure API access token", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.storepass("0123456789ABCDEF");
        Assert.assertNotNull("keystore", storetype.build());
    }

    @Test
    public void testBuildDigiCertONE() throws Exception {
        KeyStoreBuilder storetype = new KeyStoreBuilder().storetype(KeyStoreType.DIGICERTONE);
        storetype.getClass();
        Assert.assertEquals("message", "storepass parameter must specify the DigiCert ONE API key and the client certificate: <apikey>|<keystore>|<password>", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.storepass("0123456789ABCDEF");
        storetype.getClass();
        Assert.assertEquals("message", "storepass parameter must specify the DigiCert ONE API key and the client certificate: <apikey>|<keystore>|<password>", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.storepass("APIKEY|keystore.p12|password");
        storetype.getClass();
        Assert.assertEquals("message", "Failed to load the client certificate for DigiCert ONE", ((Exception) Assert.assertThrows(RuntimeException.class, storetype::build)).getMessage());
        storetype.keystore("https://clientauth.demo.one.digicert.com");
        storetype.storepass("APIKEY|target/test-classes/keystores/keystore.p12|password");
        Assert.assertNotNull("keystore", storetype.build());
    }

    @Test
    public void testBuildESigner() throws Exception {
        KeyStoreBuilder storetype = new KeyStoreBuilder().storetype(KeyStoreType.ESIGNER);
        storetype.getClass();
        Assert.assertEquals("message", "storepass parameter must specify the SSL.com username and password: <username>|<password>", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.storepass("password");
        storetype.getClass();
        Assert.assertEquals("message", "storepass parameter must specify the SSL.com username and password: <username>|<password>", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.storepass("esigner_test|esignerTest#1");
        storetype.getClass();
        Assert.assertEquals("message", "Authentication failed with SSL.com", ((Exception) Assert.assertThrows(IllegalStateException.class, storetype::build)).getMessage());
        storetype.storepass("esigner_demo|esignerDemo#1");
        storetype.keystore("https://cs-try.ssl.com");
        Assert.assertNotNull("keystore", storetype.build());
    }

    @Test
    public void testBuildGoogleCloud() throws Exception {
        KeyStoreBuilder storetype = new KeyStoreBuilder().storetype(KeyStoreType.GOOGLECLOUD);
        storetype.getClass();
        Assert.assertEquals("message", "keystore parameter must specify the Goole Cloud keyring", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.keystore("projects/first-rain-123/locations/global/keyRings/mykeyring/cryptoKeys/jsign");
        storetype.getClass();
        Assert.assertEquals("message", "keystore parameter must specify the path of the keyring (projects/{projectName}/locations/{location}/keyRings/{keyringName})", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.keystore("projects/first-rain-123/locations/global/keyRings/mykeyring");
        storetype.getClass();
        Assert.assertEquals("message", "storepass parameter must specify the Goole Cloud API access token", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.storepass("0123456789ABCDEF");
        storetype.getClass();
        Assert.assertEquals("message", "certfile parameter must be set", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.certfile("keystores/jsign-test-certificate.pem");
        Assert.assertNotNull("keystore", storetype.build());
    }

    @Test
    public void testBuildHashiCorpVault() throws Exception {
        KeyStoreBuilder storetype = new KeyStoreBuilder().storetype(KeyStoreType.HASHICORPVAULT);
        storetype.getClass();
        Assert.assertEquals("message", "keystore parameter must specify the HashiCorp Vault secrets engine URL", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.keystore("https://vault.example.com:8200/v1/gcpkms/");
        storetype.getClass();
        Assert.assertEquals("message", "storepass parameter must specify the HashiCorp Vault token", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.storepass("0123456789ABCDEF");
        storetype.getClass();
        Assert.assertEquals("message", "certfile parameter must be set", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.certfile("keystores/jsign-test-certificate.pem");
        Assert.assertNotNull("keystore", storetype.build());
    }

    @Test
    public void testBuildOracleCloud() throws Exception {
        KeyStoreBuilder storetype = new KeyStoreBuilder().storetype(KeyStoreType.ORACLECLOUD);
        storetype.getClass();
        Assert.assertEquals("message", "certfile parameter must be set", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.certfile("keystores/jsign-test-certificate.pem");
        File createTempFile = File.createTempFile("ociconfig", null);
        createTempFile.deleteOnExit();
        FileUtils.writeStringToFile(createTempFile, "[DEFAULT]\n", "UTF-8");
        storetype.storepass(createTempFile.getAbsolutePath() + "|DEFAULT");
        Assert.assertNotNull("keystore", storetype.build());
    }

    @Test
    public void testBuildTrustedSigning() throws Exception {
        KeyStoreBuilder storetype = new KeyStoreBuilder().storetype(KeyStoreType.TRUSTEDSIGNING);
        storetype.getClass();
        Assert.assertEquals("message", "keystore parameter must specify the Azure endpoint (<region>.codesigning.azure.net)", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.keystore("https://weu.codesigning.azure.net");
        storetype.getClass();
        Assert.assertEquals("message", "storepass parameter must specify the Azure API access token", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.storepass("0123456789ABCDEF");
        Assert.assertNotNull("keystore", storetype.build());
    }

    @Test
    public void testBuildGaraSign() throws Exception {
        KeyStoreBuilder storetype = new KeyStoreBuilder().storetype(KeyStoreType.GARASIGN);
        storetype.getClass();
        Assert.assertEquals("message", "storepass parameter must specify the GaraSign username/password and/or the path to the keystore containing the TLS client certificate: <username>|<password>, <certificate>, or <username>|<password>|<certificate>", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.storepass("username|password|keystore.p12|storepass");
        storetype.getClass();
        Assert.assertEquals("message", "storepass parameter must specify the GaraSign username/password and/or the path to the keystore containing the TLS client certificate: <username>|<password>, <certificate>, or <username>|<password>|<certificate>", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.storepass("username|password");
        Assert.assertNotNull("keystore", storetype.build());
        KeyStoreBuilder keystore = new KeyStoreBuilder().storetype(KeyStoreType.GARASIGN).keystore("https://api.garantir.io");
        keystore.storepass("keystore.p12");
        Assert.assertNotNull("keystore", keystore.build());
        KeyStoreBuilder keystore2 = new KeyStoreBuilder().storetype(KeyStoreType.GARASIGN).keystore("https://api.garantir.io");
        keystore2.storepass("keystore.p12");
        keystore2.storepass("username|password|keystore.p12");
        keystore2.keypass("keypass");
        Assert.assertNotNull("keystore", keystore2.build());
    }

    @Test
    public void testBuildSignServer() throws Exception {
        KeyStoreBuilder storetype = new KeyStoreBuilder().storetype(KeyStoreType.SIGNSERVER);
        storetype.getClass();
        Assert.assertEquals("message", "keystore parameter must specify the SignServer API endpoint (e.g. https://example.com/signserver/)", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.keystore("https://example.com/signserver");
        storetype.storepass("username|password|certificate.p12");
        storetype.getClass();
        Assert.assertEquals("message", "storepass parameter must specify the SignServer username/password or the path to the keystore containing the TLS client certificate: <username>|<password> or <certificate>", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.storepass("username|password");
        Assert.assertNotNull("keystore", storetype.build());
        storetype.storepass((String) null);
        Assert.assertNotNull("keystore", storetype.build());
    }

    @Test
    public void testBuildJKS() throws Exception {
        KeyStoreBuilder storetype = new KeyStoreBuilder().storetype(KeyStoreType.JKS);
        storetype.getClass();
        Assert.assertEquals("message", "keystore parameter must be set", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.keystore("target/test-classes/keystores/missing.jks");
        storetype.getClass();
        Assert.assertEquals("message", "The keystore target/test-classes/keystores/missing.jks couldn't be found", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.keystore("target/test-classes/keystores/keystore.jks");
        Assert.assertNotNull("keystore", storetype.build());
    }

    @Test
    public void testBuildJCEKS() throws Exception {
        KeyStoreBuilder storetype = new KeyStoreBuilder().storetype(KeyStoreType.JCEKS);
        storetype.getClass();
        Assert.assertEquals("message", "keystore parameter must be set", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.keystore("target/test-classes/keystores/missing.jceks");
        storetype.getClass();
        Assert.assertEquals("message", "The keystore target/test-classes/keystores/missing.jceks couldn't be found", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.keystore("target/test-classes/keystores/keystore.jceks");
        Assert.assertNotNull("keystore", storetype.build());
    }

    @Test
    public void testBuildPKCS12() throws Exception {
        KeyStoreBuilder storetype = new KeyStoreBuilder().storetype(KeyStoreType.PKCS12);
        storetype.getClass();
        Assert.assertEquals("message", "keystore parameter must be set", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.keystore("target/test-classes/keystores/missing.p12");
        storetype.getClass();
        Assert.assertEquals("message", "The keystore target/test-classes/keystores/missing.p12 couldn't be found", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.keystore("target/test-classes/keystores/keystore.p12");
        Assert.assertNotNull("keystore", storetype.build());
    }

    @Test
    public void testBuildWithoutStoreType() throws Exception {
        KeyStoreBuilder keyStoreBuilder = new KeyStoreBuilder();
        keyStoreBuilder.getClass();
        Assert.assertEquals("message", "Either keystore, or keyfile and certfile, or storetype parameters must be set", ((Exception) Assert.assertThrows(IllegalArgumentException.class, keyStoreBuilder::build)).getMessage());
        keyStoreBuilder.keystore("target/test-classes/keystores/keystore.error");
        keyStoreBuilder.getClass();
        Assert.assertEquals("message", "Keystore file 'target/test-classes/keystores/keystore.error' not found", ((Exception) Assert.assertThrows(IllegalArgumentException.class, keyStoreBuilder::build)).getMessage());
        keyStoreBuilder.keystore("target/test-classes/keystores/keystore.p12");
        Assert.assertEquals("storetype", KeyStoreType.PKCS12, keyStoreBuilder.storetype());
        Assert.assertNotNull("keystore", keyStoreBuilder.build());
    }

    @Test
    public void testBuildPKCS11() {
        KeyStoreBuilder storetype = new KeyStoreBuilder().storetype(KeyStoreType.PKCS11);
        storetype.getClass();
        Assert.assertEquals("message", "keystore parameter must be set", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.keystore("target/test-classes/pkcs11-missing.cfg");
        storetype.getClass();
        Assert.assertEquals("message", "keystore parameter should either refer to the SunPKCS11 configuration file or to the name of the provider configured in jre/lib/security/java.security", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        storetype.keystore("target/test-classes/keystores/keystore.p12");
        storetype.getClass();
        Assert.assertEquals("message", "Failed to create a SunPKCS11 provider from the configuration target/test-classes/keystores/keystore.p12", ((Exception) Assert.assertThrows(ProviderException.class, storetype::build)).getMessage());
    }

    @Test
    public void testBuildOpenPGP() throws Exception {
        KeyStoreBuilder storetype = new KeyStoreBuilder().storetype(KeyStoreType.OPENPGP);
        storetype.getClass();
        Assert.assertEquals("message", "storepass parameter must specify the PIN", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        OpenPGPCardTest.assumeCardPresent();
        storetype.storepass("123456");
        Assert.assertNotNull("keystore", storetype.build());
    }

    @Test
    public void testBuildPIV() throws Exception {
        KeyStoreBuilder storetype = new KeyStoreBuilder().storetype(KeyStoreType.PIV);
        storetype.getClass();
        Assert.assertEquals("message", "storepass parameter must specify the PIN", ((Exception) Assert.assertThrows(IllegalArgumentException.class, storetype::build)).getMessage());
        PIVCardTest.assumeCardPresent();
        storetype.storepass("123456");
        Assert.assertNotNull("keystore", storetype.build());
    }

    @Test
    public void testLowerCaseStoreType() {
        Assert.assertEquals("storetype", KeyStoreType.PKCS12, new KeyStoreBuilder().storetype("pkcs12").storetype());
    }
}
