package net.jsign.jca;

import java.io.FileInputStream;
import java.io.FileReader;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import java.util.Base64;
import net.jadler.Jadler;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:net/jsign/jca/GoogleCloudSigningServiceTest.class */
public class GoogleCloudSigningServiceTest {
    @Before
    public void setUp() {
        Jadler.initJadler().withDefaultResponseStatus(404);
    }

    @After
    public void tearDown() {
        Jadler.closeJadler();
    }

    private SigningService getTestService() {
        return getTestService(true);
    }

    private SigningService getTestService(boolean z) {
        return new GoogleCloudSigningService("http://localhost:" + Jadler.port() + "/", "projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring", "token", str -> {
            if (!z) {
                return null;
            }
            try {
                FileInputStream fileInputStream = new FileInputStream("target/test-classes/keystores/jsign-test-certificate-full-chain.pem");
                Throwable th = null;
                try {
                    try {
                        Certificate[] certificateArr = (Certificate[]) CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream).toArray(new Certificate[0]);
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                        return certificateArr;
                    } finally {
                    }
                } finally {
                }
            } catch (IOException | CertificateException e) {
                throw new RuntimeException("Failed to load the certificate", e);
            }
        });
    }

    @Test
    public void testGetAliases() throws Exception {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring/cryptoKeys").respond().withStatus(200).withContentType("application/json").withBody(new FileReader("target/test-classes/services/googlecloud-cryptokeys.json"));
        Assert.assertEquals("aliases", Arrays.asList("hsmkey", "jsign-encrypt", "jsign-rsa-4096-raw", "jsign-rsa-2048", "jsign-rsa-4096"), getTestService().aliases());
    }

    @Test
    public void testGetAliasesWithError() {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring/cryptoKeys").respond().withStatus(404).withContentType("application/json").withBody("{\"error\": {\"code\": 404,\"message\": \"KeyRing projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring not found.\", \"status\": \"NOT_FOUND\"}}");
        SigningService testService = getTestService();
        testService.getClass();
        Assert.assertEquals("message", "404 - NOT_FOUND: KeyRing projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring not found.", ((Exception) Assert.assertThrows(KeyStoreException.class, testService::aliases)).getCause().getMessage());
    }

    @Test
    public void testGetCertificateChain() throws Exception {
        Assert.assertNotNull("chain", getTestService().getCertificateChain("key1"));
        Assert.assertEquals("number of certificates", 3L, r0.length);
    }

    @Test
    public void testGetPrivateKey() throws Exception {
        testGetPrivateKey("jsign-rsa-2048", true);
    }

    @Test
    public void testGetPrivateKeyWithFullName() throws Exception {
        testGetPrivateKey("projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring/cryptoKeys/jsign-rsa-2048", true);
    }

    @Test
    public void testGetPrivateKeyWithVersion() throws Exception {
        testGetPrivateKey("jsign-rsa-2048/cryptoKeyVersions/2", false);
    }

    @Test
    public void testGetPrivateKeyWithVersionAndCertificate() throws Exception {
        testGetPrivateKey("jsign-rsa-2048/cryptoKeyVersions/2", true);
    }

    @Test
    public void testGetPrivateKeyWithVersionAndAlgorithm() throws Exception {
        testGetPrivateKey("jsign-rsa-2048/cryptoKeyVersions/2:RSA", false);
    }

    public void testGetPrivateKey(String str, boolean z) throws Exception {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring/cryptoKeys/jsign-rsa-2048/cryptoKeyVersions").respond().withStatus(200).withContentType("application/json").withBody(new FileReader("target/test-classes/services/googlecloud-cryptokey-versions.json"));
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring/cryptoKeys/jsign-rsa-2048/cryptoKeyVersions/2").respond().withStatus(200).withContentType("application/json").withBody(new FileReader("target/test-classes/services/googlecloud-cryptokey-version.json"));
        SigningService testService = getTestService(z);
        SigningServicePrivateKey privateKey = testService.getPrivateKey(str, (char[]) null);
        Assert.assertNotNull("null key", privateKey);
        Assert.assertEquals("id", "projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring/cryptoKeys/jsign-rsa-2048/cryptoKeyVersions/2", privateKey.getId());
        Assert.assertEquals("algorithm", "RSA", privateKey.getAlgorithm());
        Assert.assertSame("private key not cached", privateKey, testService.getPrivateKey(str, (char[]) null));
    }

    @Test
    public void testGetPrivateKeyWithError() {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring/cryptoKeys/jsign/cryptoKeyVersions").respond().withStatus(404).withContentType("application/json").withBody("{\"error\": {\"code\": 404, \"message\": \"CryptoKey projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring/cryptoKeys/jsign not found.\", \"status\": \"NOT_FOUND\"}}");
        SigningService testService = getTestService();
        Exception exc = (Exception) Assert.assertThrows(UnrecoverableKeyException.class, () -> {
            testService.getPrivateKey("jsign", (char[]) null);
        });
        Assert.assertEquals("message", "Unable to fetch Google Cloud private key 'projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring/cryptoKeys/jsign'", exc.getMessage());
        Assert.assertEquals("root cause", "404 - NOT_FOUND: CryptoKey projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring/cryptoKeys/jsign not found.", exc.getCause().getMessage());
    }

    @Test
    public void testGetPrivateKeyWithNoEnabledVersion() {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring/cryptoKeys/jsign/cryptoKeyVersions").respond().withStatus(200).withContentType("application/json").withBody("{}");
        SigningService testService = getTestService();
        Assert.assertEquals("message", "Unable to fetch Google Cloud private key 'projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring/cryptoKeys/jsign', no version found", ((Exception) Assert.assertThrows(UnrecoverableKeyException.class, () -> {
            testService.getPrivateKey("jsign", (char[]) null);
        })).getMessage());
    }

    @Test
    public void testSign() throws Exception {
        Jadler.onRequest().havingMethodEqualTo("POST").havingPathEqualTo("/projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring/cryptoKeys/jsign-rsa-2048/cryptoKeyVersions/2:asymmetricSign").respond().withStatus(200).withContentType("application/json").withBody(new FileReader("target/test-classes/services/googlecloud-sign.json"));
        SigningService testService = getTestService();
        Assert.assertEquals("signature", "MiZ/YXfluqyuMfR3cnChG7+K7JmU2b8SzBAc6+WOpWQwIV4GfkLcRe0A68H45Lf+XPiMPPLrs7EqOv1EAnkYDFx5AqZBTWBfoaBeqKpy30OBvNbxIsaTLsaJYGypwmHOUTP+Djz7FxQUyM0uWVfUnHUDT564gQLz0cta6PKE/oMUo9fZhpv5VQcgfrbdUlPaD/cSAOb833ZSRzPWbnqztWO6py5sUugvqGFHKhsEXesx5yrPvJTKu5HVF3QM3E8YrgnVfFK14W8oyTJmXIWQxfYpwm/CW037UmolDMqwc3mjx1758kR+9lOcf8c/LSmD/SVD18SDSK4FyLQWOmn16A==", Base64.getEncoder().encodeToString(testService.sign(testService.getPrivateKey("jsign-rsa-2048/cryptoKeyVersions/2:RSA", (char[]) null), "SHA256withRSA", "Hello".getBytes())));
    }

    @Test
    public void testSignWithInvalidKey() throws Exception {
        Jadler.onRequest().havingMethodEqualTo("POST").havingPathEqualTo("/projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring/cryptoKeys/jsign-rsa-2048/cryptoKeyVersions/2:asymmetricSign").respond().withStatus(400).withContentType("application/json").withBody(new FileReader("target/test-classes/services/googlecloud-sign-error.json"));
        SigningService testService = getTestService();
        SigningServicePrivateKey privateKey = testService.getPrivateKey("jsign-rsa-2048/cryptoKeyVersions/2:RSA", (char[]) null);
        Assert.assertEquals("message", "400 - FAILED_PRECONDITION: projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring/cryptoKeys/jsign-rsa-2048/cryptoKeyVersions/2 is not enabled, current state is: DESTROYED.", ((Exception) Assert.assertThrows(GeneralSecurityException.class, () -> {
            testService.sign(privateKey, "SHA256withRSA", "Hello".getBytes());
        })).getCause().getMessage());
    }
}
