package net.jsign.jca;

import java.io.FileReader;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStoreException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.function.Function;
import net.jadler.Jadler;
import net.jsign.DigestAlgorithm;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:net/jsign/jca/AzureKeyVaultSigningServiceTest.class */
public class AzureKeyVaultSigningServiceTest {

    /* loaded from: input_file:net/jsign/jca/AzureKeyVaultSigningServiceTest$jarsigner.class */
    private static final class jarsigner implements Function<SigningService, List<String>> {
        private jarsigner() {
        }

        @Override // java.util.function.Function
        public List<String> apply(SigningService signingService) {
            try {
                return signingService.aliases();
            } catch (KeyStoreException e) {
                throw new RuntimeException(e);
            }
        }
    }

    @Before
    public void setUp() {
        Jadler.initJadler().withDefaultResponseStatus(404);
    }

    @After
    public void tearDown() {
        Jadler.closeJadler();
    }

    @Test
    public void testGetAliases() throws Exception {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/certificates").havingQueryStringEqualTo("api-version=7.2").havingHeaderEqualTo("Authorization", "Bearer token").respond().withStatus(200).withBody(new FileReader("target/test-classes/services/azure-certificates.json"));
        Assert.assertEquals("aliases", Arrays.asList("test1", "test2", "test3"), new AzureKeyVaultSigningService("http://localhost:" + Jadler.port(), "token").aliases());
    }

    @Test
    public void testGetAliasesError() {
        AzureKeyVaultSigningService azureKeyVaultSigningService = new AzureKeyVaultSigningService("http://localhost:" + Jadler.port(), "token");
        azureKeyVaultSigningService.getClass();
        Assert.assertEquals("message", "Unable to retrieve Azure Key Vault certificate aliases", ((Exception) Assert.assertThrows(KeyStoreException.class, azureKeyVaultSigningService::aliases)).getMessage());
    }

    @Test
    public void testGetAliasesFromJarSigner() throws Exception {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/certificates").havingQueryStringEqualTo("api-version=7.2").havingHeaderEqualTo("Authorization", "Bearer token").respond().withStatus(403).withContentType("application/json").withBody(new FileReader("target/test-classes/services/azure-certificates-error.json"));
        Assert.assertEquals("aliases", Collections.emptyList(), new jarsigner().apply(new AzureKeyVaultSigningService("http://localhost:" + Jadler.port(), "token")));
    }

    @Test
    public void testGetCertificateChain() throws Exception {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/certificates/test1").havingQueryStringEqualTo("api-version=7.2").havingHeaderEqualTo("Authorization", "Bearer token").respond().withStatus(200).withBody(new FileReader("target/test-classes/services/azure-certificate.json"));
        AzureKeyVaultSigningService azureKeyVaultSigningService = new AzureKeyVaultSigningService("http://localhost:" + Jadler.port(), "token");
        Certificate[] certificateChain = azureKeyVaultSigningService.getCertificateChain("test1");
        Assert.assertNotNull("chain", certificateChain);
        Assert.assertEquals("number of certificates", 1L, certificateChain.length);
        Assert.assertEquals("subject name", "CN=Jsign Test Certificate", ((X509Certificate) certificateChain[0]).getSubjectDN().getName());
        Assert.assertEquals("certificate", certificateChain[0], azureKeyVaultSigningService.getCertificateChain("test1")[0]);
    }

    @Test
    public void testGetCertificateChainError() {
        AzureKeyVaultSigningService azureKeyVaultSigningService = new AzureKeyVaultSigningService("http://localhost:" + Jadler.port(), "token");
        Assert.assertEquals("message", "Unable to retrieve Azure Key Vault certificate 'test1'", ((Exception) Assert.assertThrows(KeyStoreException.class, () -> {
            azureKeyVaultSigningService.getCertificateChain("test1");
        })).getMessage());
    }

    @Test
    public void testGetPrivateKey() throws Exception {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/certificates/test1").havingQueryStringEqualTo("api-version=7.2").havingHeaderEqualTo("Authorization", "Bearer token").respond().withStatus(200).withBody(new FileReader("target/test-classes/services/azure-certificate.json"));
        SigningServicePrivateKey privateKey = new AzureKeyVaultSigningService("http://localhost:" + Jadler.port(), "token").getPrivateKey("test1", (char[]) null);
        Assert.assertNotNull("privateKey", privateKey);
        Assert.assertEquals("algorithm", "https://jsigntestkeyvault.vault.azure.net/keys/test1/38ca3e3560b94086ac604c5dd21aa055", privateKey.getId());
        Assert.assertEquals("algorithm", "RSA", privateKey.getAlgorithm());
    }

    @Test
    public void testGetPrivateKeyError() {
        AzureKeyVaultSigningService azureKeyVaultSigningService = new AzureKeyVaultSigningService("http://localhost:" + Jadler.port(), "token");
        Assert.assertEquals("message", "Unable to fetch Azure Key Vault private key for the certificate 'test1'", ((Exception) Assert.assertThrows(UnrecoverableKeyException.class, () -> {
            azureKeyVaultSigningService.getPrivateKey("test1", (char[]) null);
        })).getMessage());
    }

    @Test
    public void testSign() throws Exception {
        byte[] bytes = "0123456789ABCDEF0123456789ABCDEF".getBytes();
        byte[] digest = DigestAlgorithm.SHA256.getMessageDigest().digest(bytes);
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/certificates/test1").havingQueryStringEqualTo("api-version=7.2").havingHeaderEqualTo("Authorization", "Bearer token").respond().withStatus(200).withBody(new FileReader("target/test-classes/services/azure-certificate.json"));
        Jadler.onRequest().havingMethodEqualTo("POST").havingPathEqualTo("/keys/test1/38ca3e3560b94086ac604c5dd21aa055/sign").havingQueryStringEqualTo("api-version=7.2").havingHeaderEqualTo("Authorization", "Bearer token").havingBodyEqualTo("{\"alg\":\"RS256\",\"value\":\"" + Base64.getEncoder().encodeToString(digest) + "\"}").respond().withStatus(200).withBody("{\"kid\":\"https://jsigntestkeyvault.vault.azure.net/keys/test1/38ca3e3560b94086ac604c5dd21aa055\",\"value\":\"" + Base64.getEncoder().encodeToString(new byte[32]) + "\"}");
        AzureKeyVaultSigningService azureKeyVaultSigningService = new AzureKeyVaultSigningService("http://localhost:" + Jadler.port(), "token");
        SigningServicePrivateKey privateKey = azureKeyVaultSigningService.getPrivateKey("test1", (char[]) null);
        byte[] sign = azureKeyVaultSigningService.sign(new SigningServicePrivateKey(privateKey.getId().replace("https://jsigntestkeyvault.vault.azure.net", "http://localhost:" + Jadler.port()), privateKey.getAlgorithm(), azureKeyVaultSigningService), "SHA256withRSA", bytes);
        Assert.assertNotNull("signature", sign);
        Assert.assertArrayEquals("signature", new byte[32], sign);
    }

    @Test
    public void testSignWithRSNULL() throws Exception {
        byte[] bytes = "0123456789ABCDEF0123456789ABCDEF".getBytes();
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/certificates/test1").havingQueryStringEqualTo("api-version=7.2").havingHeaderEqualTo("Authorization", "Bearer token").respond().withStatus(200).withBody(new FileReader("target/test-classes/services/azure-certificate.json"));
        Jadler.onRequest().havingMethodEqualTo("POST").havingPathEqualTo("/keys/test1/38ca3e3560b94086ac604c5dd21aa055/sign").havingQueryStringEqualTo("api-version=7.2").havingHeaderEqualTo("Authorization", "Bearer token").havingBodyEqualTo("{\"alg\":\"RSNULL\",\"value\":\"MCEwCQYFKw4DAhoFAAQUTYV9JAiwDD3RfwxP/PFbl/EEmGc=\"}").respond().withStatus(200).withBody("{\"kid\":\"https://jsigntestkeyvault.vault.azure.net/keys/test1/38ca3e3560b94086ac604c5dd21aa055\",\"value\":\"" + Base64.getEncoder().encodeToString(new byte[32]) + "\"}");
        AzureKeyVaultSigningService azureKeyVaultSigningService = new AzureKeyVaultSigningService("http://localhost:" + Jadler.port(), "token");
        SigningServicePrivateKey privateKey = azureKeyVaultSigningService.getPrivateKey("test1", (char[]) null);
        byte[] sign = azureKeyVaultSigningService.sign(new SigningServicePrivateKey(privateKey.getId().replace("https://jsigntestkeyvault.vault.azure.net", "http://localhost:" + Jadler.port()), privateKey.getAlgorithm(), azureKeyVaultSigningService), "SHA1withRSA", bytes);
        Assert.assertNotNull("signature", sign);
        Assert.assertArrayEquals("signature", new byte[32], sign);
    }

    @Test
    public void testSignWithUnsupportedAlgorithm() throws Exception {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/certificates/test1").havingQueryStringEqualTo("api-version=7.2").havingHeaderEqualTo("Authorization", "Bearer token").respond().withStatus(200).withBody(new FileReader("target/test-classes/services/azure-certificate.json"));
        AzureKeyVaultSigningService azureKeyVaultSigningService = new AzureKeyVaultSigningService("http://localhost:" + Jadler.port(), "token");
        SigningServicePrivateKey privateKey = azureKeyVaultSigningService.getPrivateKey("test1", (char[]) null);
        Assert.assertEquals("message", "Unsupported signing algorithm: MD5withRSA", ((Exception) Assert.assertThrows(InvalidAlgorithmParameterException.class, () -> {
            azureKeyVaultSigningService.sign(privateKey, "MD5withRSA", new byte[0]);
        })).getMessage());
    }

    @Test
    public void testSignError() throws Exception {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/certificates/test1").havingQueryStringEqualTo("api-version=7.2").havingHeaderEqualTo("Authorization", "Bearer token").respond().withStatus(200).withBody(new FileReader("target/test-classes/services/azure-certificate.json"));
        AzureKeyVaultSigningService azureKeyVaultSigningService = new AzureKeyVaultSigningService("http://localhost:" + Jadler.port(), "token");
        SigningServicePrivateKey privateKey = azureKeyVaultSigningService.getPrivateKey("test1", (char[]) null);
        SigningServicePrivateKey signingServicePrivateKey = new SigningServicePrivateKey(privateKey.getId().replace("https://jsigntestkeyvault.vault.azure.net", "http://localhost:" + Jadler.port()), privateKey.getAlgorithm(), azureKeyVaultSigningService);
        Assert.assertThrows(GeneralSecurityException.class, () -> {
            azureKeyVaultSigningService.sign(signingServicePrivateKey, "SHA256withRSA", new byte[0]);
        });
    }
}
