package net.jsign.jca;

import java.io.FileReader;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import net.jadler.Jadler;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:net/jsign/jca/SignPathSigningServiceTest.class */
public class SignPathSigningServiceTest {
    @Before
    public void setUp() {
        Jadler.initJadler().withDefaultResponseStatus(404);
    }

    @After
    public void tearDown() {
        Jadler.closeJadler();
    }

    @Test
    public void testGetAliases() throws Exception {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/organization/Cryptoki/MySigningPolicies").respond().withStatus(200).withBody(new FileReader("target/test-classes/services/signpath-signing-policies.json")).thenRespond().withStatus(500);
        SignPathSigningService signPathSigningService = new SignPathSigningService("http://localhost:" + Jadler.port(), "organization", "token");
        Assert.assertEquals("aliases", Arrays.asList("jsign/rsa-2048-2022", "jsign2/rsa-2048", "jsign/rsa-2048"), signPathSigningService.aliases());
        Assert.assertEquals("aliases", Arrays.asList("jsign/rsa-2048-2022", "jsign2/rsa-2048", "jsign/rsa-2048"), signPathSigningService.aliases());
    }

    @Test
    public void testGetCertificateChain() throws Exception {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/organization/Cryptoki/MySigningPolicies").respond().withStatus(200).withBody(new FileReader("target/test-classes/services/signpath-signing-policies.json"));
        Certificate[] certificateChain = new SignPathSigningService("http://localhost:" + Jadler.port(), "organization", "token").getCertificateChain("jsign/rsa-2048");
        Assert.assertNotNull("null chain", certificateChain);
        Assert.assertEquals("length", 1L, certificateChain.length);
        Assert.assertEquals("subject", "CN=Jsign Code Signing Test Certificate 2024 (RSA)", ((X509Certificate) certificateChain[0]).getSubjectDN().getName());
    }

    @Test
    public void testGetCertificateChainWithError() {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/organization/Cryptoki/MySigningPolicies").respond().withStatus(403);
        SignPathSigningService signPathSigningService = new SignPathSigningService("http://localhost:" + Jadler.port(), "organization", "token");
        Assert.assertEquals("message", "Unable to retrieve the SignPath signing policies", ((Exception) Assert.assertThrows(KeyStoreException.class, () -> {
            signPathSigningService.getCertificateChain("jsign/rsa-2048");
        })).getMessage());
    }

    @Test
    public void testGetCertificateChainWithInvalidAlias() throws Exception {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/organization/Cryptoki/MySigningPolicies").respond().withStatus(200).withBody(new FileReader("target/test-classes/services/signpath-signing-policies.json"));
        SignPathSigningService signPathSigningService = new SignPathSigningService("http://localhost:" + Jadler.port(), "organization", "token");
        Assert.assertEquals("message", "Unable to retrieve SignPath signing policy 'jsign/rsa-4096'", ((Exception) Assert.assertThrows(KeyStoreException.class, () -> {
            signPathSigningService.getCertificateChain("jsign/rsa-4096");
        })).getMessage());
    }

    @Test
    public void testGetCertificateChainWithInvalidData() throws Exception {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/organization/Cryptoki/MySigningPolicies").respond().withStatus(200).withBody(new FileReader("target/test-classes/services/signpath-signing-policies-invalid.json"));
        SignPathSigningService signPathSigningService = new SignPathSigningService("http://localhost:" + Jadler.port(), "organization", "token");
        Assert.assertEquals("cause", CertificateException.class.getSimpleName(), ((Exception) Assert.assertThrows(KeyStoreException.class, () -> {
            signPathSigningService.getCertificateChain("jsign/rsa-2048");
        })).getCause().getClass().getSimpleName());
    }

    @Test
    public void testGetPrivateKey() throws Exception {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/organization/Cryptoki/MySigningPolicies").respond().withStatus(200).withBody(new FileReader("target/test-classes/services/signpath-signing-policies.json"));
        SigningServicePrivateKey privateKey = new SignPathSigningService("http://localhost:" + Jadler.port(), "organization", "token").getPrivateKey("jsign/rsa-2048", (char[]) null);
        Assert.assertNotNull("null key", privateKey);
        Assert.assertEquals("id", "jsign/rsa-2048", privateKey.getId());
        Assert.assertEquals("algorithm", "RSA", privateKey.getAlgorithm());
    }

    @Test
    public void testGetPrivateKeyithInvalidAlias() throws Exception {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/organization/Cryptoki/MySigningPolicies").respond().withStatus(200).withBody(new FileReader("target/test-classes/services/signpath-signing-policies.json"));
        SignPathSigningService signPathSigningService = new SignPathSigningService("http://localhost:" + Jadler.port(), "organization", "token");
        Assert.assertEquals("message", "Unable to initialize the SignPath private key for the certificate 'jsign/rsa-4096'", ((Exception) Assert.assertThrows(UnrecoverableKeyException.class, () -> {
            signPathSigningService.getPrivateKey("jsign/rsa-4096", (char[]) null);
        })).getMessage());
    }

    @Test
    public void testGetPrivateKeyWithMissingType() throws Exception {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/organization/Cryptoki/MySigningPolicies").respond().withStatus(200).withBody(new FileReader("target/test-classes/services/signpath-signing-policies-invalid.json"));
        SignPathSigningService signPathSigningService = new SignPathSigningService("http://localhost:" + Jadler.port(), "organization", "token");
        Assert.assertEquals("message", "Unable to initialize the SignPath private key for the certificate 'jsign/rsa-2048'", ((Exception) Assert.assertThrows(UnrecoverableKeyException.class, () -> {
            signPathSigningService.getPrivateKey("jsign/rsa-2048", (char[]) null);
        })).getMessage());
    }

    @Test
    public void testGetPrivateKeyWithError() {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/organization/Cryptoki/MySigningPolicies").respond().withStatus(403);
        SignPathSigningService signPathSigningService = new SignPathSigningService("http://localhost:" + Jadler.port(), "organization", "token");
        Assert.assertEquals("message", "Unable to retrieve the SignPath signing policies", ((Exception) Assert.assertThrows(UnrecoverableKeyException.class, () -> {
            signPathSigningService.getPrivateKey("jsign/rsa-2048", (char[]) null);
        })).getMessage());
    }

    @Test
    public void testSign() throws Exception {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/organization/Cryptoki/MySigningPolicies").respond().withStatus(200).withBody(new FileReader("target/test-classes/services/signpath-signing-policies.json"));
        Jadler.onRequest().havingMethodEqualTo("POST").havingPathEqualTo("/organization/SigningRequests").respond().withStatus(200).withBody(new FileReader("target/test-classes/services/signpath-signing-request.json"));
        SignPathSigningService signPathSigningService = new SignPathSigningService("http://localhost:" + Jadler.port(), "organization", "token");
        Assert.assertNotNull("null signature", signPathSigningService.sign(signPathSigningService.getPrivateKey("jsign/rsa-2048", (char[]) null), "SHA256withRSA", "Hello".getBytes()));
        Assert.assertEquals("length", 256L, r0.length);
    }

    @Test
    public void testSignWithInvalidAlgorithm() throws Exception {
        Jadler.onRequest().havingMethodEqualTo("GET").havingPathEqualTo("/organization/Cryptoki/MySigningPolicies").respond().withStatus(200).withBody(new FileReader("target/test-classes/services/signpath-signing-policies.json"));
        Jadler.onRequest().havingMethodEqualTo("POST").havingPathEqualTo("/organization/SigningRequests").respond().withStatus(400).withContentType("application/json").withBody(new FileReader("target/test-classes/services/signpath-invalid-hash-algorithm-error.json"));
        SignPathSigningService signPathSigningService = new SignPathSigningService("http://localhost:" + Jadler.port(), "organization", "token");
        SigningServicePrivateKey privateKey = signPathSigningService.getPrivateKey("jsign/rsa-2048", (char[]) null);
        Assert.assertEquals("message", "400 - One or more validation errors occurred. - {\"\":[\"The hash algorithm does not match the given hash.\"]}", ((Exception) Assert.assertThrows(GeneralSecurityException.class, () -> {
            signPathSigningService.sign(privateKey, "SHA256withRSA", "Hello".getBytes());
        })).getCause().getMessage());
    }
}
