package tests.targets.security.cert;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.List;
import java.util.Set;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;
import tests.security.cert.CertPathBuilder1Test;

@RunWith(JUnit4.class)
/* loaded from: input_file:tests/targets/security/cert/CertificateTest.class */
public class CertificateTest {
    private final CertificateFactory certificateFactory = onlyX509CertificateFactory();
    private final X509Certificate md2Root = loadCertificate("md2Root.pem");
    private final X509Certificate md5ChainRoot = loadCertificate("md5ChainRoot.pem");
    private final X509Certificate md5ChainIntermediate = loadCertificate("md5ChainIntermediate.pem");
    private final X509Certificate md5ChainLeaf = loadCertificate("md5ChainLeaf.pem");
    private final X509Certificate sha1ChainRoot = loadCertificate("sha1ChainRoot.pem");
    private final X509Certificate sha1ChainIntermediate = loadCertificate("sha1ChainIntermediate.pem");
    private final X509Certificate sha1ChainLeaf = loadCertificate("sha1ChainLeaf.pem");
    private final boolean md5SignatureSupported = isMd5Supported();

    @Test
    public void verifySha1Supported() throws Exception {
        this.sha1ChainRoot.verify(this.sha1ChainRoot.getPublicKey());
    }

    @Test
    public void verifyMd2NotSupported() {
        Assert.assertThrows(NoSuchAlgorithmException.class, () -> {
            this.md2Root.verify(this.md2Root.getPublicKey());
        });
    }

    @Test
    public void verifyMd5Chain_rootNotIncluded() throws Exception {
        Assume.assumeTrue(this.md5SignatureSupported);
        CertPath generateCertPath = this.certificateFactory.generateCertPath(List.of(this.md5ChainLeaf, this.md5ChainIntermediate));
        CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathBuilder1Test.defaultType);
        PKIXParameters createPkixParams = createPkixParams(this.md5ChainRoot);
        backdate(createPkixParams, 2016);
        validate(generateCertPath, certPathValidator, createPkixParams);
    }

    @Test
    public void verifyMd5Chain_rootIncluded() throws Exception {
        Assume.assumeTrue(this.md5SignatureSupported);
        CertPath generateCertPath = this.certificateFactory.generateCertPath(List.of(this.md5ChainLeaf, this.md5ChainIntermediate, this.md5ChainRoot));
        CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathBuilder1Test.defaultType);
        PKIXParameters createPkixParams = createPkixParams(this.md5ChainRoot);
        backdate(createPkixParams, 2016);
        validate(generateCertPath, certPathValidator, createPkixParams);
    }

    @Test
    public void verifyMd5ChainExceptionWhenUnsupported() throws Exception {
        Assume.assumeFalse(this.md5SignatureSupported);
        CertPath generateCertPath = this.certificateFactory.generateCertPath(List.of(this.md5ChainLeaf, this.md5ChainIntermediate, this.md5ChainRoot));
        CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathBuilder1Test.defaultType);
        PKIXParameters createPkixParams = createPkixParams(this.md5ChainRoot);
        backdate(createPkixParams, 2016);
        Exception exc = (Exception) Assert.assertThrows(CertPathValidatorException.class, () -> {
            validate(generateCertPath, certPathValidator, createPkixParams);
        });
        Assert.assertTrue(exc.getCause().getClass() == CertificateException.class || exc.getCause().getClass() == NoSuchAlgorithmException.class);
    }

    @Test
    public void verifySha1Chain_rootNotIncluded() throws Exception {
        CertPath generateCertPath = this.certificateFactory.generateCertPath(List.of(this.sha1ChainLeaf, this.sha1ChainIntermediate));
        CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathBuilder1Test.defaultType);
        PKIXParameters createPkixParams = createPkixParams(this.sha1ChainRoot);
        backdate(createPkixParams, 2012);
        validate(generateCertPath, certPathValidator, createPkixParams);
    }

    @Test
    public void verifySha1Chain_rootIncluded() throws Exception {
        CertPath generateCertPath = this.certificateFactory.generateCertPath(List.of(this.sha1ChainLeaf, this.sha1ChainIntermediate, this.sha1ChainRoot));
        CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathBuilder1Test.defaultType);
        PKIXParameters createPkixParams = createPkixParams(this.sha1ChainRoot);
        backdate(createPkixParams, 2012);
        validate(generateCertPath, certPathValidator, createPkixParams);
    }

    private PKIXParameters createPkixParams(X509Certificate x509Certificate) throws Exception {
        PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Set.of(new TrustAnchor(x509Certificate, null)));
        pKIXParameters.setRevocationEnabled(false);
        return pKIXParameters;
    }

    private void backdate(PKIXParameters pKIXParameters, int i) {
        Calendar calendar = Calendar.getInstance();
        calendar.clear();
        calendar.set(i, 0, 1);
        pKIXParameters.setDate(calendar.getTime());
    }

    private void validate(CertPath certPath, CertPathValidator certPathValidator, PKIXParameters pKIXParameters) throws Exception {
        CertPathValidatorResult validate = certPathValidator.validate(certPath, pKIXParameters);
        Assert.assertTrue("wrong result type", validate instanceof PKIXCertPathValidatorResult);
        Assert.assertTrue("Wrong trust anchor returned", pKIXParameters.getTrustAnchors().contains(((PKIXCertPathValidatorResult) validate).getTrustAnchor()));
    }

    private boolean isMd5Supported() throws SignatureException, InvalidKeyException, NoSuchProviderException {
        try {
            this.md5ChainRoot.verify(this.md5ChainRoot.getPublicKey());
            return true;
        } catch (NoSuchAlgorithmException | CertificateException e) {
            return false;
        }
    }

    private CertificateFactory onlyX509CertificateFactory() throws CertificateException {
        Provider[] providers = Security.getProviders("CertificateFactory.X509");
        if (providers.length != 1) {
            throw new IllegalStateException("There should be exactly one X.509 CertificateFactory");
        }
        return CertificateFactory.getInstance("X509", providers[0]);
    }

    private X509Certificate loadCertificate(String str) throws CertificateException {
        return (X509Certificate) this.certificateFactory.generateCertificate(getClass().getResourceAsStream("/certpath/" + str));
    }
}
