package com.guardtime.ksi.trust;

import com.guardtime.ksi.TestUtil;
import com.guardtime.ksi.exceptions.KSIException;
import com.guardtime.ksi.util.X509CertUtil;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:com/guardtime/ksi/trust/X509CertificateSubjectRdnSelectorTest.class */
public class X509CertificateSubjectRdnSelectorTest {
    private static final AttributeTypeAndValue EMAIL = new AttributeTypeAndValue(BCStyle.EmailAddress, new DERIA5String("publications@guardtime.com"));
    private static final AttributeTypeAndValue EMAIL_INVALID = new AttributeTypeAndValue(BCStyle.EmailAddress, new DERIA5String("pub@kala.com"));

    /* loaded from: input_file:com/guardtime/ksi/trust/X509CertificateSubjectRdnSelectorTest$TestX509CertificateSubjectRdnSelector.class */
    static class TestX509CertificateSubjectRdnSelector extends X509CertificateSubjectRdnSelector {
        private final AttributeTypeAndValue[] typeValues;
        private boolean multiValue;

        public TestX509CertificateSubjectRdnSelector(String str, AttributeTypeAndValue[] attributeTypeAndValueArr, boolean z) throws KSIException {
            super(str);
            this.typeValues = attributeTypeAndValueArr;
            this.multiValue = z;
        }

        public TestX509CertificateSubjectRdnSelector(String str, AttributeTypeAndValue[] attributeTypeAndValueArr) throws KSIException {
            this(str, attributeTypeAndValueArr, false);
        }

        X500Name getX500SubjectName(X509Certificate x509Certificate) throws CertificateEncodingException {
            X500NameBuilder x500NameBuilder = new X500NameBuilder(X500Name.getDefaultStyle());
            if (this.multiValue) {
                x500NameBuilder.addMultiValuedRDN(this.typeValues);
            } else {
                for (AttributeTypeAndValue attributeTypeAndValue : this.typeValues) {
                    x500NameBuilder.addRDN(attributeTypeAndValue);
                }
            }
            return x500NameBuilder.build();
        }
    }

    @Test(expectedExceptions = {KSIException.class}, expectedExceptionsMessageRegExp = "Invalid input parameter.At least one RDN must be present")
    public void testCreateSelectorWithMissingRdnArray_ThrowsKSIException() throws Exception {
        new X509CertificateSubjectRdnSelector((RDN[]) null);
    }

    @Test(expectedExceptions = {KSIException.class}, expectedExceptionsMessageRegExp = "Invalid input parameter.At least one RDN must be present")
    public void testCreateSelectorWithEmptyRdnArray_ThrowsKSIException() throws Exception {
        new X509CertificateSubjectRdnSelector(new RDN[0]);
    }

    @Test(expectedExceptions = {KSIException.class}, expectedExceptionsMessageRegExp = "Invalid input parameter. RDN string must be present")
    public void testCreateSelectorWithMissingRdnString_ThrowsKSIException() throws Exception {
        new X509CertificateSubjectRdnSelector((String) null);
    }

    @Test(expectedExceptions = {KSIException.class}, expectedExceptionsMessageRegExp = "Invalid input parameter. RDN string must be present")
    public void testCreateSelectorWithEmptyRdnString_ThrowsKSIException() throws Exception {
        new X509CertificateSubjectRdnSelector("");
    }

    @Test(expectedExceptions = {KSIException.class}, expectedExceptionsMessageRegExp = "Multi-valued certificate constraints aren't supported")
    public void testMultiValuedRdn_ThrowsKSIException() throws Exception {
        new X509CertificateSubjectRdnSelector("CN=Test+E=publications@guardtime.com");
    }

    @Test
    public void testX509CertificateMatches_Ok() throws Exception {
        Assert.assertTrue(new X509CertificateSubjectRdnSelector("E=publications@guardtime.com").match(X509CertUtil.toCert(TestUtil.loadBytes("server.crt"))));
    }

    @Test
    public void testX509CertificateMatchesUsingLongRdnType_Ok() throws Exception {
        Assert.assertTrue(new X509CertificateSubjectRdnSelector("EMAILADDRESS=publications@guardtime.com").match(X509CertUtil.toCert(TestUtil.loadBytes("server.crt"))));
    }

    @Test
    public void testX509CertificateMatchesUsingDifferentRdnValues_Ok() throws Exception {
        Assert.assertTrue(new X509CertificateSubjectRdnSelector("EMAILADDRESS=publications@guardtime.com,L=Tallinn, C=EE, C=EE").match(X509CertUtil.toCert(TestUtil.loadBytes("server.crt"))));
    }

    @Test
    public void testX509CertificateDoesNotMatch_Ok() throws Exception {
        Assert.assertFalse(new X509CertificateSubjectRdnSelector("E=publications2@guardtime.com").match(X509CertUtil.toCert(TestUtil.loadBytes("server.crt"))));
    }

    @Test
    public void testX509CertificateDoesNotMatchUsingMultipleRdnValues_Ok() throws Exception {
        Assert.assertFalse(new X509CertificateSubjectRdnSelector("E=publications@guardtime.com,E=publications2@guardtime.com").match(X509CertUtil.toCert(TestUtil.loadBytes("server.crt"))));
    }

    @Test
    public void testMultipleDifferentRdnWithSameOid() throws Exception {
        Assert.assertFalse(new TestX509CertificateSubjectRdnSelector("E=publications@guardtime.com", new AttributeTypeAndValue[]{EMAIL_INVALID, EMAIL}).match(X509CertUtil.toCert(TestUtil.loadBytes("server.crt"))));
    }

    @Test
    public void testMultipleSameRdnWithSameOid() throws Exception {
        Assert.assertTrue(new TestX509CertificateSubjectRdnSelector("E=publications@guardtime.com", new AttributeTypeAndValue[]{EMAIL, EMAIL}).match(X509CertUtil.toCert(TestUtil.loadBytes("server.crt"))));
    }

    @Test
    public void testMultiValuedRdnInCertificate() throws Exception {
        Assert.assertTrue(new TestX509CertificateSubjectRdnSelector("E=publications@guardtime.com", new AttributeTypeAndValue[]{EMAIL, EMAIL}, true).match(X509CertUtil.toCert(TestUtil.loadBytes("server.crt"))));
    }

    @Test
    public void testMultiValuedRdnContainingInvalidEmail() throws Exception {
        Assert.assertFalse(new TestX509CertificateSubjectRdnSelector("E=publications@guardtime.com", new AttributeTypeAndValue[]{EMAIL_INVALID, EMAIL}, true).match(X509CertUtil.toCert(TestUtil.loadBytes("server.crt"))));
    }

    @Test
    public void testDifferentAsn1Encodings() throws Exception {
        Assert.assertTrue(new TestX509CertificateSubjectRdnSelector("E=publications@guardtime.com", new AttributeTypeAndValue[]{new AttributeTypeAndValue(BCStyle.EmailAddress, new DERPrintableString("publications@guardtime.com"))}, true).match(X509CertUtil.toCert(TestUtil.loadBytes("server.crt"))));
    }
}
