package com.guardtime.ksi.trust;

import com.guardtime.ksi.TestUtil;
import com.guardtime.ksi.util.Util;
import com.guardtime.ksi.util.X509CertUtil;
import java.security.KeyStore;
import java.security.cert.CertSelector;
import java.security.cert.X509Certificate;
import org.bouncycastle.util.Store;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:com/guardtime/ksi/trust/JKSTrustStoreTest.class */
public class JKSTrustStoreTest {
    @Test(expectedExceptions = {InvalidKeyStoreException.class}, expectedExceptionsMessageRegExp = "Invalid input parameter. Key store must be present")
    public void testCreateJKSTrustStore_ThrowsInvalidKeyStoreException() throws Exception {
        new JKSTrustStore((KeyStore) null, (CertSelector) null);
    }

    @Test(expectedExceptions = {InvalidKeyStoreException.class}, expectedExceptionsMessageRegExp = "Invalid input parameter. Key store path must be present")
    public void testCreateJKSTrustStoreWithoutKeyStorePath_ThrowsInvalidKeyStoreException() throws Exception {
        new JKSTrustStore((String) null, (CertSelector) null);
    }

    @Test(expectedExceptions = {InvalidKeyStoreException.class}, expectedExceptionsMessageRegExp = "Loading java key store with path my_file failed")
    public void testCreateJKSTrustStoreFromFileThatDoesNotExist_ThrowsInvalidKeyStoreException() throws Exception {
        new JKSTrustStore("my_file", "password".toCharArray(), (CertSelector) null);
    }

    @Test(expectedExceptions = {CryptoException.class}, expectedExceptionsMessageRegExp = "Invalid input parameter. Certificate can not be null")
    public void testCheckIfCertificateIsTrustedUsingInvalidInput_ThrowsCryptoException() throws Exception {
        new JKSTrustStore("truststore.jks", (CertSelector) null).isTrusted((X509Certificate) null, (Store) null);
    }

    @Test
    public void testCheckIfCertificateIsTrusted_Ok() throws Exception {
        Assert.assertTrue(new JKSTrustStore("truststore.jks", (CertSelector) null).isTrusted((X509Certificate) X509CertUtil.toCert(Util.toByteArray(TestUtil.load("server.crt"))), (Store) null));
    }

    @Test
    public void testCheckIfCertificateIsTrustedWithEmail_Ok() throws Exception {
        Assert.assertTrue(new JKSTrustStore("truststore.jks", (char[]) null, new X509CertificateSubjectRdnSelector("E=publications@guardtime.com")).isTrusted((X509Certificate) X509CertUtil.toCert(Util.toByteArray(TestUtil.load("server.crt"))), (Store) null));
    }

    @Test(expectedExceptions = {InvalidCertificateException.class}, expectedExceptionsMessageRegExp = "Invalid certificated subject with subjectDN EMAILADDRESS=publications@guardtime.com.*")
    public void testCheckIfCertificateIsTrustedWithInvalidEmail_ThrowsInvalidCertificateSubjectException() throws Exception {
        Assert.assertTrue(new JKSTrustStore("truststore.jks", (char[]) null, new X509CertificateSubjectRdnSelector("E=invalid_publications@guardtime.com")).isTrusted((X509Certificate) X509CertUtil.toCert(Util.toByteArray(TestUtil.load("server.crt"))), (Store) null));
    }

    @Test
    public void testCheckUntrustedCertificate_Ok() throws Exception {
        Assert.assertFalse(new JKSTrustStore("truststore.jks", (CertSelector) null).isTrusted((X509Certificate) X509CertUtil.toCert(Util.toByteArray(TestUtil.load("cert.crt"))), (Store) null));
    }

    @Test(expectedExceptions = {CryptoException.class}, expectedExceptionsMessageRegExp = "General security error occurred. Uninitialized keystore")
    public void testUseUninitializedKeyStore_ThrowsCryptoException() throws Exception {
        new JKSTrustStore(KeyStore.getInstance("JKS"), (CertSelector) null).isTrusted((X509Certificate) X509CertUtil.toCert(Util.toByteArray(TestUtil.load("server.crt"))), (Store) null);
    }
}
