package com.guardtime.ksi.unisignature.verifier.policies;

import com.guardtime.ksi.CommonTestUtil;
import com.guardtime.ksi.KSI;
import com.guardtime.ksi.KSIBuilder;
import com.guardtime.ksi.TestUtil;
import com.guardtime.ksi.pdu.PduVersion;
import com.guardtime.ksi.publication.PublicationsFile;
import com.guardtime.ksi.publication.inmemory.CertificateNotFoundException;
import com.guardtime.ksi.service.client.KSIExtenderClient;
import com.guardtime.ksi.service.client.KSIPublicationsFileClient;
import com.guardtime.ksi.service.client.KSISigningClient;
import com.guardtime.ksi.unisignature.verifier.PolicyVerificationResult;
import com.guardtime.ksi.unisignature.verifier.RuleResult;
import com.guardtime.ksi.unisignature.verifier.VerificationErrorCode;
import com.guardtime.ksi.unisignature.verifier.VerificationResult;
import com.guardtime.ksi.unisignature.verifier.VerificationResultCode;
import com.guardtime.ksi.unisignature.verifier.rules.CalendarAuthenticationRecordExistenceRule;
import java.security.cert.CertSelector;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Map;
import org.mockito.Mockito;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:com/guardtime/ksi/unisignature/verifier/policies/KeyBasedVerificationPolicyTest.class */
public class KeyBasedVerificationPolicyTest {
    private KSI ksi;
    private KSIExtenderClient mockedExtenderClient;

    @BeforeMethod
    public void setUp() throws Exception {
        this.mockedExtenderClient = (KSIExtenderClient) Mockito.mock(KSIExtenderClient.class);
        Mockito.when(this.mockedExtenderClient.getPduVersion()).thenReturn(PduVersion.V1);
        KSIPublicationsFileClient kSIPublicationsFileClient = (KSIPublicationsFileClient) Mockito.mock(KSIPublicationsFileClient.class);
        KSISigningClient kSISigningClient = (KSISigningClient) Mockito.mock(KSISigningClient.class);
        Mockito.when(kSISigningClient.getPduVersion()).thenReturn(PduVersion.V1);
        CertSelector certSelector = (CertSelector) Mockito.mock(CertSelector.class);
        Mockito.when(Boolean.valueOf(certSelector.match((Certificate) Mockito.any(Certificate.class)))).thenReturn(Boolean.TRUE);
        this.ksi = new KSIBuilder().setKsiProtocolExtenderClient(this.mockedExtenderClient).setKsiProtocolPublicationsFileClient(kSIPublicationsFileClient).setKsiProtocolSignerClient(kSISigningClient).setPublicationsFileTrustedCertSelector(certSelector).build();
    }

    @Test
    public void testCreateNewKeyBasedVerificationPolicy_Ok() throws Exception {
        KeyBasedVerificationPolicy keyBasedVerificationPolicy = new KeyBasedVerificationPolicy();
        Assert.assertNotNull(keyBasedVerificationPolicy.getRules());
        Assert.assertNotNull(keyBasedVerificationPolicy.getName());
        Assert.assertFalse(keyBasedVerificationPolicy.getRules().isEmpty());
        Assert.assertNotNull(keyBasedVerificationPolicy.getType());
    }

    @Test
    public void testVerifySignatureOfflineWithInvalidAuthenticationRecord_ThrowsVerificationException() throws Exception {
        PublicationsFile publicationsFile = (PublicationsFile) Mockito.mock(PublicationsFile.class);
        VerificationResult verify = this.ksi.verify(TestUtil.buildContext(TestUtil.loadSignature("not-ok-sig-2014-04-30.1-extended.ksig"), this.ksi, this.mockedExtenderClient, TestUtil.getFileHash(CommonTestUtil.loadFile("infile"), "SHA2-256"), publicationsFile), new KeyBasedVerificationPolicy());
        Assert.assertFalse(verify.isOk());
        Assert.assertEquals(verify.getErrorCode(), VerificationErrorCode.INT_09);
    }

    @Test
    public void testVerifySignatureWithoutCalendarAuthenticationRecord() throws Exception {
        PublicationsFile publicationsFile = (PublicationsFile) Mockito.mock(PublicationsFile.class);
        VerificationResult verify = this.ksi.verify(TestUtil.buildContext(TestUtil.loadSignature("calendar-auth-rec-missing.ksig"), this.ksi, this.mockedExtenderClient, TestUtil.getFileHash(CommonTestUtil.loadFile("infile"), "SHA2-256"), publicationsFile), new KeyBasedVerificationPolicy());
        Assert.assertFalse(verify.isOk());
        Assert.assertEquals(verify.getErrorCode(), VerificationErrorCode.GEN_2);
        Map ruleResults = ((PolicyVerificationResult) verify.getPolicyVerificationResults().get(0)).getRuleResults();
        RuleResult[] ruleResultArr = (RuleResult[]) ruleResults.values().toArray(new RuleResult[ruleResults.size()]);
        Assert.assertEquals(ruleResultArr[ruleResultArr.length - 1].getResultCode(), VerificationResultCode.NA);
        Assert.assertEquals(ruleResultArr[ruleResultArr.length - 1].getRuleName(), CalendarAuthenticationRecordExistenceRule.class.getSimpleName());
    }

    @Test
    public void testVerifySignatureOfflineSignedByUnknownCertificate() throws Exception {
        PublicationsFile publicationsFile = (PublicationsFile) Mockito.mock(PublicationsFile.class);
        Mockito.when(publicationsFile.findCertificateById((byte[]) Mockito.any(byte[].class))).thenThrow(new Throwable[]{new CertificateNotFoundException("Certificate not found")});
        Mockito.when(publicationsFile.getName()).thenReturn("MockProvider");
        VerificationResult verify = this.ksi.verify(TestUtil.buildContext(TestUtil.loadSignature("ok-sig-2014-04-30.1.ksig"), this.ksi, this.mockedExtenderClient, TestUtil.getFileHash(CommonTestUtil.loadFile("infile"), "SHA2-256"), publicationsFile), new KeyBasedVerificationPolicy());
        Assert.assertFalse(verify.isOk());
        Assert.assertEquals(verify.getErrorCode(), VerificationErrorCode.KEY_01);
    }

    @Test
    public void testVerifySignatureOfflineUsingInvalidPublicKey() throws Exception {
        PublicationsFile publicationsFile = (PublicationsFile) Mockito.mock(PublicationsFile.class);
        X509Certificate x509Certificate = (X509Certificate) Mockito.mock(X509Certificate.class);
        Mockito.when(x509Certificate.getSigAlgName()).thenReturn("RSA");
        Mockito.when(publicationsFile.findCertificateById((byte[]) Mockito.any(byte[].class))).thenReturn(x509Certificate);
        VerificationResult verify = this.ksi.verify(TestUtil.buildContext(TestUtil.loadSignature("ok-sig-2014-04-30.1.ksig"), this.ksi, this.mockedExtenderClient, TestUtil.getFileHash(CommonTestUtil.loadFile("infile"), "SHA2-256"), publicationsFile), new KeyBasedVerificationPolicy());
        Assert.assertFalse(verify.isOk());
        Assert.assertEquals(verify.getErrorCode(), VerificationErrorCode.KEY_02);
    }

    @Test
    public void testVerifySignatureOfflineUsingInvalidAlgorithm() throws Exception {
        PublicationsFile publicationsFile = (PublicationsFile) Mockito.mock(PublicationsFile.class);
        X509Certificate x509Certificate = (X509Certificate) Mockito.mock(X509Certificate.class);
        Mockito.when(x509Certificate.getSigAlgName()).thenReturn("BLABLA_ALG");
        Mockito.when(publicationsFile.findCertificateById((byte[]) Mockito.any(byte[].class))).thenReturn(x509Certificate);
        VerificationResult verify = this.ksi.verify(TestUtil.buildContext(TestUtil.loadSignature("ok-sig-2014-04-30.1.ksig"), this.ksi, this.mockedExtenderClient, TestUtil.getFileHash(CommonTestUtil.loadFile("infile"), "SHA2-256"), publicationsFile), new KeyBasedVerificationPolicy());
        Assert.assertFalse(verify.isOk());
        Assert.assertEquals(verify.getErrorCode(), VerificationErrorCode.KEY_02);
    }
}
