package com.guardtime.ksi.integration;

import com.guardtime.ksi.CommonTestUtil;
import com.guardtime.ksi.TestUtil;
import com.guardtime.ksi.publication.inmemory.InMemoryPublicationsFileFactory;
import com.guardtime.ksi.publication.inmemory.InMemoryPublicationsFileTest;
import com.guardtime.ksi.publication.inmemory.InvalidPublicationsFileException;
import com.guardtime.ksi.service.client.KSIExtenderClient;
import com.guardtime.ksi.tlv.TLVParserException;
import com.guardtime.ksi.trust.CryptoException;
import com.guardtime.ksi.trust.PKITrustStore;
import com.guardtime.ksi.unisignature.verifier.VerificationContextBuilder;
import com.guardtime.ksi.unisignature.verifier.VerificationErrorCode;
import com.guardtime.ksi.unisignature.verifier.VerificationResult;
import com.guardtime.ksi.unisignature.verifier.policies.PublicationsFileBasedVerificationPolicy;
import java.security.cert.X509Certificate;
import org.bouncycastle.util.Store;
import org.mockito.Mockito;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:com/guardtime/ksi/integration/PublicationsFileBasedVerificationPolicyIntegrationTest.class */
public class PublicationsFileBasedVerificationPolicyIntegrationTest extends AbstractCommonIntegrationTest {
    private final PublicationsFileBasedVerificationPolicy policy = new PublicationsFileBasedVerificationPolicy();

    @Test(groups = {"integration"})
    public void testVerifyExtendedSignatureWithCorrectDataAndSuitablePublicationInPublicationFile_VerificationReturnsOK() throws Exception {
        Assert.assertTrue(publicationFileBasedVerification(AbstractCommonIntegrationTest.EXTENDED_SIGNATURE_2014_06_02, InMemoryPublicationsFileTest.PUBLICATIONS_FILE_OK, false, this.simpleHttpClient).isOk());
    }

    @Test(groups = {"integration"})
    public void testVerifyUnextendedSignatureWithCorrectDataExtendingAllowed_VerificationReturnsOk() throws Exception {
        Assert.assertTrue(verify(this.ksi, this.simpleHttpClient, TestUtil.loadSignature(AbstractCommonIntegrationTest.SIGNATURE_2014_06_02), this.policy, true).isOk());
    }

    @Test(groups = {"integration"})
    public void testVerifyUnextendedSignatureWithCorrectDataExtendingNotAllowed_VerificationReturnsGen2() throws Exception {
        VerificationResult verify = verify(this.ksi, this.simpleHttpClient, TestUtil.loadSignature(AbstractCommonIntegrationTest.SIGNATURE_2014_06_02), this.policy, false);
        Assert.assertFalse(verify.isOk());
        Assert.assertEquals(verify.getErrorCode(), VerificationErrorCode.GEN_2);
    }

    @Test(groups = {"integration"})
    public void testVerifyExtendedSignatureWithCorrectDataExtendingAllowed_OK() throws Exception {
        Assert.assertTrue(verify(this.ksi, this.simpleHttpClient, TestUtil.loadSignature(AbstractCommonIntegrationTest.EXTENDED_SIGNATURE_2014_04_30), this.policy, true).isOk());
    }

    @Test(groups = {"integration"})
    public void testVerifyNewerSignatureWithOlderPublicationFile_VerificationReturnsGen2() throws Exception {
        VerificationResult publicationFileBasedVerification = publicationFileBasedVerification("signature_2015-09-13_21-34-00.ksig", "publication-based-verification/old-publications.tlv", true, this.simpleHttpClient);
        Assert.assertFalse(publicationFileBasedVerification.isOk());
        Assert.assertEquals(publicationFileBasedVerification.getErrorCode(), VerificationErrorCode.GEN_2);
    }

    @Test(groups = {"integration"})
    public void testVerifyExtendedSignatureWithWrongResponseMissMatchInInputHash_VerificationReturnsPub1() throws Exception {
        KSIExtenderClient kSIExtenderClient = (KSIExtenderClient) Mockito.mock(KSIExtenderClient.class);
        mockExtenderResponseCalendarHashCain("publication-based-verification/extension-response-for-ok-sig-2014-06-2-wrong-input-hash.tlv", kSIExtenderClient);
        VerificationResult publicationFileBasedVerification = publicationFileBasedVerification(AbstractCommonIntegrationTest.SIGNATURE_2014_06_02, "publication-2015-09-15.tlv", true, kSIExtenderClient);
        Assert.assertFalse(publicationFileBasedVerification.isOk());
        Assert.assertEquals(publicationFileBasedVerification.getErrorCode(), VerificationErrorCode.PUB_01);
    }

    @Test(groups = {"integration"})
    public void testVerifyExtendedSignatureWithWrongResponseMissMatchInPublicationTime_VerificationReturnsPub2() throws Exception {
        KSIExtenderClient kSIExtenderClient = (KSIExtenderClient) Mockito.mock(KSIExtenderClient.class);
        mockExtenderResponseCalendarHashCain("publication-based-verification/extension-response-for-ok-sig-2014-06-2-wrong-publication-time.tlv", kSIExtenderClient);
        VerificationResult publicationFileBasedVerification = publicationFileBasedVerification(AbstractCommonIntegrationTest.SIGNATURE_2014_06_02, "publication-2015-09-15.tlv", true, kSIExtenderClient);
        Assert.assertFalse(publicationFileBasedVerification.isOk());
        Assert.assertEquals(publicationFileBasedVerification.getErrorCode(), VerificationErrorCode.PUB_02);
    }

    @Test(groups = {"integration"})
    public void testVerifySignatureWithWrongHashChain_VerificationReturnsPub3() throws Exception {
        VerificationResult publicationFileBasedVerification = publicationFileBasedVerification("publication-based-verification/all-wrong-hash-chains-in-signature.ksig", "publication-2015-09-15.tlv", true, this.simpleHttpClient);
        Assert.assertFalse(publicationFileBasedVerification.isOk());
        Assert.assertEquals(publicationFileBasedVerification.getErrorCode(), VerificationErrorCode.PUB_03);
    }

    @Test(groups = {"integration"}, expectedExceptions = {TLVParserException.class}, expectedExceptionsMessageRegExp = "Unknown critical TLV element with tag=0x1 encountered")
    public void testVerifySignatureWithPublicationWithExtraCriticalElementInPublicationRecordLvl1() throws Exception {
        publicationFileBasedVerification(AbstractCommonIntegrationTest.SIGNATURE_2014_06_02, "publications-file/publicartions-new-critical-element-in-publication-record-lvl1.tlv", true, this.simpleHttpClient);
    }

    @Test(groups = {"integration"}, expectedExceptions = {TLVParserException.class}, expectedExceptionsMessageRegExp = "Unknown critical TLV element with tag=0x5 encountered")
    public void testVerifySignatureWithPublicationWithExtraCriticalElementInPublicationRecordLvl2() throws Exception {
        publicationFileBasedVerification(AbstractCommonIntegrationTest.SIGNATURE_2014_06_02, "publications-file/publicartions-new-critical-element-in-publication-record-lvl2.tlv", true, this.simpleHttpClient);
    }

    @Test(groups = {"integration"}, expectedExceptions = {InvalidPublicationsFileException.class}, expectedExceptionsMessageRegExp = "Invalid publications file element type=0x708")
    public void testVerifySignatureWithPublicationWithNewCriticalTlvBlock() throws Exception {
        publicationFileBasedVerification(AbstractCommonIntegrationTest.SIGNATURE_2014_06_02, "publications-file/publicartions-new-critical-nested-tlv-in-main.tlv", true, this.simpleHttpClient);
    }

    @Test(groups = {"integration"}, expectedExceptions = {InvalidPublicationsFileException.class}, expectedExceptionsMessageRegExp = "Invalid publications file element type=0x708")
    public void testVerifySignatureWithPublicationWithNewCriticalTlbBlockWithNonCriticalChild() throws Exception {
        publicationFileBasedVerification(AbstractCommonIntegrationTest.SIGNATURE_2014_06_02, "publications-file/publicartions-new-critical-nested-tlv-in-main-with-non-critical-tlvs.tlv", true, this.simpleHttpClient);
    }

    @Test(groups = {"integration"})
    public void testVerifySignatureWithPublicationWithNewNonCriticalElementInPublicationRecordLvl1() throws Exception {
        Assert.assertTrue(publicationFileBasedVerification(AbstractCommonIntegrationTest.SIGNATURE_2014_06_02, "publications-file/publicartions-new-non-critical-element-in-publication-record-lvl1.tlv", true, this.simpleHttpClient).isOk());
    }

    @Test(groups = {"integration"})
    public void testVerifySignatureWithPublicationWithNewNonCriticalElementInPublicationRecordLvl2() throws Exception {
        Assert.assertTrue(publicationFileBasedVerification(AbstractCommonIntegrationTest.SIGNATURE_2014_06_02, "publications-file/publicartions-new-non-critical-element-in-publication-record-lvl2.tlv", true, this.simpleHttpClient).isOk());
    }

    @Test(groups = {"integration"}, expectedExceptions = {InvalidPublicationsFileException.class}, expectedExceptionsMessageRegExp = "Invalid publications file element type=0x708")
    public void testVerifySignatureWithPublicationWithNewNonCriticalTlvBlock() throws Exception {
        publicationFileBasedVerification(AbstractCommonIntegrationTest.SIGNATURE_2014_06_02, "publications-file/publicartions-new-non-critical-nested-tlv-in-main.tlv", true, this.simpleHttpClient);
    }

    @Test(groups = {"integration"}, expectedExceptions = {InvalidPublicationsFileException.class}, expectedExceptionsMessageRegExp = "Invalid publications file element type=0x708")
    public void testVerifySignatureWithPublicationWithNewNonCriticalTlvBlockWithCriticalChild() throws Exception {
        publicationFileBasedVerification(AbstractCommonIntegrationTest.SIGNATURE_2014_06_02, "publications-file/publicartions-new-non-critical-nested-tlv-in-main-with-critical-tlvs.tlv", true, this.simpleHttpClient);
    }

    @Test(groups = {"integration"}, expectedExceptions = {TLVParserException.class}, expectedExceptionsMessageRegExp = "Unknown critical TLV element with tag=0x5 encountered")
    public void testVerifySignatureWithPublicationWithNewCriticalElementInCertificateRecord() throws Exception {
        publicationFileBasedVerification(AbstractCommonIntegrationTest.SIGNATURE_2014_06_02, "publications-file/publicartions-new-critical-element-in-certificate-record-lvl1.tlv", true, this.simpleHttpClient);
    }

    @Test(groups = {"integration"}, expectedExceptions = {TLVParserException.class}, expectedExceptionsMessageRegExp = "Unknown critical TLV element with tag=0x5 encountered")
    public void testVerifySignatureWithPublicationWithNewCriticalElementInPublicationHeader() throws Exception {
        publicationFileBasedVerification(AbstractCommonIntegrationTest.SIGNATURE_2014_06_02, "publications-file/publicartions-new-critical-element-in-publication-header-lvl1.tlv", true, this.simpleHttpClient);
    }

    @Test(groups = {"integration"})
    public void testVerifySignatureWithPublicationWithNewNonCriticalElementInCertificateRecord() throws Exception {
        Assert.assertTrue(publicationFileBasedVerification(AbstractCommonIntegrationTest.SIGNATURE_2014_06_02, "publications-file/publicartions-new-non-critical-element-in-certificate-record-lvl1.tlv", true, this.simpleHttpClient).isOk());
    }

    @Test(groups = {"integration"})
    public void testVerifySignatureWithPublicationWithNewNonCriticalElementInPublicationHeader() throws Exception {
        Assert.assertTrue(publicationFileBasedVerification(AbstractCommonIntegrationTest.SIGNATURE_2014_06_02, "publications-file/publicartions-new-non-critical-element-in-publication-header-lvl1.tlv", true, this.simpleHttpClient).isOk());
    }

    @Test(groups = {"integration"})
    public void testVerifySignatureWithPublicationWithWrongPublicationHash() throws Exception {
        VerificationResult publicationFileBasedVerification = publicationFileBasedVerification(AbstractCommonIntegrationTest.SIGNATURE_2014_06_02, "publications-file/publications-one-cert-one-publication-record-with-wrong-hash.tlv", true, this.simpleHttpClient);
        Assert.assertFalse(publicationFileBasedVerification.isOk());
        Assert.assertEquals(publicationFileBasedVerification.getErrorCode(), VerificationErrorCode.PUB_01);
    }

    private VerificationResult publicationFileBasedVerification(String str, String str2, boolean z, KSIExtenderClient kSIExtenderClient) throws Exception {
        VerificationContextBuilder verificationContextBuilder = new VerificationContextBuilder();
        verificationContextBuilder.setPublicationsFile(new InMemoryPublicationsFileFactory(new PKITrustStore() { // from class: com.guardtime.ksi.integration.PublicationsFileBasedVerificationPolicyIntegrationTest.1
            public boolean isTrusted(X509Certificate x509Certificate, Store store) throws CryptoException {
                return true;
            }
        }).create(CommonTestUtil.load(str2)));
        verificationContextBuilder.setSignature(TestUtil.loadSignature(str)).setExtenderClient(kSIExtenderClient);
        verificationContextBuilder.setExtendingAllowed(z);
        return this.ksi.verify(verificationContextBuilder.createVerificationContext(), this.policy);
    }
}
