package com.yahoo.vespa.model.application.validation;

import com.yahoo.config.model.deploy.DeployState;
import com.yahoo.security.X509CertificateUtils;
import com.yahoo.vespa.model.test.utils.DeployLoggerStub;
import com.yahoo.yolean.Exceptions;
import java.security.cert.X509Certificate;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:com/yahoo/vespa/model/application/validation/CloudClientsValidatorTest.class */
class CloudClientsValidatorTest {
    CloudClientsValidatorTest() {
    }

    @Test
    void logs_deployment_warning_on_certificate_with_empty_sequence_of_extensions() {
        DeployLoggerStub deployLoggerStub = new DeployLoggerStub();
        CloudClientsValidator.validateCertificate("default", "my-feed-client", readTestCertificate("cert-with-empty-sequence-of-extensions.pem"), (str, th) -> {
            throw new IllegalArgumentException(str, th);
        }, new DeployState.Builder().deployLogger(deployLoggerStub).build());
        Assertions.assertEquals("Client **my-feed-client** defined for cluster **default** contains an invalid certificate: The certificate's ASN.1 structure contains an empty sequence of extensions, which is a violation of the ASN.1 specification. Please update the application package with a new certificate, e.g by generating a new one using the Vespa CLI `$ vespa auth cert`. ", deployLoggerStub.getLast().message);
    }

    @Test
    void accepts_valid_certificate() {
        DeployLoggerStub deployLoggerStub = new DeployLoggerStub();
        DeployState build = new DeployState.Builder().deployLogger(deployLoggerStub).build();
        X509Certificate readTestCertificate = readTestCertificate("valid-cert.pem");
        Assertions.assertDoesNotThrow(() -> {
            CloudClientsValidator.validateCertificate("default", "my-feed-client", readTestCertificate, (str, th) -> {
                throw new IllegalArgumentException(str, th);
            }, build);
        });
        Assertions.assertEquals(0, deployLoggerStub.entries.size());
    }

    private static X509Certificate readTestCertificate(String str) {
        return X509CertificateUtils.fromPem(new String((byte[]) Exceptions.uncheck(() -> {
            return CloudClientsValidatorTest.class.getResourceAsStream("/cloud-clients-validator/%s".formatted(str)).readAllBytes();
        })));
    }
}
