package org.apache.nifi.web.security.x509.ocsp;

import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Vector;
import org.bouncycastle.shaded.asn1.x500.X500Name;
import org.bouncycastle.shaded.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.shaded.asn1.x509.KeyPurposeId;
import org.bouncycastle.shaded.asn1.x509.KeyUsage;
import org.bouncycastle.shaded.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.shaded.asn1.x509.X509Extension;
import org.bouncycastle.shaded.cert.X509v3CertificateBuilder;
import org.bouncycastle.shaded.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.shaded.jce.provider.BouncyCastleProvider;
import org.bouncycastle.shaded.operator.ContentSigner;
import org.bouncycastle.shaded.operator.OperatorCreationException;
import org.bouncycastle.shaded.operator.jcajce.JcaContentSignerBuilder;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidatorTest.class */
public class OcspCertificateValidatorTest {
    private static final Logger logger;
    private static final int KEY_SIZE = 2048;
    private static final long YESTERDAY;
    private static final long ONE_YEAR_FROM_NOW;
    private static final String SIGNATURE_ALGORITHM = "SHA256withRSA";
    private static final String PROVIDER = "BC";
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeClass
    public static void setUpOnce() throws Exception {
        Security.addProvider(new BouncyCastleProvider());
    }

    private static KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(KEY_SIZE);
        return keyPairGenerator.generateKeyPair();
    }

    private static X509Certificate generateCertificate(String str) throws IOException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, SignatureException, InvalidKeyException, OperatorCreationException {
        return generateCertificate(str, generateKeyPair());
    }

    private static X509Certificate generateCertificate(String str, KeyPair keyPair) throws IOException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, SignatureException, InvalidKeyException, OperatorCreationException {
        ContentSigner build = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(PROVIDER).build(keyPair.getPrivate());
        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name(str), BigInteger.valueOf(System.currentTimeMillis()), new Date(YESTERDAY), new Date(ONE_YEAR_FROM_NOW), new X500Name(str), subjectPublicKeyInfo);
        x509v3CertificateBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(184));
        Vector vector = new Vector();
        vector.add(KeyPurposeId.id_kp_clientAuth);
        vector.add(KeyPurposeId.id_kp_serverAuth);
        x509v3CertificateBuilder.addExtension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(vector));
        return new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(x509v3CertificateBuilder.build(build));
    }

    private static X509Certificate generateIssuedCertificate(String str, String str2, PrivateKey privateKey) throws IOException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, SignatureException, InvalidKeyException, OperatorCreationException {
        return generateIssuedCertificate(str, generateKeyPair().getPublic(), str2, privateKey);
    }

    private static X509Certificate generateIssuedCertificate(String str, PublicKey publicKey, String str2, PrivateKey privateKey) throws IOException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, SignatureException, InvalidKeyException, OperatorCreationException {
        ContentSigner build = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(PROVIDER).build(privateKey);
        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
        return new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(new X509v3CertificateBuilder(new X500Name(str2), BigInteger.valueOf(System.currentTimeMillis()), new Date(YESTERDAY), new Date(ONE_YEAR_FROM_NOW), new X500Name(str), subjectPublicKeyInfo).build(build));
    }

    @Test
    public void testShouldGenerateCertificate() throws Exception {
        X509Certificate generateCertificate = generateCertificate("CN=This is a test");
        logger.info("Generated certificate: \n{}", generateCertificate);
        if (!$assertionsDisabled && !generateCertificate.getSubjectDN().getName().equals("CN=This is a test")) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !generateCertificate.getIssuerDN().getName().equals("CN=This is a test")) {
            throw new AssertionError();
        }
        generateCertificate.verify(generateCertificate.getPublicKey());
    }

    @Test
    public void testShouldGenerateCertificateFromKeyPair() throws Exception {
        KeyPair generateKeyPair = generateKeyPair();
        X509Certificate generateCertificate = generateCertificate("CN=This is a test", generateKeyPair);
        logger.info("Generated certificate: \n{}", generateCertificate);
        if (!$assertionsDisabled && !generateCertificate.getPublicKey().equals(generateKeyPair.getPublic())) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !generateCertificate.getSubjectDN().getName().equals("CN=This is a test")) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !generateCertificate.getIssuerDN().getName().equals("CN=This is a test")) {
            throw new AssertionError();
        }
        generateCertificate.verify(generateCertificate.getPublicKey());
    }

    @Test
    public void testShouldGenerateIssuedCertificate() throws Exception {
        KeyPair generateKeyPair = generateKeyPair();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        X509Certificate generateCertificate = generateCertificate("CN=Issuer CA", generateKeyPair);
        logger.info("Generated issuer certificate: \n{}", generateCertificate);
        X509Certificate generateIssuedCertificate = generateIssuedCertificate("CN=This is a signed test", "CN=Issuer CA", privateKey);
        logger.info("Generated signed certificate: \n{}", generateIssuedCertificate);
        if (!$assertionsDisabled && !generateCertificate.getPublicKey().equals(generateKeyPair.getPublic())) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !generateIssuedCertificate.getSubjectX500Principal().getName().equals("CN=This is a signed test")) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !generateIssuedCertificate.getIssuerX500Principal().getName().equals("CN=Issuer CA")) {
            throw new AssertionError();
        }
        generateIssuedCertificate.verify(generateCertificate.getPublicKey());
        try {
            generateIssuedCertificate.verify(generateIssuedCertificate.getPublicKey());
            Assert.fail("Should have thrown exception");
        } catch (Exception e) {
            if (!$assertionsDisabled && !(e instanceof SignatureException)) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && !e.getMessage().contains("certificate does not verify with supplied key")) {
                throw new AssertionError();
            }
        }
    }

    static {
        $assertionsDisabled = !OcspCertificateValidatorTest.class.desiredAssertionStatus();
        logger = LoggerFactory.getLogger(OcspCertificateValidatorTest.class);
        YESTERDAY = System.currentTimeMillis() - 86400000;
        ONE_YEAR_FROM_NOW = System.currentTimeMillis() + 1471228928;
    }
}
