package org.eclipse.hono.service.management.tenant;

import io.vertx.core.json.JsonObject;
import io.vertx.core.net.SelfSignedCertificate;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.format.DateTimeFormatter;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/eclipse/hono/service/management/tenant/TrustedCertificateAuthorityTest.class */
class TrustedCertificateAuthorityTest {
    private static X509Certificate certificate;

    TrustedCertificateAuthorityTest() {
    }

    @BeforeAll
    public static void setUp() throws GeneralSecurityException, IOException {
        certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(SelfSignedCertificate.create("eclipse.org").certificatePath()));
    }

    @Test
    public void testDecodeTrustedCAUsingPublicKey() {
        TrustedCertificateAuthority trustedCertificateAuthority = (TrustedCertificateAuthority) new JsonObject().put("subject-dn", certificate.getSubjectX500Principal().getName("RFC2253")).put("public-key", certificate.getPublicKey().getEncoded()).put("algorithm", certificate.getPublicKey().getAlgorithm()).put("not-before", DateTimeFormatter.ISO_INSTANT.format(certificate.getNotBefore().toInstant())).put("not-after", DateTimeFormatter.ISO_INSTANT.format(certificate.getNotAfter().toInstant())).mapTo(TrustedCertificateAuthority.class);
        Assertions.assertThat(trustedCertificateAuthority.isValid()).isTrue();
        assertAuthority(trustedCertificateAuthority);
    }

    @Test
    public void testDecodeTrustedCAUsingCert() throws CertificateEncodingException {
        TrustedCertificateAuthority trustedCertificateAuthority = (TrustedCertificateAuthority) new JsonObject().put("cert", certificate.getEncoded()).mapTo(TrustedCertificateAuthority.class);
        Assertions.assertThat(trustedCertificateAuthority.isValid()).isTrue();
        assertAuthority(trustedCertificateAuthority);
    }

    @Test
    public void testDecodeTrustedCAUsingCertAndPublicKey() throws CertificateEncodingException {
        assertAuthority((TrustedCertificateAuthority) new JsonObject().put("cert", certificate.getEncoded()).put("public-key", "NOTAKEY".getBytes()).put("subject-dn", "CN=not the right subject").put("algorithm", "unsupported").put("not-before", DateTimeFormatter.ISO_INSTANT.format(certificate.getNotBefore().toInstant().minus(1L, (TemporalUnit) ChronoUnit.DAYS))).put("not-after", DateTimeFormatter.ISO_INSTANT.format(certificate.getNotAfter().toInstant().plus(2L, (TemporalUnit) ChronoUnit.DAYS))).mapTo(TrustedCertificateAuthority.class));
    }

    private void assertAuthority(TrustedCertificateAuthority trustedCertificateAuthority) {
        Assertions.assertThat(trustedCertificateAuthority.isValid()).isTrue();
        Assertions.assertThat(trustedCertificateAuthority.getSubjectDn()).isEqualTo(certificate.getSubjectX500Principal());
        Assertions.assertThat(trustedCertificateAuthority.getPublicKey()).isEqualTo(certificate.getPublicKey().getEncoded());
        Assertions.assertThat(trustedCertificateAuthority.getKeyAlgorithm()).isEqualTo(certificate.getPublicKey().getAlgorithm());
        Assertions.assertThat(trustedCertificateAuthority.getNotBefore()).isEqualTo(certificate.getNotBefore().toInstant());
        Assertions.assertThat(trustedCertificateAuthority.getNotAfter()).isEqualTo(certificate.getNotAfter().toInstant());
    }
}
