package org.nhindirect.dns;

import java.net.URL;
import java.security.cert.X509Certificate;
import junit.framework.TestCase;
import org.mockito.Matchers;
import org.mockito.Mockito;
import org.nhind.config.CertPolicy;
import org.nhind.config.ConfigurationServiceProxy;
import org.nhind.config.PolicyLexicon;
import org.nhindirect.dns.util.ConfigServiceRunner;
import org.nhindirect.dns.util.DNSRecordUtil;
import org.nhindirect.policy.PolicyExpression;
import org.nhindirect.policy.PolicyFilter;

/* loaded from: input_file:org/nhindirect/dns/ConfigServiceDNSStore_isCertCompliantWithPolicyTest.class */
public class ConfigServiceDNSStore_isCertCompliantWithPolicyTest extends TestCase {
    static final String KEY_ENC_POLICY = "(X509.TBS.EXTENSION.KeyUsage & 32) > 0";
    protected ConfigurationServiceProxy proxy;

    public void setUp() {
        try {
            if (!ConfigServiceRunner.isServiceRunning()) {
                ConfigServiceRunner.startConfigService();
            }
            this.proxy = new ConfigurationServiceProxy(ConfigServiceRunner.getConfigServiceURL());
            cleanRecords();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private void cleanRecords() throws Exception {
        CertPolicy[] policies = this.proxy.getPolicies();
        if (policies != null && policies.length > 0) {
            Long[] lArr = new Long[policies.length];
            for (int i = 0; i < policies.length; i++) {
                lArr[i] = Long.valueOf(policies[i].getId());
            }
            this.proxy.deletePolicies(lArr);
        }
        assertNull(this.proxy.getPolicies());
    }

    public void testisCertCompliantWithPolicy_noPolicyConfigured_assertCompliant() throws Exception {
        ConfigServiceDNSStore configServiceDNSStore = new ConfigServiceDNSStore(new URL(ConfigServiceRunner.getConfigServiceURL()));
        assertNull(configServiceDNSStore.polExpression);
        assertNull(configServiceDNSStore.polFilter);
        assertTrue(configServiceDNSStore.isCertCompliantWithPolicy(DNSRecordUtil.loadCertificate("bob.der")));
    }

    public void testisCertCompliantWithPolicy_policyConfigured_compliantCert_assertCompliant() throws Exception {
        System.setProperty("org.nhindirect.dns.CertPolicyName", "ValidPolicy");
        try {
            CertPolicy certPolicy = new CertPolicy();
            certPolicy.setLexicon(PolicyLexicon.SIMPLE_TEXT_V1);
            certPolicy.setPolicyName("ValidPolicy");
            certPolicy.setPolicyData(KEY_ENC_POLICY.getBytes());
            this.proxy.addPolicy(certPolicy);
            ConfigServiceDNSStore configServiceDNSStore = new ConfigServiceDNSStore(new URL(ConfigServiceRunner.getConfigServiceURL()));
            assertNotNull(configServiceDNSStore.polExpression);
            assertNotNull(configServiceDNSStore.polFilter);
            assertTrue(configServiceDNSStore.isCertCompliantWithPolicy(DNSRecordUtil.loadCertificate("bob.der")));
            System.setProperty("org.nhindirect.dns.CertPolicyName", "");
        } catch (Throwable th) {
            System.setProperty("org.nhindirect.dns.CertPolicyName", "");
            throw th;
        }
    }

    public void testisCertCompliantWithPolicy_policyConfigured_nonCompliantCert_assertNonCompliant() throws Exception {
        System.setProperty("org.nhindirect.dns.CertPolicyName", "ValidPolicy");
        try {
            CertPolicy certPolicy = new CertPolicy();
            certPolicy.setLexicon(PolicyLexicon.SIMPLE_TEXT_V1);
            certPolicy.setPolicyName("ValidPolicy");
            certPolicy.setPolicyData(KEY_ENC_POLICY.getBytes());
            this.proxy.addPolicy(certPolicy);
            ConfigServiceDNSStore configServiceDNSStore = new ConfigServiceDNSStore(new URL(ConfigServiceRunner.getConfigServiceURL()));
            assertNotNull(configServiceDNSStore.polExpression);
            assertNotNull(configServiceDNSStore.polFilter);
            assertFalse(configServiceDNSStore.isCertCompliantWithPolicy(DNSRecordUtil.loadCertificate("umesh.der")));
            System.setProperty("org.nhindirect.dns.CertPolicyName", "");
        } catch (Throwable th) {
            System.setProperty("org.nhindirect.dns.CertPolicyName", "");
            throw th;
        }
    }

    public void testisCertCompliantWithPolicy_exceptionInFilter_assertCompliant() throws Exception {
        ConfigServiceDNSStore configServiceDNSStore = new ConfigServiceDNSStore(new URL(ConfigServiceRunner.getConfigServiceURL()));
        PolicyFilter policyFilter = (PolicyFilter) Mockito.mock(PolicyFilter.class);
        ((PolicyFilter) Mockito.doThrow(new RuntimeException("Just Passing Through")).when(policyFilter)).isCompliant((X509Certificate) Matchers.any(), (PolicyExpression) Matchers.any());
        configServiceDNSStore.polFilter = policyFilter;
        assertTrue(configServiceDNSStore.isCertCompliantWithPolicy(DNSRecordUtil.loadCertificate("umesh.der")));
    }
}
