package org.eclipse.californium.scandium.dtls;

import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import javax.security.auth.x500.X500Principal;
import org.eclipse.californium.elements.category.Small;
import org.eclipse.californium.scandium.dtls.CertificateRequest;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({Small.class})
/* loaded from: input_file:org/eclipse/californium/scandium/dtls/CertificateRequestTest.class */
public class CertificateRequestTest {
    private static InetSocketAddress peerAddress = new InetSocketAddress(InetAddress.getLoopbackAddress(), 10000);

    @Test
    public void testIsSupportedKeyTypeFailsForUnsupportedKeyAlgorithm() throws Exception {
        PublicKey clientPublicKey = DtlsTestTools.getClientPublicKey();
        CertificateRequest certificateRequest = new CertificateRequest(peerAddress);
        certificateRequest.addCertificateType(CertificateRequest.ClientCertificateType.DSS_FIXED_DH);
        Assert.assertFalse(certificateRequest.isSupportedKeyType(clientPublicKey));
    }

    @Test
    public void testIsSupportedKeyTypeSucceedsForSupportedKeyAlgorithm() throws Exception {
        PublicKey clientPublicKey = DtlsTestTools.getClientPublicKey();
        CertificateRequest certificateRequest = new CertificateRequest(peerAddress);
        certificateRequest.addCertificateType(CertificateRequest.ClientCertificateType.ECDSA_SIGN);
        Assert.assertTrue(certificateRequest.isSupportedKeyType(clientPublicKey));
    }

    @Test
    public void testIsSupportedKeyTypeFailsForCertWithoutDigitalSignatureKeyUsage() throws Exception {
        X509Certificate noSigningCertificate = DtlsTestTools.getNoSigningCertificate();
        CertificateRequest certificateRequest = new CertificateRequest(peerAddress);
        certificateRequest.addCertificateType(CertificateRequest.ClientCertificateType.ECDSA_SIGN);
        Assert.assertFalse(certificateRequest.isSupportedKeyType(noSigningCertificate));
    }

    @Test
    public void testIsSupportedKeyTypeSucceedsForCertWithDigitalSignatureKeyUsage() throws Exception {
        X509Certificate x509Certificate = DtlsTestTools.getClientCertificateChain()[0];
        CertificateRequest certificateRequest = new CertificateRequest(peerAddress);
        certificateRequest.addCertificateType(CertificateRequest.ClientCertificateType.ECDSA_SIGN);
        Assert.assertTrue(certificateRequest.isSupportedKeyType(x509Certificate));
    }

    @Test
    public void testGetSignatureAndHashAlgorithmFailsForNonMatchingSupportedSignatureAlgorithms() throws Exception {
        PublicKey clientPublicKey = DtlsTestTools.getClientPublicKey();
        Assert.assertThat(clientPublicKey.getAlgorithm(), CoreMatchers.is("EC"));
        CertificateRequest certificateRequest = new CertificateRequest(peerAddress);
        certificateRequest.addCertificateType(CertificateRequest.ClientCertificateType.ECDSA_SIGN);
        certificateRequest.addSignatureAlgorithm(new SignatureAndHashAlgorithm(SignatureAndHashAlgorithm.HashAlgorithm.SHA256, SignatureAndHashAlgorithm.SignatureAlgorithm.RSA));
        certificateRequest.addSignatureAlgorithm(new SignatureAndHashAlgorithm(SignatureAndHashAlgorithm.HashAlgorithm.MD5, SignatureAndHashAlgorithm.SignatureAlgorithm.DSA));
        certificateRequest.addSignatureAlgorithm(new SignatureAndHashAlgorithm(SignatureAndHashAlgorithm.HashAlgorithm.NONE, SignatureAndHashAlgorithm.SignatureAlgorithm.ANONYMOUS));
        Assert.assertThat(certificateRequest.getSignatureAndHashAlgorithm(clientPublicKey), CoreMatchers.is(CoreMatchers.nullValue()));
    }

    @Test
    public void testGetSignatureAndHashAlgorithmSucceedsForMatchingSupportedSignatureAlgorithms() throws Exception {
        PublicKey clientPublicKey = DtlsTestTools.getClientPublicKey();
        Assert.assertThat(clientPublicKey.getAlgorithm(), CoreMatchers.is("EC"));
        CertificateRequest certificateRequest = new CertificateRequest(peerAddress);
        certificateRequest.addCertificateType(CertificateRequest.ClientCertificateType.ECDSA_SIGN);
        SignatureAndHashAlgorithm signatureAndHashAlgorithm = new SignatureAndHashAlgorithm(SignatureAndHashAlgorithm.HashAlgorithm.SHA256, SignatureAndHashAlgorithm.SignatureAlgorithm.RSA);
        SignatureAndHashAlgorithm signatureAndHashAlgorithm2 = new SignatureAndHashAlgorithm(SignatureAndHashAlgorithm.HashAlgorithm.SHA256, SignatureAndHashAlgorithm.SignatureAlgorithm.ECDSA);
        certificateRequest.addSignatureAlgorithm(signatureAndHashAlgorithm);
        certificateRequest.addSignatureAlgorithm(new SignatureAndHashAlgorithm(SignatureAndHashAlgorithm.HashAlgorithm.NONE, SignatureAndHashAlgorithm.SignatureAlgorithm.ANONYMOUS));
        certificateRequest.addSignatureAlgorithm(signatureAndHashAlgorithm2);
        Assert.assertThat(certificateRequest.getSignatureAndHashAlgorithm(clientPublicKey), CoreMatchers.is(signatureAndHashAlgorithm2));
    }

    @Test
    public void testAddCertificateAuthorityAssertsMaxLength() {
        CertificateRequest certificateRequest = new CertificateRequest(peerAddress);
        X500Principal x500Principal = new X500Principal("O=Eclipse, OU=Hono Project, CN=test");
        int floor = (int) Math.floor(65535 / (2 + x500Principal.getEncoded().length));
        for (int i = 0; i < floor; i++) {
            Assert.assertTrue(certificateRequest.addCertificateAuthority(x500Principal));
        }
        Assert.assertFalse(certificateRequest.addCertificateAuthority(x500Principal));
    }
}
