package org.eclipse.californium.scandium.dtls;

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import javax.security.auth.x500.X500Principal;
import org.eclipse.californium.elements.category.Small;
import org.eclipse.californium.elements.util.Bytes;
import org.eclipse.californium.elements.util.DatagramReader;
import org.eclipse.californium.elements.util.DatagramWriter;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.hamcrest.CoreMatchers;
import org.hamcrest.number.OrderingComparison;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({Small.class})
/* loaded from: input_file:org/eclipse/californium/scandium/dtls/CertificateMessageTest.class */
public class CertificateMessageTest {
    CertificateMessage message;
    X509Certificate[] certificateChain;
    X509Certificate[] trustAnchor;
    InetSocketAddress peerAddress;
    byte[] serializedMessage;
    PublicKey serverPublicKey;

    @Before
    public void setUp() throws Exception {
        this.peerAddress = new InetSocketAddress(InetAddress.getLoopbackAddress(), 5684);
        this.certificateChain = DtlsTestTools.getServerCertificateChain();
        this.serverPublicKey = DtlsTestTools.getPublicKey();
        this.trustAnchor = DtlsTestTools.getTrustedCertificates();
    }

    @Test
    public void testCertificateMessageDoesNotContainRootCert() throws IOException, GeneralSecurityException {
        Assert.assertThat(Integer.valueOf(DtlsTestTools.getServerCertificateChain().length), CoreMatchers.is(OrderingComparison.greaterThan(1)));
        givenACertificateMessage(DtlsTestTools.getServerCertificateChain(), false);
        assertThatCertificateChainDoesNotContainRootCert(this.message.getCertificateChain());
    }

    private static void assertThatCertificateChainDoesNotContainRootCert(CertPath certPath) {
        X500Principal x500Principal = null;
        for (Certificate certificate : certPath.getCertificates()) {
            Assert.assertThat(certificate, CoreMatchers.instanceOf(X509Certificate.class));
            X509Certificate x509Certificate = (X509Certificate) certificate;
            Assert.assertThat(x509Certificate.getSubjectX500Principal(), CoreMatchers.is(CoreMatchers.not(x509Certificate.getIssuerX500Principal())));
            if (x500Principal != null) {
                Assert.assertThat(x500Principal, CoreMatchers.is(x509Certificate.getSubjectX500Principal()));
            }
            x500Principal = x509Certificate.getIssuerX500Principal();
        }
    }

    @Test
    public void testEmptyCertificateMessageSerialization() {
        givenAnEmptyCertificateMessage();
        assertSerializedMessageLength(3);
        givenAnEmptyRawPublicKeyCertificateMessage();
        assertSerializedMessageLength(3);
    }

    @Test
    public void testFromByteArrayHandlesEmptyMessageCorrectly() throws HandshakeException {
        this.serializedMessage = new byte[]{0, 0, 0};
        this.message = CertificateMessage.fromReader(new DatagramReader(this.serializedMessage), CertificateType.X_509, this.peerAddress);
        assertSerializedMessageLength(3);
        this.message = CertificateMessage.fromReader(new DatagramReader(this.serializedMessage), CertificateType.RAW_PUBLIC_KEY, this.peerAddress);
        assertSerializedMessageLength(3);
    }

    @Test
    public void testFromByteArrayCompliesWithRfc7250() throws Exception {
        givenASerializedRawPublicKeyCertificateMessage(this.serverPublicKey);
        this.message = CertificateMessage.fromReader(new DatagramReader(this.serializedMessage), CertificateType.RAW_PUBLIC_KEY, this.peerAddress);
        Assert.assertThat(this.message.getPublicKey(), CoreMatchers.is(this.serverPublicKey));
    }

    @Test
    public void testFragmentToByteArrayCompliesWithRfc7250() throws Exception {
        givenARawPublicKeyCertificateMessage(this.serverPublicKey);
        this.serializedMessage = this.message.fragmentToByteArray();
        assertThatSerializedRawPublicKeyMessageCompliesWithRfc7250();
    }

    private void assertThatSerializedRawPublicKeyMessageCompliesWithRfc7250() {
        long length = this.serverPublicKey.getEncoded().length;
        Assert.assertThat(Long.valueOf(this.serializedMessage.length), CoreMatchers.is(Long.valueOf(length + 3)));
        Assert.assertThat(Long.valueOf(new DatagramReader(this.serializedMessage).readLong(24)), CoreMatchers.is(Long.valueOf(length)));
    }

    @Test
    public void testSerializationUsingRawPublicKey() throws IOException, GeneralSecurityException, HandshakeException {
        givenACertificateMessage(DtlsTestTools.getServerCertificateChain(), true);
        HandshakeParameter handshakeParameter = new HandshakeParameter(CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN, CertificateType.RAW_PUBLIC_KEY);
        PublicKey publicKey = this.message.getPublicKey();
        Assert.assertNotNull(publicKey);
        this.serializedMessage = this.message.toByteArray();
        Assert.assertThat(DtlsTestTools.fromByteArray(this.serializedMessage, handshakeParameter, this.peerAddress).getPublicKey(), CoreMatchers.is(publicKey));
    }

    @Test
    public void testSerializationUsingX509() throws IOException, GeneralSecurityException, HandshakeException {
        givenACertificateMessage(DtlsTestTools.getServerCertificateChain(), false);
        HandshakeParameter handshakeParameter = new HandshakeParameter(CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN, CertificateType.X_509);
        PublicKey publicKey = this.message.getPublicKey();
        Assert.assertNotNull(publicKey);
        this.serializedMessage = this.message.toByteArray();
        Assert.assertThat(DtlsTestTools.fromByteArray(this.serializedMessage, handshakeParameter, this.peerAddress).getPublicKey(), CoreMatchers.is(publicKey));
    }

    private void assertSerializedMessageLength(int i) {
        Assert.assertThat(Integer.valueOf(this.message.getMessageLength()), CoreMatchers.is(Integer.valueOf(i)));
        Assert.assertThat(Integer.valueOf(this.message.fragmentToByteArray().length), CoreMatchers.is(Integer.valueOf(i)));
    }

    private void givenACertificateMessage(X509Certificate[] x509CertificateArr, boolean z) throws IOException, GeneralSecurityException {
        this.certificateChain = x509CertificateArr;
        if (z) {
            this.message = new CertificateMessage(x509CertificateArr[0].getPublicKey().getEncoded(), this.peerAddress);
        } else {
            this.message = new CertificateMessage(Arrays.asList(x509CertificateArr), this.peerAddress);
        }
    }

    private void givenARawPublicKeyCertificateMessage(PublicKey publicKey) {
        this.message = new CertificateMessage(publicKey.getEncoded(), this.peerAddress);
    }

    private void givenASerializedRawPublicKeyCertificateMessage(PublicKey publicKey) throws IOException, GeneralSecurityException {
        byte[] encoded = publicKey.getEncoded();
        DatagramWriter datagramWriter = new DatagramWriter();
        datagramWriter.writeLong(encoded.length, 24);
        datagramWriter.writeBytes(encoded);
        this.serializedMessage = datagramWriter.toByteArray();
    }

    private void givenAnEmptyCertificateMessage() {
        this.message = new CertificateMessage(Collections.emptyList(), this.peerAddress);
    }

    private void givenAnEmptyRawPublicKeyCertificateMessage() {
        this.message = new CertificateMessage(Bytes.EMPTY, this.peerAddress);
    }
}
