package brooklyn.util.crypto;

import java.security.KeyPair;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:brooklyn/util/crypto/SecureKeysAndSignerTest.class */
public class SecureKeysAndSignerTest {
    @Test(groups = {"Integration"})
    public void testGenerateSignedKeys() throws Exception {
        FluentKeySigner selfsign = new FluentKeySigner("the-root").validForYears(2L).selfsign();
        X509Certificate authorityCertificate = selfsign.getAuthorityCertificate();
        X509Certificate newCertificateFor = selfsign.newCertificateFor("A", SecureKeys.newKeyPair());
        X509Certificate newCertificateFor2 = selfsign.newCertificateFor("B", SecureKeys.newKeyPair());
        X509Certificate authorityCertificate2 = new FluentKeySigner("self1").selfsign().getAuthorityCertificate();
        SecureKeys.getTrustManager(newCertificateFor).checkClientTrusted(new X509Certificate[]{newCertificateFor}, "RSA");
        SecureKeys.getTrustManager(authorityCertificate).checkClientTrusted(new X509Certificate[]{authorityCertificate}, "RSA");
        try {
            SecureKeys.getTrustManager(newCertificateFor).checkClientTrusted(new X509Certificate[]{newCertificateFor2}, "RSA");
            Assert.fail("Trust manager for A should not accept B");
        } catch (CertificateException unused) {
        }
        Assert.assertTrue(SecureKeys.isCertificateAuthorizedBy(authorityCertificate, authorityCertificate));
        Assert.assertTrue(SecureKeys.isCertificateAuthorizedBy(newCertificateFor, authorityCertificate));
        Assert.assertTrue(SecureKeys.isCertificateAuthorizedBy(newCertificateFor2, authorityCertificate));
        Assert.assertFalse(SecureKeys.isCertificateAuthorizedBy(authorityCertificate, newCertificateFor));
        Assert.assertFalse(SecureKeys.isCertificateAuthorizedBy(newCertificateFor2, newCertificateFor));
        Assert.assertTrue(SecureKeys.isCertificateAuthorizedBy(authorityCertificate2, authorityCertificate2));
        Assert.assertFalse(SecureKeys.isCertificateAuthorizedBy(authorityCertificate2, authorityCertificate));
    }

    @Test
    public void testInjectCertificateAuthority() throws Exception {
        KeyPair newKeyPair = SecureKeys.newKeyPair();
        X509Certificate authorityCertificate = new FluentKeySigner("the-root", newKeyPair).selfsign().getAuthorityCertificate();
        FluentKeySigner fluentKeySigner = new FluentKeySigner(authorityCertificate, newKeyPair);
        Assert.assertEquals("the-root", fluentKeySigner.getCommonName());
        Assert.assertTrue(SecureKeys.isCertificateAuthorizedBy(fluentKeySigner.newCertificateFor("A", SecureKeys.newKeyPair()), authorityCertificate));
    }
}
