package org.apache.wss4j.common.crypto;

import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.Loader;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/wss4j/common/crypto/AuthorityKeyIdentifierTest.class */
public class AuthorityKeyIdentifierTest extends Assert {
    public AuthorityKeyIdentifierTest() {
        WSProviderConfig.init();
    }

    @Test
    public void testExtractKeyIdentifiers() throws Exception {
        KeyStore loadKeyStore = loadKeyStore("keys/wss40.jks", "security");
        assertNotNull(loadKeyStore);
        X509Certificate x509Certificate = (X509Certificate) loadKeyStore.getCertificate("wss40");
        assertNotNull(x509Certificate);
        byte[] authorityKeyIdentifierBytes = BouncyCastleUtils.getAuthorityKeyIdentifierBytes(x509Certificate);
        assertNotNull(authorityKeyIdentifierBytes);
        KeyStore loadKeyStore2 = loadKeyStore("keys/wss40CA.jks", "security");
        assertNotNull(loadKeyStore2);
        X509Certificate x509Certificate2 = (X509Certificate) loadKeyStore2.getCertificate("wss40CA");
        assertNotNull(x509Certificate2);
        byte[] subjectKeyIdentifierBytes = BouncyCastleUtils.getSubjectKeyIdentifierBytes(x509Certificate2);
        assertNotNull(subjectKeyIdentifierBytes);
        assertTrue(Arrays.equals(authorityKeyIdentifierBytes, subjectKeyIdentifierBytes));
    }

    @Test
    public void testMerlinAKI() throws Exception {
        KeyStore loadKeyStore = loadKeyStore("keys/wss40.jks", "security");
        assertNotNull(loadKeyStore);
        X509Certificate x509Certificate = (X509Certificate) loadKeyStore.getCertificate("wss40");
        assertNotNull(x509Certificate);
        KeyStore loadKeyStore2 = loadKeyStore("keys/wss40CA.jks", "security");
        assertNotNull(loadKeyStore2);
        MerlinAKI merlinAKI = new MerlinAKI();
        merlinAKI.setTrustStore(loadKeyStore2);
        merlinAKI.verifyTrust(new X509Certificate[]{x509Certificate}, false, (Collection) null);
        KeyStore loadKeyStore3 = loadKeyStore("keys/wss86.keystore", "security");
        assertNotNull(loadKeyStore3);
        X509Certificate x509Certificate2 = (X509Certificate) loadKeyStore3.getCertificate("wss86");
        assertNotNull(x509Certificate2);
        try {
            merlinAKI.verifyTrust(new X509Certificate[]{x509Certificate2}, false, (Collection) null);
            fail("Failure expected on trying to validate an untrusted cert");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILURE);
        }
    }

    private KeyStore loadKeyStore(String str, String str2) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(Merlin.loadInputStream(Loader.getClassLoader(AuthorityKeyIdentifierTest.class), str), str2.toCharArray());
        return keyStore;
    }
}
