package org.bitrepository.protocol.security;

import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.util.encoders.Base64;
import org.jaccept.structure.ExtendedTestCase;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/bitrepository/protocol/security/PermissionStoreTest.class */
public class PermissionStoreTest extends ExtendedTestCase {
    private static final String componentID = "TEST";
    private PermissionStore permissionStore;

    @BeforeMethod(alwaysRun = true)
    public void setUp() throws Exception {
        this.permissionStore = new PermissionStore();
        this.permissionStore.loadPermissions(SecurityTestConstants.getDefaultPermissions(), componentID);
    }

    @Test(groups = {"regressiontest"})
    public void positiveCertificateRetrievalTest() throws Exception {
        addDescription("Tests that a certificate can be retrieved based on the correct signerId.");
        addStep("Create signer to lookup certificate", "No exceptions");
        SignerInformation signerInformation = (SignerInformation) new CMSSignedData(new CMSProcessableByteArray(SecurityTestConstants.getTestData().getBytes("UTF-8")), Base64.decode(SecurityTestConstants.getSignature().getBytes("UTF-8"))).getSignerInfos().getSigners().iterator().next();
        addStep("Lookup certificate based on signerId", "No exceptions");
        Assert.assertEquals((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(SecurityTestConstants.getPositiveCertificate().getBytes("UTF-8"))), this.permissionStore.getCertificate(signerInformation.getSID()));
    }

    @Test(groups = {"regressiontest"})
    public void negativeCertificateRetrievalTest() throws Exception {
        addDescription("Tests that a certificate cannot be retrieved based on the wrong signerId.");
        addStep("Create signer and modify its ID so lookup will fail", "No exceptions");
        SignerId sid = ((SignerInformation) new CMSSignedData(new CMSProcessableByteArray(SecurityTestConstants.getTestData().getBytes("UTF-8")), Base64.decode(SecurityTestConstants.getSignature().getBytes("UTF-8"))).getSignerInfos().getSigners().iterator().next()).getSID();
        BigInteger serialNumber = sid.getSerialNumber();
        serialNumber.add(new BigInteger("2"));
        SignerId signerId = new SignerId(sid.getIssuer(), serialNumber);
        addStep("Lookup certificate based on signerId", "No exceptions");
        Assert.assertEquals((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(SecurityTestConstants.getPositiveCertificate().getBytes("UTF-8"))), this.permissionStore.getCertificate(signerId));
    }

    @Test(groups = {"regressiontest"})
    public void certificatePermissionCheckTest() throws Exception {
        addDescription("Tests that a certificate only allows for the expected permission.");
    }

    @Test(groups = {"regressiontest"})
    public void unknownCertificatePermissionCheckTest() throws Exception {
        addDescription("Tests that a unknown certificate results in expected refusal.");
    }
}
