package org.bouncycastle.est.test;

import java.io.InputStreamReader;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Set;
import junit.framework.TestCase;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.est.jcajce.JsseDefaultHostnameAuthorizer;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.io.pem.PemReader;

/* loaded from: input_file:org/bouncycastle/est/test/TestHostNameAuthorizer.class */
public class TestHostNameAuthorizer extends TestCase {
    protected void setUp() {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    private static X509Certificate readPemCertificate(String str) throws Exception {
        InputStreamReader inputStreamReader = new InputStreamReader(TestHostNameAuthorizer.class.getResourceAsStream(str));
        PemReader pemReader = new PemReader(inputStreamReader);
        X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(pemReader.readPemObject().getContent());
        pemReader.close();
        inputStreamReader.close();
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(x509CertificateHolder);
    }

    public void testCNMatch() throws Exception {
        X509Certificate readPemCertificate = readPemCertificate("san/cert_cn_match_wc.pem");
        assertTrue("Common Name match", new JsseDefaultHostnameAuthorizer((Set) null).verify("aardvark.cisco.com", readPemCertificate));
        assertFalse("Not match", new JsseDefaultHostnameAuthorizer((Set) null).verify("cisco.com", readPemCertificate));
    }

    public void testCNMismatch_1() throws Exception {
        assertFalse("Not match", new JsseDefaultHostnameAuthorizer((Set) null).verify("aardvark", readPemCertificate("san/cert_cn_mismatch_wc.pem")));
    }

    public void testCNIPMismatch() throws Exception {
        assertFalse("Not match", new JsseDefaultHostnameAuthorizer((Set) null).verify("127.0.0.1", readPemCertificate("san/cert_cn_mismatch_ip.pem")));
    }

    public void testWCMismatch() throws Exception {
        assertFalse("Not match", new JsseDefaultHostnameAuthorizer((Set) null).verify("aardvark.cisco.com", readPemCertificate("san/cert_cn_mismatch_ip.pem")));
    }

    public void testSANMatch() throws Exception {
        assertTrue("Match", new JsseDefaultHostnameAuthorizer((Set) null).verify("localhost.cisco.com", readPemCertificate("san/cert_san_match.pem")));
    }

    public void testSANMatchIP() throws Exception {
        X509Certificate readPemCertificate = readPemCertificate("san/cert_san_match_ip.pem");
        assertTrue("Match", new JsseDefaultHostnameAuthorizer((Set) null).verify("192.168.51.140", readPemCertificate));
        assertTrue("Match", new JsseDefaultHostnameAuthorizer((Set) null).verify("127.0.0.1", readPemCertificate));
        assertFalse("Not Match", new JsseDefaultHostnameAuthorizer((Set) null).verify("10.0.0.1", readPemCertificate));
    }

    public void testSANMatchWC() throws Exception {
        X509Certificate readPemCertificate = readPemCertificate("san/cert_san_mismatch_wc.pem");
        assertTrue("Match", new JsseDefaultHostnameAuthorizer((Set) null).verify("roundhouse.yahoo.com", readPemCertificate));
        assertFalse("Not Match", new JsseDefaultHostnameAuthorizer((Set) null).verify("aardvark.cisco.com", readPemCertificate));
    }

    public void testSANMismatchIP() throws Exception {
        assertFalse("Not Match", new JsseDefaultHostnameAuthorizer((Set) null).verify("localhost.me", readPemCertificate("san/cert_san_mismatch_ip.pem")));
    }

    public void testSANMismatchWC() throws Exception {
        assertFalse("Not Match", new JsseDefaultHostnameAuthorizer((Set) null).verify("localhost.me", readPemCertificate("san/cert_san_mismatch_wc.pem")));
    }
}
