package net.shibboleth.metadata.validate.x509.testing;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import javax.annotation.Nonnull;
import net.shibboleth.metadata.ErrorStatus;
import net.shibboleth.metadata.Item;
import net.shibboleth.metadata.WarningStatus;
import net.shibboleth.metadata.pipeline.StageProcessingException;
import net.shibboleth.metadata.testing.BaseTest;
import net.shibboleth.metadata.testing.MockItem;
import net.shibboleth.metadata.validate.Validator;
import net.shibboleth.metadata.validate.x509.X509RSAOpenSSLKeylistValidator;
import org.apache.commons.codec.binary.Hex;
import org.springframework.core.io.ClassPathResource;
import org.testng.Assert;

/* loaded from: input_file:net/shibboleth/metadata/validate/x509/testing/BaseX509ValidatorTest.class */
public abstract class BaseX509ValidatorTest extends BaseTest {

    @Nonnull
    private CertificateFactory factory;
    private final byte[] openSSLprefix;
    static final /* synthetic */ boolean $assertionsDisabled;

    public BaseX509ValidatorTest(@Nonnull Class<?> cls) throws Exception {
        super(cls);
        this.openSSLprefix = new byte[]{77, 111, 100, 117, 108, 117, 115, 61};
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        if (!$assertionsDisabled && certificateFactory == null) {
            throw new AssertionError();
        }
        this.factory = certificateFactory;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public X509Certificate getCertificate(String str) throws Exception {
        X509Certificate x509Certificate = (X509Certificate) this.factory.generateCertificate(getClasspathResource(str).getInputStream());
        if ($assertionsDisabled || x509Certificate != null) {
            return x509Certificate;
        }
        throw new AssertionError();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void errorsAndWarnings(Item<?> item, int i, int i2) {
        List list = item.getItemMetadata().get(ErrorStatus.class);
        List list2 = item.getItemMetadata().get(WarningStatus.class);
        Assert.assertEquals(list.size(), i, "wrong number of errors");
        Assert.assertEquals(list2.size(), i2, "wrong number of warnings");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void testCert(String str, Validator<X509Certificate> validator, int i, int i2) throws Exception {
        MockItem mockItem = new MockItem("foo");
        Assert.assertEquals(validator.validate(getCertificate(str), mockItem, "stage"), Validator.Action.CONTINUE);
        errorsAndWarnings(mockItem, i, i2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Validator<X509Certificate> getCompromisedKeyValidator(int i) throws Exception {
        ClassPathResource classPathResource;
        switch (i) {
            case 1024:
                classPathResource = new ClassPathResource("net/shibboleth/metadata/keylists/rsa/legacy/compromised-1024.txt");
                break;
            case 2048:
                classPathResource = new ClassPathResource("net/shibboleth/metadata/keylists/rsa/compromised-2048.txt");
                break;
            case 4096:
                classPathResource = new ClassPathResource("net/shibboleth/metadata/keylists/rsa/compromised-4096.txt");
                break;
            default:
                throw new IllegalArgumentException();
        }
        X509RSAOpenSSLKeylistValidator x509RSAOpenSSLKeylistValidator = new X509RSAOpenSSLKeylistValidator();
        x509RSAOpenSSLKeylistValidator.setId("validator-" + i);
        x509RSAOpenSSLKeylistValidator.setKeylistResource(classPathResource);
        x509RSAOpenSSLKeylistValidator.setKeySize(i);
        x509RSAOpenSSLKeylistValidator.initialize();
        return x509RSAOpenSSLKeylistValidator;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public String openSSLDigest(@Nonnull BigInteger bigInteger) throws StageProcessingException {
        try {
            byte[] byteArray = bigInteger.toByteArray();
            if (byteArray[0] == 0) {
                byteArray = Arrays.copyOfRange(byteArray, 1, byteArray.length);
            }
            char[] encodeHex = Hex.encodeHex(byteArray, false);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                byteArrayOutputStream.write(this.openSSLprefix);
                for (char c : encodeHex) {
                    byteArrayOutputStream.write((byte) c);
                }
                byteArrayOutputStream.write(10);
                MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
                messageDigest.update(byteArrayOutputStream.toByteArray());
                String substring = String.valueOf(Hex.encodeHex(messageDigest.digest(), true)).substring(20);
                if ($assertionsDisabled || substring != null) {
                    return substring;
                }
                throw new AssertionError();
            } catch (IOException e) {
                throw new StageProcessingException("internal error writing to ByteArrayStream", e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new StageProcessingException("could not create message digester", e2);
        }
    }

    static {
        $assertionsDisabled = !BaseX509ValidatorTest.class.desiredAssertionStatus();
    }
}
