package be.ehealth.technicalconnector.cryptolib;

import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import be.ehealth.technicalconnector.service.etee.domain.EncryptionToken;
import be.ehealth.technicalconnector.service.sts.security.KeyStoreInfo;
import be.ehealth.technicalconnector.service.sts.security.impl.BeIDCredential;
import be.ehealth.technicalconnector.service.sts.security.impl.KeyStoreCredential;
import be.ehealth.technicalconnector.utils.ConnectorIOUtils;
import be.fgov.ehealth.etee.crypto.encrypt.DataSealer;
import be.fgov.ehealth.etee.crypto.encrypt.DataSealerBuilder;
import be.fgov.ehealth.etee.crypto.encrypt.EncryptionTokenFactory;
import be.fgov.ehealth.etee.crypto.policies.EncryptionPolicy;
import be.fgov.ehealth.etee.crypto.policies.OCSPPolicy;
import be.fgov.ehealth.etee.crypto.policies.SigningCredential;
import be.fgov.ehealth.etee.crypto.policies.SigningPolicy;
import be.fgov.ehealth.etee.crypto.utils.Iterables;
import be.fgov.ehealth.technicalconnector.tests.junit.rule.SessionRule;
import be.fgov.ehealth.technicalconnector.tests.utils.AssumeTools;
import be.fgov.ehealth.technicalconnector.tests.utils.TestPropertiesLoader;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Properties;
import org.bouncycastle.util.encoders.Base64;
import org.joda.time.DateTime;
import org.joda.time.Duration;
import org.junit.Assert;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/ehealth/technicalconnector/cryptolib/EhealthCryptoLibTest.class */
public class EhealthCryptoLibTest {
    private static final String ETK_KGSS = "/etee/kgss_acc.etk";
    private static String eHealthCertificate;
    private static String eHealthCertificatePwd;
    private final String stringToSeal = "test";
    private static Properties props;
    private static final Logger LOG = LoggerFactory.getLogger(EhealthCryptoLibTest.class);

    @ClassRule
    public static SessionRule rule = SessionRule.withInactiveSession().build();

    @Before
    public void init() throws Exception {
        props = TestPropertiesLoader.getProperties("/be.ehealth.technicalconnector.test.properties");
        eHealthCertificate = props.getProperty("test.keystore.location");
        eHealthCertificatePwd = props.getProperty("test.keystore.password");
    }

    @Test
    public void sealWithEid() throws Exception {
        AssumeTools.isEIDEnabled();
        BeIDCredential beIDCredential = BeIDCredential.getInstance("test", "Signature");
        LOG.debug(beIDCredential.getPrivateKey().getClass().getName());
        KeyStore keyStore = beIDCredential.getKeyStore();
        Assert.assertNotNull(new String(Base64.encode(DataSealerBuilder.newBuilder().addOCSPPolicy(OCSPPolicy.NONE).addSigningPolicy(SigningPolicy.EID, retrieveSigningCredential("Authentication", keyStore), retrieveSigningCredential("Signature", keyStore)).addPublicKeyPolicy(EncryptionPolicy.KNOWN_RECIPIENT).addSecretKeyPolicy(EncryptionPolicy.UNKNOWN_RECIPIENT).build().seal(EncryptionTokenFactory.getInstance().create(new EncryptionToken(getKgssEtk()).getEncoded()), "test".getBytes()))));
    }

    @Test
    public void sealWithEhealthCert() throws Exception {
        KeyStoreCredential keyStoreCredential = new KeyStoreCredential(new KeyStoreInfo(eHealthCertificate, eHealthCertificatePwd.toCharArray(), props.getProperty("test.keystore.alias"), eHealthCertificatePwd.toCharArray()));
        SigningCredential create = SigningCredential.create(keyStoreCredential.getPrivateKey(), (X509Certificate[]) Arrays.copyOf(keyStoreCredential.getCertificateChain(), keyStoreCredential.getCertificateChain().length, X509Certificate[].class));
        DataSealer build = DataSealerBuilder.newBuilder().addOCSPPolicy(OCSPPolicy.NONE).addSigningPolicy(SigningPolicy.EHEALTH_CERT, create, create).addPublicKeyPolicy(EncryptionPolicy.KNOWN_RECIPIENT).addSecretKeyPolicy(EncryptionPolicy.UNKNOWN_RECIPIENT).build();
        EncryptionToken encryptionToken = new EncryptionToken(getKgssEtk());
        DateTime dateTime = new DateTime();
        byte[] seal = build.seal(EncryptionTokenFactory.getInstance().create(encryptionToken.getEncoded()), "test".getBytes());
        LOG.debug(new Duration(dateTime.getMillis(), new DateTime().getMillis()) + "");
        Assert.assertNotNull(new String(Base64.encode(seal)));
    }

    private InputStream getKgssEtk() throws TechnicalConnectorException {
        return ConnectorIOUtils.getResourceAsStream(ETK_KGSS);
    }

    private SigningCredential retrieveSigningCredential(String str, KeyStore keyStore) {
        try {
            Certificate[] certificateChain = keyStore.getCertificateChain(str);
            return SigningCredential.create((PrivateKey) keyStore.getKey(str, null), Iterables.newList((X509Certificate[]) Arrays.copyOf(certificateChain, certificateChain.length, X509Certificate[].class)));
        } catch (NullPointerException e) {
            throw new IllegalArgumentException("The key store doesn't contain the required key with alias [" + str + "]", e);
        } catch (KeyStoreException e2) {
            throw new IllegalArgumentException("Given keystore hasn't been initialized", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new IllegalStateException("There is a problem with the Security configuration... Check if all the required security providers are correctly registered", e3);
        } catch (UnrecoverableKeyException e4) {
            throw new IllegalStateException("The private key with alias [" + str + "] could not be recovered from the given keystore", e4);
        }
    }
}
