package io.fusionauth.jwt.ec;

import io.fusionauth.jwt.BaseJWTTest;
import io.fusionauth.jwt.InvalidKeyTypeException;
import io.fusionauth.pem.domain.PEM;
import io.fusionauth.security.BCFIPSCryptoProvider;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Signature;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:io/fusionauth/jwt/ec/ECSignerTest.class */
public class ECSignerTest extends BaseJWTTest {
    @Test
    public void test_invalidKey() {
        try {
            ECSigner.newSHA256Signer(readFile("rsa_private_key_2048.pem"));
            Assert.fail("Expected exception.");
        } catch (InvalidKeyTypeException e) {
            Assert.assertEquals(e.getMessage(), "Expecting a private key of type [ECPrivateKey], but found [RSAPrivateCrtKeyImpl].");
        }
        try {
            ECSigner.newSHA256Signer(PEM.decode(readFile("rsa_private_key_2048.pem")).privateKey);
            Assert.fail("Expected exception.");
        } catch (InvalidKeyTypeException e2) {
            Assert.assertEquals(e2.getMessage(), "Expecting a private key of type [ECPrivateKey], but found [RSAPrivateCrtKeyImpl].");
        }
    }

    @Test
    public void round_trip_raw1() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(new ECGenParameterSpec("secp256r1"));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(generateKeyPair.getPrivate());
        signature.update("text ecdsa with sha256".getBytes(StandardCharsets.UTF_8));
        byte[] sign = signature.sign();
        Signature signature2 = Signature.getInstance("SHA256withECDSA");
        signature2.initVerify(generateKeyPair.getPublic());
        signature2.update("text ecdsa with sha256".getBytes(StandardCharsets.UTF_8));
        Assert.assertTrue(signature2.verify(sign));
    }

    @Test
    public void round_trip_raw2() throws Exception {
        ECPublicKey eCPublicKey = (ECPublicKey) PEM.decode(new String(Files.readAllBytes(Paths.get("src/test/resources/ec_public_key_p_256.pem", new String[0])))).getPublicKey();
        ECPrivateKey eCPrivateKey = (ECPrivateKey) PEM.decode(new String(Files.readAllBytes(Paths.get("src/test/resources/ec_private_key_p_256.pem", new String[0])))).getPrivateKey();
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(eCPrivateKey);
        signature.update("text ecdsa with sha256".getBytes(StandardCharsets.UTF_8));
        byte[] sign = signature.sign();
        Signature signature2 = Signature.getInstance("SHA256withECDSA");
        signature2.initVerify(eCPublicKey);
        signature2.update("text ecdsa with sha256".getBytes(StandardCharsets.UTF_8));
        Assert.assertTrue(signature2.verify(sign));
    }

    @Test
    public void test_private_pem_parsing() {
        Assert.assertNotNull(ECSigner.newSHA256Signer(readFile("ec_private_key_p_256.pem")));
        Assert.assertNotNull(ECSigner.newSHA256Signer(readFile("ec_private_key_p_384.pem")));
        Assert.assertNotNull(ECSigner.newSHA256Signer(readFile("ec_private_key_p_521.pem")));
        Assert.assertNotNull(ECSigner.newSHA384Signer(readFile("ec_private_key_p_256.pem")));
        Assert.assertNotNull(ECSigner.newSHA384Signer(readFile("ec_private_key_p_384.pem")));
        Assert.assertNotNull(ECSigner.newSHA384Signer(readFile("ec_private_key_p_521.pem")));
        Assert.assertNotNull(ECSigner.newSHA512Signer(readFile("ec_private_key_p_256.pem")));
        Assert.assertNotNull(ECSigner.newSHA512Signer(readFile("ec_private_key_p_384.pem")));
        Assert.assertNotNull(ECSigner.newSHA512Signer(readFile("ec_private_key_p_521.pem")));
        Assert.assertEquals(ECSigner.newSHA256Signer(readFile("ec_private_key_p_256.pem"), "abc").getKid(), "abc");
        Assert.assertEquals(ECSigner.newSHA256Signer(readFile("ec_private_key_p_384.pem"), "abc").getKid(), "abc");
        Assert.assertEquals(ECSigner.newSHA256Signer(readFile("ec_private_key_p_521.pem"), "abc").getKid(), "abc");
        Assert.assertEquals(ECSigner.newSHA384Signer(readFile("ec_private_key_p_256.pem"), "abc").getKid(), "abc");
        Assert.assertEquals(ECSigner.newSHA384Signer(readFile("ec_private_key_p_384.pem"), "abc").getKid(), "abc");
        Assert.assertEquals(ECSigner.newSHA384Signer(readFile("ec_private_key_p_521.pem"), "abc").getKid(), "abc");
        Assert.assertEquals(ECSigner.newSHA512Signer(readFile("ec_private_key_p_256.pem"), "abc").getKid(), "abc");
        Assert.assertEquals(ECSigner.newSHA512Signer(readFile("ec_private_key_p_384.pem"), "abc").getKid(), "abc");
        Assert.assertEquals(ECSigner.newSHA512Signer(readFile("ec_private_key_p_521.pem"), "abc").getKid(), "abc");
        ECSigner.newSHA256Signer(readFile("ec_private_key_p_256.pem"), new BCFIPSCryptoProvider());
        ECSigner.newSHA256Signer(readFile("ec_private_key_p_384.pem"), new BCFIPSCryptoProvider());
        ECSigner.newSHA256Signer(readFile("ec_private_key_p_521.pem"), new BCFIPSCryptoProvider());
        ECSigner.newSHA384Signer(readFile("ec_private_key_p_256.pem"), new BCFIPSCryptoProvider());
        ECSigner.newSHA384Signer(readFile("ec_private_key_p_384.pem"), new BCFIPSCryptoProvider());
        ECSigner.newSHA384Signer(readFile("ec_private_key_p_521.pem"), new BCFIPSCryptoProvider());
        ECSigner.newSHA512Signer(readFile("ec_private_key_p_256.pem"), new BCFIPSCryptoProvider());
        ECSigner.newSHA512Signer(readFile("ec_private_key_p_384.pem"), new BCFIPSCryptoProvider());
        ECSigner.newSHA512Signer(readFile("ec_private_key_p_521.pem"), new BCFIPSCryptoProvider());
    }
}
