/*
 *  Licensed to the Apache Software Foundation (ASF) under one or more
 *  contributor license agreements.  See the NOTICE file distributed with
 *  this work for additional information regarding copyright ownership.
 *  The ASF licenses this file to You under the Apache License, Version 2.0
 *  (the "License"); you may not use this file except in compliance with
 *  the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */

package org.apache.harmony.xnet.provider.jsse;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

import junit.framework.TestCase;

/**
 * Tests for <code>TrustManagerImpl</code> constructor and methods
 */
public class TrustManagerImplTest extends TestCase {

    // Cert. encoding.was generated by using of classes
    // from org.apache.harmony.security.asn1 package and encoded
    // by org.apache.harmony.misc.Base64 class.
    // Source:
    // org.apache.harmony.security.tests.support.provider.cert.CertFactoryTestData
    private static String base64certEncoding =
            "-----BEGIN CERTIFICATE-----\n" +
                    "MIIC+jCCAragAwIBAgICAiswDAYHKoZIzjgEAwEBADAdMRswGQYDVQQKExJDZXJ0a" +
                    "WZpY2F0ZSBJc3N1ZXIwIhgPMTk3MDAxMTIxMzQ2NDBaGA8xOTcwMDEyNDAzMzMyMF" +
                    "owHzEdMBsGA1UEChMUU3ViamVjdCBPcmdhbml6YXRpb24wGTAMBgcqhkjOOAQDAQE" +
                    "AAwkAAQIDBAUGBwiBAgCqggIAVaOCAhQwggIQMA8GA1UdDwEB/wQFAwMBqoAwEgYD" +
                    "VR0TAQH/BAgwBgEB/wIBBTAUBgNVHSABAf8ECjAIMAYGBFUdIAAwZwYDVR0RAQH/B" +
                    "F0wW4EMcmZjQDgyMi5OYW1lggdkTlNOYW1lpBcxFTATBgNVBAoTDE9yZ2FuaXphdG" +
                    "lvboYaaHR0cDovL3VuaWZvcm0uUmVzb3VyY2UuSWSHBP///wCIByoDolyDsgMwDAY" +
                    "DVR0eAQH/BAIwADAMBgNVHSQBAf8EAjAAMIGZBgNVHSUBAf8EgY4wgYsGBFUdJQAG" +
                    "CCsGAQUFBwMBBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDB" +
                    "AYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcDBwYIKwYBBQUHAwgGCCsGAQUFBw" +
                    "MJBggrBgEFBQgCAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GA1UdNgEB/wQDAgE" +
                    "BMA4GBCpNhgkBAf8EAwEBATBkBgNVHRIEXTBbgQxyZmNAODIyLk5hbWWCB2ROU05h" +
                    "bWWkFzEVMBMGA1UEChMMT3JnYW5pemF0aW9uhhpodHRwOi8vdW5pZm9ybS5SZXNvd" +
                    "XJjZS5JZIcE////AIgHKgOiXIOyAzAJBgNVHR8EAjAAMAoGA1UdIwQDAQEBMAoGA1" +
                    "UdDgQDAQEBMAoGA1UdIQQDAQEBMAwGByqGSM44BAMBAQADMAAwLQIUAL4QvoazNWP" +
                    "7jrj84/GZlhm09DsCFQCBKGKCGbrP64VtUt4JPmLjW1VxQA==\n" +
                    "-----END CERTIFICATE-----\n";

    private X509Certificate[] untrustedChain;

    @Override
    protected void setUp() throws Exception {
        super.setUp();
        CertificateFactory certFactory = CertificateFactory.getInstance("X509");
        ByteArrayInputStream bais = new ByteArrayInputStream(base64certEncoding
                .getBytes("UTF-8"));
        X509Certificate cert = (X509Certificate) certFactory
                .generateCertificate(bais);
        untrustedChain = new X509Certificate[] { cert };
    }

    public void testTrustManagerImpl_1() throws Exception {
        KeyStore ks = KeyStore.getInstance("BKS");
        ks.load(null, null);

        TrustManagerImpl tm = new TrustManagerImpl(ks);
        assertEquals(0, tm.getAcceptedIssuers().length);
        checkTrustManager(tm);
    }

    public void testTrustManagerImpl_2() throws Exception {
        KeyStore ks = JSSETestData.getKeyStore();

        TrustManagerImpl tm = new TrustManagerImpl(ks);
        assertEquals(1, tm.getAcceptedIssuers().length);
        checkTrustManager(tm);
    }

    private void checkTrustManager(TrustManagerImpl tm) throws Exception {
        try {
            tm.checkClientTrusted(null, "RSA");
            fail("No expected IllegalArgumentException ");
        } catch (IllegalArgumentException e) {
        }

        try {
            tm.checkClientTrusted(new X509Certificate[0], "RSA");
            fail("No expected IllegalArgumentException ");
        } catch (IllegalArgumentException e) {
        }

        try {
            tm.checkClientTrusted(untrustedChain, "RSA");
            fail("No expected CertificateException ");
        } catch (CertificateException e) {
        }

        try {
            tm.checkServerTrusted(null, "RSA");
            fail("No expected IllegalArgumentException ");
        } catch (IllegalArgumentException e) {
        }

        try {
            tm.checkServerTrusted(new X509Certificate[0], "RSA");
            fail("No expected IllegalArgumentException ");
        } catch (IllegalArgumentException e) {
        }

        try {
            tm.checkServerTrusted(untrustedChain, "RSA");
            fail("No expected CertificateException ");
        } catch (CertificateException e) {
        }
    }
}