package com.github.tomakehurst.wiremock.http.ssl;

import com.github.tomakehurst.wiremock.testsupport.TestFiles;
import com.github.tomakehurst.wiremock.testsupport.TestNotifier;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Collections;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.condition.DisabledForJreRange;
import org.junit.jupiter.api.condition.JRE;
import org.mockito.BDDMockito;
import org.mockito.Mockito;

/* loaded from: input_file:com/github/tomakehurst/wiremock/http/ssl/CertificateGeneratingX509ExtendedKeyManagerChooseEngineServerAliasTest.class */
public class CertificateGeneratingX509ExtendedKeyManagerChooseEngineServerAliasTest {
    @DisabledForJreRange(min = JRE.JAVA_17, disabledReason = "does not support generating certificates at runtime")
    @Test
    public void generatesAndReturnsNewAliasForWorkingPrivateKey() throws Exception {
        CertificateGeneratingX509ExtendedKeyManager keyManagerFor = keyManagerFor(readKeyStore(TestFiles.KEY_STORE_WITH_CA_PATH, "password"), "password".toCharArray());
        Assertions.assertNull(keyManagerFor.getCertificateChain("example.com"));
        Assertions.assertNull(keyManagerFor.getPrivateKey("example.com"));
        String chooseEngineServerAlias = keyManagerFor.chooseEngineServerAlias("RSA", (Principal[]) null, getSslEngineWithSessionFor("example.com"));
        Assertions.assertEquals("example.com", chooseEngineServerAlias);
        Assertions.assertEquals(2, keyManagerFor.getCertificateChain(chooseEngineServerAlias).length);
        Assertions.assertEquals(getPublicKey((RSAPrivateCrtKey) keyManagerFor.getPrivateKey(chooseEngineServerAlias)), keyManagerFor.getCertificateChain(chooseEngineServerAlias)[0].getPublicKey());
    }

    @Test
    public void returnsSameGeneratedPrivateKeyOnSubsequentCalls() throws Exception {
        CertificateGeneratingX509ExtendedKeyManager keyManagerFor = keyManagerFor(readKeyStore(TestFiles.KEY_STORE_WITH_CA_PATH, "password"), "password".toCharArray());
        SSLEngine sslEngineWithSessionFor = getSslEngineWithSessionFor("example.com");
        String chooseEngineServerAlias = keyManagerFor.chooseEngineServerAlias("RSA", (Principal[]) null, sslEngineWithSessionFor);
        X509Certificate[] certificateChain = keyManagerFor.getCertificateChain(chooseEngineServerAlias);
        PrivateKey privateKey = keyManagerFor.getPrivateKey(chooseEngineServerAlias);
        String chooseEngineServerAlias2 = keyManagerFor.chooseEngineServerAlias("RSA", (Principal[]) null, sslEngineWithSessionFor);
        Assertions.assertEquals(chooseEngineServerAlias, chooseEngineServerAlias2);
        Assertions.assertEquals(privateKey, keyManagerFor.getPrivateKey(chooseEngineServerAlias2));
        Assertions.assertArrayEquals(certificateChain, keyManagerFor.getCertificateChain(chooseEngineServerAlias2));
    }

    private PublicKey getPublicKey(RSAPrivateCrtKey rSAPrivateCrtKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent()));
    }

    private SSLEngine getSslEngineWithSessionFor(String str) {
        SSLEngine sSLEngine = (SSLEngine) Mockito.mock(SSLEngine.class);
        ExtendedSSLSession extendedSSLSession = (ExtendedSSLSession) Mockito.mock(ExtendedSSLSession.class);
        BDDMockito.given(sSLEngine.getHandshakeSession()).willReturn(extendedSSLSession);
        BDDMockito.given(extendedSSLSession.getRequestedServerNames()).willReturn(Collections.singletonList(new SNIHostName(str)));
        return sSLEngine;
    }

    private CertificateGeneratingX509ExtendedKeyManager keyManagerFor(KeyStore keyStore, char[] cArr) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, cArr);
        return new CertificateGeneratingX509ExtendedKeyManager(findExtendedKeyManager(keyManagerFactory.getKeyManagers()), new DynamicKeyStore(new X509KeyStore(keyStore, cArr)), new ApacheHttpHostNameMatcher(), new TestNotifier());
    }

    private X509ExtendedKeyManager findExtendedKeyManager(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509ExtendedKeyManager) {
                return (X509ExtendedKeyManager) keyManager;
            }
        }
        throw new AssertionError("Can't run this test of the SSL provider does not create X509ExtendedKeyManager instances");
    }

    private static KeyStore readKeyStore(String str, String str2) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            keyStore.load(fileInputStream, str2.toCharArray());
            fileInputStream.close();
            return keyStore;
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }
}
