package org.apache.directory.server.ssl;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.HashSet;
import java.util.Hashtable;
import javax.naming.AuthenticationNotSupportedException;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.integ.ServerIntegrationUtils;
import org.apache.directory.server.ldap.handlers.extended.StartTlsHandler;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP"), @CreateTransport(protocol = "LDAPS")}, extendedOpHandlers = {StartTlsHandler.class})
@RunWith(FrameworkRunner.class)
@CreateDS(allowAnonAccess = true, name = "StartTlsConfidentialityIT-class")
/* loaded from: input_file:org/apache/directory/server/ssl/StartTlsConfidentialityIT.class */
public class StartTlsConfidentialityIT extends AbstractLdapTestUnit {
    private static final Logger LOG = LoggerFactory.getLogger(StartTlsConfidentialityIT.class);
    private static final String[] CERT_IDS = {"userCertificate"};
    private File ksFile;
    boolean oldConfidentialityRequiredValue;

    @Before
    public void installKeyStoreWithCertificate() throws Exception {
        if (this.ksFile != null && this.ksFile.exists()) {
            this.ksFile.delete();
        }
        this.ksFile = File.createTempFile("testStore", "ks");
        byte[] bytes = getLdapServer().getDirectoryService().getAdminSession().lookup(new Dn(new String[]{"uid=admin,ou=system"}), CERT_IDS).get(CERT_IDS[0]).getBytes();
        Assert.assertNotNull(bytes);
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bytes));
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry("apacheds", generateCertificate);
        keyStore.store(new FileOutputStream(this.ksFile), "changeit".toCharArray());
        LOG.debug("Keystore file installed: {}", this.ksFile.getAbsolutePath());
        this.oldConfidentialityRequiredValue = getLdapServer().isConfidentialityRequired();
    }

    @After
    public void deleteKeyStore() throws Exception {
        if (this.ksFile != null && this.ksFile.exists()) {
            this.ksFile.delete();
        }
        LOG.debug("Keystore file deleted: {}", this.ksFile.getAbsolutePath());
        getLdapServer().setConfidentialityRequired(this.oldConfidentialityRequiredValue);
    }

    private LdapContext getSecuredContext() throws Exception {
        System.setProperty("javax.net.ssl.trustStore", this.ksFile.getAbsolutePath());
        System.setProperty("javax.net.ssl.keyStore", this.ksFile.getAbsolutePath());
        System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
        LOG.debug("testStartTls() test starting ... ");
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldap://localhost:" + getLdapServer().getPort());
        LOG.debug("About to get initial context");
        InitialLdapContext initialLdapContext = new InitialLdapContext(hashtable, (Control[]) null);
        LOG.debug("About send startTls extended operation");
        StartTlsResponse extendedOperation = initialLdapContext.extendedOperation(new StartTlsRequest());
        LOG.debug("Extended operation issued");
        extendedOperation.setHostnameVerifier(new HostnameVerifier() { // from class: org.apache.directory.server.ssl.StartTlsConfidentialityIT.1
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        });
        LOG.debug("TLS negotion about to begin");
        extendedOperation.negotiate(ReloadableSSLSocketFactory.getDefault());
        return initialLdapContext;
    }

    @Test
    public void testConfidentiality() throws Exception {
        getLdapServer().setConfidentialityRequired(true);
        try {
            ServerIntegrationUtils.getWiredContext(getLdapServer());
            Assert.fail("Should not get here due to violation of confidentiality requirements");
        } catch (AuthenticationNotSupportedException e) {
        }
        LdapContext securedContext = getSecuredContext();
        Assert.assertNotNull(securedContext);
        securedContext.addToEnvironment("java.naming.security.principal", "uid=admin,ou=system");
        securedContext.addToEnvironment("java.naming.security.credentials", "secret");
        securedContext.addToEnvironment("java.naming.security.authentication", "simple");
        securedContext.reconnect((Control[]) null);
        NamingEnumeration search = securedContext.search("ou=system", "(objectClass=*)", new SearchControls());
        HashSet hashSet = new HashSet();
        while (search.hasMore()) {
            hashSet.add(((SearchResult) search.next()).getName());
        }
        search.close();
        Assert.assertTrue(hashSet.contains("prefNodeName=sysPrefRoot"));
        Assert.assertTrue(hashSet.contains("ou=users"));
        Assert.assertTrue(hashSet.contains("ou=configuration"));
        Assert.assertTrue(hashSet.contains("uid=admin"));
        Assert.assertTrue(hashSet.contains("ou=groups"));
        BasicAttributes basicAttributes = new BasicAttributes("objectClass", "person", true);
        basicAttributes.put("sn", "foo");
        basicAttributes.put("cn", "foo bar");
        securedContext.createSubcontext("cn=foo bar,ou=system", basicAttributes);
        Assert.assertNotNull(securedContext.lookup("cn=foo bar,ou=system"));
        securedContext.modifyAttributes("cn=foo bar,ou=system", new ModificationItem[]{new ModificationItem(1, new BasicAttribute("cn", "fbar"))});
        Assert.assertTrue(securedContext.getAttributes("cn=foo bar,ou=system").get("cn").contains("fbar"));
        securedContext.rename("cn=foo bar,ou=system", "cn=fbar,ou=system");
        try {
            securedContext.getAttributes("cn=foo bar,ou=system");
            Assert.fail("old name of renamed entry should not be found");
        } catch (NameNotFoundException e2) {
        }
        Assert.assertTrue(securedContext.getAttributes("cn=fbar,ou=system").get("cn").contains("fbar"));
        securedContext.destroySubcontext("cn=fbar,ou=system");
        try {
            securedContext.getAttributes("cn=fbar,ou=system");
            Assert.fail("deleted entry should not be found");
        } catch (NameNotFoundException e3) {
        }
        securedContext.close();
    }
}
