package org.apache.directory.server.ssl;

import java.security.cert.X509Certificate;
import java.util.Hashtable;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.ModificationItem;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.util.Strings;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.annotations.SaslMechanism;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.core.security.TlsKeyGenerator;
import org.apache.directory.server.ldap.handlers.extended.StoredProcedureExtendedOperationHandler;
import org.apache.directory.server.ldap.handlers.sasl.cramMD5.CramMd5MechanismHandler;
import org.apache.directory.server.ldap.handlers.sasl.digestMD5.DigestMd5MechanismHandler;
import org.apache.directory.server.ldap.handlers.sasl.gssapi.GssapiMechanismHandler;
import org.apache.directory.server.ldap.handlers.sasl.ntlm.NtlmMechanismHandler;
import org.apache.directory.server.ldap.handlers.sasl.plain.PlainMechanismHandler;
import org.apache.directory.server.operations.bind.BogusNtlmProvider;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;

@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP"), @CreateTransport(protocol = "LDAPS")}, saslHost = "localhost", saslMechanisms = {@SaslMechanism(name = "PLAIN", implClass = PlainMechanismHandler.class), @SaslMechanism(name = "CRAM-MD5", implClass = CramMd5MechanismHandler.class), @SaslMechanism(name = "DIGEST-MD5", implClass = DigestMd5MechanismHandler.class), @SaslMechanism(name = "GSSAPI", implClass = GssapiMechanismHandler.class), @SaslMechanism(name = "NTLM", implClass = NtlmMechanismHandler.class), @SaslMechanism(name = "GSS-SPNEGO", implClass = NtlmMechanismHandler.class)}, extendedOpHandlers = {StoredProcedureExtendedOperationHandler.class}, ntlmProvider = BogusNtlmProvider.class)
@RunWith(FrameworkRunner.class)
@CreateDS(allowAnonAccess = true, name = "LdapsUpdateCertificateIT-class")
/* loaded from: input_file:org/apache/directory/server/ssl/LdapsUpdateCertificateIT.class */
public class LdapsUpdateCertificateIT extends AbstractLdapTestUnit {
    public DirContext getSecureConnection() throws Exception {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldap://localhost:" + getLdapServer().getPortSSL() + "/ou=system");
        hashtable.put("java.naming.ldap.factory.socket", SSLSocketFactory.class.getName());
        hashtable.put("java.naming.security.principal", "uid=admin,ou=system");
        hashtable.put("java.naming.security.credentials", "secret");
        hashtable.put("java.naming.security.authentication", "simple");
        return new InitialDirContext(hashtable);
    }

    @Test
    public void testUpdateCertificate() throws Exception {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldaps://localhost:" + getLdapServer().getPortSSL());
        hashtable.put("java.naming.ldap.factory.socket", SSLSocketFactory.class.getName());
        hashtable.put("java.naming.security.principal", "uid=admin,ou=system");
        hashtable.put("java.naming.security.credentials", "secret");
        hashtable.put("java.naming.security.authentication", "simple");
        InitialDirContext initialDirContext = new InitialDirContext(hashtable);
        Entry lookup = getLdapServer().getDirectoryService().getAdminSession().lookup(new Dn(new String[]{"uid=admin,ou=system"}), new String[0]);
        TlsKeyGenerator.addKeyPair(lookup, "cn=new_issuer_dn", "cn=new_subject_dn", "RSA");
        initialDirContext.modifyAttributes("uid=admin,ou=system", new ModificationItem[]{new ModificationItem(2, new BasicAttribute("privateKey", lookup.get("privateKey").getBytes())), new ModificationItem(2, new BasicAttribute("publicKey", lookup.get("publicKey").getBytes())), new ModificationItem(2, new BasicAttribute("userCertificate", lookup.get("userCertificate").getBytes()))});
        initialDirContext.close();
        getLdapServer().reloadSslContext();
        new InitialDirContext(hashtable);
        X509Certificate[] x509CertificateArr = BogusTrustManagerFactory.lastReceivedServerCertificates;
        Assert.assertNotNull(x509CertificateArr);
        Assert.assertEquals(1L, x509CertificateArr.length);
        String name = x509CertificateArr[0].getIssuerDN().getName();
        String name2 = x509CertificateArr[0].getSubjectDN().getName();
        Assert.assertEquals("Expected the new certificate with the new issuer", Strings.toLowerCase("cn=new_issuer_dn"), Strings.toLowerCase(name));
        Assert.assertEquals("Expected the new certificate with the new subject", Strings.toLowerCase("cn=new_subject_dn"), Strings.toLowerCase(name2));
    }
}
