package org.apache.directory.server.ssl;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Hashtable;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.ModificationItem;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.util.Strings;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.core.security.TlsKeyGenerator;
import org.apache.directory.server.ldap.handlers.extended.StartTlsHandler;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP"), @CreateTransport(protocol = "LDAPS")}, extendedOpHandlers = {StartTlsHandler.class})
@RunWith(FrameworkRunner.class)
@CreateDS(allowAnonAccess = true, name = "StartTlsUpdateCertificateIT-class")
/* loaded from: input_file:org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.class */
public class StartTlsUpdateCertificateIT extends AbstractLdapTestUnit {
    private static final Logger LOG = LoggerFactory.getLogger(StartTlsUpdateCertificateIT.class);
    private static final String[] CERT_IDS = {"userCertificate"};
    private File ksFile;
    boolean oldConfidentialityRequiredValue;

    @Before
    public void installKeyStoreWithCertificate() throws Exception {
        if (this.ksFile != null && this.ksFile.exists()) {
            this.ksFile.delete();
        }
        this.ksFile = File.createTempFile("testStore", "ks");
        byte[] bytes = getLdapServer().getDirectoryService().getAdminSession().lookup(new Dn(new String[]{"uid=admin,ou=system"}), CERT_IDS).get(CERT_IDS[0]).getBytes();
        Assert.assertNotNull(bytes);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes);
        Throwable th = null;
        try {
            try {
                Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                keyStore.setCertificateEntry("apacheds", generateCertificate);
                keyStore.store(new FileOutputStream(this.ksFile), "changeit".toCharArray());
                LOG.debug("Keystore file installed: {}", this.ksFile.getAbsolutePath());
                if (byteArrayInputStream != null) {
                    if (0 != 0) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        byteArrayInputStream.close();
                    }
                }
                this.oldConfidentialityRequiredValue = getLdapServer().isConfidentialityRequired();
            } finally {
            }
        } catch (Throwable th3) {
            if (byteArrayInputStream != null) {
                if (th != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    byteArrayInputStream.close();
                }
            }
            throw th3;
        }
    }

    @After
    public void deleteKeyStore() throws Exception {
        if (this.ksFile != null && this.ksFile.exists()) {
            this.ksFile.delete();
        }
        LOG.debug("Keystore file deleted: {}", this.ksFile.getAbsolutePath());
        getLdapServer().setConfidentialityRequired(this.oldConfidentialityRequiredValue);
    }

    @Test
    public void testUpdateCertificate() throws Exception {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldap://localhost:" + getLdapServer().getPort());
        hashtable.put("java.naming.security.principal", "uid=admin,ou=system");
        hashtable.put("java.naming.security.credentials", "secret");
        hashtable.put("java.naming.security.authentication", "simple");
        InitialLdapContext initialLdapContext = new InitialLdapContext(hashtable, (Control[]) null);
        StartTlsResponse extendedOperation = initialLdapContext.extendedOperation(new StartTlsRequest());
        extendedOperation.setHostnameVerifier(new HostnameVerifier() { // from class: org.apache.directory.server.ssl.StartTlsUpdateCertificateIT.1
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        });
        extendedOperation.negotiate(BogusSSLContextFactory.getInstance(false).getSocketFactory());
        Entry lookup = getLdapServer().getDirectoryService().getAdminSession().lookup(new Dn(new String[]{"uid=admin,ou=system"}), new String[0]);
        TlsKeyGenerator.addKeyPair(lookup, "cn=new_issuer_dn", "cn=new_subject_dn", "RSA");
        initialLdapContext.modifyAttributes("uid=admin,ou=system", new ModificationItem[]{new ModificationItem(2, new BasicAttribute("privateKey", lookup.get("privateKey").getBytes())), new ModificationItem(2, new BasicAttribute("publicKey", lookup.get("publicKey").getBytes())), new ModificationItem(2, new BasicAttribute("userCertificate", lookup.get("userCertificate").getBytes()))});
        initialLdapContext.close();
        getLdapServer().reloadSslContext();
        StartTlsResponse extendedOperation2 = new InitialLdapContext(hashtable, (Control[]) null).extendedOperation(new StartTlsRequest());
        extendedOperation2.setHostnameVerifier(new HostnameVerifier() { // from class: org.apache.directory.server.ssl.StartTlsUpdateCertificateIT.2
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        });
        extendedOperation2.negotiate(BogusSSLContextFactory.getInstance(false).getSocketFactory());
        X509Certificate[] x509CertificateArr = BogusTrustManagerFactory.lastReceivedServerCertificates;
        Assert.assertNotNull(x509CertificateArr);
        Assert.assertEquals(1L, x509CertificateArr.length);
        String name = x509CertificateArr[0].getIssuerDN().getName();
        String name2 = x509CertificateArr[0].getSubjectDN().getName();
        Assert.assertEquals("Expected the new certificate with the new issuer", Strings.toLowerCase("cn=new_issuer_dn"), Strings.toLowerCase(name));
        Assert.assertEquals("Expected the new certificate with the new subject", Strings.toLowerCase("cn=new_subject_dn"), Strings.toLowerCase(name2));
    }
}
