package org.apache.directory.server.ssl;

import java.io.File;
import java.io.FileOutputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.directory.api.ldap.model.entry.DefaultEntry;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.directory.ldap.client.api.NoVerificationTrustManager;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.ApacheDSTestExtension;
import org.apache.directory.server.core.security.TlsKeyGenerator;
import org.apache.directory.server.ldap.handlers.extended.StartTlsHandler;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;

@ExtendWith({ApacheDSTestExtension.class})
@CreateDS(allowAnonAccess = true, name = "KeyStoreIT-class")
/* loaded from: input_file:org/apache/directory/server/ssl/KeyStoreIT.class */
public class KeyStoreIT extends AbstractLdapTestUnit {
    private static final String KEYSTORE_PW = "changeit";
    private static final String GOOD_KEYSTORE = "target/test-classes/good-keystore.ks";
    private static final String BAD_KEYSTORE_WITH_ZERO_ENTRIES = "target/test-classes/bad-keystore-with-zero-entries.ks";
    private static final String BAD_KEYSTORE_WITH_TWO_ENTRIES = "target/test-classes/bad-keystore-with-two-entries.ks";
    private static final String NON_EXISTING_KEY_STORE_FILE = "target/test-classes/non-existing-keystore-file.ks";

    @BeforeAll
    public static void installKeyStoreWithCertificate() throws Exception {
        File file;
        KeyStore keyStore;
        Throwable th;
        KeyStore keyStore2;
        Throwable th2;
        File file2 = new File(GOOD_KEYSTORE);
        if (file2.exists()) {
            file2.delete();
        }
        DefaultEntry defaultEntry = new DefaultEntry();
        TlsKeyGenerator.addKeyPair(defaultEntry);
        KeyPair keyPair = TlsKeyGenerator.getKeyPair(defaultEntry);
        X509Certificate certificate = TlsKeyGenerator.getCertificate(defaultEntry);
        KeyStore keyStore3 = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore3.load(null, null);
        keyStore3.setCertificateEntry("apacheds", certificate);
        keyStore3.setKeyEntry("apacheds", keyPair.getPrivate(), KEYSTORE_PW.toCharArray(), new Certificate[]{certificate});
        FileOutputStream fileOutputStream = new FileOutputStream(file2);
        Throwable th3 = null;
        try {
            try {
                keyStore3.store(fileOutputStream, KEYSTORE_PW.toCharArray());
                if (fileOutputStream != null) {
                    if (0 != 0) {
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    } else {
                        fileOutputStream.close();
                    }
                }
                file = new File(BAD_KEYSTORE_WITH_ZERO_ENTRIES);
                if (file.exists()) {
                    file.delete();
                }
                keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                fileOutputStream = new FileOutputStream(file);
                th = null;
            } catch (Throwable th5) {
                th3 = th5;
                throw th5;
            }
            try {
                try {
                    keyStore.store(new FileOutputStream(file), KEYSTORE_PW.toCharArray());
                    if (fileOutputStream != null) {
                        if (0 != 0) {
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th6) {
                                th.addSuppressed(th6);
                            }
                        } else {
                            fileOutputStream.close();
                        }
                    }
                    File file3 = new File(BAD_KEYSTORE_WITH_TWO_ENTRIES);
                    if (file3.exists()) {
                        file3.delete();
                    }
                    keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore2.load(null, null);
                    keyStore2.setCertificateEntry("foo123", certificate);
                    keyStore2.setKeyEntry("apacheds", keyPair.getPrivate(), KEYSTORE_PW.toCharArray(), new Certificate[]{certificate});
                    fileOutputStream = new FileOutputStream(file3);
                    th2 = null;
                } catch (Throwable th7) {
                    th = th7;
                    throw th7;
                }
                try {
                    try {
                        keyStore2.store(fileOutputStream, KEYSTORE_PW.toCharArray());
                        if (fileOutputStream != null) {
                            if (0 == 0) {
                                fileOutputStream.close();
                                return;
                            }
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th8) {
                                th2.addSuppressed(th8);
                            }
                        }
                    } catch (Throwable th9) {
                        th2 = th9;
                        throw th9;
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            if (fileOutputStream != null) {
                if (th3 != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th10) {
                        th3.addSuppressed(th10);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
        }
    }

    @CreateLdapServer(transports = {@CreateTransport(protocol = "LDAPS")})
    @Test
    public void testLdaps_DefaultAdminCert_NoVerificationTrustManager() throws Exception {
        LdapConnectionConfig ldapsConnectionConfig = ldapsConnectionConfig();
        ldapsConnectionConfig.setTrustManagers(new X509TrustManager[]{new NoVerificationTrustManager()});
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection(ldapsConnectionConfig);
        Throwable th = null;
        try {
            try {
                ldapNetworkConnection.connect();
                Assertions.assertTrue(ldapNetworkConnection.isConnected());
                Assertions.assertTrue(ldapNetworkConnection.isSecured());
                if (ldapNetworkConnection != null) {
                    if (0 == 0) {
                        ldapNetworkConnection.close();
                        return;
                    }
                    try {
                        ldapNetworkConnection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (ldapNetworkConnection != null) {
                if (th != null) {
                    try {
                        ldapNetworkConnection.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    ldapNetworkConnection.close();
                }
            }
            throw th4;
        }
    }

    @CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")}, extendedOpHandlers = {StartTlsHandler.class})
    @Test
    public void testStartTls_DefaultAdminCert_NoVerificationTrustManager() throws Exception {
        LdapConnectionConfig startTlsConnectionConfig = startTlsConnectionConfig();
        startTlsConnectionConfig.setTrustManagers(new X509TrustManager[]{new NoVerificationTrustManager()});
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection(startTlsConnectionConfig);
        Throwable th = null;
        try {
            try {
                ldapNetworkConnection.startTls();
                Assertions.assertTrue(ldapNetworkConnection.isConnected());
                Assertions.assertTrue(ldapNetworkConnection.isSecured());
                if (ldapNetworkConnection != null) {
                    if (0 == 0) {
                        ldapNetworkConnection.close();
                        return;
                    }
                    try {
                        ldapNetworkConnection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (ldapNetworkConnection != null) {
                if (th != null) {
                    try {
                        ldapNetworkConnection.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    ldapNetworkConnection.close();
                }
            }
            throw th4;
        }
    }

    @CreateLdapServer(transports = {@CreateTransport(protocol = "LDAPS")})
    @Test
    public void testLdaps_DefaultAdminCert_DefaultTrustManager() throws Exception {
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection(ldapsConnectionConfig());
        Throwable th = null;
        try {
            try {
                try {
                    ldapNetworkConnection.connect();
                    Assertions.fail("Expected exception");
                } catch (Throwable th2) {
                    th = th2;
                    throw th2;
                }
            } catch (LdapException e) {
                Assertions.assertTrue(e.getMessage().contains("ERR_04120_TLS_HANDSHAKE_ERROR The TLS handshake failed"));
            }
            Assertions.assertFalse(ldapNetworkConnection.isConnected());
            Assertions.assertFalse(ldapNetworkConnection.isSecured());
            if (ldapNetworkConnection != null) {
                if (0 == 0) {
                    ldapNetworkConnection.close();
                    return;
                }
                try {
                    ldapNetworkConnection.close();
                } catch (Throwable th3) {
                    th.addSuppressed(th3);
                }
            }
        } catch (Throwable th4) {
            if (ldapNetworkConnection != null) {
                if (th != null) {
                    try {
                        ldapNetworkConnection.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    ldapNetworkConnection.close();
                }
            }
            throw th4;
        }
    }

    @CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")}, extendedOpHandlers = {StartTlsHandler.class})
    @Test
    public void testStartTls_DefaultAdminCert_DefaultTrustManager() throws Exception {
        LdapConnectionConfig startTlsConnectionConfig = startTlsConnectionConfig();
        startTlsConnectionConfig.setTrustManagers(defaultTrustManagers());
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection(startTlsConnectionConfig);
        Throwable th = null;
        try {
            try {
                try {
                    ldapNetworkConnection.startTls();
                    Assertions.fail("Expected exception");
                } catch (Throwable th2) {
                    th = th2;
                    throw th2;
                }
            } catch (LdapException e) {
                Assertions.assertTrue(e.getMessage().contains("ERR_04120_TLS_HANDSHAKE_ERROR The TLS handshake failed"));
            }
            Assertions.assertFalse(ldapNetworkConnection.isConnected());
            Assertions.assertFalse(ldapNetworkConnection.isSecured());
            if (ldapNetworkConnection != null) {
                if (0 == 0) {
                    ldapNetworkConnection.close();
                    return;
                }
                try {
                    ldapNetworkConnection.close();
                } catch (Throwable th3) {
                    th.addSuppressed(th3);
                }
            }
        } catch (Throwable th4) {
            if (ldapNetworkConnection != null) {
                if (th != null) {
                    try {
                        ldapNetworkConnection.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    ldapNetworkConnection.close();
                }
            }
            throw th4;
        }
    }

    @CreateLdapServer(transports = {@CreateTransport(protocol = "LDAPS")}, keyStore = GOOD_KEYSTORE, certificatePassword = KEYSTORE_PW)
    @Test
    public void testLdaps_GoodKeyStore_NoVerificationTrustManager() throws Exception {
        Assertions.assertTrue(getLdapServer().isStarted());
        LdapConnectionConfig ldapsConnectionConfig = ldapsConnectionConfig();
        ldapsConnectionConfig.setTrustManagers(new X509TrustManager[]{new NoVerificationTrustManager()});
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection(ldapsConnectionConfig);
        Throwable th = null;
        try {
            try {
                ldapNetworkConnection.connect();
                Assertions.assertTrue(ldapNetworkConnection.isConnected());
                Assertions.assertTrue(ldapNetworkConnection.isSecured());
                if (ldapNetworkConnection != null) {
                    if (0 == 0) {
                        ldapNetworkConnection.close();
                        return;
                    }
                    try {
                        ldapNetworkConnection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (ldapNetworkConnection != null) {
                if (th != null) {
                    try {
                        ldapNetworkConnection.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    ldapNetworkConnection.close();
                }
            }
            throw th4;
        }
    }

    @CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")}, extendedOpHandlers = {StartTlsHandler.class}, keyStore = GOOD_KEYSTORE, certificatePassword = KEYSTORE_PW)
    @Test
    public void testStartTls_GoodKeyStore_NoVerificationTrustManager() throws Exception {
        Assertions.assertTrue(getLdapServer().isStarted());
        LdapConnectionConfig startTlsConnectionConfig = startTlsConnectionConfig();
        startTlsConnectionConfig.setTrustManagers(new X509TrustManager[]{new NoVerificationTrustManager()});
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection(startTlsConnectionConfig);
        Throwable th = null;
        try {
            try {
                ldapNetworkConnection.startTls();
                Assertions.assertTrue(ldapNetworkConnection.isConnected());
                Assertions.assertTrue(ldapNetworkConnection.isSecured());
                if (ldapNetworkConnection != null) {
                    if (0 == 0) {
                        ldapNetworkConnection.close();
                        return;
                    }
                    try {
                        ldapNetworkConnection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (ldapNetworkConnection != null) {
                if (th != null) {
                    try {
                        ldapNetworkConnection.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    ldapNetworkConnection.close();
                }
            }
            throw th4;
        }
    }

    @CreateLdapServer(transports = {@CreateTransport(protocol = "LDAPS")}, keyStore = GOOD_KEYSTORE, certificatePassword = KEYSTORE_PW)
    @Test
    public void testLdaps_GoodKeyStore_DefaultTrustManager() throws Exception {
        Assertions.assertTrue(getLdapServer().isStarted());
        LdapConnectionConfig ldapsConnectionConfig = ldapsConnectionConfig();
        ldapsConnectionConfig.setTrustManagers(defaultTrustManagers());
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection(ldapsConnectionConfig);
        Throwable th = null;
        try {
            try {
                try {
                    ldapNetworkConnection.connect();
                    Assertions.fail("Expected exception");
                } catch (Throwable th2) {
                    th = th2;
                    throw th2;
                }
            } catch (LdapException e) {
                Assertions.assertTrue(e.getMessage().contains("ERR_04120_TLS_HANDSHAKE_ERROR The TLS handshake failed"));
            }
            Assertions.assertFalse(ldapNetworkConnection.isConnected());
            Assertions.assertFalse(ldapNetworkConnection.isSecured());
            if (ldapNetworkConnection != null) {
                if (0 == 0) {
                    ldapNetworkConnection.close();
                    return;
                }
                try {
                    ldapNetworkConnection.close();
                } catch (Throwable th3) {
                    th.addSuppressed(th3);
                }
            }
        } catch (Throwable th4) {
            if (ldapNetworkConnection != null) {
                if (th != null) {
                    try {
                        ldapNetworkConnection.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    ldapNetworkConnection.close();
                }
            }
            throw th4;
        }
    }

    @CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")}, extendedOpHandlers = {StartTlsHandler.class}, keyStore = GOOD_KEYSTORE, certificatePassword = KEYSTORE_PW)
    @Test
    public void testStartTls_GoodKeyStore_DefaultTrustManager() throws Exception {
        Assertions.assertTrue(getLdapServer().isStarted());
        LdapConnectionConfig startTlsConnectionConfig = startTlsConnectionConfig();
        startTlsConnectionConfig.setTrustManagers(defaultTrustManagers());
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection(startTlsConnectionConfig);
        Throwable th = null;
        try {
            try {
                try {
                    ldapNetworkConnection.startTls();
                    Assertions.fail("Expected exception");
                } catch (Throwable th2) {
                    th = th2;
                    throw th2;
                }
            } catch (LdapException e) {
                Assertions.assertTrue(e.getMessage().contains("ERR_04120_TLS_HANDSHAKE_ERROR The TLS handshake failed"));
            }
            Assertions.assertFalse(ldapNetworkConnection.isConnected());
            Assertions.assertFalse(ldapNetworkConnection.isSecured());
            if (ldapNetworkConnection != null) {
                if (0 == 0) {
                    ldapNetworkConnection.close();
                    return;
                }
                try {
                    ldapNetworkConnection.close();
                } catch (Throwable th3) {
                    th.addSuppressed(th3);
                }
            }
        } catch (Throwable th4) {
            if (ldapNetworkConnection != null) {
                if (th != null) {
                    try {
                        ldapNetworkConnection.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    ldapNetworkConnection.close();
                }
            }
            throw th4;
        }
    }

    @CreateLdapServer(transports = {@CreateTransport(protocol = "LDAPS")}, keyStore = GOOD_KEYSTORE, certificatePassword = "wrong key store password")
    @Test
    public void shouldNotStartServerIfKeyStorePasswordIsWrong() throws Exception {
        Assertions.assertFalse(getLdapServer().isStarted());
    }

    @CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")}, extendedOpHandlers = {StartTlsHandler.class}, keyStore = NON_EXISTING_KEY_STORE_FILE, certificatePassword = KEYSTORE_PW)
    @Test
    public void shouldNotStartServerIfKeyStoreFileDoesNotExist() throws Exception {
        Assertions.assertFalse(getLdapServer().isStarted());
    }

    @CreateLdapServer(transports = {@CreateTransport(protocol = "LDAPS")}, keyStore = BAD_KEYSTORE_WITH_ZERO_ENTRIES, certificatePassword = KEYSTORE_PW)
    @Test
    public void shouldNotStartServerIfKeyStoreFileIsEmpty() throws Exception {
        Assertions.assertFalse(getLdapServer().isStarted());
    }

    @CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")}, extendedOpHandlers = {StartTlsHandler.class}, keyStore = BAD_KEYSTORE_WITH_TWO_ENTRIES, certificatePassword = KEYSTORE_PW)
    @Test
    public void shouldNotStartServerIfKeyStoreFileContainsMoreThanOneEntry() throws Exception {
        Assertions.assertFalse(getLdapServer().isStarted());
    }

    private LdapConnectionConfig startTlsConnectionConfig() {
        LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig();
        ldapConnectionConfig.setTimeout(1000L);
        ldapConnectionConfig.setLdapHost("localhost");
        ldapConnectionConfig.setLdapPort(getLdapServer().getPort());
        ldapConnectionConfig.setUseTls(true);
        return ldapConnectionConfig;
    }

    private LdapConnectionConfig ldapsConnectionConfig() {
        LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig();
        ldapConnectionConfig.setTimeout(1000L);
        ldapConnectionConfig.setLdapHost("localhost");
        ldapConnectionConfig.setLdapPort(getLdapServer().getPortSSL());
        ldapConnectionConfig.setUseSsl(true);
        return ldapConnectionConfig;
    }

    private TrustManager[] defaultTrustManagers() throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        return trustManagerFactory.getTrustManagers();
    }
}
