package org.apache.omid.tls;

import io.netty.buffer.ByteBufAllocator;
import java.security.Security;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import org.apache.omid.tls.X509Exception;
import org.junit.After;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.mockito.Mockito;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/omid/tls/TestX509Util.class */
public class TestX509Util extends BaseX509ParameterizedTestCase {

    @Parameterized.Parameter
    public X509KeyType caKeyType;

    @Parameterized.Parameter(1)
    public X509KeyType certKeyType;

    @Parameterized.Parameter(2)
    public String keyPassword;

    @Parameterized.Parameter(3)
    public Integer paramIndex;
    private String tlsConfigKeystoreLocation;
    private String tlsConfigKeystorePassword;
    private String tlsConfigKeystoreType;
    private String tlsConfigTrustLocation;
    private String tlsConfigTrustPassword;
    private String tlsConfigTrustType;

    @Parameterized.Parameters(name = "{index}: caKeyType={0}, certKeyType={1}, keyPassword={2}, paramIndex={3}")
    public static Collection<Object[]> data() {
        ArrayList arrayList = new ArrayList();
        int i = 0;
        for (X509KeyType x509KeyType : X509KeyType.values()) {
            for (X509KeyType x509KeyType2 : X509KeyType.values()) {
                for (String str : new String[]{"", "pa$$w0rd"}) {
                    int i2 = i;
                    i++;
                    arrayList.add(new Object[]{x509KeyType, x509KeyType2, str, Integer.valueOf(i2)});
                }
            }
        }
        return arrayList;
    }

    @Override // org.apache.omid.tls.BaseX509ParameterizedTestCase
    public void init(X509KeyType x509KeyType, X509KeyType x509KeyType2, String str, Integer num) throws Exception {
        super.init(x509KeyType, x509KeyType2, str, num);
        this.x509TestContext.setSystemProperties(KeyStoreFileType.JKS, KeyStoreFileType.JKS);
        this.tlsConfigKeystoreLocation = this.x509TestContext.getTlsConfigKeystoreLocation();
        this.tlsConfigKeystorePassword = this.x509TestContext.getTlsConfigKeystorePassword();
        this.tlsConfigKeystoreType = this.x509TestContext.getTlsConfigKeystoreType();
        this.tlsConfigTrustLocation = this.x509TestContext.getTlsConfigTrustLocation();
        this.tlsConfigTrustPassword = this.x509TestContext.getTlsConfigTrustPassword();
        this.tlsConfigTrustType = this.x509TestContext.getTlsConfigTrustType();
    }

    @After
    public void cleanUp() {
        this.x509TestContext.clearSystemProperties();
        System.clearProperty("com.sun.net.ssl.checkRevocation");
        System.clearProperty("com.sun.security.enableCRLDP");
        Security.setProperty("ocsp.enable", Boolean.FALSE.toString());
        Security.setProperty("com.sun.security.enableCRLDP", Boolean.FALSE.toString());
    }

    @Test
    public void testCreateSSLContextWithoutCustomProtocol() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        Assert.assertEquals(new String[]{"TLSv1.2"}, X509Util.createSslContextForClient(this.tlsConfigKeystoreLocation, this.tlsConfigKeystorePassword.toCharArray(), this.tlsConfigKeystoreType, this.tlsConfigTrustLocation, this.tlsConfigTrustPassword.toCharArray(), this.tlsConfigTrustType, false, false, (String) null, (String) null, "TLSv1.2").newEngine((ByteBufAllocator) Mockito.mock(ByteBufAllocator.class)).getEnabledProtocols());
    }

    @Test
    public void testCreateSSLContextWithCustomProtocol() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        ByteBufAllocator byteBufAllocator = (ByteBufAllocator) Mockito.mock(ByteBufAllocator.class);
        Assert.assertEquals(Collections.singletonList("TLSv1.1"), Arrays.asList(X509Util.createSslContextForClient(this.tlsConfigKeystoreLocation, this.tlsConfigKeystorePassword.toCharArray(), this.tlsConfigKeystoreType, this.tlsConfigTrustLocation, this.tlsConfigTrustPassword.toCharArray(), this.tlsConfigTrustType, false, false, "TLSv1.1", (String) null, "TLSv1.2").newEngine(byteBufAllocator).getEnabledProtocols()));
    }

    @Test(expected = X509Exception.SSLContextException.class)
    public void testCreateSSLContextWithoutKeyStoreLocationServer() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        this.tlsConfigKeystoreLocation = "";
        X509Util.createSslContextForServer(this.tlsConfigKeystoreLocation, this.tlsConfigKeystorePassword.toCharArray(), this.tlsConfigKeystoreType, this.tlsConfigTrustLocation, this.tlsConfigTrustPassword.toCharArray(), this.tlsConfigTrustType, false, false, (String) null, (String) null, "TLSv1.2");
    }

    @Test
    public void testCreateSSLContextWithoutKeyStoreLocationClient() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        this.tlsConfigKeystoreLocation = "";
        X509Util.createSslContextForClient(this.tlsConfigKeystoreLocation, this.tlsConfigKeystorePassword.toCharArray(), this.tlsConfigKeystoreType, this.tlsConfigTrustLocation, this.tlsConfigTrustPassword.toCharArray(), this.tlsConfigTrustType, false, false, (String) null, (String) null, "TLSv1.2");
    }

    @Test(expected = X509Exception.class)
    public void testCreateSSLContextWithoutKeyStorePassword() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        if (!this.x509TestContext.isKeyStoreEncrypted()) {
            throw new X509Exception.SSLContextException("");
        }
        this.tlsConfigKeystorePassword = "";
        X509Util.createSslContextForServer(this.tlsConfigKeystoreLocation, this.tlsConfigKeystorePassword.toCharArray(), this.tlsConfigKeystoreType, this.tlsConfigTrustLocation, this.tlsConfigTrustPassword.toCharArray(), this.tlsConfigTrustType, false, false, (String) null, (String) null, "TLSv1.2");
    }

    @Test
    public void testCreateSSLContextWithoutTrustStoreLocationClient() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        this.tlsConfigTrustLocation = "";
        X509Util.createSslContextForClient(this.tlsConfigKeystoreLocation, this.tlsConfigKeystorePassword.toCharArray(), this.tlsConfigKeystoreType, this.tlsConfigTrustLocation, this.tlsConfigTrustPassword.toCharArray(), this.tlsConfigTrustType, false, false, (String) null, (String) null, "TLSv1.2");
    }

    @Test
    public void testCreateSSLContextWithoutTrustStoreLocationServer() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        this.tlsConfigTrustLocation = "";
        X509Util.createSslContextForServer(this.tlsConfigKeystoreLocation, this.tlsConfigKeystorePassword.toCharArray(), this.tlsConfigKeystoreType, this.tlsConfigTrustLocation, this.tlsConfigTrustPassword.toCharArray(), this.tlsConfigTrustType, false, false, (String) null, (String) null, "TLSv1.2");
    }

    @Test
    public void testCRLEnabled() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        X509Util.createSslContextForServer(this.tlsConfigKeystoreLocation, this.tlsConfigKeystorePassword.toCharArray(), this.tlsConfigKeystoreType, this.tlsConfigTrustLocation, this.tlsConfigTrustPassword.toCharArray(), this.tlsConfigTrustType, true, false, (String) null, (String) null, "TLSv1.2");
        Assert.assertTrue(Boolean.valueOf(System.getProperty("com.sun.net.ssl.checkRevocation")).booleanValue());
        Assert.assertTrue(Boolean.valueOf(System.getProperty("com.sun.security.enableCRLDP")).booleanValue());
        Assert.assertFalse(Boolean.valueOf(Security.getProperty("ocsp.enable")).booleanValue());
    }

    @Test
    public void testCRLDisabled() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        X509Util.createSslContextForServer(this.tlsConfigKeystoreLocation, this.tlsConfigKeystorePassword.toCharArray(), this.tlsConfigKeystoreType, this.tlsConfigTrustLocation, this.tlsConfigTrustPassword.toCharArray(), this.tlsConfigTrustType, false, false, (String) null, (String) null, "TLSv1.2");
        Assert.assertFalse(Boolean.valueOf(System.getProperty("com.sun.net.ssl.checkRevocation")).booleanValue());
        Assert.assertFalse(Boolean.valueOf(System.getProperty("com.sun.security.enableCRLDP")).booleanValue());
        Assert.assertFalse(Boolean.valueOf(Security.getProperty("ocsp.enable")).booleanValue());
    }

    @Test
    public void testLoadJKSKeyStore() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), this.x509TestContext.getKeyStorePassword().toCharArray(), KeyStoreFileType.JKS.getPropertyValue());
    }

    @Test
    public void testLoadJKSKeyStoreNullPassword() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        if (this.x509TestContext.getKeyStorePassword().isEmpty()) {
            X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), (char[]) null, KeyStoreFileType.JKS.getPropertyValue());
        }
    }

    @Test
    public void testLoadJKSKeyStoreFileTypeDefaultToJks() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), this.x509TestContext.getKeyStorePassword().toCharArray(), (String) null);
    }

    @Test
    public void testLoadJKSKeyStoreWithWrongPassword() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        Assert.assertThrows(X509Exception.KeyManagerException.class, () -> {
            X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), "wrong password".toCharArray(), KeyStoreFileType.JKS.getPropertyValue());
        });
    }

    @Test
    public void testLoadJKSTrustStore() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), this.x509TestContext.getTrustStorePassword().toCharArray(), KeyStoreFileType.JKS.getPropertyValue(), true, true);
    }

    @Test
    public void testLoadJKSTrustStoreNullPassword() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        if (this.x509TestContext.getTrustStorePassword().isEmpty()) {
            X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), (char[]) null, KeyStoreFileType.JKS.getPropertyValue(), false, false);
        }
    }

    @Test
    public void testLoadJKSTrustStoreFileTypeDefaultToJks() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), this.x509TestContext.getTrustStorePassword().toCharArray(), (String) null, true, true);
    }

    @Test
    public void testLoadJKSTrustStoreWithWrongPassword() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        Assert.assertThrows(X509Exception.TrustManagerException.class, () -> {
            X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), "wrong password".toCharArray(), KeyStoreFileType.JKS.getPropertyValue(), true, true);
        });
    }

    @Test
    public void testLoadPKCS12KeyStore() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), this.x509TestContext.getKeyStorePassword().toCharArray(), KeyStoreFileType.PKCS12.getPropertyValue());
    }

    @Test
    public void testLoadPKCS12KeyStoreNullPassword() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        if (this.x509TestContext.getKeyStorePassword().isEmpty()) {
            X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), (char[]) null, KeyStoreFileType.PKCS12.getPropertyValue());
        }
    }

    @Test
    public void testLoadPKCS12KeyStoreWithWrongPassword() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        Assert.assertThrows(X509Exception.KeyManagerException.class, () -> {
            X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), "wrong password".toCharArray(), KeyStoreFileType.PKCS12.getPropertyValue());
        });
    }

    @Test
    public void testLoadPKCS12TrustStore() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), this.x509TestContext.getTrustStorePassword().toCharArray(), KeyStoreFileType.PKCS12.getPropertyValue(), true, true);
    }

    @Test
    public void testLoadPKCS12TrustStoreNullPassword() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        if (this.x509TestContext.getTrustStorePassword().isEmpty()) {
            X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), (char[]) null, KeyStoreFileType.PKCS12.getPropertyValue(), false, false);
        }
    }

    @Test
    public void testLoadPKCS12TrustStoreWithWrongPassword() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        Assert.assertThrows(X509Exception.TrustManagerException.class, () -> {
            X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), "wrong password".toCharArray(), KeyStoreFileType.PKCS12.getPropertyValue(), true, true);
        });
    }

    @Test
    public void testGetDefaultCipherSuitesJava8() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        Assert.assertTrue(X509Util.getDefaultCipherSuitesForJavaVersion("1.8")[0].contains("CBC"));
    }

    @Test
    public void testGetDefaultCipherSuitesJava9() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        Assert.assertTrue(X509Util.getDefaultCipherSuitesForJavaVersion("9")[0].contains("GCM"));
    }

    @Test
    public void testGetDefaultCipherSuitesJava10() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        Assert.assertTrue(X509Util.getDefaultCipherSuitesForJavaVersion("10")[0].contains("GCM"));
    }

    @Test
    public void testGetDefaultCipherSuitesJava11() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        Assert.assertTrue(X509Util.getDefaultCipherSuitesForJavaVersion("11")[0].contains("GCM"));
    }

    @Test
    public void testGetDefaultCipherSuitesUnknownVersion() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        Assert.assertTrue(X509Util.getDefaultCipherSuitesForJavaVersion("notaversion")[0].contains("CBC"));
    }

    @Test
    public void testGetDefaultCipherSuitesNullVersion() throws Exception {
        init(this.caKeyType, this.certKeyType, this.keyPassword, this.paramIndex);
        Assert.assertThrows(NullPointerException.class, () -> {
            X509Util.getDefaultCipherSuitesForJavaVersion((String) null);
        });
    }
}
