package org.apache.qpid.server.security;

import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashMap;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor;
import org.apache.qpid.server.configuration.updater.TaskExecutor;
import org.apache.qpid.server.logging.EventLogger;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.BrokerModel;
import org.apache.qpid.server.model.ConfiguredObjectFactory;
import org.apache.qpid.server.model.IntegrityViolationException;
import org.apache.qpid.server.model.Model;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager;
import org.apache.qpid.server.transport.network.security.ssl.QpidPeersOnlyTrustManager;
import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
import org.apache.qpid.server.util.DataUrlUtils;
import org.apache.qpid.server.util.FileUtils;
import org.apache.qpid.test.utils.QpidTestCase;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/qpid/server/security/FileTrustStoreTest.class */
public class FileTrustStoreTest extends QpidTestCase {
    private final Broker _broker = (Broker) Mockito.mock(Broker.class);
    private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
    private final Model _model = BrokerModel.getInstance();
    private final ConfiguredObjectFactory _factory = this._model.getObjectFactory();

    public void setUp() throws Exception {
        super.setUp();
        Mockito.when(this._broker.getTaskExecutor()).thenReturn(this._taskExecutor);
        Mockito.when(this._broker.getChildExecutor()).thenReturn(this._taskExecutor);
        Mockito.when(this._broker.getModel()).thenReturn(this._model);
        Mockito.when(this._broker.getCategoryClass()).thenReturn(Broker.class);
        Mockito.when(this._broker.getEventLogger()).thenReturn(new EventLogger());
        Mockito.when(this._broker.getTypeClass()).thenReturn(Broker.class);
    }

    public void testCreateTrustStoreFromFile_Success() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileTrustStore");
        hashMap.put("storeUrl", "test-profiles/test_resources/ssl/java_client_truststore.jks");
        hashMap.put("password", "password");
        TrustManager[] trustManagers = this._factory.create(TrustStore.class, hashMap, this._broker).getTrustManagers();
        assertNotNull(trustManagers);
        assertEquals("Unexpected number of trust managers", 1, trustManagers.length);
        assertNotNull("Trust manager unexpected null", trustManagers[0]);
    }

    public void testCreateTrustStoreFromFile_WrongPassword() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileTrustStore");
        hashMap.put("storeUrl", "test-profiles/test_resources/ssl/java_client_truststore.jks");
        hashMap.put("password", "wrong");
        try {
            this._factory.create(TrustStore.class, hashMap, this._broker);
            fail("Exception not thrown");
        } catch (IllegalConfigurationException e) {
            String message = e.getMessage();
            assertTrue("Exception text not as unexpected:" + message, message.contains("Check trust store password"));
        }
    }

    public void testCreatePeersOnlyTrustStoreFromFile_Success() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileTrustStore");
        hashMap.put("storeUrl", "test-profiles/test_resources/ssl/java_broker_peerstore.jks");
        hashMap.put("password", "password");
        hashMap.put("peersOnly", true);
        TrustManager[] trustManagers = this._factory.create(TrustStore.class, hashMap, this._broker).getTrustManagers();
        assertNotNull(trustManagers);
        assertEquals("Unexpected number of trust managers", 1, trustManagers.length);
        assertNotNull("Trust manager unexpected null", trustManagers[0]);
        assertTrue("Trust manager unexpected null", trustManagers[0] instanceof QpidPeersOnlyTrustManager);
    }

    public void testUseOfExpiredTrustAnchorAllowed() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileTrustStore");
        hashMap.put("storeUrl", "test-profiles/test_resources/ssl/java_broker_expired_truststore.jks");
        hashMap.put("password", "password");
        TrustManager[] trustManagers = this._factory.create(TrustStore.class, hashMap, this._broker).getTrustManagers();
        assertNotNull(trustManagers);
        assertEquals("Unexpected number of trust managers", 1, trustManagers.length);
        assertTrue("Unexpected trust manager type", trustManagers[0] instanceof X509TrustManager);
        X509TrustManager x509TrustManager = (X509TrustManager) trustManagers[0];
        KeyStore initializedKeyStore = SSLUtil.getInitializedKeyStore("test-profiles/test_resources/ssl/java_client_expired_keystore.jks", "password", KeyStore.getDefaultType());
        x509TrustManager.checkClientTrusted(new X509Certificate[]{(X509Certificate) initializedKeyStore.getCertificate(initializedKeyStore.aliases().nextElement())}, "NULL");
    }

    public void testUseOfExpiredTrustAnchorDenied() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileTrustStore");
        hashMap.put("storeUrl", "test-profiles/test_resources/ssl/java_broker_expired_truststore.jks");
        hashMap.put("password", "password");
        hashMap.put("trustAnchorValidityEnforced", true);
        TrustManager[] trustManagers = this._factory.create(TrustStore.class, hashMap, this._broker).getTrustManagers();
        assertNotNull(trustManagers);
        assertEquals("Unexpected number of trust managers", 1, trustManagers.length);
        assertTrue("Unexpected trust manager type", trustManagers[0] instanceof X509TrustManager);
        X509TrustManager x509TrustManager = (X509TrustManager) trustManagers[0];
        KeyStore initializedKeyStore = SSLUtil.getInitializedKeyStore("test-profiles/test_resources/ssl/java_client_expired_keystore.jks", "password", KeyStore.getDefaultType());
        try {
            x509TrustManager.checkClientTrusted(new X509Certificate[]{(X509Certificate) initializedKeyStore.getCertificate(initializedKeyStore.aliases().nextElement())}, "NULL");
            fail("Exception not thrown");
        } catch (CertificateException e) {
            if (!(e instanceof CertificateExpiredException) && !"Certificate expired".equals(e.getMessage())) {
                throw e;
            }
        }
    }

    public void testCreateTrustStoreFromDataUrl_Success() throws Exception {
        String createDataUrlForFile = createDataUrlForFile("test-profiles/test_resources/ssl/java_client_truststore.jks");
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileTrustStore");
        hashMap.put("storeUrl", createDataUrlForFile);
        hashMap.put("password", "password");
        TrustManager[] trustManagers = this._factory.create(TrustStore.class, hashMap, this._broker).getTrustManagers();
        assertNotNull(trustManagers);
        assertEquals("Unexpected number of trust managers", 1, trustManagers.length);
        assertNotNull("Trust manager unexpected null", trustManagers[0]);
    }

    public void testCreateTrustStoreFromDataUrl_WrongPassword() throws Exception {
        String createDataUrlForFile = createDataUrlForFile("test-profiles/test_resources/ssl/java_client_truststore.jks");
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileTrustStore");
        hashMap.put("password", "wrong");
        hashMap.put("storeUrl", createDataUrlForFile);
        try {
            this._factory.create(TrustStore.class, hashMap, this._broker);
            fail("Exception not thrown");
        } catch (IllegalConfigurationException e) {
            String message = e.getMessage();
            assertTrue("Exception text not as unexpected:" + message, message.contains("Check trust store password"));
        }
    }

    public void testCreateTrustStoreFromDataUrl_BadTruststoreBytes() throws Exception {
        String dataUrlForBytes = DataUrlUtils.getDataUrlForBytes("notatruststore".getBytes());
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileTrustStore");
        hashMap.put("password", "password");
        hashMap.put("storeUrl", dataUrlForBytes);
        try {
            this._factory.create(TrustStore.class, hashMap, this._broker);
            fail("Exception not thrown");
        } catch (IllegalConfigurationException e) {
            String message = e.getMessage();
            assertTrue("Exception text not as unexpected:" + message, message.contains("Cannot instantiate trust store"));
        }
    }

    public void testUpdateTrustStore_Success() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileTrustStore");
        hashMap.put("storeUrl", "test-profiles/test_resources/ssl/java_client_truststore.jks");
        hashMap.put("password", "password");
        FileTrustStore create = this._factory.create(TrustStore.class, hashMap, this._broker);
        assertEquals("Unexpected path value before change", "test-profiles/test_resources/ssl/java_client_truststore.jks", create.getStoreUrl());
        try {
            HashMap hashMap2 = new HashMap();
            hashMap2.put("storeUrl", "/not/a/truststore");
            create.setAttributes(hashMap2);
            fail("Exception not thrown");
        } catch (IllegalConfigurationException e) {
            String message = e.getMessage();
            assertTrue("Exception text not as unexpected:" + message, message.contains("Cannot instantiate trust store"));
        }
        assertEquals("Unexpected path value after failed change", "test-profiles/test_resources/ssl/java_client_truststore.jks", create.getStoreUrl());
        HashMap hashMap3 = new HashMap();
        hashMap3.put("storeUrl", "test-profiles/test_resources/ssl/java_broker_truststore.jks");
        hashMap3.put("password", "password");
        create.setAttributes(hashMap3);
        assertEquals("Unexpected path value after change that is expected to be successful", "test-profiles/test_resources/ssl/java_broker_truststore.jks", create.getStoreUrl());
    }

    public void testDeleteTrustStore_Success() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileTrustStore");
        hashMap.put("storeUrl", "test-profiles/test_resources/ssl/java_client_truststore.jks");
        hashMap.put("password", "password");
        this._factory.create(TrustStore.class, hashMap, this._broker).delete();
    }

    public void testDeleteTrustStore_TrustManagerInUseByAuthProvider() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileTrustStore");
        hashMap.put("storeUrl", "test-profiles/test_resources/ssl/java_client_truststore.jks");
        hashMap.put("password", "password");
        TrustStore create = this._factory.create(TrustStore.class, hashMap, this._broker);
        SimpleLDAPAuthenticationManager simpleLDAPAuthenticationManager = (SimpleLDAPAuthenticationManager) Mockito.mock(SimpleLDAPAuthenticationManager.class);
        Mockito.when(simpleLDAPAuthenticationManager.getTrustStore()).thenReturn(create);
        Mockito.when(this._broker.getAuthenticationProviders()).thenReturn(Collections.singletonList(simpleLDAPAuthenticationManager));
        try {
            create.delete();
            fail("Exception not thrown");
        } catch (IntegrityViolationException e) {
        }
    }

    public void testDeleteTrustStore_TrustManagerInUseByPort() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileTrustStore");
        hashMap.put("storeUrl", "test-profiles/test_resources/ssl/java_client_truststore.jks");
        hashMap.put("password", "password");
        TrustStore create = this._factory.create(TrustStore.class, hashMap, this._broker);
        Port port = (Port) Mockito.mock(Port.class);
        Mockito.when(port.getTrustStores()).thenReturn(Collections.singletonList(create));
        Mockito.when(this._broker.getPorts()).thenReturn(Collections.singletonList(port));
        try {
            create.delete();
            fail("Exception not thrown");
        } catch (IntegrityViolationException e) {
        }
    }

    private static String createDataUrlForFile(String str) {
        return DataUrlUtils.getDataUrlForBytes(FileUtils.readFileAsBytes(str));
    }
}
