package org.apache.qpid.server.security;

import java.util.Collections;
import java.util.HashMap;
import javax.net.ssl.KeyManager;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor;
import org.apache.qpid.server.configuration.updater.TaskExecutor;
import org.apache.qpid.server.logging.EventLogger;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.BrokerModel;
import org.apache.qpid.server.model.ConfiguredObjectFactory;
import org.apache.qpid.server.model.IntegrityViolationException;
import org.apache.qpid.server.model.KeyStore;
import org.apache.qpid.server.model.Model;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.util.DataUrlUtils;
import org.apache.qpid.test.utils.QpidTestCase;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/qpid/server/security/FileKeyStoreTest.class */
public class FileKeyStoreTest extends QpidTestCase {
    private static final String BROKER_KEYSTORE = "ssl/java_broker_keystore.pkcs12";
    private static final String BROKER_KEYSTORE_PATH = "classpath:ssl/java_broker_keystore.pkcs12";
    private static final String BROKER_KEYSTORE_PASSWORD = "password";
    private static final String CLIENT_KEYSTORE_PATH = "classpath:ssl/java_client_keystore.pkcs12";
    private static final String CLIENT_KEYSTORE_PASSWORD = "password";
    private static final String BROKER_KEYSTORE_ALIAS = "rootca";
    private final Broker _broker = (Broker) Mockito.mock(Broker.class);
    private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
    private final Model _model = BrokerModel.getInstance();
    private final ConfiguredObjectFactory _factory = this._model.getObjectFactory();

    public void setUp() throws Exception {
        super.setUp();
        Mockito.when(this._broker.getTaskExecutor()).thenReturn(this._taskExecutor);
        Mockito.when(this._broker.getChildExecutor()).thenReturn(this._taskExecutor);
        Mockito.when(this._broker.getModel()).thenReturn(this._model);
        Mockito.when(this._broker.getCategoryClass()).thenReturn(Broker.class);
        Mockito.when(this._broker.getEventLogger()).thenReturn(new EventLogger());
        Mockito.when(this._broker.getTypeClass()).thenReturn(Broker.class);
    }

    public void testCreateKeyStoreFromFile_Success() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileKeyStore");
        hashMap.put("storeUrl", BROKER_KEYSTORE_PATH);
        hashMap.put("password", "password");
        hashMap.put("keyStoreType", "pkcs12");
        KeyManager[] keyManagers = this._factory.create(KeyStore.class, hashMap, this._broker).getKeyManagers();
        assertNotNull(keyManagers);
        assertEquals("Unexpected number of key managers", 1, keyManagers.length);
        assertNotNull("Key manager unexpected null", keyManagers[0]);
    }

    public void testCreateKeyStoreWithAliasFromFile_Success() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileKeyStore");
        hashMap.put("storeUrl", BROKER_KEYSTORE_PATH);
        hashMap.put("password", "password");
        hashMap.put("certificateAlias", BROKER_KEYSTORE_ALIAS);
        hashMap.put("keyStoreType", "pkcs12");
        KeyManager[] keyManagers = this._factory.create(KeyStore.class, hashMap, this._broker).getKeyManagers();
        assertNotNull(keyManagers);
        assertEquals("Unexpected number of key managers", 1, keyManagers.length);
        assertNotNull("Key manager unexpected null", keyManagers[0]);
    }

    public void testCreateKeyStoreFromFile_WrongPassword() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileKeyStore");
        hashMap.put("storeUrl", BROKER_KEYSTORE_PATH);
        hashMap.put("password", "wrong");
        hashMap.put("keyStoreType", "pkcs12");
        try {
            this._factory.create(KeyStore.class, hashMap, this._broker);
            fail("Exception not thrown");
        } catch (IllegalConfigurationException e) {
            String message = e.getMessage();
            assertTrue("Exception text not as unexpected:" + message, message.contains("Check key store password"));
        }
    }

    public void testCreateKeyStoreFromFile_UnknownAlias() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileKeyStore");
        hashMap.put("storeUrl", CLIENT_KEYSTORE_PATH);
        hashMap.put("password", "password");
        hashMap.put("certificateAlias", "notknown");
        hashMap.put("keyStoreType", "pkcs12");
        try {
            this._factory.create(KeyStore.class, hashMap, this._broker);
            fail("Exception not thrown");
        } catch (IllegalConfigurationException e) {
            String message = e.getMessage();
            assertTrue("Exception text not as unexpected:" + message, message.contains("Cannot find a certificate with alias 'notknown' in key store"));
        }
    }

    public void testCreateKeyStoreFromDataUrl_Success() throws Exception {
        String createDataUrlForFile = FileTrustStoreTest.createDataUrlForFile(BROKER_KEYSTORE);
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileKeyStore");
        hashMap.put("storeUrl", createDataUrlForFile);
        hashMap.put("password", "password");
        hashMap.put("keyStoreType", "pkcs12");
        KeyManager[] keyManagers = this._factory.create(KeyStore.class, hashMap, this._broker).getKeyManagers();
        assertNotNull(keyManagers);
        assertEquals("Unexpected number of key managers", 1, keyManagers.length);
        assertNotNull("Key manager unexpected null", keyManagers[0]);
    }

    public void testCreateKeyStoreWithAliasFromDataUrl_Success() throws Exception {
        String createDataUrlForFile = FileTrustStoreTest.createDataUrlForFile(BROKER_KEYSTORE);
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileKeyStore");
        hashMap.put("storeUrl", createDataUrlForFile);
        hashMap.put("password", "password");
        hashMap.put("certificateAlias", BROKER_KEYSTORE_ALIAS);
        hashMap.put("keyStoreType", "pkcs12");
        KeyManager[] keyManagers = this._factory.create(KeyStore.class, hashMap, this._broker).getKeyManagers();
        assertNotNull(keyManagers);
        assertEquals("Unexpected number of key managers", 1, keyManagers.length);
        assertNotNull("Key manager unexpected null", keyManagers[0]);
    }

    public void testCreateKeyStoreFromDataUrl_WrongPassword() throws Exception {
        String createDataUrlForFile = FileTrustStoreTest.createDataUrlForFile(BROKER_KEYSTORE);
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileKeyStore");
        hashMap.put("password", "wrong");
        hashMap.put("storeUrl", createDataUrlForFile);
        hashMap.put("keyStoreType", "pkcs12");
        try {
            this._factory.create(KeyStore.class, hashMap, this._broker);
            fail("Exception not thrown");
        } catch (IllegalConfigurationException e) {
            String message = e.getMessage();
            assertTrue("Exception text not as unexpected:" + message, message.contains("Check key store password"));
        }
    }

    public void testCreateKeyStoreFromDataUrl_BadKeystoreBytes() throws Exception {
        String dataUrlForBytes = DataUrlUtils.getDataUrlForBytes("notatruststore".getBytes());
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileKeyStore");
        hashMap.put("password", "password");
        hashMap.put("storeUrl", dataUrlForBytes);
        try {
            this._factory.create(KeyStore.class, hashMap, this._broker);
            fail("Exception not thrown");
        } catch (IllegalConfigurationException e) {
            String message = e.getMessage();
            assertTrue("Exception text not as unexpected:" + message, message.contains("Cannot instantiate key store"));
        }
    }

    public void testCreateKeyStoreFromDataUrl_UnknownAlias() throws Exception {
        String createDataUrlForFile = FileTrustStoreTest.createDataUrlForFile(BROKER_KEYSTORE);
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileKeyStore");
        hashMap.put("password", "password");
        hashMap.put("storeUrl", createDataUrlForFile);
        hashMap.put("certificateAlias", "notknown");
        hashMap.put("keyStoreType", "pkcs12");
        try {
            this._factory.create(KeyStore.class, hashMap, this._broker);
            fail("Exception not thrown");
        } catch (IllegalConfigurationException e) {
            String message = e.getMessage();
            assertTrue("Exception text not as unexpected:" + message, message.contains("Cannot find a certificate with alias 'notknown' in key store"));
        }
    }

    public void testUpdateKeyStore_Success() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileKeyStore");
        hashMap.put("storeUrl", BROKER_KEYSTORE_PATH);
        hashMap.put("password", "password");
        hashMap.put("keyStoreType", "pkcs12");
        FileKeyStoreImpl create = this._factory.create(KeyStore.class, hashMap, this._broker);
        assertNull("Unexpected alias value before change", create.getCertificateAlias());
        try {
            HashMap hashMap2 = new HashMap();
            hashMap2.put("certificateAlias", "notknown");
            create.setAttributes(hashMap2);
            fail("Exception not thrown");
        } catch (IllegalConfigurationException e) {
            String message = e.getMessage();
            assertTrue("Exception text not as unexpected:" + message, message.contains("Cannot find a certificate with alias 'notknown' in key store"));
        }
        assertNull("Unexpected alias value after failed change", create.getCertificateAlias());
        HashMap hashMap3 = new HashMap();
        hashMap3.put("certificateAlias", BROKER_KEYSTORE_ALIAS);
        create.setAttributes(hashMap3);
        assertEquals("Unexpected alias value after change that is expected to be successful", BROKER_KEYSTORE_ALIAS, create.getCertificateAlias());
    }

    public void testDeleteKeyStore_Success() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileKeyStore");
        hashMap.put("password", "password");
        hashMap.put("storeUrl", BROKER_KEYSTORE_PATH);
        hashMap.put("keyStoreType", "pkcs12");
        this._factory.create(KeyStore.class, hashMap, this._broker).delete();
    }

    public void testDeleteKeyStore_KeyManagerInUseByPort() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myFileKeyStore");
        hashMap.put("storeUrl", BROKER_KEYSTORE_PATH);
        hashMap.put("password", "password");
        hashMap.put("keyStoreType", "pkcs12");
        FileKeyStoreImpl create = this._factory.create(KeyStore.class, hashMap, this._broker);
        Port port = (Port) Mockito.mock(Port.class);
        Mockito.when(port.getKeyStore()).thenReturn(create);
        Mockito.when(this._broker.getPorts()).thenReturn(Collections.singletonList(port));
        try {
            create.delete();
            fail("Exception not thrown");
        } catch (IntegrityViolationException e) {
        }
    }
}
