package org.apache.qpid.server.security;

import java.io.File;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManager;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.logging.EventLogger;
import org.apache.qpid.server.logging.LogMessage;
import org.apache.qpid.server.logging.MessageLogger;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.BrokerTestHelper;
import org.apache.qpid.server.model.ConfiguredObjectFactory;
import org.apache.qpid.test.utils.TestFileUtils;
import org.apache.qpid.test.utils.UnitTestBase;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentMatcher;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.mockito.internal.verification.VerificationModeFactory;

/* loaded from: input_file:org/apache/qpid/server/security/NonJavaKeyStoreTest.class */
public class NonJavaKeyStoreTest extends UnitTestBase {
    private static final String KEYSTORE = "/ssl/java_broker_keystore.pkcs12";
    private Broker<?> _broker;
    private ConfiguredObjectFactory _factory;
    private List<File> _testResources;
    private MessageLogger _messageLogger;

    /* loaded from: input_file:org/apache/qpid/server/security/NonJavaKeyStoreTest$LogMessageArgumentMatcher.class */
    private static class LogMessageArgumentMatcher implements ArgumentMatcher<LogMessage> {
        private LogMessageArgumentMatcher() {
        }

        public boolean matches(LogMessage logMessage) {
            return logMessage.getLogHierarchy().equals("qpid.message.keystore.expiring");
        }
    }

    @Before
    public void setUp() throws Exception {
        this._messageLogger = (MessageLogger) Mockito.mock(MessageLogger.class);
        this._broker = BrokerTestHelper.createBrokerMock();
        Mockito.when(this._broker.getEventLogger()).thenReturn(new EventLogger(this._messageLogger));
        this._factory = this._broker.getObjectFactory();
        this._testResources = new ArrayList();
    }

    @After
    public void tearDown() throws Exception {
        Iterator<File> it = this._testResources.iterator();
        while (it.hasNext()) {
            try {
                it.next().delete();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    private File[] extractResourcesFromTestKeyStore(boolean z, String str) throws Exception {
        Throwable th;
        File createTempFile;
        FileOutputStream fileOutputStream;
        KeyStore keyStore = KeyStore.getInstance("pkcs12");
        InputStream resourceAsStream = getClass().getResourceAsStream(str);
        Throwable th2 = null;
        try {
            try {
                keyStore.load(resourceAsStream, "password".toCharArray());
                if (resourceAsStream != null) {
                    if (0 != 0) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
                createTempFile = TestFileUtils.createTempFile(this, ".private-key.der");
                fileOutputStream = new FileOutputStream(createTempFile);
                th = null;
            } finally {
            }
            try {
                try {
                    Key key = keyStore.getKey("java-broker", "password".toCharArray());
                    if (z) {
                        fileOutputStream.write("-----BEGIN PRIVATE KEY-----\n".getBytes());
                        String encodeToString = Base64.getEncoder().encodeToString(key.getEncoded());
                        while (encodeToString.length() > 76) {
                            fileOutputStream.write(encodeToString.substring(0, 76).getBytes());
                            fileOutputStream.write("\n".getBytes());
                            encodeToString = encodeToString.substring(76);
                        }
                        fileOutputStream.write(encodeToString.getBytes());
                        fileOutputStream.write("\n-----END PRIVATE KEY-----".getBytes());
                    } else {
                        fileOutputStream.write(key.getEncoded());
                    }
                    fileOutputStream.flush();
                    if (fileOutputStream != null) {
                        if (0 != 0) {
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            fileOutputStream.close();
                        }
                    }
                    File createTempFile2 = TestFileUtils.createTempFile(this, ".certificate.der");
                    FileOutputStream fileOutputStream2 = new FileOutputStream(createTempFile2);
                    Throwable th5 = null;
                    try {
                        Certificate certificate = keyStore.getCertificate("rootca");
                        if (z) {
                            fileOutputStream2.write("-----BEGIN CERTIFICATE-----\n".getBytes());
                            String encodeToString2 = Base64.getEncoder().encodeToString(certificate.getEncoded());
                            while (encodeToString2.length() > 76) {
                                fileOutputStream2.write(encodeToString2.substring(0, 76).getBytes());
                                fileOutputStream2.write("\n".getBytes());
                                encodeToString2 = encodeToString2.substring(76);
                            }
                            fileOutputStream2.write(encodeToString2.getBytes());
                            fileOutputStream2.write("\n-----END CERTIFICATE-----".getBytes());
                        } else {
                            fileOutputStream2.write(certificate.getEncoded());
                        }
                        fileOutputStream2.flush();
                        if (fileOutputStream2 != null) {
                            if (0 != 0) {
                                try {
                                    fileOutputStream2.close();
                                } catch (Throwable th6) {
                                    th5.addSuppressed(th6);
                                }
                            } else {
                                fileOutputStream2.close();
                            }
                        }
                        return new File[]{createTempFile, createTempFile2};
                    } catch (Throwable th7) {
                        if (fileOutputStream2 != null) {
                            if (0 != 0) {
                                try {
                                    fileOutputStream2.close();
                                } catch (Throwable th8) {
                                    th5.addSuppressed(th8);
                                }
                            } else {
                                fileOutputStream2.close();
                            }
                        }
                        throw th7;
                    }
                } finally {
                }
            } catch (Throwable th9) {
                if (fileOutputStream != null) {
                    if (th != null) {
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th10) {
                            th.addSuppressed(th10);
                        }
                    } else {
                        fileOutputStream.close();
                    }
                }
                throw th9;
            }
        } catch (Throwable th11) {
            if (resourceAsStream != null) {
                if (th2 != null) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th12) {
                        th2.addSuppressed(th12);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
            throw th11;
        }
    }

    @Test
    public void testCreationOfTrustStoreFromValidPrivateKeyAndCertificateInDERFormat() throws Exception {
        runTestCreationOfTrustStoreFromValidPrivateKeyAndCertificateInDerFormat(false);
    }

    @Test
    public void testCreationOfTrustStoreFromValidPrivateKeyAndCertificateInPEMFormat() throws Exception {
        runTestCreationOfTrustStoreFromValidPrivateKeyAndCertificateInDerFormat(true);
    }

    private void runTestCreationOfTrustStoreFromValidPrivateKeyAndCertificateInDerFormat(boolean z) throws Exception {
        File[] extractResourcesFromTestKeyStore = extractResourcesFromTestKeyStore(z, KEYSTORE);
        this._testResources.addAll(Arrays.asList(extractResourcesFromTestKeyStore));
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myTestTrustStore");
        hashMap.put("privateKeyUrl", extractResourcesFromTestKeyStore[0].toURI().toURL().toExternalForm());
        hashMap.put("certificateUrl", extractResourcesFromTestKeyStore[1].toURI().toURL().toExternalForm());
        hashMap.put("type", "NonJavaKeyStore");
        KeyManager[] keyManagers = this._factory.create(org.apache.qpid.server.model.KeyStore.class, hashMap, this._broker).getKeyManagers();
        Assert.assertNotNull(keyManagers);
        Assert.assertEquals("Unexpected number of key managers", 1L, keyManagers.length);
        Assert.assertNotNull("Key manager is null", keyManagers[0]);
    }

    @Test
    public void testCreationOfTrustStoreFromValidPrivateKeyAndInvalidCertificate() throws Exception {
        File[] extractResourcesFromTestKeyStore = extractResourcesFromTestKeyStore(true, KEYSTORE);
        this._testResources.addAll(Arrays.asList(extractResourcesFromTestKeyStore));
        File createTempFile = TestFileUtils.createTempFile(this, ".invalid.cert", "content");
        this._testResources.add(createTempFile);
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myTestTrustStore");
        hashMap.put("privateKeyUrl", extractResourcesFromTestKeyStore[0].toURI().toURL().toExternalForm());
        hashMap.put("certificateUrl", createTempFile.toURI().toURL().toExternalForm());
        hashMap.put("type", "NonJavaKeyStore");
        try {
            this._factory.create(org.apache.qpid.server.model.KeyStore.class, hashMap, this._broker);
            Assert.fail("Created key store from invalid certificate");
        } catch (IllegalConfigurationException e) {
        }
    }

    @Test
    public void testCreationOfTrustStoreFromInvalidPrivateKeyAndValidCertificate() throws Exception {
        File[] extractResourcesFromTestKeyStore = extractResourcesFromTestKeyStore(true, KEYSTORE);
        this._testResources.addAll(Arrays.asList(extractResourcesFromTestKeyStore));
        File createTempFile = TestFileUtils.createTempFile(this, ".invalid.pk", "content");
        this._testResources.add(createTempFile);
        HashMap hashMap = new HashMap();
        hashMap.put("name", "myTestTrustStore");
        hashMap.put("privateKeyUrl", createTempFile.toURI().toURL().toExternalForm());
        hashMap.put("certificateUrl", extractResourcesFromTestKeyStore[1].toURI().toURL().toExternalForm());
        hashMap.put("type", "NonJavaKeyStore");
        try {
            this._factory.create(org.apache.qpid.server.model.KeyStore.class, hashMap, this._broker);
            Assert.fail("Created key store from invalid certificate");
        } catch (IllegalConfigurationException e) {
        }
    }

    @Test
    public void testExpiryCheckingFindsExpired() throws Exception {
        doCertExpiryChecking(1);
        ((MessageLogger) Mockito.verify(this._messageLogger, VerificationModeFactory.times(1))).message((LogMessage) ArgumentMatchers.argThat(new LogMessageArgumentMatcher()));
    }

    @Test
    public void testExpiryCheckingIgnoresValid() throws Exception {
        doCertExpiryChecking(-1);
        ((MessageLogger) Mockito.verify(this._messageLogger, Mockito.never())).message((LogMessage) ArgumentMatchers.argThat(new LogMessageArgumentMatcher()));
    }

    private void doCertExpiryChecking(int i) throws Exception {
        Mockito.when(this._broker.scheduleHouseKeepingTask(ArgumentMatchers.anyLong(), (TimeUnit) ArgumentMatchers.any(TimeUnit.class), (Runnable) ArgumentMatchers.any(Runnable.class))).thenReturn(Mockito.mock(ScheduledFuture.class));
        KeyStore keyStore = KeyStore.getInstance("pkcs12");
        InputStream resourceAsStream = getClass().getResourceAsStream(KEYSTORE);
        Throwable th = null;
        try {
            try {
                keyStore.load(resourceAsStream, "password".toCharArray());
                if (resourceAsStream != null) {
                    if (0 != 0) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
                int time = (int) ((((X509Certificate) keyStore.getCertificate("rootca")).getNotAfter().getTime() - System.currentTimeMillis()) / 86400000);
                File[] extractResourcesFromTestKeyStore = extractResourcesFromTestKeyStore(false, KEYSTORE);
                this._testResources.addAll(Arrays.asList(extractResourcesFromTestKeyStore));
                HashMap hashMap = new HashMap();
                hashMap.put("name", "myTestTrustStore");
                hashMap.put("privateKeyUrl", extractResourcesFromTestKeyStore[0].toURI().toURL().toExternalForm());
                hashMap.put("certificateUrl", extractResourcesFromTestKeyStore[1].toURI().toURL().toExternalForm());
                hashMap.put("context", Collections.singletonMap("qpid.keystore.certificateExpiryWarnPeriod", Integer.valueOf(time + i)));
                hashMap.put("type", "NonJavaKeyStore");
                this._factory.create(org.apache.qpid.server.model.KeyStore.class, hashMap, this._broker);
            } finally {
            }
        } catch (Throwable th3) {
            if (resourceAsStream != null) {
                if (th != null) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
            throw th3;
        }
    }
}
