package org.apache.qpid.server.security.encryption;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.FileVisitResult;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.SimpleFileVisitor;
import java.nio.file.attribute.BasicFileAttributes;
import java.nio.file.attribute.FileAttribute;
import java.nio.file.attribute.PosixFileAttributeView;
import java.nio.file.attribute.PosixFilePermission;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Map;
import java.util.UUID;
import javax.crypto.Cipher;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.test.utils.UnitTestBase;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;

/* loaded from: input_file:org/apache/qpid/server/security/encryption/AESKeyFileEncrypterFactoryTest.class */
public class AESKeyFileEncrypterFactoryTest extends UnitTestBase {
    private Broker _broker;
    private Path _tmpDir;
    private AESKeyFileEncrypterFactory _factory;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/qpid/server/security/encryption/AESKeyFileEncrypterFactoryTest$KeyFilePathChecker.class */
    public class KeyFilePathChecker extends SimpleFileVisitor<Path> {
        private final String _fileName;
        private final String _subdirName;
        private Path _keyFile;
        private boolean _inKeysSubdir;

        public KeyFilePathChecker(AESKeyFileEncrypterFactoryTest aESKeyFileEncrypterFactoryTest) {
            this(".keys", "Broker_" + aESKeyFileEncrypterFactoryTest.getTestName() + ".key");
        }

        public KeyFilePathChecker(String str, String str2) {
            this._subdirName = str;
            this._fileName = str2;
        }

        @Override // java.nio.file.SimpleFileVisitor, java.nio.file.FileVisitor
        public FileVisitResult preVisitDirectory(Path path, BasicFileAttributes basicFileAttributes) throws IOException {
            if (this._inKeysSubdir || !path.endsWith(this._subdirName)) {
                return this._inKeysSubdir ? FileVisitResult.SKIP_SUBTREE : FileVisitResult.CONTINUE;
            }
            this._inKeysSubdir = true;
            Assert.assertFalse(Files.getPosixFilePermissions(path, new LinkOption[0]).contains(PosixFilePermission.OTHERS_READ));
            Assert.assertFalse(Files.getPosixFilePermissions(path, new LinkOption[0]).contains(PosixFilePermission.OTHERS_WRITE));
            Assert.assertFalse(Files.getPosixFilePermissions(path, new LinkOption[0]).contains(PosixFilePermission.OTHERS_EXECUTE));
            Assert.assertFalse(Files.getPosixFilePermissions(path, new LinkOption[0]).contains(PosixFilePermission.GROUP_READ));
            Assert.assertFalse(Files.getPosixFilePermissions(path, new LinkOption[0]).contains(PosixFilePermission.GROUP_WRITE));
            Assert.assertFalse(Files.getPosixFilePermissions(path, new LinkOption[0]).contains(PosixFilePermission.GROUP_EXECUTE));
            return FileVisitResult.CONTINUE;
        }

        @Override // java.nio.file.SimpleFileVisitor, java.nio.file.FileVisitor
        public FileVisitResult visitFile(Path path, BasicFileAttributes basicFileAttributes) throws IOException {
            if (!this._inKeysSubdir || !path.endsWith(this._fileName)) {
                return FileVisitResult.CONTINUE;
            }
            this._keyFile = path;
            Assert.assertFalse(Files.getPosixFilePermissions(path, new LinkOption[0]).contains(PosixFilePermission.OTHERS_READ));
            Assert.assertFalse(Files.getPosixFilePermissions(path, new LinkOption[0]).contains(PosixFilePermission.OTHERS_WRITE));
            Assert.assertFalse(Files.getPosixFilePermissions(path, new LinkOption[0]).contains(PosixFilePermission.OTHERS_EXECUTE));
            Assert.assertFalse(Files.getPosixFilePermissions(path, new LinkOption[0]).contains(PosixFilePermission.GROUP_READ));
            Assert.assertFalse(Files.getPosixFilePermissions(path, new LinkOption[0]).contains(PosixFilePermission.GROUP_WRITE));
            Assert.assertFalse(Files.getPosixFilePermissions(path, new LinkOption[0]).contains(PosixFilePermission.GROUP_EXECUTE));
            return FileVisitResult.TERMINATE;
        }

        @Override // java.nio.file.SimpleFileVisitor, java.nio.file.FileVisitor
        public FileVisitResult postVisitDirectory(Path path, IOException iOException) throws IOException {
            this._inKeysSubdir = false;
            return FileVisitResult.CONTINUE;
        }

        public Path getKeyFile() {
            return this._keyFile;
        }
    }

    @Before
    public void setUp() throws Exception {
        this._broker = (Broker) Mockito.mock(Broker.class);
        this._tmpDir = Files.createTempDirectory(getTestName(), new FileAttribute[0]);
        Mockito.when(this._broker.getContextKeys(ArgumentMatchers.eq(false))).thenReturn(Collections.emptySet());
        Mockito.when(this._broker.getContextValue((Class) ArgumentMatchers.eq(String.class), (String) ArgumentMatchers.eq("qpid.work_dir"))).thenReturn(this._tmpDir.toString());
        Mockito.when(this._broker.getCategoryClass()).thenReturn(Broker.class);
        Mockito.when(this._broker.getName()).thenReturn(getTestName());
        final ArgumentCaptor forClass = ArgumentCaptor.forClass(Map.class);
        ((Broker) Mockito.doAnswer(new Answer<Void>() { // from class: org.apache.qpid.server.security.encryption.AESKeyFileEncrypterFactoryTest.1
            /* renamed from: answer, reason: merged with bridge method [inline-methods] */
            public Void m85answer(InvocationOnMock invocationOnMock) throws Throwable {
                if (!((Map) forClass.getValue()).containsKey("context")) {
                    return null;
                }
                Mockito.when(AESKeyFileEncrypterFactoryTest.this._broker.getContext()).thenReturn((Map) ((Map) forClass.getValue()).get("context"));
                return null;
            }
        }).when(this._broker)).setAttributes((Map) forClass.capture());
        this._factory = new AESKeyFileEncrypterFactory();
    }

    @Test
    public void testCreateKeyInDefaultLocation() throws Exception {
        if (isStrongEncryptionEnabled() && supportsPosixFileAttributes()) {
            ConfigurationSecretEncrypter createEncrypter = this._factory.createEncrypter(this._broker);
            KeyFilePathChecker keyFilePathChecker = new KeyFilePathChecker(this);
            doChecks(createEncrypter, keyFilePathChecker);
            Assert.assertEquals(keyFilePathChecker.getKeyFile().toString(), (String) this._broker.getContext().get("encrypter.key.file"));
        }
    }

    private void doChecks(ConfigurationSecretEncrypter configurationSecretEncrypter, KeyFilePathChecker keyFilePathChecker) throws IOException {
        Files.walkFileTree(this._tmpDir, keyFilePathChecker);
        Assert.assertNotNull(keyFilePathChecker.getKeyFile());
        Assert.assertEquals("notasecret", configurationSecretEncrypter.decrypt(configurationSecretEncrypter.encrypt("notasecret")));
    }

    @Test
    public void testSettingContextKeyLeadsToFileCreation() throws Exception {
        if (isStrongEncryptionEnabled() && supportsPosixFileAttributes()) {
            String str = UUID.randomUUID().toString() + ".key";
            String str2 = getTestName() + File.separator + "test";
            String str3 = this._tmpDir.toString() + File.separator + str2 + File.separator + str;
            Mockito.when(this._broker.getContextKeys(ArgumentMatchers.eq(false))).thenReturn(Collections.singleton("encrypter.key.file"));
            Mockito.when(this._broker.getContextValue((Class) ArgumentMatchers.eq(String.class), (String) ArgumentMatchers.eq("encrypter.key.file"))).thenReturn(str3);
            doChecks(this._factory.createEncrypter(this._broker), new KeyFilePathChecker(str2, str));
        }
    }

    @Test
    public void testUnableToCreateFileInSpecifiedLocation() throws Exception {
        if (isStrongEncryptionEnabled()) {
            String str = this._tmpDir.toString() + File.separator + (getTestName() + File.separator + "test") + File.separator + (UUID.randomUUID().toString() + ".key");
            Mockito.when(this._broker.getContextKeys(ArgumentMatchers.eq(false))).thenReturn(Collections.singleton("encrypter.key.file"));
            Mockito.when(this._broker.getContextValue((Class) ArgumentMatchers.eq(String.class), (String) ArgumentMatchers.eq("encrypter.key.file"))).thenReturn(str);
            Files.createDirectories(Paths.get(str, new String[0]), new FileAttribute[0]);
            try {
                this._factory.createEncrypter(this._broker);
                Assert.fail("should not be able to create a key file where a directory currently is");
            } catch (IllegalArgumentException e) {
            }
        }
    }

    @Test
    public void testPermissionsAreChecked() throws Exception {
        if (isStrongEncryptionEnabled() && supportsPosixFileAttributes()) {
            String str = UUID.randomUUID().toString() + ".key";
            String str2 = getTestName() + File.separator + "test";
            String str3 = this._tmpDir.toString() + File.separator + str2 + File.separator + str;
            Mockito.when(this._broker.getContextKeys(ArgumentMatchers.eq(false))).thenReturn(Collections.singleton("encrypter.key.file"));
            Mockito.when(this._broker.getContextValue((Class) ArgumentMatchers.eq(String.class), (String) ArgumentMatchers.eq("encrypter.key.file"))).thenReturn(str3);
            Files.createDirectories(Paths.get(this._tmpDir.toString(), str2), new FileAttribute[0]);
            File file = new File(str3);
            file.createNewFile();
            Files.setPosixFilePermissions(file.toPath(), EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.GROUP_READ));
            try {
                this._factory.createEncrypter(this._broker);
                Assert.fail("should not be able to create a key file where the file is readable");
            } catch (IllegalArgumentException e) {
            }
        }
    }

    @Test
    public void testInvalidKey() throws Exception {
        if (isStrongEncryptionEnabled() && supportsPosixFileAttributes()) {
            String str = UUID.randomUUID().toString() + ".key";
            String str2 = getTestName() + File.separator + "test";
            String str3 = this._tmpDir.toString() + File.separator + str2 + File.separator + str;
            Mockito.when(this._broker.getContextKeys(ArgumentMatchers.eq(false))).thenReturn(Collections.singleton("encrypter.key.file"));
            Mockito.when(this._broker.getContextValue((Class) ArgumentMatchers.eq(String.class), (String) ArgumentMatchers.eq("encrypter.key.file"))).thenReturn(str3);
            Files.createDirectories(Paths.get(this._tmpDir.toString(), str2), new FileAttribute[0]);
            File file = new File(str3);
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            Throwable th = null;
            try {
                try {
                    fileOutputStream.write("This is not an AES key.  It is a string saying it is not an AES key".getBytes(StandardCharsets.US_ASCII));
                    if (fileOutputStream != null) {
                        if (0 != 0) {
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileOutputStream.close();
                        }
                    }
                    Files.setPosixFilePermissions(file.toPath(), EnumSet.of(PosixFilePermission.OWNER_READ));
                    try {
                        this._factory.createEncrypter(this._broker);
                        Assert.fail("should not be able to start where the key is not a valid key");
                    } catch (IllegalArgumentException e) {
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } catch (Throwable th4) {
                if (fileOutputStream != null) {
                    if (th != null) {
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        fileOutputStream.close();
                    }
                }
                throw th4;
            }
        }
    }

    private boolean supportsPosixFileAttributes() throws IOException {
        return Files.getFileAttributeView(this._tmpDir, PosixFileAttributeView.class, new LinkOption[0]) != null;
    }

    @After
    public void tearDown() throws Exception {
        Files.walkFileTree(this._tmpDir, new SimpleFileVisitor<Path>() { // from class: org.apache.qpid.server.security.encryption.AESKeyFileEncrypterFactoryTest.2
            @Override // java.nio.file.SimpleFileVisitor, java.nio.file.FileVisitor
            public FileVisitResult visitFile(Path path, BasicFileAttributes basicFileAttributes) throws IOException {
                Files.delete(path);
                return FileVisitResult.CONTINUE;
            }

            @Override // java.nio.file.SimpleFileVisitor, java.nio.file.FileVisitor
            public FileVisitResult postVisitDirectory(Path path, IOException iOException) throws IOException {
                Files.delete(path);
                return FileVisitResult.CONTINUE;
            }
        });
    }

    private boolean isStrongEncryptionEnabled() throws NoSuchAlgorithmException {
        return Cipher.getMaxAllowedKeyLength("AES") >= 256;
    }
}
