package org.apache.qpid.server.security;

import java.io.FileInputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardCopyOption;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.BrokerModel;
import org.apache.qpid.server.model.BrokerTestHelper;
import org.apache.qpid.server.model.ConfiguredObjectFactory;
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.transport.network.security.ssl.QpidPeersOnlyTrustManager;
import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
import org.apache.qpid.server.util.DataUrlUtils;
import org.apache.qpid.test.utils.JvmVendor;
import org.apache.qpid.test.utils.UnitTestBase;
import org.apache.qpid.test.utils.tls.AlternativeName;
import org.apache.qpid.test.utils.tls.CertificateEntry;
import org.apache.qpid.test.utils.tls.KeyCertificatePair;
import org.apache.qpid.test.utils.tls.KeyStoreEntry;
import org.apache.qpid.test.utils.tls.PrivateKeyEntry;
import org.apache.qpid.test.utils.tls.SecretKeyEntry;
import org.apache.qpid.test.utils.tls.TlsResource;
import org.apache.qpid.test.utils.tls.TlsResourceBuilder;
import org.apache.qpid.test.utils.tls.TlsResourceHelper;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:org/apache/qpid/server/security/FileTrustStoreTest.class */
public class FileTrustStoreTest extends UnitTestBase {

    @ClassRule
    public static final TlsResource TLS_RESOURCE = new TlsResource();
    private static final Broker BROKER = BrokerTestHelper.createBrokerMock();
    private static final ConfiguredObjectFactory FACTORY = BrokerModel.getInstance().getObjectFactory();
    private static final String DN_FOO = "CN=foo";
    private static final String DN_BAR = "CN=bar";
    private static final String DN_CA = "CN=CA";
    private static final String CERTIFICATE_ALIAS_A = "a";
    private static final String CERTIFICATE_ALIAS_B = "b";
    private static final String NOT_A_CRL = "/not/a/crl";
    private static final String NAME = "myFileTrustStore";
    private static final String NOT_A_TRUSTSTORE = "/not/a/truststore";
    private static final String SECRET_KEY_ALIAS = "secret-key-alias";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/qpid/server/security/FileTrustStoreTest$StoreAndCrl.class */
    public static class StoreAndCrl<T> {
        private final T _store;
        private final T _crl;
        private final KeyCertificatePair _ca;

        private StoreAndCrl(T t, T t2, KeyCertificatePair keyCertificatePair) {
            this._store = t;
            this._crl = t2;
            this._ca = keyCertificatePair;
        }

        T getStore() {
            return this._store;
        }

        T getCrl() {
            return this._crl;
        }

        KeyCertificatePair getCa() {
            return this._ca;
        }
    }

    @Test
    public void testCreateFileTrustStoreWithoutCRL() throws Exception {
        Path createSelfSignedTrustStore = TLS_RESOURCE.createSelfSignedTrustStore(DN_FOO);
        HashMap hashMap = new HashMap();
        hashMap.put("name", NAME);
        hashMap.put("storeUrl", createSelfSignedTrustStore.toFile().getAbsolutePath());
        hashMap.put("password", TLS_RESOURCE.getSecret());
        hashMap.put("certificateRevocationCheckEnabled", false);
        TrustManager[] trustManagers = createFileTrustStore(hashMap).getTrustManagers();
        Assert.assertNotNull(trustManagers);
        Assert.assertEquals("Unexpected number of trust managers", 1L, trustManagers.length);
        Assert.assertNotNull("Trust manager unexpected null", trustManagers[0]);
    }

    @Test
    public void testCreateFileTrustStoreFromWithExplicitlySetCRL() throws Exception {
        StoreAndCrl<Path> generateTrustStoreAndCrl = generateTrustStoreAndCrl();
        HashMap hashMap = new HashMap();
        hashMap.put("name", NAME);
        hashMap.put("storeUrl", generateTrustStoreAndCrl.getStore().toFile().getAbsolutePath());
        hashMap.put("password", TLS_RESOURCE.getSecret());
        hashMap.put("certificateRevocationCheckEnabled", true);
        hashMap.put("certificateRevocationListUrl", generateTrustStoreAndCrl.getCrl().toFile().getPath());
        TrustManager[] trustManagers = createFileTrustStore(hashMap).getTrustManagers();
        Assert.assertNotNull(trustManagers);
        Assert.assertEquals("Unexpected number of trust managers", 1L, trustManagers.length);
        Assert.assertNotNull("Trust manager unexpected null", trustManagers[0]);
    }

    @Test
    public void testCreateTrustStoreFromFile_WrongPassword() throws Exception {
        Path createSelfSignedTrustStore = TLS_RESOURCE.createSelfSignedTrustStore(DN_FOO);
        HashMap hashMap = new HashMap();
        hashMap.put("name", NAME);
        hashMap.put("storeUrl", createSelfSignedTrustStore.toFile().getAbsolutePath());
        hashMap.put("password", TLS_RESOURCE.getSecret() + "_");
        hashMap.put("trustStoreType", TLS_RESOURCE.getKeyStoreType());
        KeyStoreTestHelper.checkExceptionThrownDuringKeyStoreCreation(FACTORY, BROKER, TrustStore.class, hashMap, "Check trust store password");
    }

    @Test
    public void testCreateTrustStoreFromFile_MissingCrlFile() throws Exception {
        Path createSelfSignedTrustStore = TLS_RESOURCE.createSelfSignedTrustStore(DN_FOO);
        HashMap hashMap = new HashMap();
        hashMap.put("name", NAME);
        hashMap.put("storeUrl", createSelfSignedTrustStore.toFile().getAbsolutePath());
        hashMap.put("password", TLS_RESOURCE.getSecret());
        hashMap.put("trustStoreType", TLS_RESOURCE.getKeyStoreType());
        hashMap.put("certificateRevocationListUrl", NOT_A_CRL);
        KeyStoreTestHelper.checkExceptionThrownDuringKeyStoreCreation(FACTORY, BROKER, TrustStore.class, hashMap, String.format("Unable to load certificate revocation list '%s' for truststore 'myFileTrustStore'", NOT_A_CRL));
    }

    @Test
    public void testCreatePeersOnlyTrustStoreFromFile_Success() throws Exception {
        Path createTrustStore = TLS_RESOURCE.createTrustStore(DN_FOO, TlsResourceBuilder.createKeyPairAndRootCA(DN_CA));
        HashMap hashMap = new HashMap();
        hashMap.put("name", NAME);
        hashMap.put("storeUrl", createTrustStore.toFile().getAbsolutePath());
        hashMap.put("password", TLS_RESOURCE.getSecret());
        hashMap.put("peersOnly", true);
        hashMap.put("trustStoreType", TLS_RESOURCE.getKeyStoreType());
        TrustManager[] trustManagers = createFileTrustStore(hashMap).getTrustManagers();
        Assert.assertNotNull(trustManagers);
        Assert.assertEquals("Unexpected number of trust managers", 1L, trustManagers.length);
        Assert.assertNotNull("Trust manager unexpected null", trustManagers[0]);
        Assert.assertTrue("Trust manager unexpected null", trustManagers[0] instanceof QpidPeersOnlyTrustManager);
    }

    @Test
    public void testUseOfExpiredTrustAnchorAllowed() throws Exception {
        Assume.assumeThat("IBMJSSE2 trust factory (IbmX509) validates the entire chain, including trusted certificates.", getJvmVendor(), CoreMatchers.is(CoreMatchers.not(CoreMatchers.equalTo(JvmVendor.IBM))));
        Path createTrustStoreWithExpiredCertificate = createTrustStoreWithExpiredCertificate();
        HashMap hashMap = new HashMap();
        hashMap.put("name", NAME);
        hashMap.put("storeUrl", createTrustStoreWithExpiredCertificate.toFile().getAbsolutePath());
        hashMap.put("password", TLS_RESOURCE.getSecret());
        hashMap.put("trustStoreType", TLS_RESOURCE.getKeyStoreType());
        TrustManager[] trustManagers = createFileTrustStore(hashMap).getTrustManagers();
        Assert.assertNotNull(trustManagers);
        Assert.assertEquals("Unexpected number of trust managers", 1L, trustManagers.length);
        Assert.assertTrue("Unexpected trust manager type", trustManagers[0] instanceof X509TrustManager);
        X509TrustManager x509TrustManager = (X509TrustManager) trustManagers[0];
        KeyStore initializedKeyStore = SSLUtil.getInitializedKeyStore(createTrustStoreWithExpiredCertificate.toFile().getAbsolutePath(), TLS_RESOURCE.getSecret(), TLS_RESOURCE.getKeyStoreType());
        x509TrustManager.checkClientTrusted(new X509Certificate[]{(X509Certificate) initializedKeyStore.getCertificate(initializedKeyStore.aliases().nextElement())}, "NULL");
    }

    @Test
    public void testUseOfExpiredTrustAnchorDenied() throws Exception {
        Path createTrustStoreWithExpiredCertificate = createTrustStoreWithExpiredCertificate();
        HashMap hashMap = new HashMap();
        hashMap.put("name", NAME);
        hashMap.put("trustAnchorValidityEnforced", true);
        hashMap.put("storeUrl", createTrustStoreWithExpiredCertificate.toFile().getAbsolutePath());
        hashMap.put("password", TLS_RESOURCE.getSecret());
        hashMap.put("trustStoreType", TLS_RESOURCE.getKeyStoreType());
        TrustManager[] trustManagers = createFileTrustStore(hashMap).getTrustManagers();
        Assert.assertNotNull(trustManagers);
        Assert.assertEquals("Unexpected number of trust managers", 1L, trustManagers.length);
        Assert.assertTrue("Unexpected trust manager type", trustManagers[0] instanceof X509TrustManager);
        X509TrustManager x509TrustManager = (X509TrustManager) trustManagers[0];
        KeyStore initializedKeyStore = SSLUtil.getInitializedKeyStore(createTrustStoreWithExpiredCertificate.toFile().getAbsolutePath(), TLS_RESOURCE.getSecret(), TLS_RESOURCE.getKeyStoreType());
        try {
            x509TrustManager.checkClientTrusted(new X509Certificate[]{(X509Certificate) initializedKeyStore.getCertificate(initializedKeyStore.aliases().nextElement())}, "NULL");
            Assert.fail("Exception not thrown");
        } catch (CertificateException e) {
            if (!(e instanceof CertificateExpiredException) && !"Certificate expired".equals(e.getMessage())) {
                throw e;
            }
        }
    }

    @Test
    public void testCreateTrustStoreFromDataUrl_Success() throws Exception {
        StoreAndCrl<String> generateTrustStoreAndCrlAsDataUrl = generateTrustStoreAndCrlAsDataUrl();
        HashMap hashMap = new HashMap();
        hashMap.put("name", NAME);
        hashMap.put("storeUrl", generateTrustStoreAndCrlAsDataUrl.getStore());
        hashMap.put("password", TLS_RESOURCE.getSecret());
        hashMap.put("trustStoreType", TLS_RESOURCE.getKeyStoreType());
        hashMap.put("certificateRevocationCheckEnabled", true);
        hashMap.put("certificateRevocationListUrl", generateTrustStoreAndCrlAsDataUrl.getCrl());
        TrustManager[] trustManagers = createFileTrustStore(hashMap).getTrustManagers();
        Assert.assertNotNull(trustManagers);
        Assert.assertEquals("Unexpected number of trust managers", 1L, trustManagers.length);
        Assert.assertNotNull("Trust manager unexpected null", trustManagers[0]);
    }

    @Test
    public void testCreateTrustStoreFromDataUrl_WrongPassword() throws Exception {
        String createSelfSignedTrustStoreAsDataUrl = TLS_RESOURCE.createSelfSignedTrustStoreAsDataUrl(DN_FOO);
        HashMap hashMap = new HashMap();
        hashMap.put("name", NAME);
        hashMap.put("password", TLS_RESOURCE.getSecret() + "_");
        hashMap.put("storeUrl", createSelfSignedTrustStoreAsDataUrl);
        hashMap.put("trustStoreType", TLS_RESOURCE.getKeyStoreType());
        KeyStoreTestHelper.checkExceptionThrownDuringKeyStoreCreation(FACTORY, BROKER, TrustStore.class, hashMap, "Check trust store password");
    }

    @Test
    public void testCreateTrustStoreFromDataUrl_BadTruststoreBytes() {
        String dataUrlForBytes = DataUrlUtils.getDataUrlForBytes("notatruststore".getBytes());
        HashMap hashMap = new HashMap();
        hashMap.put("name", NAME);
        hashMap.put("password", TLS_RESOURCE.getSecret());
        hashMap.put("storeUrl", dataUrlForBytes);
        hashMap.put("trustStoreType", TLS_RESOURCE.getKeyStoreType());
        KeyStoreTestHelper.checkExceptionThrownDuringKeyStoreCreation(FACTORY, BROKER, TrustStore.class, hashMap, "Cannot instantiate trust store");
    }

    @Test
    public void testUpdateTrustStore_Success() throws Exception {
        StoreAndCrl<Path> generateTrustStoreAndCrl = generateTrustStoreAndCrl();
        HashMap hashMap = new HashMap();
        hashMap.put("name", NAME);
        hashMap.put("storeUrl", generateTrustStoreAndCrl.getStore().toFile().getAbsolutePath());
        hashMap.put("password", TLS_RESOURCE.getSecret());
        hashMap.put("trustStoreType", TLS_RESOURCE.getKeyStoreType());
        hashMap.put("certificateRevocationCheckEnabled", true);
        hashMap.put("certificateRevocationListUrl", generateTrustStoreAndCrl.getCrl().toFile().getAbsolutePath());
        FileTrustStore<?> createFileTrustStore = createFileTrustStore(hashMap);
        Assert.assertEquals("Unexpected path value before change", generateTrustStoreAndCrl.getStore().toFile().getAbsolutePath(), createFileTrustStore.getStoreUrl());
        try {
            createFileTrustStore.setAttributes(Collections.singletonMap("storeUrl", NOT_A_TRUSTSTORE));
            Assert.fail("Exception not thrown");
        } catch (IllegalConfigurationException e) {
            String message = e.getMessage();
            Assert.assertTrue("Exception text not as unexpected:" + message, message.contains("Cannot instantiate trust store"));
        }
        Assert.assertEquals("Unexpected keystore path value after failed change", generateTrustStoreAndCrl.getStore().toFile().getAbsolutePath(), createFileTrustStore.getStoreUrl());
        try {
            createFileTrustStore.setAttributes(Collections.singletonMap("certificateRevocationListUrl", NOT_A_CRL));
            Assert.fail("Exception not thrown");
        } catch (IllegalConfigurationException e2) {
            String message2 = e2.getMessage();
            Assert.assertTrue("Exception text not as unexpected:" + message2, message2.contains(String.format("Unable to load certificate revocation list '%s' for truststore '%s'", NOT_A_CRL, NAME)));
        }
        Assert.assertEquals("Unexpected CRL path value after failed change", generateTrustStoreAndCrl.getCrl().toFile().getAbsolutePath(), createFileTrustStore.getCertificateRevocationListUrl());
        Assert.assertEquals("Unexpected path value after failed change", generateTrustStoreAndCrl.getStore().toFile().getAbsolutePath(), createFileTrustStore.getStoreUrl());
        Path createTrustStore = TLS_RESOURCE.createTrustStore(DN_FOO, generateTrustStoreAndCrl.getCa());
        Path createCrl = TLS_RESOURCE.createCrl(generateTrustStoreAndCrl.getCa(), new X509Certificate[0]);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("storeUrl", createTrustStore.toFile().getAbsolutePath());
        hashMap2.put("password", TLS_RESOURCE.getSecret());
        hashMap2.put("certificateRevocationListUrl", createCrl.toFile().getAbsolutePath());
        createFileTrustStore.setAttributes(hashMap2);
        Assert.assertEquals("Unexpected keystore path value after change that is expected to be successful", createTrustStore.toFile().getAbsolutePath(), createFileTrustStore.getStoreUrl());
        Assert.assertEquals("Unexpected CRL path value after change that is expected to be successful", createCrl.toFile().getAbsolutePath(), createFileTrustStore.getCertificateRevocationListUrl());
    }

    @Test
    public void testEmptyTrustStoreRejected() throws Exception {
        Path createKeyStore = TLS_RESOURCE.createKeyStore(new KeyStoreEntry[0]);
        HashMap hashMap = new HashMap();
        hashMap.put("name", NAME);
        hashMap.put("password", TLS_RESOURCE.getSecret());
        hashMap.put("storeUrl", createKeyStore.toFile().getAbsolutePath());
        hashMap.put("trustStoreType", TLS_RESOURCE.getKeyStoreType());
        KeyStoreTestHelper.checkExceptionThrownDuringKeyStoreCreation(FACTORY, BROKER, TrustStore.class, hashMap, "must contain at least one certificate");
    }

    @Test
    public void testTrustStoreWithNoCertificateRejected() throws Exception {
        Path createSelfSignedKeyStore = TLS_RESOURCE.createSelfSignedKeyStore(DN_FOO);
        HashMap hashMap = new HashMap();
        hashMap.put("name", getTestName());
        hashMap.put("password", TLS_RESOURCE.getSecret());
        hashMap.put("storeUrl", createSelfSignedKeyStore.toFile().getAbsolutePath());
        hashMap.put("trustStoreType", TLS_RESOURCE.getKeyStoreType());
        KeyStoreTestHelper.checkExceptionThrownDuringKeyStoreCreation(FACTORY, BROKER, TrustStore.class, hashMap, "must contain at least one certificate");
    }

    @Test
    public void testSymmetricKeyEntryIgnored() throws Exception {
        Path createSelfSignedKeyStoreWithSecretKeyAndCertificate = createSelfSignedKeyStoreWithSecretKeyAndCertificate("jceks", DN_FOO);
        HashMap hashMap = new HashMap();
        hashMap.put("name", getTestName());
        hashMap.put("password", TLS_RESOURCE.getSecret());
        hashMap.put("storeUrl", createSelfSignedKeyStoreWithSecretKeyAndCertificate.toFile().getAbsolutePath());
        hashMap.put("trustStoreType", "jceks");
        Assert.assertEquals("Unexpected number of certificates", getNumberOfCertificates(createSelfSignedKeyStoreWithSecretKeyAndCertificate, "jceks"), createFileTrustStore(hashMap).getCertificates().length);
    }

    @Test
    public void testPrivateKeyEntryIgnored() throws Exception {
        Path createSelfSignedKeyStoreWithCertificate = TLS_RESOURCE.createSelfSignedKeyStoreWithCertificate(DN_FOO);
        HashMap hashMap = new HashMap();
        hashMap.put("name", getTestName());
        hashMap.put("password", TLS_RESOURCE.getSecret());
        hashMap.put("storeUrl", createSelfSignedKeyStoreWithCertificate.toFile().getAbsolutePath());
        hashMap.put("trustStoreType", TLS_RESOURCE.getKeyStoreType());
        Assert.assertEquals("Unexpected number of certificates", getNumberOfCertificates(createSelfSignedKeyStoreWithCertificate, TLS_RESOURCE.getKeyStoreType()), createFileTrustStore(hashMap).getCertificates().length);
    }

    @Test
    public void testReloadKeystore() throws Exception {
        Path createSelfSignedKeyStoreWithCertificate = TLS_RESOURCE.createSelfSignedKeyStoreWithCertificate(DN_FOO);
        Path createSelfSignedKeyStoreWithCertificate2 = TLS_RESOURCE.createSelfSignedKeyStoreWithCertificate(DN_BAR);
        HashMap hashMap = new HashMap();
        hashMap.put("name", getTestName());
        hashMap.put("storeUrl", createSelfSignedKeyStoreWithCertificate.toFile().getAbsolutePath());
        hashMap.put("password", TLS_RESOURCE.getSecret());
        FileTrustStore<?> createFileTrustStore = createFileTrustStore(hashMap);
        Assert.assertEquals(DN_FOO, getCertificate(createFileTrustStore).getIssuerX500Principal().getName());
        Files.copy(createSelfSignedKeyStoreWithCertificate2, createSelfSignedKeyStoreWithCertificate, StandardCopyOption.REPLACE_EXISTING);
        createFileTrustStore.reload();
        Assert.assertEquals(DN_BAR, getCertificate(createFileTrustStore).getIssuerX500Principal().getName());
    }

    private FileTrustStore<?> createFileTrustStore(Map<String, Object> map) {
        return FACTORY.create(TrustStore.class, map, BROKER);
    }

    private X509Certificate getCertificate(FileTrustStore fileTrustStore) throws GeneralSecurityException {
        Certificate[] certificates = fileTrustStore.getCertificates();
        Assert.assertNotNull(certificates);
        Assert.assertEquals(1L, certificates.length);
        Certificate certificate = certificates[0];
        Assert.assertTrue(certificate instanceof X509Certificate);
        return (X509Certificate) certificate;
    }

    private int getNumberOfCertificates(Path path, String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(str);
        FileInputStream fileInputStream = new FileInputStream(path.toFile());
        try {
            keyStore.load(fileInputStream, TLS_RESOURCE.getSecret().toCharArray());
            fileInputStream.close();
            int i = 0;
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                if (keyStore.isCertificateEntry(aliases.nextElement())) {
                    i++;
                }
            }
            return i;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private Path createTrustStoreWithExpiredCertificate() throws Exception {
        return TLS_RESOURCE.createSelfSignedTrustStore(DN_FOO, Instant.now().minus(10L, (TemporalUnit) ChronoUnit.DAYS), Instant.now().minus(5L, (TemporalUnit) ChronoUnit.DAYS));
    }

    public Path createSelfSignedKeyStoreWithSecretKeyAndCertificate(String str, String str2) throws Exception {
        KeyCertificatePair createSelfSigned = TlsResourceBuilder.createSelfSigned(str2, new AlternativeName[0]);
        return TLS_RESOURCE.createKeyStore(str, new KeyStoreEntry[]{new PrivateKeyEntry(TLS_RESOURCE.getPrivateKeyAlias(), createSelfSigned.getPrivateKey(), new Certificate[]{createSelfSigned.getCertificate()}), new CertificateEntry(TLS_RESOURCE.getCertificateAlias(), createSelfSigned.getCertificate()), new SecretKeyEntry(SECRET_KEY_ALIAS, TlsResourceHelper.createAESSecretKey())});
    }

    private StoreAndCrl<Path> generateTrustStoreAndCrl() throws Exception {
        KeyCertificatePair createKeyPairAndRootCA = TlsResourceBuilder.createKeyPairAndRootCA(DN_CA);
        KeyCertificatePair createKeyPairAndCertificate = TlsResourceBuilder.createKeyPairAndCertificate(DN_FOO, createKeyPairAndRootCA, new AlternativeName[0]);
        KeyCertificatePair createKeyPairAndCertificate2 = TlsResourceBuilder.createKeyPairAndCertificate(DN_BAR, createKeyPairAndRootCA, new AlternativeName[0]);
        return new StoreAndCrl<>(TLS_RESOURCE.createKeyStore(new KeyStoreEntry[]{new CertificateEntry(CERTIFICATE_ALIAS_A, createKeyPairAndCertificate.getCertificate()), new CertificateEntry(CERTIFICATE_ALIAS_B, createKeyPairAndCertificate2.getCertificate())}), TLS_RESOURCE.createCrl(createKeyPairAndRootCA, new X509Certificate[]{createKeyPairAndCertificate2.getCertificate()}), createKeyPairAndRootCA);
    }

    private StoreAndCrl<String> generateTrustStoreAndCrlAsDataUrl() throws Exception {
        KeyCertificatePair createKeyPairAndRootCA = TlsResourceBuilder.createKeyPairAndRootCA(DN_CA);
        KeyCertificatePair createKeyPairAndCertificate = TlsResourceBuilder.createKeyPairAndCertificate(DN_FOO, createKeyPairAndRootCA, new AlternativeName[0]);
        KeyCertificatePair createKeyPairAndCertificate2 = TlsResourceBuilder.createKeyPairAndCertificate(DN_BAR, createKeyPairAndRootCA, new AlternativeName[0]);
        return new StoreAndCrl<>(TLS_RESOURCE.createKeyStoreAsDataUrl(new KeyStoreEntry[]{new CertificateEntry(CERTIFICATE_ALIAS_A, createKeyPairAndCertificate.getCertificate()), new CertificateEntry(CERTIFICATE_ALIAS_B, createKeyPairAndCertificate2.getCertificate())}), TLS_RESOURCE.createCrlAsDataUrl(createKeyPairAndRootCA, new X509Certificate[]{createKeyPairAndCertificate2.getCertificate()}), createKeyPairAndRootCA);
    }
}
