package org.apache.qpid.server.security.encryption;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.util.concurrent.SettableFuture;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.concurrent.TimeUnit;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.qpid.server.SystemLauncher;
import org.apache.qpid.server.SystemLauncherListener;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.SystemConfig;
import org.apache.qpid.server.model.User;
import org.apache.qpid.server.security.auth.TestPrincipalUtils;
import org.apache.qpid.server.util.FileUtils;
import org.apache.qpid.test.utils.UnitTestBase;
import org.hamcrest.CoreMatchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/qpid/server/security/encryption/AESGCMKeyFileEncrypterTest.class */
public class AESGCMKeyFileEncrypterTest extends UnitTestBase {
    private static final String SECRET = "secret";
    public static final int BROKER_START_TIMEOUT = 10;
    private final SecureRandom _random = new SecureRandom();
    private Path _configurationLocation;
    private Path _workDir;
    private Broker<?> _broker;
    private SystemLauncher _systemLauncher;
    private static SecretKeySpec secretKey;

    @Before
    public void setUp() throws Exception {
        Assume.assumeThat(Boolean.valueOf(AbstractAESKeyFileEncrypterFactoryTest.isStrongEncryptionEnabled()), CoreMatchers.is(true));
        byte[] bArr = new byte[32];
        this._random.nextBytes(bArr);
        secretKey = new SecretKeySpec(bArr, "AES");
    }

    @After
    public void tearDown() throws Exception {
        if (this._systemLauncher != null) {
            this._systemLauncher.shutdown();
        }
        if (this._workDir != null) {
            FileUtils.deleteDirectory(this._workDir.toFile().getAbsolutePath());
        }
    }

    @Test
    public void testRepeatedEncryptionsReturnDifferentValues() {
        AESGCMKeyFileEncrypter aESGCMKeyFileEncrypter = new AESGCMKeyFileEncrypter(secretKey);
        HashSet hashSet = new HashSet();
        for (int i = 0; i < 10; i++) {
            hashSet.add(aESGCMKeyFileEncrypter.encrypt("secret"));
        }
        Assert.assertEquals("Not all encryptions were distinct", 10L, hashSet.size());
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            Assert.assertEquals("Not all encryptions decrypt correctly", "secret", aESGCMKeyFileEncrypter.decrypt((String) it.next()));
        }
    }

    @Test
    public void testCreationFailsOnInvalidSecret() throws Exception {
        try {
            new AESGCMKeyFileEncrypter((SecretKey) null);
            Assert.fail("An encrypter should not be creatable from a null key");
        } catch (IllegalArgumentException e) {
            Assert.assertTrue("Unexpected exception message:" + e.getMessage(), e.getMessage().contains("A non null secret key must be supplied"));
        }
        try {
            new AESGCMKeyFileEncrypter(SecretKeyFactory.getInstance("PBEWithMD5AndDES").generateSecret(new PBEKeySpec("secret".toCharArray())));
            Assert.fail("An encrypter should not be creatable from the wrong type of secret key");
        } catch (IllegalArgumentException e2) {
            Assert.assertTrue("Unexpected exception message:" + e2.getMessage(), e2.getMessage().contains("Provided secret key was for the algorithm: PBEWithMD5AndDES when AES was needed."));
        }
    }

    @Test
    public void testEncryptionOfEmptyString() {
        doTestSimpleEncryptDecrypt("");
    }

    @Test
    public void testEncryptingNullFails() {
        try {
            new AESGCMKeyFileEncrypter(secretKey).encrypt((String) null);
            Assert.fail("Attempting to encrypt null should fail");
        } catch (NullPointerException e) {
        }
    }

    @Test
    public void testEncryptingVeryLargeSecret() {
        byte[] bArr = new byte[4096];
        new Random().nextBytes(bArr);
        for (int i = 0; i < bArr.length; i++) {
            bArr[i] = (byte) (bArr[i] & 239);
        }
        doTestSimpleEncryptDecrypt(new String(bArr, StandardCharsets.US_ASCII));
    }

    @Test
    public void testDecryptNonsense() {
        AESGCMKeyFileEncrypter aESGCMKeyFileEncrypter = new AESGCMKeyFileEncrypter(secretKey);
        try {
            aESGCMKeyFileEncrypter.decrypt((String) null);
            Assert.fail("Should not decrypt a null value");
        } catch (NullPointerException e) {
        }
        try {
            aESGCMKeyFileEncrypter.decrypt("");
            Assert.fail("Should not decrypt the empty String");
        } catch (IllegalArgumentException e2) {
        }
        try {
            aESGCMKeyFileEncrypter.decrypt("thisisnonsense");
            Assert.fail("Should not decrypt a small amount of nonsense");
        } catch (IllegalArgumentException e3) {
        }
        try {
            aESGCMKeyFileEncrypter.decrypt("thisisn'tvalidBase64!soitshouldfailwithanIllegalArgumentException");
            Assert.fail("Should not decrypt a larger amount of nonsense");
        } catch (IllegalArgumentException e4) {
        }
    }

    @Test
    public void testChangeOfEncryptionToGCM() throws Exception {
        createBrokerAndAuthenticationProviderWithEncrypterPassword("AESKeyFile");
        String encryptedPasswordFromConfig = getEncryptedPasswordFromConfig();
        SecretKeySpec secretKeySpec = new SecretKeySpec(getBrokerSecretKey(), "AES");
        Assert.assertEquals("Decrypted text doesnt match original", "secret", new AESKeyFileEncrypter(secretKeySpec).decrypt(encryptedPasswordFromConfig));
        this._broker.setAttributes(Collections.singletonMap("confidentialConfigurationEncryptionProvider", "AESGCMKeyFile"));
        Assert.assertEquals("Decrypted text doesnt match original", "secret", new AESGCMKeyFileEncrypter(secretKeySpec).decrypt(getEncryptedPasswordFromConfig()));
    }

    @Test
    public void testSetKeyLocationAsExpression() throws Exception {
        Path createTempDirectory = Files.createTempDirectory("qpid_work_dir", new FileAttribute[0]);
        File file = new File(createTempDirectory.toFile(), "test.key");
        AbstractAESKeyFileEncrypterFactory.createAndPopulateKeyFile(file);
        createBrokerAndAuthenticationProviderWithEncrypterPassword("AESGCMKeyFile", createTempDirectory, Collections.singletonMap("encrypter.key.file", "${qpid.work_dir}" + File.separator + file.getName()));
        Assert.assertEquals("Decrypted text doesnt match original", "secret", new AESGCMKeyFileEncrypter(new SecretKeySpec(Files.readAllBytes(file.toPath()), "AES")).decrypt(getEncryptedPasswordFromConfig()));
    }

    @Test
    public void testChangeOfEncryptionToAES() throws Exception {
        createBrokerAndAuthenticationProviderWithEncrypterPassword("AESGCMKeyFile");
        String encryptedPasswordFromConfig = getEncryptedPasswordFromConfig();
        SecretKeySpec secretKeySpec = new SecretKeySpec(getBrokerSecretKey(), "AES");
        Assert.assertEquals("Decrypted text doesnt match original", "secret", new AESGCMKeyFileEncrypter(secretKeySpec).decrypt(encryptedPasswordFromConfig));
        this._broker.setAttributes(Collections.singletonMap("confidentialConfigurationEncryptionProvider", "AESKeyFile"));
        Assert.assertEquals("Decrypted text doesnt match original", "secret", new AESKeyFileEncrypter(secretKeySpec).decrypt(getEncryptedPasswordFromConfig()));
    }

    private void doTestSimpleEncryptDecrypt(String str) {
        AESGCMKeyFileEncrypter aESGCMKeyFileEncrypter = new AESGCMKeyFileEncrypter(secretKey);
        String encrypt = aESGCMKeyFileEncrypter.encrypt(str);
        Assert.assertNotNull("Encrypter did not return a result from encryption", encrypt);
        Assert.assertNotEquals("Plain text and encrypted version are equal", str, encrypt);
        String decrypt = aESGCMKeyFileEncrypter.decrypt(encrypt);
        Assert.assertNotNull("Encrypter did not return a result from decryption", decrypt);
        Assert.assertEquals("Encryption was not reversible", str, decrypt);
    }

    private void createBrokerAndAuthenticationProviderWithEncrypterPassword(Object obj) throws Exception {
        createBrokerAndAuthenticationProviderWithEncrypterPassword(obj, Files.createTempDirectory("qpid_work_dir", new FileAttribute[0]), Collections.emptyMap());
    }

    private void createBrokerAndAuthenticationProviderWithEncrypterPassword(Object obj, Path path, Map<String, String> map) throws Exception {
        this._workDir = path;
        HashMap hashMap = new HashMap();
        hashMap.put("qpid.work_dir", path.toFile().getAbsolutePath());
        this._configurationLocation = Files.createTempFile(this._workDir, "config", ".json", new FileAttribute[0]);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("name", getTestName());
        hashMap2.put("modelVersion", "9.0");
        hashMap2.put("confidentialConfigurationEncryptionProvider", obj);
        hashMap2.put("context", map);
        new ObjectMapper().writeValue(this._configurationLocation.toFile(), hashMap2);
        HashMap hashMap3 = new HashMap();
        hashMap3.put("storePath", this._configurationLocation.toFile().getAbsolutePath());
        hashMap3.put("preferenceStoreAttributes", "{\"type\": \"Noop\"}");
        hashMap3.put("type", "JSON");
        hashMap3.put("startupLoggedToSystemOut", Boolean.FALSE);
        hashMap3.put("context", hashMap);
        final SettableFuture create = SettableFuture.create();
        this._systemLauncher = new SystemLauncher(new SystemLauncherListener.DefaultSystemLauncherListener() { // from class: org.apache.qpid.server.security.encryption.AESGCMKeyFileEncrypterTest.1
            public void onContainerResolve(SystemConfig<?> systemConfig) {
                create.set(systemConfig);
            }
        });
        this._systemLauncher.startup(hashMap3);
        this._broker = ((SystemConfig) create.get(10L, TimeUnit.SECONDS)).getContainer();
        HashMap hashMap4 = new HashMap();
        hashMap4.put("name", TestPrincipalUtils.TEST_AUTH_PROVIDER_NAME);
        hashMap4.put("type", "Plain");
        AuthenticationProvider createChild = this._broker.createChild(AuthenticationProvider.class, hashMap4);
        HashMap hashMap5 = new HashMap();
        hashMap5.put("type", "managed");
        hashMap5.put("name", "guest");
        hashMap5.put("password", "secret");
        createChild.createChild(User.class, hashMap5);
    }

    private byte[] getBrokerSecretKey() throws IOException {
        return Files.readAllBytes(Paths.get(AbstractAESKeyFileEncrypterFactory.getSecretKeyLocation(this._broker), new String[0]));
    }

    private String getEncryptedPasswordFromConfig() throws IOException {
        return (String) ((HashMap) ((List) ((Map) ((List) ((Map) new ObjectMapper().readValue(this._configurationLocation.toFile(), new TypeReference<Map<String, Object>>() { // from class: org.apache.qpid.server.security.encryption.AESGCMKeyFileEncrypterTest.2
        })).get("authenticationproviders")).get(0)).get("users")).get(0)).get("password");
    }
}
