package org.forgerock.opendj.security;

import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collections;
import javax.crypto.SecretKey;
import org.assertj.core.api.Assertions;
import org.forgerock.opendj.ldap.Connections;
import org.forgerock.opendj.ldap.MemoryBackend;
import org.forgerock.opendj.ldap.SdkTestCase;
import org.forgerock.opendj.ldap.schema.Schema;
import org.forgerock.util.Options;
import org.mockito.Mockito;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/forgerock/opendj/security/KeyStoreImplTest.class */
public class KeyStoreImplTest extends SdkTestCase {
    private MemoryBackend backend;
    private KeyStore keyStore;

    @BeforeClass
    public void beforeClass() {
        Schema.setDefaultSchema(OpenDJProviderSchema.SCHEMA);
    }

    @BeforeMethod
    public void beforeMethod() throws Exception {
        this.backend = KeyStoreTestUtils.createKeyStoreMemoryBackend();
        this.keyStore = KeyStoreTestUtils.createKeyStore(this.backend);
    }

    @Test
    public void getProviderShouldReturnOpenDJProvider() {
        Assertions.assertThat(this.keyStore.getProvider()).isInstanceOf(OpenDJProvider.class);
    }

    @Test
    public void getTypeShouldReturnLDAP() {
        Assertions.assertThat(this.keyStore.getType()).isEqualTo("LDAP");
    }

    @Test(expectedExceptions = {IllegalArgumentException.class})
    public void storeShouldThrowWhenOutputStreamIsNotNull() throws Exception {
        this.keyStore.store((OutputStream) Mockito.mock(OutputStream.class), null);
    }

    @Test
    public void storeShouldBeNoOpWhenOutputStreamIsNull() throws Exception {
        this.keyStore.store(null, null);
    }

    @Test
    public void storeShouldBeNoOp() throws Exception {
        this.keyStore.store(null);
    }

    @Test(expectedExceptions = {IllegalArgumentException.class})
    public void loadWithNonNullInputStreamShouldThrow() throws Exception {
        KeyStore.getInstance("LDAP", (Provider) new OpenDJProvider()).load((InputStream) Mockito.mock(InputStream.class), null);
    }

    @Test(expectedExceptions = {IllegalArgumentException.class})
    public void loadWithNullInputStreamShouldThrowWhenNoProviderConfig() throws Exception {
        KeyStore.getInstance("LDAP", (Provider) new OpenDJProvider()).load(null, null);
    }

    @Test
    public void loadWithNullInputStreamShouldUseProviderConfig() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("LDAP", (Provider) new OpenDJProvider(KeyStoreParameters.newKeyStoreParameters(Connections.newInternalConnectionFactory(this.backend), KeyStoreTestUtils.KEYSTORE_DN, Options.defaultOptions().set(KeyStoreParameters.GLOBAL_PASSWORD, OpenDJProvider.newClearTextPasswordFactory(KeyStoreTestUtils.KEYSTORE_PASSWORD)))));
        keyStore.load(null, null);
        Assertions.assertThat(keyStore.size()).isEqualTo(0);
        Assertions.assertThat(this.backend.size()).isEqualTo(1);
        keyStore.setKeyEntry("test", KeyStoreTestUtils.createSecretKey(), KeyStoreTestUtils.KEY_PASSWORD, null);
        Assertions.assertThat(keyStore.size()).isEqualTo(1);
        Assertions.assertThat(this.backend.size()).isEqualTo(2);
    }

    @Test(expectedExceptions = {IllegalArgumentException.class})
    public void loadWithNullLoadStoreParameterShouldThrowWhenNoProviderConfig() throws Exception {
        KeyStore.getInstance("LDAP", (Provider) new OpenDJProvider()).load(null);
    }

    @Test(expectedExceptions = {IllegalArgumentException.class})
    public void loadWithNullLoadStoreParameterShouldThrowWhenParametersHaveWrongType() throws Exception {
        KeyStore.getInstance("LDAP", (Provider) new OpenDJProvider()).load((KeyStore.LoadStoreParameter) Mockito.mock(KeyStore.LoadStoreParameter.class));
    }

    @Test
    public void loadWithNullLoadStoreParameterShouldUseProviderConfig() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("LDAP", (Provider) new OpenDJProvider(KeyStoreParameters.newKeyStoreParameters(Connections.newInternalConnectionFactory(this.backend), KeyStoreTestUtils.KEYSTORE_DN, Options.defaultOptions().set(KeyStoreParameters.GLOBAL_PASSWORD, OpenDJProvider.newClearTextPasswordFactory(KeyStoreTestUtils.KEYSTORE_PASSWORD)))));
        keyStore.load(null);
        Assertions.assertThat(keyStore.size()).isEqualTo(0);
        Assertions.assertThat(this.backend.size()).isEqualTo(1);
        keyStore.setKeyEntry("test", KeyStoreTestUtils.createSecretKey(), KeyStoreTestUtils.KEY_PASSWORD, null);
        Assertions.assertThat(keyStore.size()).isEqualTo(1);
        Assertions.assertThat(this.backend.size()).isEqualTo(2);
    }

    @Test
    public void loadWithNonNullLoadStoreParameterShouldNotUseProviderConfig() throws Exception {
        KeyStore.LoadStoreParameter newKeyStoreParameters = KeyStoreParameters.newKeyStoreParameters(Connections.newInternalConnectionFactory(this.backend), KeyStoreTestUtils.KEYSTORE_DN, Options.defaultOptions().set(KeyStoreParameters.GLOBAL_PASSWORD, OpenDJProvider.newClearTextPasswordFactory(KeyStoreTestUtils.KEYSTORE_PASSWORD)));
        KeyStore keyStore = KeyStore.getInstance("LDAP", (Provider) new OpenDJProvider());
        keyStore.load(newKeyStoreParameters);
        Assertions.assertThat(keyStore.size()).isEqualTo(0);
        Assertions.assertThat(this.backend.size()).isEqualTo(1);
        keyStore.setKeyEntry("test", KeyStoreTestUtils.createSecretKey(), KeyStoreTestUtils.KEY_PASSWORD, null);
        Assertions.assertThat(keyStore.size()).isEqualTo(1);
        Assertions.assertThat(this.backend.size()).isEqualTo(2);
    }

    @Test
    public void secretKeysCanBeStoredAndRetrieved() throws Exception {
        SecretKey createSecretKey = KeyStoreTestUtils.createSecretKey();
        this.keyStore.setKeyEntry("test", createSecretKey, KeyStoreTestUtils.KEY_PASSWORD, null);
        Key key = this.keyStore.getKey("test", KeyStoreTestUtils.KEY_PASSWORD);
        Assertions.assertThat(key).isNotNull();
        Assertions.assertThat(key).isInstanceOf(SecretKey.class);
        Assertions.assertThat(key.getAlgorithm()).isEqualTo(createSecretKey.getAlgorithm());
        Assertions.assertThat(key.getFormat()).isEqualTo(createSecretKey.getFormat());
        Assertions.assertThat(key.getEncoded()).isEqualTo(createSecretKey.getEncoded());
        Assertions.assertThat(this.keyStore.size()).isEqualTo(1);
        Assertions.assertThat(Collections.list(this.keyStore.aliases())).containsExactly(new String[]{"test"});
        Assertions.assertThat(this.keyStore.containsAlias("test"));
        Assertions.assertThat(this.keyStore.getCertificate("test")).isNull();
        Assertions.assertThat(this.keyStore.getCertificateChain("test")).isNull();
        Assertions.assertThat(this.keyStore.entryInstanceOf("test", KeyStore.SecretKeyEntry.class));
        Assertions.assertThat(this.keyStore.getCreationDate("test")).isNotNull();
        Assertions.assertThat(this.keyStore.getEntry("test", newPasswordProtection())).isInstanceOf(KeyStore.SecretKeyEntry.class);
        Assertions.assertThat(this.keyStore.isCertificateEntry("test")).isFalse();
        Assertions.assertThat(this.keyStore.isKeyEntry("test")).isTrue();
    }

    private static KeyStore.PasswordProtection newPasswordProtection() {
        return new KeyStore.PasswordProtection((char[]) KeyStoreTestUtils.KEY_PASSWORD.clone());
    }

    @Test
    public void privateKeysCanBeStoredAndRetrieved() throws Exception {
        this.keyStore.setKeyEntry("test", KeyStoreTestUtils.PRIVATE_KEY, KeyStoreTestUtils.KEY_PASSWORD, KeyStoreTestUtils.CERTIFICATE_CHAIN);
        Key key = this.keyStore.getKey("test", KeyStoreTestUtils.KEY_PASSWORD);
        Assertions.assertThat(key).isNotNull();
        Assertions.assertThat(key).isInstanceOf(PrivateKey.class);
        Assertions.assertThat(key.getAlgorithm()).isEqualTo(KeyStoreTestUtils.PRIVATE_KEY.getAlgorithm());
        Assertions.assertThat(key.getFormat()).isEqualTo(KeyStoreTestUtils.PRIVATE_KEY.getFormat());
        Assertions.assertThat(key.getEncoded()).isEqualTo(KeyStoreTestUtils.PRIVATE_KEY.getEncoded());
        Assertions.assertThat(this.keyStore.size()).isEqualTo(1);
        Assertions.assertThat(Collections.list(this.keyStore.aliases())).containsExactly(new String[]{"test"});
        Assertions.assertThat(this.keyStore.containsAlias("test"));
        Assertions.assertThat(this.keyStore.getCertificate("test")).isSameAs(KeyStoreTestUtils.PUBLIC_KEY_CERTIFICATE);
        Assertions.assertThat(this.keyStore.getCertificateChain("test")).isNotSameAs(KeyStoreTestUtils.CERTIFICATE_CHAIN);
        Assertions.assertThat(this.keyStore.getCertificateChain("test")).containsExactly(new Certificate[]{KeyStoreTestUtils.PUBLIC_KEY_CERTIFICATE});
        Assertions.assertThat(this.keyStore.entryInstanceOf("test", KeyStore.PrivateKeyEntry.class));
        Assertions.assertThat(this.keyStore.getCreationDate("test")).isNotNull();
        Assertions.assertThat(this.keyStore.getEntry("test", newPasswordProtection())).isInstanceOf(KeyStore.PrivateKeyEntry.class);
        Assertions.assertThat(this.keyStore.isCertificateEntry("test")).isFalse();
        Assertions.assertThat(this.keyStore.isKeyEntry("test")).isTrue();
    }

    @Test
    public void trustedCertificatesCanBeStoredAndRetrieved() throws Exception {
        this.keyStore.setCertificateEntry("test", KeyStoreTestUtils.PUBLIC_KEY_CERTIFICATE);
        Certificate certificate = this.keyStore.getCertificate("test");
        Assertions.assertThat(certificate).isNotNull();
        Assertions.assertThat(certificate).isInstanceOf(X509Certificate.class);
        Assertions.assertThat(certificate).isEqualTo(KeyStoreTestUtils.PUBLIC_KEY_CERTIFICATE);
        Assertions.assertThat(this.keyStore.size()).isEqualTo(1);
        Assertions.assertThat(Collections.list(this.keyStore.aliases())).containsExactly(new String[]{"test"});
        Assertions.assertThat(this.keyStore.containsAlias("test"));
        Assertions.assertThat(this.keyStore.getCertificateChain("test")).isNull();
        Assertions.assertThat(this.keyStore.entryInstanceOf("test", KeyStore.TrustedCertificateEntry.class));
        Assertions.assertThat(this.keyStore.getCreationDate("test")).isNotNull();
        Assertions.assertThat(this.keyStore.getEntry("test", null)).isInstanceOf(KeyStore.TrustedCertificateEntry.class);
        Assertions.assertThat(this.keyStore.isCertificateEntry("test")).isTrue();
        Assertions.assertThat(this.keyStore.isKeyEntry("test")).isFalse();
    }

    @Test
    public void getKeyShouldReturnNullWhenAliasUnknown() throws Exception {
        Assertions.assertThat(this.keyStore.getKey("test", KeyStoreTestUtils.KEY_PASSWORD)).isNull();
    }

    @Test(expectedExceptions = {UnrecoverableKeyException.class})
    public void getKeyShouldThrowWhenPasswordIsMissing() throws Exception {
        this.keyStore.setKeyEntry("test", KeyStoreTestUtils.createSecretKey(), KeyStoreTestUtils.KEY_PASSWORD, null);
        this.keyStore.getKey("test", null);
    }

    @Test(expectedExceptions = {UnrecoverableKeyException.class})
    public void getKeyShouldThrowWhenPasswordIsBad() throws Exception {
        this.keyStore.setKeyEntry("test", KeyStoreTestUtils.createSecretKey(), KeyStoreTestUtils.KEY_PASSWORD, null);
        this.keyStore.getKey("test", "bad".toCharArray());
    }

    @Test
    public void setKeyEntryWithSecretKeyWithCertChainIsAllowed() throws Exception {
        this.keyStore.setKeyEntry("test", KeyStoreTestUtils.createSecretKey(), KeyStoreTestUtils.KEY_PASSWORD, KeyStoreTestUtils.CERTIFICATE_CHAIN);
        Assertions.assertThat(this.keyStore.isKeyEntry("test")).isTrue();
        Assertions.assertThat(this.keyStore.getCertificate("test")).isNull();
    }

    @Test(expectedExceptions = {IllegalArgumentException.class})
    public void setKeyEntryShouldThrowWhenPrivateKeyWithoutCertChain() throws Exception {
        this.keyStore.setKeyEntry("test", KeyStoreTestUtils.PRIVATE_KEY, KeyStoreTestUtils.KEY_PASSWORD, null);
    }

    @Test(expectedExceptions = {UnsupportedOperationException.class})
    public void setKeyEntryWithPreEncodedKeyIsNotSupported() throws Exception {
        this.keyStore.setKeyEntry("test", KeyStoreTestUtils.createSecretKey().getEncoded(), null);
    }

    @Test
    public void keyStoreCanManageMultipleObjects() throws Exception {
        String[] strArr = {"cert1", "cert2", "pkey", "skey1", "skey2"};
        this.keyStore.setCertificateEntry("cert1", KeyStoreTestUtils.PUBLIC_KEY_CERTIFICATE);
        this.keyStore.setCertificateEntry("cert2", KeyStoreTestUtils.TRUSTED_CERTIFICATE);
        this.keyStore.setKeyEntry("pkey", KeyStoreTestUtils.PRIVATE_KEY, KeyStoreTestUtils.KEY_PASSWORD, KeyStoreTestUtils.CERTIFICATE_CHAIN);
        this.keyStore.setKeyEntry("skey1", KeyStoreTestUtils.createSecretKey(), KeyStoreTestUtils.KEY_PASSWORD, null);
        this.keyStore.setKeyEntry("skey2", KeyStoreTestUtils.createSecretKey(), KeyStoreTestUtils.KEY_PASSWORD, null);
        Assertions.assertThat(Collections.list(this.keyStore.aliases())).containsOnly(strArr);
        for (int i = 0; i < strArr.length; i++) {
            String str = strArr[i];
            Assertions.assertThat(this.keyStore.size()).isEqualTo(5 - i);
            Assertions.assertThat(this.keyStore.containsAlias(str)).isTrue();
            this.keyStore.deleteEntry(str);
            Assertions.assertThat(this.keyStore.containsAlias(str)).isFalse();
        }
        Assertions.assertThat(this.keyStore.size()).isEqualTo(0);
        Assertions.assertThat(Collections.list(this.keyStore.aliases())).isEmpty();
    }

    @Test
    public void deleteEntryShouldIgnoreMissingAliases() throws Exception {
        this.keyStore.deleteEntry("unknown");
    }

    @Test
    public void getCertificateAliasShouldPerformCertificateMatchSearches() throws Exception {
        this.keyStore.setKeyEntry("privateKey", KeyStoreTestUtils.PRIVATE_KEY, KeyStoreTestUtils.KEY_PASSWORD, KeyStoreTestUtils.CERTIFICATE_CHAIN);
        this.keyStore.setCertificateEntry("trustedCertificate", KeyStoreTestUtils.TRUSTED_CERTIFICATE);
        Assertions.assertThat(this.keyStore.getCertificateAlias(KeyStoreTestUtils.PUBLIC_KEY_CERTIFICATE)).isEqualTo("privateKey");
        Assertions.assertThat(this.keyStore.getCertificateAlias(KeyStoreTestUtils.TRUSTED_CERTIFICATE)).isEqualTo("trustedCertificate");
        this.keyStore.deleteEntry("privateKey");
        Assertions.assertThat(this.keyStore.getCertificateAlias(KeyStoreTestUtils.PUBLIC_KEY_CERTIFICATE)).isNull();
        this.keyStore.deleteEntry("trustedCertificate");
        Assertions.assertThat(this.keyStore.getCertificateAlias(KeyStoreTestUtils.TRUSTED_CERTIFICATE)).isNull();
    }

    @Test
    public void setKeyShouldReplaceExistingObjects() throws Exception {
        this.keyStore.setKeyEntry("test", KeyStoreTestUtils.PRIVATE_KEY, KeyStoreTestUtils.KEY_PASSWORD, KeyStoreTestUtils.CERTIFICATE_CHAIN);
        Assertions.assertThat(this.keyStore.getKey("test", KeyStoreTestUtils.KEY_PASSWORD)).isInstanceOf(PrivateKey.class);
        this.keyStore.setKeyEntry("test", KeyStoreTestUtils.createSecretKey(), KeyStoreTestUtils.KEY_PASSWORD, null);
        Assertions.assertThat(this.keyStore.getKey("test", KeyStoreTestUtils.KEY_PASSWORD)).isInstanceOf(SecretKey.class);
    }

    @Test
    public void setCertificateShouldReplaceExistingCertificates() throws Exception {
        this.keyStore.setCertificateEntry("test", KeyStoreTestUtils.PUBLIC_KEY_CERTIFICATE);
        Assertions.assertThat(this.keyStore.getCertificate("test")).isEqualTo(KeyStoreTestUtils.PUBLIC_KEY_CERTIFICATE);
        this.keyStore.setCertificateEntry("test", KeyStoreTestUtils.TRUSTED_CERTIFICATE);
        Assertions.assertThat(this.keyStore.getCertificate("test")).isEqualTo(KeyStoreTestUtils.TRUSTED_CERTIFICATE);
    }
}
