package org.graylog2.plugin.inputs.transports.util;

import com.google.common.collect.ImmutableMap;
import com.google.common.io.Resources;
import io.netty.handler.ssl.SslHandler;
import java.io.File;
import java.net.URISyntaxException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Objects;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import org.assertj.core.api.Assertions;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/graylog2/plugin/inputs/transports/util/KeyUtilTest.class */
public class KeyUtilTest {

    @Rule
    public final ExpectedException expectedException = ExpectedException.none();
    private static final ImmutableMap<String, String> CERTIFICATES = ImmutableMap.of("RSA", "server.crt.rsa", "DSA", "server.crt.dsa", "ECDSA", "server.crt.ecdsa");
    private final String keyAlgorithm;
    private final String keyFileName;
    private final String keyPassword;
    private final Class<? extends Exception> exceptionClass;
    private final String exceptionMessage;

    @Parameterized.Parameters(name = "{0} with file <{1}>, password <{2}>")
    public static Collection<Object[]> data() {
        return Arrays.asList(new Object[]{"RSA", "server.key.pem.ue.pkcs1.rsa", null, IllegalArgumentException.class, "Unsupported key type PKCS#1, please convert to PKCS#8"}, new Object[]{"RSA", "server.key.pem.e.pkcs8.rsa", "test", null, null}, new Object[]{"RSA", "server.key.pem.ue.pkcs8.rsa", null, null, null}, new Object[]{"RSA", "server.key.der.e.pkcs8.rsa", "test", null, null}, new Object[]{"RSA", "server.key.der.ue.pkcs8.rsa", null, null, null}, new Object[]{"DSA", "server.key.pem.ue.pkcs1.dsa", null, IllegalArgumentException.class, "Unsupported key type PKCS#1, please convert to PKCS#8"}, new Object[]{"DSA", "server.key.pem.e.pkcs8.dsa", "test", null, null}, new Object[]{"DSA", "server.key.pem.ue.pkcs8.dsa", null, null, null}, new Object[]{"DSA", "server.key.der.e.pkcs8.dsa", "test", null, null}, new Object[]{"DSA", "server.key.der.ue.pkcs8.dsa", null, null, null}, new Object[]{"ECDSA", "server.key.pem.ue.pkcs1.ecdsa", null, IllegalArgumentException.class, "Unsupported key type PKCS#1, please convert to PKCS#8"}, new Object[]{"ECDSA", "server.key.pem.e.pkcs8.ecdsa", "test", null, null}, new Object[]{"ECDSA", "server.key.pem.ue.pkcs8.ecdsa", null, null, null}, new Object[]{"ECDSA", "server.key.der.e.pkcs8.ecdsa", "test", null, null}, new Object[]{"ECDSA", "server.key.der.ue.pkcs8.ecdsa", null, null, null}, new Object[]{"RSA", "server.key.invalid", null, IllegalArgumentException.class, "Unsupported key type: "});
    }

    public KeyUtilTest(String str, String str2, String str3, Class<? extends Exception> cls, String str4) {
        this.keyAlgorithm = (String) Objects.requireNonNull(str);
        this.keyFileName = (String) Objects.requireNonNull(str2);
        this.keyPassword = str3;
        this.exceptionClass = cls;
        this.exceptionMessage = str4;
    }

    private File resourceToFile(String str) throws URISyntaxException {
        return new File(Resources.getResource("org/graylog2/plugin/inputs/transports/util/" + str).toURI());
    }

    @Test
    public void testLoadCertificates() throws Exception {
        Assertions.assertThat(KeyUtil.loadCertificates(resourceToFile((String) CERTIFICATES.get(this.keyAlgorithm)).toPath())).isNotEmpty().hasOnlyElementsOfType(X509Certificate.class);
    }

    @Test
    public void testLoadCertificatesDir() throws Exception {
        Assertions.assertThat(KeyUtil.loadCertificates(resourceToFile("certs").toPath())).isNotEmpty().hasSize(2).hasOnlyElementsOfType(X509Certificate.class);
    }

    @Test
    public void testLoadPrivateKey() throws Exception {
        if (this.exceptionClass != null) {
            this.expectedException.expect(this.exceptionClass);
            this.expectedException.expectMessage(this.exceptionMessage);
        }
        Assertions.assertThat(KeyUtil.loadPrivateKey(resourceToFile(this.keyFileName), this.keyPassword)).isNotNull();
    }

    @Test
    public void testCreateNettySslHandler() throws Exception {
        if (this.exceptionClass != null) {
            this.expectedException.expect(this.exceptionClass);
            this.expectedException.expectMessage(this.exceptionMessage);
        }
        KeyManager[] initKeyStore = KeyUtil.initKeyStore(resourceToFile(this.keyFileName), resourceToFile((String) CERTIFICATES.get(this.keyAlgorithm)), this.keyPassword);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(initKeyStore, new TrustManager[0], new SecureRandom());
        Assertions.assertThat(sSLContext.getProtocol()).isEqualTo("TLS");
        SSLEngine createSSLEngine = sSLContext.createSSLEngine();
        Assertions.assertThat(createSSLEngine.getEnabledCipherSuites()).isNotEmpty();
        Assertions.assertThat(createSSLEngine.getEnabledProtocols()).isNotEmpty();
        Assertions.assertThat(new SslHandler(createSSLEngine)).isNotNull();
    }
}
