package org.graylog2.security.certutil;

import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.Path;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.assertj.core.api.Assertions;
import org.graylog.security.certutil.CertutilCa;
import org.graylog.security.certutil.CertutilCert;
import org.graylog.security.certutil.console.TestableConsole;
import org.graylog2.rest.resources.users.UsersResourceTest;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.io.TempDir;

/* loaded from: input_file:org/graylog2/security/certutil/CertutilCertTest.class */
class CertutilCertTest {

    @TempDir
    static Path tempDir;

    CertutilCertTest() {
    }

    @Test
    void testGenerateNodeCertificate() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, InvalidAlgorithmParameterException, CertPathValidatorException, SignatureException, InvalidKeyException, NoSuchProviderException {
        Path resolve = tempDir.resolve("test-ca.p12");
        Path resolve2 = tempDir.resolve("test-node.p12");
        new CertutilCa(resolve.toAbsolutePath().toString(), TestableConsole.empty().register("Enter CA password", UsersResourceTest.PASSWORD)).run();
        new CertutilCert(resolve.toAbsolutePath().toString(), resolve2.toAbsolutePath().toString(), TestableConsole.empty().register("Enter CA password", UsersResourceTest.PASSWORD).register("Enter datanode certificate password", "changeme")).run();
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(new FileInputStream(resolve.toFile()), UsersResourceTest.PASSWORD.toCharArray());
        KeyStore keyStore2 = KeyStore.getInstance("PKCS12");
        keyStore2.load(new FileInputStream(resolve2.toFile()), "changeme".toCharArray());
        Assertions.assertThat(keyStore2.getKey("datanode", "changeme".toCharArray())).isNotNull();
        Assertions.assertThatCode(() -> {
            keyStore2.getCertificate("datanode").verify(keyStore.getCertificate("ca").getPublicKey());
        }).doesNotThrowAnyException();
        Assertions.assertThat(keyStore2.getCertificateChain("datanode")).hasSize(3).extracting(certificate -> {
            return (X509Certificate) certificate;
        }).extracting(x509Certificate -> {
            return x509Certificate.getSubjectX500Principal().getName();
        }).contains(new String[]{"CN=root", "CN=ca", "CN=localhost"});
    }
}
