package org.graylog.security.certutil.keystore.storage;

import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.time.Duration;
import javax.crypto.spec.SecretKeySpec;
import org.graylog.security.certutil.CertRequest;
import org.graylog.security.certutil.CertificateGenerator;
import org.graylog.security.certutil.KeyPair;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/graylog/security/certutil/keystore/storage/SinglePasswordKeystoreContentMoverTest.class */
public class SinglePasswordKeystoreContentMoverTest {
    private SinglePasswordKeystoreContentMover toTest;

    @BeforeEach
    void setUp() {
        this.toTest = new SinglePasswordKeystoreContentMover();
    }

    @Test
    void testThrowsExceptionIfNewPasswordIsNull() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.toTest.moveContents(keyStore, "nvmd".toCharArray(), (char[]) null);
        });
    }

    @Test
    void testDifferentEntriesMoving() throws Exception {
        char[] charArray = "oldPass".toCharArray();
        char[] charArray2 = "newPass".toCharArray();
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null, charArray);
        byte[] bArr = {84, 104, 97, 116, 115, 32, 109, 121, 32, 75, 117, 110, 103, 32, 70, 117};
        keyStore.setEntry("secretEntry", new KeyStore.SecretKeyEntry(new SecretKeySpec(bArr, "AES")), new KeyStore.PasswordProtection(charArray));
        X509Certificate certificate = CertificateGenerator.generate(CertRequest.selfSigned("darknet.net").validity(Duration.ZERO)).certificate();
        keyStore.setCertificateEntry("trusted-certificate", certificate);
        KeyPair generate = CertificateGenerator.generate(CertRequest.selfSigned("localhost").validity(Duration.ZERO));
        keyStore.setKeyEntry("privkey", generate.privateKey(), charArray, new Certificate[]{generate.certificate()});
        KeyStore moveContents = this.toTest.moveContents(keyStore, charArray, charArray2);
        KeyStore.Entry entry = moveContents.getEntry("secretEntry", new KeyStore.PasswordProtection(charArray2));
        Certificate certificate2 = moveContents.getCertificate("trusted-certificate");
        Key key = moveContents.getKey("privkey", charArray2);
        Assertions.assertArrayEquals(bArr, ((KeyStore.SecretKeyEntry) entry).getSecretKey().getEncoded());
        Assertions.assertEquals(certificate, certificate2);
        Assertions.assertEquals(generate.privateKey(), key);
    }

    @Test
    void testMovingManyEntiresOfTheSameType() throws Exception {
        char[] charArray = "oldPass".toCharArray();
        char[] charArray2 = "newPass".toCharArray();
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null, charArray);
        CertRequest validity = CertRequest.selfSigned("localhost").validity(Duration.ZERO);
        KeyPair generate = CertificateGenerator.generate(validity);
        keyStore.setKeyEntry("privkey1", generate.privateKey(), charArray, new Certificate[]{generate.certificate()});
        KeyPair generate2 = CertificateGenerator.generate(validity);
        keyStore.setKeyEntry("privkey2", generate2.privateKey(), charArray, new Certificate[]{generate2.certificate()});
        KeyPair generate3 = CertificateGenerator.generate(validity);
        keyStore.setKeyEntry("privkey3", generate3.privateKey(), charArray, new Certificate[]{generate3.certificate()});
        KeyStore moveContents = this.toTest.moveContents(keyStore, charArray, charArray2);
        Assertions.assertEquals(generate.privateKey(), moveContents.getKey("privkey1", charArray2));
        Assertions.assertEquals(generate2.privateKey(), moveContents.getKey("privkey2", charArray2));
        Assertions.assertEquals(generate3.privateKey(), moveContents.getKey("privkey3", charArray2));
    }
}
