package org.graylog2.security;

import com.google.common.eventbus.EventBus;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Optional;
import org.assertj.core.api.Assertions;
import org.glassfish.jersey.media.multipart.FormDataBodyPart;
import org.graylog.security.certutil.CaService;
import org.graylog.security.certutil.CertutilCa;
import org.graylog.security.certutil.CertutilCert;
import org.graylog.security.certutil.ca.exceptions.CACreationException;
import org.graylog.security.certutil.ca.exceptions.KeyStoreStorageException;
import org.graylog.security.certutil.console.TestableConsole;
import org.graylog2.bootstrap.preflight.web.resources.model.CA;
import org.graylog2.plugin.Tools;
import org.graylog2.rest.resources.users.UsersResourceTest;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.io.TempDir;

/* loaded from: input_file:org/graylog2/security/CustomCAX509TrustManagerTest.class */
public class CustomCAX509TrustManagerTest {

    @TempDir
    static Path tempDir;

    /* loaded from: input_file:org/graylog2/security/CustomCAX509TrustManagerTest$DummyCaService.class */
    static class DummyCaService implements CaService {
        private final Optional<KeyStore> keyStore;

        public DummyCaService(KeyStore keyStore) {
            this.keyStore = Optional.ofNullable(keyStore);
        }

        public CA get() throws KeyStoreStorageException {
            return null;
        }

        public void create(String str, Integer num, char[] cArr) throws CACreationException, KeyStoreStorageException {
        }

        public void upload(String str, List<FormDataBodyPart> list) throws CACreationException {
        }

        public void startOver() {
        }

        public Optional<KeyStore> loadKeyStore() throws KeyStoreException, KeyStoreStorageException, NoSuchAlgorithmException {
            return this.keyStore;
        }
    }

    @Test
    public void testCA() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
        Path resolve = tempDir.resolve("test-ca.p12");
        Path resolve2 = tempDir.resolve("test-node.p12");
        new CertutilCa(resolve.toAbsolutePath().toString(), TestableConsole.empty().register(CertutilCa.PROMPT_ENTER_CA_PASSWORD, UsersResourceTest.PASSWORD)).run();
        new CertutilCert(resolve.toAbsolutePath().toString(), resolve2.toAbsolutePath().toString(), TestableConsole.empty().register(CertutilCert.PROMPT_ENTER_CA_PASSWORD, UsersResourceTest.PASSWORD).register(CertutilCert.PROMPT_ENTER_CERTIFICATE_PASSWORD, "changeme").register(CertutilCert.PROMPT_ENTER_CERT_ALTERNATIVE_NAMES, "")).run();
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(new FileInputStream(resolve.toFile()), UsersResourceTest.PASSWORD.toCharArray());
        KeyStore keyStore2 = KeyStore.getInstance("PKCS12");
        keyStore2.load(new FileInputStream(resolve2.toFile()), "changeme".toCharArray());
        Assertions.assertThat(keyStore2.getKey("datanode", "changeme".toCharArray())).isNotNull();
        Assertions.assertThatCode(() -> {
            keyStore2.getCertificate("datanode").verify(keyStore.getCertificate("ca").getPublicKey());
        }).doesNotThrowAnyException();
        Assertions.assertThat(keyStore2.getCertificateChain("datanode")).hasSize(2).extracting(certificate -> {
            return (X509Certificate) certificate;
        }).extracting(x509Certificate -> {
            return x509Certificate.getSubjectX500Principal().getName();
        }).contains(new String[]{"CN=Graylog CA", "CN=" + Tools.getLocalCanonicalHostname()});
        DummyCaService dummyCaService = new DummyCaService(null);
        DummyCaService dummyCaService2 = new DummyCaService(keyStore);
        EventBus eventBus = new EventBus();
        CustomCAX509TrustManager customCAX509TrustManager = new CustomCAX509TrustManager(dummyCaService, eventBus);
        CustomCAX509TrustManager customCAX509TrustManager2 = new CustomCAX509TrustManager(dummyCaService2, eventBus);
        Assertions.assertThat(customCAX509TrustManager2.getAcceptedIssuers().length).isEqualTo(customCAX509TrustManager.getAcceptedIssuers().length + 1);
        X509Certificate x509Certificate2 = (X509Certificate) keyStore2.getCertificate("datanode");
        Assertions.assertThatCode(() -> {
            try {
                customCAX509TrustManager.checkClientTrusted(new X509Certificate[]{x509Certificate2}, "ANY");
                throw new Exception("Should not get here");
            } catch (CertificateException e) {
            }
        }).doesNotThrowAnyException();
        Assertions.assertThatCode(() -> {
            customCAX509TrustManager2.checkClientTrusted(new X509Certificate[]{x509Certificate2}, "ANY");
        }).doesNotThrowAnyException();
    }
}
