package org.graylog.security.certutil.cert.storage;

import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import org.assertj.core.api.Assertions;
import org.assertj.core.api.ThrowingConsumer;
import org.graylog.security.certutil.cert.CertificateChain;
import org.graylog.testing.mongodb.MongoDBInstance;
import org.graylog2.bindings.providers.MongoJackObjectMapperProvider;
import org.graylog2.cluster.preflight.DataNodeProvisioningConfig;
import org.graylog2.cluster.preflight.DataNodeProvisioningServiceImpl;
import org.graylog2.rest.resources.users.UsersResourceTest;
import org.graylog2.shared.bindings.providers.ObjectMapperProvider;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.junit.MockitoJUnit;
import org.mockito.junit.MockitoRule;

/* loaded from: input_file:org/graylog/security/certutil/cert/storage/CertChainMongoStorageTest.class */
public class CertChainMongoStorageTest {

    @Rule
    public final MongoDBInstance mongodb = MongoDBInstance.createForClass();

    @Rule
    public final MockitoRule mockitoRule = MockitoJUnit.rule();

    @Test
    public void testChainStorageSaveAndRetrieve() throws Exception {
        DataNodeProvisioningServiceImpl dataNodeProvisioningServiceImpl = new DataNodeProvisioningServiceImpl(new MongoJackObjectMapperProvider(new ObjectMapperProvider().get()), this.mongodb.mongoConnection());
        CertChainMongoStorage certChainMongoStorage = new CertChainMongoStorage(dataNodeProvisioningServiceImpl);
        dataNodeProvisioningServiceImpl.save(DataNodeProvisioningConfig.builder().nodeId("test-node-id").state(DataNodeProvisioningConfig.State.UNCONFIGURED).build());
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(new FileInputStream("src/test/resources/org/graylog/security/certutil/keystore/storage/sample_certificate_keystore.p12"), UsersResourceTest.PASSWORD.toCharArray());
        Certificate[] certificateChain = keyStore.getCertificateChain("datanode");
        CertificateChain certificateChain2 = new CertificateChain((X509Certificate) certificateChain[0], (List) Arrays.stream(certificateChain).skip(1L).map(certificate -> {
            return (X509Certificate) certificate;
        }).collect(Collectors.toList()));
        certChainMongoStorage.writeCertChain(certificateChain2, "test-node-id");
        Optional readCertChain = certChainMongoStorage.readCertChain("test-node-id");
        Assertions.assertThat(readCertChain).isPresent().contains(certificateChain2);
        Assertions.assertThat(((CertificateChain) readCertChain.get()).signedCertificate()).satisfies(new ThrowingConsumer[]{x509Certificate -> {
            Assert.assertEquals("CN=localhost", x509Certificate.getSubjectX500Principal().getName());
        }});
    }
}
