package org.graylog.security.certutil.keystore.storage;

import java.io.FileInputStream;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.UnrecoverableKeyException;
import java.util.Optional;
import org.graylog.security.certutil.ca.exceptions.KeyStoreStorageException;
import org.graylog.security.certutil.keystore.storage.location.KeystoreFileLocation;
import org.graylog2.rest.resources.users.UsersResourceTest;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.io.TempDir;
import org.mockito.Mockito;

/* loaded from: input_file:org/graylog/security/certutil/keystore/storage/KeystoreFileStorageTest.class */
public class KeystoreFileStorageTest {
    private KeystoreFileStorage toTest;

    @Test
    void testKeyStoreSaveAndRetrieveWithNoPasswordChange(@TempDir Path path) throws Exception {
        KeystoreContentMover keystoreContentMover = (KeystoreContentMover) Mockito.mock(KeystoreContentMover.class);
        this.toTest = new KeystoreFileStorage(keystoreContentMover);
        Path resolve = path.resolve("keystore_file.p12");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(new FileInputStream("src/test/resources/org/graylog/security/certutil/keystore/storage/sample_certificate_keystore.p12"), UsersResourceTest.PASSWORD.toCharArray());
        char[] charArray = UsersResourceTest.PASSWORD.toCharArray();
        KeystoreFileLocation keystoreFileLocation = new KeystoreFileLocation(resolve);
        this.toTest.writeKeyStore(keystoreFileLocation, keyStore, charArray, (char[]) null);
        Optional readKeyStore = this.toTest.readKeyStore(keystoreFileLocation, charArray);
        Assertions.assertTrue(readKeyStore.isPresent());
        KeyStore keyStore2 = (KeyStore) readKeyStore.get();
        Assertions.assertEquals(keyStore.getCertificate("datanode"), keyStore2.getCertificate("datanode"));
        Assertions.assertEquals("RSA", keyStore2.getKey("datanode", charArray).getAlgorithm());
        Mockito.verifyNoInteractions(new Object[]{keystoreContentMover});
    }

    @Test
    void testKeyStoreSaveAndRetrieveWithPasswordChange(@TempDir Path path) throws Exception {
        this.toTest = new KeystoreFileStorage(new SinglePasswordKeystoreContentMover());
        Path resolve = path.resolve("keystore_file.p12");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(new FileInputStream("src/test/resources/org/graylog/security/certutil/keystore/storage/sample_certificate_keystore.p12"), UsersResourceTest.PASSWORD.toCharArray());
        char[] charArray = UsersResourceTest.PASSWORD.toCharArray();
        char[] charArray2 = "secret".toCharArray();
        KeystoreFileLocation keystoreFileLocation = new KeystoreFileLocation(resolve);
        this.toTest.writeKeyStore(keystoreFileLocation, keyStore, charArray, charArray2);
        Optional readKeyStore = this.toTest.readKeyStore(keystoreFileLocation, charArray2);
        Assertions.assertTrue(readKeyStore.isPresent());
        KeyStore keyStore2 = (KeyStore) readKeyStore.get();
        Assertions.assertEquals(keyStore.getCertificate("datanode"), keyStore2.getCertificate("datanode"));
        Assertions.assertEquals("RSA", keyStore2.getKey("datanode", charArray2).getAlgorithm());
        Assertions.assertThrows(UnrecoverableKeyException.class, () -> {
            keyStore2.getKey("datanode", charArray);
        });
    }

    @Test
    void testKeystoreReadThrowsExceptionWhenUsingWrongPassword(@TempDir Path path) throws Exception {
        KeystoreContentMover keystoreContentMover = (KeystoreContentMover) Mockito.mock(KeystoreContentMover.class);
        this.toTest = new KeystoreFileStorage(keystoreContentMover);
        Path resolve = path.resolve("keystore_file.p12");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null, null);
        char[] charArray = UsersResourceTest.PASSWORD.toCharArray();
        KeystoreFileLocation keystoreFileLocation = new KeystoreFileLocation(resolve);
        this.toTest.writeKeyStore(keystoreFileLocation, keyStore, charArray, (char[]) null);
        Assertions.assertThrows(KeyStoreStorageException.class, () -> {
            this.toTest.readKeyStore(keystoreFileLocation, "wrong password".toCharArray());
        });
        Mockito.verifyNoInteractions(new Object[]{keystoreContentMover});
    }
}
