package se.swedenconnect.security.credential.factory;

import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.Security;
import org.cryptacular.io.ClassPathResource;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import se.swedenconnect.security.credential.config.ConfigurationResourceLoader;
import se.swedenconnect.security.credential.config.properties.StoreConfigurationProperties;
import se.swedenconnect.security.credential.pkcs11.FilePkcs11Configuration;
import se.swedenconnect.security.credential.pkcs11.MockSunPkcs11Provider;

/* loaded from: input_file:se/swedenconnect/security/credential/factory/KeyStoreFactoryTest.class */
public class KeyStoreFactoryTest {
    @Test
    void testLoadKeyStore() throws Exception {
        InputStream inputStream = new ClassPathResource("rsa1.jks").getInputStream();
        try {
            Assertions.assertNotNull(KeyStoreFactory.loadKeyStore(inputStream, "secret".toCharArray(), "JKS", "SUN"));
            if (inputStream != null) {
                inputStream.close();
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    void testLoadKeyStoreNoTypeOfProvider() throws Exception {
        InputStream inputStream = new ClassPathResource("rsa1.jks").getInputStream();
        try {
            Assertions.assertNotNull(KeyStoreFactory.loadKeyStore(inputStream, "secret".toCharArray(), (String) null, (String) null));
            if (inputStream != null) {
                inputStream.close();
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    void testLoadKeyStoreBadPassword() throws Exception {
        InputStream inputStream = new ClassPathResource("rsa1.jks").getInputStream();
        try {
            Assertions.assertThrows(KeyStoreException.class, () -> {
                KeyStoreFactory.loadKeyStore(inputStream, "bad".toCharArray(), (String) null, (String) null);
            });
            if (inputStream != null) {
                inputStream.close();
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    void testLoadKeyStoreBadUse() throws Exception {
        InputStream inputStream = new ClassPathResource("rsa1.jks").getInputStream();
        try {
            Assertions.assertEquals("PKCS11 keystore type not supported by createKeyStore", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
                KeyStoreFactory.loadKeyStore(inputStream, "secret".toCharArray(), "PKCS11", (String) null);
            })).getMessage());
            if (inputStream != null) {
                inputStream.close();
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    void testLoadPkcs11KeyStore() throws Exception {
        try {
            setupPkcs11();
            KeyStore loadPkcs11KeyStore = KeyStoreFactory.loadPkcs11KeyStore(new FilePkcs11Configuration(getAbsolutePath("cfg1.txt"), MockSunPkcs11Provider.PROVIDER_BASE_NAME), "secret".toCharArray());
            Assertions.assertNotNull(loadPkcs11KeyStore);
            Assertions.assertNotNull(loadPkcs11KeyStore.getKey("test", "secret".toCharArray()));
        } finally {
            tearDownPkcs11();
        }
    }

    @Test
    void testLoadPkcs11KeyStoreBadPin() throws Exception {
        try {
            setupPkcs11();
            FilePkcs11Configuration filePkcs11Configuration = new FilePkcs11Configuration(getAbsolutePath("cfg1.txt"), MockSunPkcs11Provider.PROVIDER_BASE_NAME);
            Assertions.assertThrows(KeyStoreException.class, () -> {
                KeyStoreFactory.loadPkcs11KeyStore(filePkcs11Configuration, "bad".toCharArray());
            });
        } finally {
            tearDownPkcs11();
        }
    }

    @Test
    void testLoadKeyStoreFromConf() throws Exception {
        StoreConfigurationProperties storeConfigurationProperties = new StoreConfigurationProperties();
        storeConfigurationProperties.setLocation("classpath:rsa1.jks");
        storeConfigurationProperties.setPassword("secret");
        Assertions.assertNotNull(KeyStoreFactory.loadKeyStore(storeConfigurationProperties, (ConfigurationResourceLoader) null));
    }

    @Test
    void testLoadKeyStoreMissingLocation() throws Exception {
        StoreConfigurationProperties storeConfigurationProperties = new StoreConfigurationProperties();
        storeConfigurationProperties.setPassword("secret");
        Assertions.assertEquals("location must be set", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            KeyStoreFactory.loadKeyStore(storeConfigurationProperties, (ConfigurationResourceLoader) null);
        })).getMessage());
    }

    @Test
    void testLoadPkcs11KeyStoreFromFileConf() throws Exception {
        try {
            setupPkcs11();
            StoreConfigurationProperties storeConfigurationProperties = new StoreConfigurationProperties();
            storeConfigurationProperties.setPassword("secret");
            storeConfigurationProperties.setType("PKCS11");
            storeConfigurationProperties.setProvider(MockSunPkcs11Provider.PROVIDER_BASE_NAME);
            storeConfigurationProperties.setPkcs11(new StoreConfigurationProperties.Pkcs11ConfigurationProperties());
            storeConfigurationProperties.getPkcs11().setConfigurationFile(getAbsolutePath("cfg1.txt"));
            KeyStore loadKeyStore = KeyStoreFactory.loadKeyStore(storeConfigurationProperties, (ConfigurationResourceLoader) null);
            Assertions.assertNotNull(loadKeyStore);
            Assertions.assertNotNull(loadKeyStore.getKey("test", "secret".toCharArray()));
        } finally {
            tearDownPkcs11();
        }
    }

    @Test
    void testLoadPkcs11KeyStoreFromCustomConf() throws Exception {
        try {
            setupPkcs11();
            StoreConfigurationProperties storeConfigurationProperties = new StoreConfigurationProperties();
            storeConfigurationProperties.setPassword("secret");
            storeConfigurationProperties.setType("PKCS11");
            storeConfigurationProperties.setProvider(MockSunPkcs11Provider.PROVIDER_BASE_NAME);
            storeConfigurationProperties.setPkcs11(new StoreConfigurationProperties.Pkcs11ConfigurationProperties());
            storeConfigurationProperties.getPkcs11().setSettings(new StoreConfigurationProperties.Pkcs11ConfigurationProperties.Pkcs11SettingsProperties());
            storeConfigurationProperties.getPkcs11().getSettings().setName("Foo");
            storeConfigurationProperties.getPkcs11().getSettings().setLibrary("/opt/foo/lib/libpkcs11.so");
            KeyStore loadKeyStore = KeyStoreFactory.loadKeyStore(storeConfigurationProperties, (ConfigurationResourceLoader) null);
            Assertions.assertNotNull(loadKeyStore);
            Assertions.assertNotNull(loadKeyStore.getKey("test", "secret".toCharArray()));
        } finally {
            tearDownPkcs11();
        }
    }

    @Test
    void testLoadPkcs11KeyStoreFromCustomConfMissingName() throws Exception {
        try {
            setupPkcs11();
            StoreConfigurationProperties storeConfigurationProperties = new StoreConfigurationProperties();
            storeConfigurationProperties.setPassword("secret");
            storeConfigurationProperties.setType("PKCS11");
            storeConfigurationProperties.setProvider(MockSunPkcs11Provider.PROVIDER_BASE_NAME);
            storeConfigurationProperties.setPkcs11(new StoreConfigurationProperties.Pkcs11ConfigurationProperties());
            storeConfigurationProperties.getPkcs11().setSettings(new StoreConfigurationProperties.Pkcs11ConfigurationProperties.Pkcs11SettingsProperties());
            storeConfigurationProperties.getPkcs11().getSettings().setLibrary("/opt/foo/lib/libpkcs11.so");
            Assertions.assertEquals("Invalid custom PKCS#11 configuration - name and library must be supplied", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
                KeyStoreFactory.loadKeyStore(storeConfigurationProperties, (ConfigurationResourceLoader) null);
            })).getMessage());
        } finally {
            tearDownPkcs11();
        }
    }

    @Test
    void testLoadPkcs11KeyStoreFromCustomConfMissingLibrary() throws Exception {
        try {
            setupPkcs11();
            StoreConfigurationProperties storeConfigurationProperties = new StoreConfigurationProperties();
            storeConfigurationProperties.setPassword("secret");
            storeConfigurationProperties.setType("PKCS11");
            storeConfigurationProperties.setProvider(MockSunPkcs11Provider.PROVIDER_BASE_NAME);
            storeConfigurationProperties.setPkcs11(new StoreConfigurationProperties.Pkcs11ConfigurationProperties());
            storeConfigurationProperties.getPkcs11().setSettings(new StoreConfigurationProperties.Pkcs11ConfigurationProperties.Pkcs11SettingsProperties());
            storeConfigurationProperties.getPkcs11().getSettings().setName("Foo");
            Assertions.assertEquals("Invalid custom PKCS#11 configuration - name and library must be supplied", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
                KeyStoreFactory.loadKeyStore(storeConfigurationProperties, (ConfigurationResourceLoader) null);
            })).getMessage());
        } finally {
            tearDownPkcs11();
        }
    }

    @Test
    void testLoadPkcs11KeyStoreBadConf() throws Exception {
        try {
            setupPkcs11();
            StoreConfigurationProperties storeConfigurationProperties = new StoreConfigurationProperties();
            storeConfigurationProperties.setPassword("secret");
            storeConfigurationProperties.setType("PKCS11");
            storeConfigurationProperties.setProvider(MockSunPkcs11Provider.PROVIDER_BASE_NAME);
            storeConfigurationProperties.setPkcs11(new StoreConfigurationProperties.Pkcs11ConfigurationProperties());
            Assertions.assertEquals("Invalid PKCS#11 configuration - could not create provider", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
                KeyStoreFactory.loadKeyStore(storeConfigurationProperties, (ConfigurationResourceLoader) null);
            })).getMessage());
        } finally {
            tearDownPkcs11();
        }
    }

    @Test
    void testLoadPkcs11KeyStoreFromStaticConf() throws Exception {
        try {
            setupPkcs11();
            FilePkcs11Configuration filePkcs11Configuration = new FilePkcs11Configuration(getAbsolutePath("cfg1.txt"), MockSunPkcs11Provider.PROVIDER_BASE_NAME);
            filePkcs11Configuration.init();
            Provider provider = filePkcs11Configuration.getProvider();
            StoreConfigurationProperties storeConfigurationProperties = new StoreConfigurationProperties();
            storeConfigurationProperties.setPassword("secret");
            storeConfigurationProperties.setType("PKCS11");
            storeConfigurationProperties.setProvider(provider.getName());
            KeyStore loadKeyStore = KeyStoreFactory.loadKeyStore(storeConfigurationProperties, (ConfigurationResourceLoader) null);
            Assertions.assertNotNull(loadKeyStore);
            Assertions.assertNotNull(loadKeyStore.getKey("test", "secret".toCharArray()));
        } finally {
            tearDownPkcs11();
        }
    }

    public static String getAbsolutePath(String str) {
        return System.getProperty("user.dir") + "/src/test/resources" + (str.startsWith("/") ? "" : "/") + str;
    }

    public static void setupPkcs11() {
        Security.insertProviderAt(new MockSunPkcs11Provider(), 1);
        MockSunPkcs11Provider.MockedPkcs11ResourceHolder.getInstance().setResource(new ClassPathResource("rsa1.jks"));
    }

    public static void tearDownPkcs11() {
        Security.removeProvider(MockSunPkcs11Provider.PROVIDER_BASE_NAME);
        for (Provider provider : Security.getProviders()) {
            if (provider.getName().contains(MockSunPkcs11Provider.PROVIDER_BASE_NAME)) {
                Security.removeProvider(provider.getName());
            }
        }
        MockSunPkcs11Provider.MockedPkcs11ResourceHolder.getInstance().setResource(null);
    }
}
