package org.apache.zeppelin.utils;

import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.concurrent.ThreadLocalRandom;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/zeppelin/utils/PEMImporterTest.class */
public class PEMImporterTest {
    private final File pemkey = new File(getClass().getResource("/example-pem-files/zeppelin.com.key").getFile());
    private final File pemCert = new File(getClass().getResource("/example-pem-files/zeppelin.com.crt").getFile());
    private final File rootCACert = new File(getClass().getResource("/example-pem-files/rootCA.crt").getFile());
    private final File privkeyWithPasswordPKCS1 = new File(getClass().getResource("/example-pem-files/privkey_with_password_PKCS_1.pem").getFile());
    private final File privkeyWithPasswordPKCS8 = new File(getClass().getResource("/example-pem-files/privkey_with_password_PKCS_8.pem").getFile());
    private final File privkeyWithoutPasswordPKCS1 = new File(getClass().getResource("/example-pem-files/privkey_without_password_PKCS_1.pem").getFile());
    private final File privkeyWithoutPasswordPKCS8 = new File(getClass().getResource("/example-pem-files/privkey_without_password_PKCS_8.pem").getFile());

    @Test
    public void testParsingPKCS1WithoutPassword() throws IOException, GeneralSecurityException {
        KeyStore loadKeyStore = PEMImporter.loadKeyStore(this.pemCert, this.privkeyWithoutPasswordPKCS1, "");
        Assert.assertEquals(1L, loadKeyStore.size());
        Assert.assertTrue(loadKeyStore.containsAlias("key"));
        Assert.assertEquals(1L, loadKeyStore.getCertificateChain("key").length);
    }

    @Test
    public void testParsingPKCS1WithPassword() throws IOException, GeneralSecurityException {
        KeyStore loadKeyStore = PEMImporter.loadKeyStore(this.pemCert, this.privkeyWithPasswordPKCS1, "test");
        Assert.assertEquals(1L, loadKeyStore.size());
        Assert.assertTrue(loadKeyStore.containsAlias("key"));
        Assert.assertEquals(1L, loadKeyStore.getCertificateChain("key").length);
    }

    @Test(expected = GeneralSecurityException.class)
    public void testParsingPKCS1WithWrongPassword() throws IOException, GeneralSecurityException {
        PEMImporter.loadKeyStore(this.pemCert, this.privkeyWithPasswordPKCS1, "nottest");
    }

    @Test
    public void testParsingPKCS8WithoutPassword() throws IOException, GeneralSecurityException {
        KeyStore loadKeyStore = PEMImporter.loadKeyStore(this.pemCert, this.privkeyWithoutPasswordPKCS8, "");
        Assert.assertEquals(1L, loadKeyStore.size());
        Assert.assertTrue(loadKeyStore.containsAlias("key"));
        Assert.assertEquals(1L, loadKeyStore.getCertificateChain("key").length);
    }

    @Test
    public void testParsingPKCS8WithPassword() throws IOException, GeneralSecurityException {
        KeyStore loadKeyStore = PEMImporter.loadKeyStore(this.pemCert, this.privkeyWithPasswordPKCS8, "test");
        Assert.assertEquals(1L, loadKeyStore.size());
        Assert.assertTrue(loadKeyStore.containsAlias("key"));
        Assert.assertEquals(1L, loadKeyStore.getCertificateChain("key").length);
    }

    @Test(expected = GeneralSecurityException.class)
    public void testParsingPKCS8WithWrongPassword() throws IOException, GeneralSecurityException {
        PEMImporter.loadKeyStore(this.pemCert, this.privkeyWithPasswordPKCS8, "nottest");
    }

    @Test
    public void testCertKeyAndChain() throws Exception {
        KeyStore loadTrustStore = PEMImporter.loadTrustStore(this.rootCACert);
        KeyStore loadKeyStore = PEMImporter.loadKeyStore(this.pemCert, this.pemkey, "");
        Assert.assertEquals(1L, loadKeyStore.size());
        Assert.assertTrue(loadKeyStore.containsAlias("key"));
        Assert.assertEquals(1L, loadKeyStore.getCertificateChain("key").length);
        Assert.assertEquals(1L, loadTrustStore.size());
        Assert.assertTrue(verifyPubAndPrivKey(loadKeyStore.getCertificateChain("key")[0].getPublicKey(), (PrivateKey) loadKeyStore.getKey("key", "".toCharArray())));
        Assert.assertTrue(verifyChain((X509Certificate) loadKeyStore.getCertificate("key"), (X509Certificate) loadTrustStore.getCertificate("cn=localhost")));
    }

    private boolean verifyPubAndPrivKey(PublicKey publicKey, PrivateKey privateKey) throws Exception {
        byte[] bArr = new byte[10000];
        ThreadLocalRandom.current().nextBytes(bArr);
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(privateKey);
        signature.update(bArr);
        byte[] sign = signature.sign();
        signature.initVerify(publicKey);
        signature.update(bArr);
        return signature.verify(sign);
    }

    private boolean verifyChain(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        return x509Certificate.getIssuerX500Principal().equals(x509Certificate2.getSubjectX500Principal());
    }
}
