package org.eclipse.osgi.tests.security;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;
import org.eclipse.osgi.internal.service.security.KeyStoreTrustEngine;
import org.eclipse.osgi.internal.signedcontent.SignedBundleHook;
import org.eclipse.osgi.service.security.TrustEngine;
import org.eclipse.osgi.tests.OSGiTestsActivator;

/* loaded from: input_file:org/eclipse/osgi/tests/security/KeyStoreTrustEngineTest.class */
public class KeyStoreTrustEngineTest extends TestCase {
    private static char[] PASSWORD_DEFAULT = {'c', 'h', 'a', 'n', 'g', 'e', 'i', 't'};
    private static String TYPE_DEFAULT = "JKS";
    private static TestCase[] s_tests = {new KeyStoreTrustEngineTest("findTrustAnchor positive test: self signed trusted", "ca1_root") { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.1
        public void runTest() {
            testFindTrustAnchor0();
        }
    }, new KeyStoreTrustEngineTest("findTrustAnchor positive test: chain with root trusted", "ca1_root") { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.2
        public void runTest() {
            testFindTrustAnchor1();
        }
    }, new KeyStoreTrustEngineTest("findTrustAnchor positive test: chain with intermediate trusted", "ca1_ou") { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.3
        public void runTest() {
            testFindTrustAnchor2();
        }
    }, new KeyStoreTrustEngineTest("findTrustAnchor positive test: chain with leaf trusted", "ca1_leafb") { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.4
        public void runTest() {
            testFindTrustAnchor3();
        }
    }, new KeyStoreTrustEngineTest("findTrustAnchor negative test: untrusted self signed", new String[0]) { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.5
        public void runTest() {
            testFindTrustAnchor4();
        }
    }, new KeyStoreTrustEngineTest("findTrustAnchor negative test: untrusted chain", new String[0]) { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.6
        public void runTest() {
            testFindTrustAnchor5();
        }
    }, new KeyStoreTrustEngineTest("findTrustAnchor negative test: invalid chain", new String[0]) { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.7
        public void runTest() {
            testFindTrustAnchor6();
        }
    }, new KeyStoreTrustEngineTest("findTrustAnchor negative test: incomplete-able chain", new String[0]) { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.8
        public void runTest() {
            testFindTrustAnchor7();
        }
    }, new KeyStoreTrustEngineTest("findTrustAnchor negative test: null chain", new String[0]) { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.9
        public void runTest() {
            testFindTrustAnchor8();
        }
    }, new KeyStoreTrustEngineTest("addTrustAnchor positive test: add with alias", new String[0]) { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.10
        public void runTest() {
            testAddTrustAnchor0();
        }
    }, new KeyStoreTrustEngineTest("addTrustAnchor negative test: null cert specified", new String[0]) { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.11
        public void runTest() {
            testAddTrustAnchor2();
        }
    }, new KeyStoreTrustEngineTest("addTrustAnchor negative test: existing cert specified", "ca1_root") { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.12
        public void runTest() {
            testAddTrustAnchor3();
        }
    }, new KeyStoreTrustEngineTest("addTrustAnchor negative test: existing alias specified", "ca1_root") { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.13
        public void runTest() {
            testAddTrustAnchor4();
        }
    }, new KeyStoreTrustEngineTest("removeTrustAnchor positive test: remove by alias", "ca1_root") { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.14
        public void runTest() {
            testRemoveTrustAnchor0();
        }
    }, new KeyStoreTrustEngineTest("removeTrustAnchor positive test: remove by cert", "ca1_root") { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.15
        public void runTest() {
            testRemoveTrustAnchor1();
        }
    }, new KeyStoreTrustEngineTest("removeTrustAnchor negative test: cert not found", new String[0]) { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.16
        public void runTest() {
            testRemoveTrustAnchor2();
        }
    }, new KeyStoreTrustEngineTest("removeTrustAnchor negative test: by alias not found", new String[0]) { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.17
        public void runTest() {
            testRemoveTrustAnchor3();
        }
    }, new KeyStoreTrustEngineTest("removeTrustAnchor negative test: remove by null alias", new String[0]) { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.18
        public void runTest() {
            testRemoveTrustAnchor4();
        }
    }, new KeyStoreTrustEngineTest("removeTrustAnchor negative test: remove by null certificate", new String[0]) { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.19
        public void runTest() {
            testRemoveTrustAnchor5();
        }
    }, new KeyStoreTrustEngineTest("getTrustAnchor positive test: get by alias", "ca1_root") { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.20
        public void runTest() {
            testGetTrustAnchor0();
        }
    }, new KeyStoreTrustEngineTest("getTrustAnchor negative test: get by null alias", new String[0]) { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.21
        public void runTest() {
            testGetTrustAnchor1();
        }
    }, new KeyStoreTrustEngineTest("getTrustAnchor negative test: does not exist", new String[0]) { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.22
        public void runTest() {
            testGetTrustAnchor2();
        }
    }, new KeyStoreTrustEngineTest("getAliases positive test: get the alias list", "ca1_root", "ca2_root") { // from class: org.eclipse.osgi.tests.security.KeyStoreTrustEngineTest.23
        public void runTest() {
            testGetAliases0();
        }
    }};
    private static KeyStore supportStore;
    private String[] aliases;
    private KeyStore testStore;
    private File testStoreFile;
    TrustEngine engine;

    static {
        try {
            URL entry = OSGiTestsActivator.getBundle().getEntry("test_files/security/keystore.jks");
            supportStore = KeyStore.getInstance(TYPE_DEFAULT);
            supportStore.load(entry.openStream(), PASSWORD_DEFAULT);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public static Test suite() {
        TestSuite testSuite = new TestSuite("Unit tests for TrustEngine");
        for (Test test2 : s_tests) {
            testSuite.addTest(test2);
        }
        return testSuite;
    }

    public KeyStoreTrustEngineTest() {
    }

    public KeyStoreTrustEngineTest(String str, String... strArr) {
        super(str);
        this.aliases = strArr;
    }

    protected void setUp() throws Exception {
        if (supportStore == null) {
            fail("Could not open keystore with test certificates!");
        }
        this.testStore = KeyStore.getInstance(TYPE_DEFAULT);
        this.testStore.load(null, PASSWORD_DEFAULT);
        if (this.aliases != null) {
            for (String str : this.aliases) {
                this.testStore.setCertificateEntry(str, getTestCertificate(str));
            }
        }
        this.testStoreFile = File.createTempFile("teststore", "jks");
        FileOutputStream fileOutputStream = new FileOutputStream(this.testStoreFile);
        try {
            this.testStore.store(fileOutputStream, PASSWORD_DEFAULT);
            safeClose(fileOutputStream);
            this.engine = new KeyStoreTrustEngine(this.testStoreFile.getPath(), TYPE_DEFAULT, PASSWORD_DEFAULT, "teststore", (SignedBundleHook) null);
        } catch (Throwable th) {
            safeClose(fileOutputStream);
            throw th;
        }
    }

    protected static void safeClose(OutputStream outputStream) {
        if (outputStream != null) {
            try {
                outputStream.close();
            } catch (IOException unused) {
            }
        }
    }

    protected void tearDown() {
        this.engine = null;
        this.testStore = null;
        this.testStoreFile.delete();
    }

    private static Certificate getTestCertificate(String str) throws KeyStoreException {
        return supportStore.getCertificate(str);
    }

    private static Certificate[] getTestCertificateChain(String... strArr) throws KeyStoreException {
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            arrayList.add(getTestCertificate(str));
        }
        return (Certificate[]) arrayList.toArray(new Certificate[0]);
    }

    public void testFindTrustAnchor0() {
        try {
            Certificate findTrustAnchor = this.engine.findTrustAnchor(new Certificate[]{getTestCertificate("ca1_root")});
            assertNotNull("Did not return a cert for self-signed case", findTrustAnchor);
            assertEquals("Input and output certs not equal for self-signed case", findTrustAnchor, getTestCertificate("ca1_root"));
        } catch (Throwable th) {
            fail("Unexpected exception testing trusted self-signed cert: " + th.getMessage());
        }
    }

    public void testFindTrustAnchor1() {
        try {
            Certificate findTrustAnchor = this.engine.findTrustAnchor(getTestCertificateChain("ca1_leafb", "ca1_ou", "ca1_root"));
            assertNotNull("Certificate did not come back in trusted root case", findTrustAnchor);
            assertEquals("Output cert is not root trusted cert", findTrustAnchor, getTestCertificate("ca1_root"));
        } catch (Throwable th) {
            fail("Unexpected exception testing trusted root from complete chain: " + th.getMessage());
        }
    }

    public void testFindTrustAnchor2() {
        try {
            Certificate findTrustAnchor = this.engine.findTrustAnchor(getTestCertificateChain("ca1_leafb", "ca1_ou", "ca1_root"));
            assertNotNull("Certificate did not come back in trusted intermediate case", findTrustAnchor);
            assertEquals("Output cert is not intermediate trusted cert", findTrustAnchor, getTestCertificate("ca1_ou"));
        } catch (Throwable th) {
            fail("Unexpected exception testing trusted root from complete chain: " + th.getMessage());
        }
    }

    public void testFindTrustAnchor3() {
        try {
            Certificate findTrustAnchor = this.engine.findTrustAnchor(getTestCertificateChain("ca1_leafb", "ca1_ou", "ca1_root"));
            assertNotNull("Certificate did not come back in trusted leaf case", findTrustAnchor);
            assertEquals("Output cert is not leaf trusted cert", findTrustAnchor, getTestCertificate("ca1_leafb"));
        } catch (Throwable th) {
            fail("Unexpected exception testing trusted root from complete chain: " + th.getMessage());
        }
    }

    public void testFindTrustAnchor4() {
        try {
            assertNull("Incorrectly returned a certificate for untrusted self-signed case", this.engine.findTrustAnchor(new Certificate[]{getTestCertificate("ca2_root")}));
        } catch (Throwable th) {
            fail("Unexpected exception testing untrusted self-signed cert: " + th.getMessage());
        }
    }

    public void testFindTrustAnchor5() {
        try {
            assertNull("Incorrectly returned a certificate for untrusted chain case", this.engine.findTrustAnchor(getTestCertificateChain("ca2_leafb", "ca2_ou", "ca2_root")));
        } catch (Throwable th) {
            fail("Unexpected exception testing untrusted chain: " + th.getMessage());
        }
    }

    public void testFindTrustAnchor6() {
        try {
            assertNull("Incorrectly returned a certificate on invalid certificate chain", this.engine.findTrustAnchor(getTestCertificateChain("ca2_leafa", "ca1_root")));
        } catch (Throwable th) {
            assertNull("Incorrectly thrown exception thrown on invalid certificate chain", th);
        }
    }

    public void testFindTrustAnchor7() {
        try {
            assertNull("Incorrectly returned a certificate on incomplete-able certificate chain", this.engine.findTrustAnchor(getTestCertificateChain("ca1_leafb", "ca1_root")));
        } catch (Throwable th) {
            assertNull("Incorrectly thrown exception thrown on incomplete-able certificate chain", th);
        }
    }

    public void testFindTrustAnchor8() {
        try {
            this.engine.findTrustAnchor((Certificate[]) null);
            fail("Did not throw IllegalArgumentException on NULL certificate");
        } catch (Throwable th) {
            assertTrue("Incorrect exception thrown on NULL certificate", th instanceof IllegalArgumentException);
        }
    }

    public void testAddTrustAnchor0() {
        try {
            assertEquals("Alias returned does not equal alias input", this.engine.addTrustAnchor(getTestCertificate("ca1_root"), "ca1_root"), "ca1_root");
        } catch (Throwable th) {
            fail("Unexpected exception adding trusted root: " + th.getMessage());
        }
    }

    public void testAddTrustAnchor1() {
        try {
            assertNotNull("Generated alias was not correctly returned", this.engine.addTrustAnchor(getTestCertificate("ca1_root"), (String) null));
        } catch (Throwable th) {
            fail("Unexpected exception adding trusted root (autogen alias): " + th.getMessage());
        }
    }

    public void testAddTrustAnchor2() {
        try {
            this.engine.addTrustAnchor((Certificate) null, "ca1_root");
            fail("Did not throw IllegalArgumentException on NULL certificate");
        } catch (Throwable th) {
            assertTrue("Incorrect exception thrown on NULL certificate", th instanceof IllegalArgumentException);
        }
    }

    public void testAddTrustAnchor3() {
        try {
            this.engine.addTrustAnchor(getTestCertificate("ca1_root"), "new_root");
            assertTrue("Did not throw CertificateException on duplicate cert", false);
            fail("Expected exception when adding trust anchor");
        } catch (Throwable th) {
            assertTrue("Incorrect exception thrown on duplicate cert", th instanceof CertificateException);
        }
    }

    public void testAddTrustAnchor4() {
        try {
            this.engine.addTrustAnchor(getTestCertificate("ca2_root"), "ca1_root");
            assertTrue("Did not throw CertificateException on duplicate alias", false);
            fail("Expected exception when adding trust anchor");
        } catch (Throwable th) {
            assertTrue("Incorrect exception thrown on duplicate alias", th instanceof CertificateException);
        }
    }

    public void testRemoveTrustAnchor0() {
        try {
            this.engine.removeTrustAnchor("ca1_root");
        } catch (Throwable th) {
            fail("Unexpected exception thrown when removing by alias: " + th.getMessage());
        }
    }

    public void testRemoveTrustAnchor1() {
        try {
            this.engine.removeTrustAnchor(getTestCertificate("ca1_root"));
        } catch (Throwable th) {
            fail("Unexpected exception thrown when removing by cert: " + th.getMessage());
        }
    }

    public void testRemoveTrustAnchor2() {
        try {
            this.engine.removeTrustAnchor(getTestCertificate("ca1_root"));
            fail("Did not throw CertificateException on cert not found");
        } catch (Throwable th) {
            assertTrue("Incorrect exception thrown on remove by cert", th instanceof CertificateException);
        }
    }

    public void testRemoveTrustAnchor3() {
        try {
            this.engine.removeTrustAnchor("ca2_root");
            assertTrue("Did not throw CertificateException on alias not found", false);
            fail("Expected exception when removing trust anchor");
        } catch (Throwable th) {
            assertTrue("Incorrect exception thrown on remove by alias", th instanceof CertificateException);
        }
    }

    public void testRemoveTrustAnchor4() {
        try {
            this.engine.removeTrustAnchor((String) null);
            fail("Did not throw CertificateException on alias null");
        } catch (Throwable th) {
            assertTrue("Incorrect exception thrown on remove by null alias", th instanceof IllegalArgumentException);
        }
    }

    public void testRemoveTrustAnchor5() {
        try {
            this.engine.removeTrustAnchor((Certificate) null);
            fail("Did not throw IllegalArgumentException on remove by cert null");
        } catch (Throwable th) {
            assertTrue("Incorrect exception thrown on remove by null cert", th instanceof IllegalArgumentException);
        }
    }

    public void testGetTrustAnchor0() {
        try {
            assertEquals("Did not get expected certificate", getTestCertificate("ca1_root"), this.engine.getTrustAnchor("ca1_root"));
        } catch (Throwable th) {
            fail("Unexpected exception when retrieving trust anchor: " + th.getMessage());
        }
    }

    public void testGetTrustAnchor1() {
        try {
            this.engine.getTrustAnchor((String) null);
            fail("Did not throw IllegalArgumentException on get by alias null");
        } catch (Throwable th) {
            assertTrue("Incorrect exception thrown on remove by null alias", th instanceof IllegalArgumentException);
        }
    }

    public void testGetTrustAnchor2() {
        try {
            assertNull("Incorrectly returned a certificate on certificate does not exist", this.engine.getTrustAnchor("ca2_root"));
        } catch (Throwable th) {
            assertNull("Incorrectly thrown exception on alias does not exist", th);
        }
    }

    public void testGetAliases0() {
        try {
            this.engine.getAliases();
        } catch (Throwable th) {
            fail("Unexpected exception when retrieving alias list: " + th.getMessage());
        }
    }
}
