package io.airlift.security.pem;

import com.google.common.collect.Iterables;
import com.google.common.io.Files;
import java.io.File;
import java.io.IOException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Optional;
import java.util.regex.Matcher;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:io/airlift/security/pem/TestPemReader.class */
public class TestPemReader {
    private static final String CA_NAME = "OU=RootCA,O=Airlift,L=Palo Alto,ST=CA,C=US";
    private static final String CLIENT_NAME = "CN=Test User,OU=Server,O=Airlift,L=Palo Alto,ST=CA,C=US";
    private static final Optional<String> NO_PASSWORD = Optional.empty();
    private static final Optional<String> KEY_PASSWORD = Optional.of("airlift");

    @Test
    public void testLoadKeyStore() throws Exception {
        testLoadKeyStore("rsa.client.crt", "rsa.client.pkcs8.key", NO_PASSWORD, CLIENT_NAME);
        testLoadKeyStore("ec.client.crt", "ec.client.pkcs8.key", NO_PASSWORD, CLIENT_NAME);
        testLoadKeyStore("dsa.client.crt", "dsa.client.pkcs8.key", NO_PASSWORD, CLIENT_NAME);
        testLoadKeyStore("rsa.client.crt", "rsa.client.pkcs8.key.encrypted", KEY_PASSWORD, CLIENT_NAME);
        testLoadKeyStore("ec.client.crt", "ec.client.pkcs8.key.encrypted", KEY_PASSWORD, CLIENT_NAME);
        testLoadKeyStore("dsa.client.crt", "dsa.client.pkcs8.key.encrypted", KEY_PASSWORD, CLIENT_NAME);
        testLoadKeyStore("rsa.client.pkcs8.pem.encrypted", "rsa.client.pkcs8.pem.encrypted", KEY_PASSWORD, CLIENT_NAME);
        testLoadKeyStore("dsa.client.pkcs8.pem.encrypted", "dsa.client.pkcs8.pem.encrypted", KEY_PASSWORD, CLIENT_NAME);
        testLoadKeyStore("ec.client.pkcs8.pem.encrypted", "ec.client.pkcs8.pem.encrypted", KEY_PASSWORD, CLIENT_NAME);
        testLoadKeyStore("rsa.client.crt", "rsa.client.pkcs1.key", NO_PASSWORD, CLIENT_NAME);
        testLoadKeyStore("ec.client.crt", "ec.client.pkcs1.key", NO_PASSWORD, CLIENT_NAME);
        testLoadKeyStore("dsa.client.crt", "dsa.client.pkcs1.key", NO_PASSWORD, CLIENT_NAME);
        testLoadKeyStore("rsa.client.pkcs8.pem.encrypted", "rsa.client.pkcs1.pem", NO_PASSWORD, CLIENT_NAME);
        testLoadKeyStore("dsa.client.pkcs8.pem.encrypted", "dsa.client.pkcs1.pem", NO_PASSWORD, CLIENT_NAME);
        testLoadKeyStore("ec.client.pkcs8.pem.encrypted", "ec.client.pkcs1.pem", NO_PASSWORD, CLIENT_NAME);
    }

    private static void testLoadKeyStore(String str, String str2, Optional<String> optional, String str3) throws Exception {
        KeyStore loadKeyStore = PemReader.loadKeyStore(getResourceFile(str), getResourceFile(str2), optional);
        assertCertificateChain(loadKeyStore, str3);
        Assert.assertNotNull(loadKeyStore.getCertificate("key"));
        Key key = loadKeyStore.getKey("key", new char[0]);
        Assert.assertNotNull(key);
        Assert.assertTrue(key instanceof PrivateKey);
        Assert.assertEquals(key, PemReader.loadPrivateKey(PemWriter.writePrivateKey((PrivateKey) key), Optional.empty()));
    }

    @Test
    public void testLoadTrustStore() throws Exception {
        assertCertificateChain(PemReader.loadTrustStore(getResourceFile("rsa.ca.crt")), CA_NAME);
        assertCertificateChain(PemReader.loadTrustStore(getResourceFile("ec.ca.crt")), CA_NAME);
        assertCertificateChain(PemReader.loadTrustStore(getResourceFile("dsa.ca.crt")), CA_NAME);
    }

    @Test
    public void testLoadPublicKey() throws Exception {
        testLoadPublicKey("rsa.client.crt", "rsa.client.pkcs8.pub");
        testLoadPublicKey("ec.client.crt", "ec.client.pkcs8.pub");
        testLoadPublicKey("dsa.client.crt", "dsa.client.pkcs8.pub");
    }

    private static void testLoadPublicKey(String str, String str2) throws Exception {
        PublicKey loadPublicKey = PemReader.loadPublicKey(getResourceFile(str2));
        Assert.assertNotNull(loadPublicKey);
        Assert.assertEquals(loadPublicKey, ((X509Certificate) Iterables.getOnlyElement(PemReader.readCertificateChain(getResourceFile(str)))).getPublicKey());
        Assert.assertEquals(loadPublicKey, PemReader.loadPublicKey(PemWriter.writePublicKey(loadPublicKey)));
    }

    @Test
    public void testRsaPkcs1ToPkcs8() throws Exception {
        Assert.assertEquals(PemReader.rsaPkcs1ToPkcs8(loadPrivateKeyData("rsa.client.pkcs1.key")), loadPrivateKeyData("rsa.client.pkcs8.key"));
    }

    @Test
    public void testDsaPkcs1ToPkcs8() throws Exception {
        Assert.assertEquals(PemReader.dsaPkcs1ToPkcs8(loadPrivateKeyData("dsa.client.pkcs1.key")), loadPrivateKeyData("dsa.client.pkcs8.key"));
    }

    @Test
    public void testEcPkcs1ToPkcs8() throws Exception {
        Assert.assertEquals(PemReader.ecPkcs1ToPkcs8(loadPrivateKeyData("ec.client.pkcs1.key")), loadPrivateKeyData("ec.client.pkcs8.key"));
    }

    private static void assertCertificateChain(KeyStore keyStore, String str) throws Exception {
        ArrayList list = Collections.list(keyStore.aliases());
        Assert.assertEquals(list.size(), 1);
        Certificate certificate = keyStore.getCertificate((String) list.get(0));
        Assert.assertNotNull(certificate);
        Assert.assertTrue(certificate instanceof X509Certificate);
        X509Certificate x509Certificate = (X509Certificate) certificate;
        assertX509Certificate(x509Certificate, str);
        assertX509Certificate((X509Certificate) Iterables.getOnlyElement(PemReader.readCertificateChain(PemWriter.writeCertificate(x509Certificate))), str);
    }

    private static void assertX509Certificate(X509Certificate x509Certificate, String str) throws InvalidNameException {
        Assert.assertEquals(new LdapName(x509Certificate.getSubjectX500Principal().getName()).toString(), str);
    }

    private static byte[] loadPrivateKeyData(String str) throws IOException, KeyStoreException {
        Matcher matcher = PemReader.PRIVATE_KEY_PATTERN.matcher(Files.asCharSource(getResourceFile(str), StandardCharsets.US_ASCII).read());
        if (matcher.find()) {
            return PemReader.base64Decode(matcher.group(2));
        }
        throw new KeyStoreException("did not find a private key");
    }

    private static File getResourceFile(String str) {
        URL resource = TestPemReader.class.getClassLoader().getResource(str);
        if (resource == null) {
            throw new IllegalArgumentException("Resource not found " + str);
        }
        return new File(resource.getFile());
    }
}
