package org.alfresco.encryption;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import javax.transaction.NotSupportedException;
import javax.transaction.SystemException;
import javax.transaction.UserTransaction;
import org.alfresco.cmis.PropertyFilter;
import org.alfresco.encryption.EncryptionKeysRegistry;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper;
import org.alfresco.util.GUID;
import org.apache.commons.codec.binary.Base64;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.springframework.context.ApplicationContext;

/* loaded from: input_file:org/alfresco/encryption/KeyStoreTests.class */
public class KeyStoreTests {
    private static ApplicationContext ctx = ApplicationContextHelper.getApplicationContext();
    private TransactionService transactionService;
    private KeyStoreChecker keyStoreChecker;
    private EncryptionKeysRegistry encryptionKeysRegistry;
    private UserTransaction txn = null;
    private KeyResourceLoader keyResourceLoader;
    private List<String> toDelete;
    private DefaultEncryptor backupEncryptor;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/alfresco/encryption/KeyStoreTests$TestAlfrescoKeyStore.class */
    public static class TestAlfrescoKeyStore extends AlfrescoKeyStoreImpl {
        private TestAlfrescoKeyStore() {
        }

        public void create(KeyMap keyMap, KeyMap keyMap2) {
            this.keys = keyMap != null ? keyMap : new KeyMap();
            this.backupKeys = keyMap2 != null ? keyMap2 : new KeyMap();
            super.create();
        }

        void changeKey(String str, Key key) {
            this.keys.setKey("metadata", key);
        }
    }

    @Before
    public void setup() throws SystemException, NotSupportedException {
        this.transactionService = (TransactionService) ctx.getBean("transactionService");
        this.keyStoreChecker = (KeyStoreChecker) ctx.getBean("keyStoreChecker");
        this.encryptionKeysRegistry = (EncryptionKeysRegistry) ctx.getBean("encryptionKeysRegistry");
        this.keyResourceLoader = (KeyResourceLoader) ctx.getBean("springKeyResourceLoader");
        this.backupEncryptor = (DefaultEncryptor) ctx.getBean("backupEncryptor");
        this.toDelete = new ArrayList(10);
        AuthenticationUtil.setRunAsUserSystem();
        this.transactionService.getUserTransaction().begin();
    }

    @After
    public void teardown() throws IllegalStateException, SecurityException, SystemException {
        if (this.txn != null) {
            this.txn.rollback();
        }
        Iterator<String> it = this.toDelete.iterator();
        while (it.hasNext()) {
            File file = new File(it.next());
            if (file.exists()) {
                file.delete();
            }
        }
    }

    public String generateEncodedKey() {
        try {
            return Base64.encodeBase64String(generateKeyData());
        } catch (Throwable th) {
            Assert.fail("Unexpected exception: " + th.getMessage());
            return null;
        }
    }

    public byte[] generateKeyData() throws NoSuchAlgorithmException {
        SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
        secureRandom.setSeed(System.currentTimeMillis());
        byte[] bArr = new byte[24];
        secureRandom.nextBytes(bArr);
        return bArr;
    }

    protected String generateKeystoreName() {
        String generate = GUID.generate();
        this.toDelete.add(generate);
        return generate;
    }

    protected Key generateSecretKey(String str) {
        try {
            return SecretKeyFactory.getInstance(str).generateSecret(new DESedeKeySpec(generateKeyData()));
        } catch (Throwable th) {
            Assert.fail("Unexpected exception: " + th.getMessage());
            return null;
        }
    }

    protected TestAlfrescoKeyStore getKeyStore(String str, String str2, final Map<String, String> map, final Map<String, String> map2, String str3, String str4) {
        KeyResourceLoader keyResourceLoader = new KeyResourceLoader() { // from class: org.alfresco.encryption.KeyStoreTests.1
            public InputStream getKeyStore(String str5) throws FileNotFoundException {
                return KeyStoreTests.this.keyResourceLoader.getKeyStore(str5);
            }

            public Properties loadKeyMetaData(String str5) throws IOException, FileNotFoundException {
                Properties properties = new Properties();
                properties.put("keystore.password", "password");
                StringBuilder sb = new StringBuilder();
                for (String str6 : map.keySet()) {
                    properties.put(str6 + ".password", map.get(str6));
                    if (map2 != null && map2.get(str6) != null) {
                        properties.put(str6 + ".keyData", map2.get(str6));
                    }
                    properties.put(str6 + ".algorithm", "DESede");
                    sb.append(str6);
                    sb.append(PropertyFilter.PROPERTY_NAME_TOKENS_DELIMITER);
                }
                if (sb.length() > 0) {
                    sb.delete(sb.length() - 1, sb.length());
                }
                properties.put("aliases", sb.toString());
                return properties;
            }
        };
        KeyStoreParameters keyStoreParameters = new KeyStoreParameters(str, str2, (String) null, "", str3);
        KeyStoreParameters keyStoreParameters2 = new KeyStoreParameters(str + ".backup", str2, (String) null, "", str4);
        TestAlfrescoKeyStore testAlfrescoKeyStore = new TestAlfrescoKeyStore();
        testAlfrescoKeyStore.setKeyStoreParameters(keyStoreParameters);
        testAlfrescoKeyStore.setBackupKeyStoreParameters(keyStoreParameters2);
        testAlfrescoKeyStore.setKeyResourceLoader(keyResourceLoader);
        testAlfrescoKeyStore.setValidateKeyChanges(true);
        testAlfrescoKeyStore.setEncryptionKeysRegistry(this.encryptionKeysRegistry);
        return testAlfrescoKeyStore;
    }

    @Test
    public void test1() {
        AlfrescoKeyStore keyStore = getKeyStore("main", "JCEKS", Collections.singletonMap("metadata", "metadata"), Collections.singletonMap("metadata", generateEncodedKey()), generateKeystoreName(), generateKeystoreName());
        this.encryptionKeysRegistry.unregisterKey("metadata");
        this.keyStoreChecker.setMainKeyStore(keyStore);
        try {
            this.keyStoreChecker.validateKeyStores();
        } catch (MissingKeyException e) {
            Assert.fail("Unexpected exception : " + e.getMessage());
        } catch (InvalidKeystoreException e2) {
            Assert.fail("Unexpected exception: " + e2.getMessage());
        }
        Assert.assertTrue("", this.encryptionKeysRegistry.getRegisteredKeys(keyStore.getKeyAliases()).contains("metadata"));
        Assert.assertTrue("", keyStore.exists());
        Assert.assertTrue("", keyStore.getKey("metadata") != null);
    }

    @Test
    public void test2() {
        AlfrescoKeyStore keyStore = getKeyStore("main", "JCEKS", Collections.singletonMap("metadata", "metadata"), null, generateKeystoreName(), generateKeystoreName());
        Assert.assertTrue("", this.encryptionKeysRegistry.isKeyRegistered("metadata"));
        this.keyStoreChecker.setMainKeyStore(keyStore);
        try {
            this.keyStoreChecker.validateKeyStores();
            Assert.fail("Should have caught missing main keystore");
        } catch (MissingKeyException e) {
        } catch (InvalidKeystoreException e2) {
            Assert.fail("Unexpected exception : " + e2.getMessage());
        }
    }

    @Test
    public void test3() {
        AlfrescoKeyStore keyStore = getKeyStore("main", "JCEKS", Collections.singletonMap("metadata", "metadata"), null, generateKeystoreName(), generateKeystoreName());
        createAndPopulateKeyStore(keyStore);
        this.encryptionKeysRegistry.unregisterKey("metadata");
        this.keyStoreChecker.setMainKeyStore(keyStore);
        try {
            this.keyStoreChecker.validateKeyStores();
        } catch (InvalidKeystoreException e) {
            Assert.fail("Unexpected exception: " + e.getMessage());
        } catch (MissingKeyException e2) {
            Assert.fail("Unexpected exception : " + e2.getMessage());
        }
        Assert.assertTrue("", this.encryptionKeysRegistry.isKeyRegistered("metadata"));
    }

    @Test
    public void test4() {
        this.encryptionKeysRegistry.unregisterKey("metadata");
        AlfrescoKeyStore keyStore = getKeyStore("main", "JCEKS", Collections.singletonMap("metadata", "metadata"), null, generateKeystoreName(), generateKeystoreName());
        createAndPopulateKeyStore(keyStore);
        this.keyStoreChecker.setMainKeyStore(keyStore);
        try {
            this.keyStoreChecker.validateKeyStores();
        } catch (InvalidKeystoreException e) {
            Assert.fail("Unexpected exception: " + e.getMessage());
        } catch (MissingKeyException e2) {
            Assert.fail("Unexpected exception : " + e2.getMessage());
        }
        Assert.assertTrue("", this.encryptionKeysRegistry.isKeyRegistered("metadata"));
        keyStore.changeKey("metadata", generateSecretKey("DESede"));
        try {
            this.keyStoreChecker.validateKeyStores();
            Assert.fail("Expected key store checker to detect changed metadata key");
        } catch (MissingKeyException e3) {
            Assert.fail("Unexpected exception : " + e3.getMessage());
        } catch (InvalidKeystoreException e4) {
        }
    }

    @Test
    public void test5() {
        this.encryptionKeysRegistry.unregisterKey("metadata");
        AlfrescoKeyStore keyStore = getKeyStore("main", "JCEKS", Collections.singletonMap("metadata", "metadata"), null, generateKeystoreName(), generateKeystoreName());
        createAndPopulateKeyStore(keyStore);
        try {
            this.keyStoreChecker.setMainKeyStore(keyStore);
            this.keyStoreChecker.validateKeyStores();
        } catch (InvalidKeystoreException e) {
            Assert.fail("Unexpected exception: " + e.getMessage());
        } catch (MissingKeyException e2) {
            Assert.fail("Unexpected exception : " + e2.getMessage());
        }
        keyStore.backup();
        Assert.assertTrue("", this.encryptionKeysRegistry.isKeyRegistered("metadata"));
        keyStore.changeKey("metadata", generateSecretKey("DESede"));
        try {
            this.keyStoreChecker.validateKeyStores();
        } catch (MissingKeyException e3) {
            Assert.fail("Unexpected exception : " + e3.getMessage());
        } catch (InvalidKeystoreException e4) {
            Assert.fail("Unexpected exception: " + e4.getMessage());
        }
        Assert.assertTrue("", EncryptionKeysRegistry.KEY_STATUS.OK == this.encryptionKeysRegistry.checkKey("metadata", keyStore.getKey("metadata")));
    }

    private void createAndPopulateKeyStore(TestAlfrescoKeyStore testAlfrescoKeyStore) {
        KeyMap keyMap = new KeyMap();
        keyMap.setKey("metadata", generateSecretKey("DESede"));
        testAlfrescoKeyStore.create(keyMap, null);
    }
}
