package org.alfresco.encryption;

import java.io.Serializable;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import javax.transaction.UserTransaction;
import junit.framework.TestCase;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.dictionary.DictionaryBootstrap;
import org.alfresco.repo.dictionary.DictionaryDAO;
import org.alfresco.repo.node.encryption.MetadataEncryptor;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.tenant.MultiTAdminServiceImpl;
import org.alfresco.repo.tenant.TenantService;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper;
import org.alfresco.util.Pair;
import org.springframework.context.ApplicationContext;

/* loaded from: input_file:org/alfresco/encryption/EncryptionTests.class */
public class EncryptionTests extends TestCase {
    private static final String TEST_MODEL = "org/alfresco/encryption/reencryption_model.xml";
    private static int NUM_PROPERTIES = 500;
    private static ApplicationContext ctx = ApplicationContextHelper.getApplicationContext();
    private static QName NODE_TYPE = QName.createQName("http://www.alfresco.org/test/reencryption_test/1.0", "base");
    private static QName PROP = QName.createQName("http://www.alfresco.org/test/reencryption_test/1.0", "prop1");
    private NodeRef rootNodeRef;
    private TransactionService transactionService;
    private DictionaryService dictionaryService;
    private NodeService nodeService;
    private MetadataEncryptor metadataEncryptor;
    private ReEncryptor reEncryptor;
    private KeyStoreParameters backupKeyStoreParameters;
    private AlfrescoKeyStoreImpl mainKeyStore;
    private KeyResourceLoader keyResourceLoader;
    private EncryptionKeysRegistryImpl encryptionKeysRegistry;
    private KeyStoreChecker keyStoreChecker;
    private DefaultEncryptor mainEncryptor;
    private DefaultEncryptor backupEncryptor;
    private AuthenticationComponent authenticationComponent;
    private DictionaryDAO dictionaryDAO;
    private TenantService tenantService;
    private String keyAlgorithm;
    private UserTransaction tx;
    private String cipherAlgorithm = "DESede/CBC/PKCS5Padding";
    private KeyMap newKeys = new KeyMap();
    private List<NodeRef> before = new ArrayList();
    private List<NodeRef> after = new ArrayList();

    public void setUp() throws Exception {
        this.dictionaryService = (DictionaryService) ctx.getBean("dictionaryService");
        this.nodeService = (NodeService) ctx.getBean("nodeService");
        this.transactionService = (TransactionService) ctx.getBean("transactionService");
        this.tenantService = (TenantService) ctx.getBean("tenantService");
        this.dictionaryDAO = (DictionaryDAO) ctx.getBean("dictionaryDAO");
        this.metadataEncryptor = (MetadataEncryptor) ctx.getBean("metadataEncryptor");
        this.authenticationComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent");
        this.keyResourceLoader = (KeyResourceLoader) ctx.getBean("springKeyResourceLoader");
        this.reEncryptor = (ReEncryptor) ctx.getBean("reEncryptor");
        this.backupKeyStoreParameters = (KeyStoreParameters) ctx.getBean("backupKeyStoreParameters");
        this.keyStoreChecker = (KeyStoreChecker) ctx.getBean("keyStoreChecker");
        this.encryptionKeysRegistry = (EncryptionKeysRegistryImpl) ctx.getBean("encryptionKeysRegistry");
        this.mainKeyStore = (AlfrescoKeyStoreImpl) ctx.getBean("keyStore");
        this.mainEncryptor = (DefaultEncryptor) ctx.getBean("mainEncryptor");
        this.backupEncryptor = (DefaultEncryptor) ctx.getBean("backupEncryptor");
        this.reEncryptor.setSplitTxns(false);
        this.authenticationComponent.setSystemUserAsCurrentUser();
        this.tx = this.transactionService.getUserTransaction();
        this.tx.begin();
        this.rootNodeRef = this.nodeService.getRootNode(this.nodeService.createStore(MultiTAdminServiceImpl.PROTOCOL_STORE_WORKSPACE, "ReEncryptor_" + System.currentTimeMillis()));
        this.keyAlgorithm = "DESede";
        this.newKeys.setKey("metadata", generateSecretKey(this.keyAlgorithm));
        DictionaryBootstrap dictionaryBootstrap = new DictionaryBootstrap();
        ArrayList arrayList = new ArrayList();
        arrayList.add(TEST_MODEL);
        dictionaryBootstrap.setModels(arrayList);
        dictionaryBootstrap.setDictionaryDAO(this.dictionaryDAO);
        dictionaryBootstrap.setTenantService(this.tenantService);
        dictionaryBootstrap.bootstrap();
    }

    protected KeyProvider getKeyProvider(KeyStoreParameters keyStoreParameters) {
        return new KeystoreKeyProvider(keyStoreParameters, this.keyResourceLoader);
    }

    public void setBackupKeyStoreParameters(KeyStoreParameters keyStoreParameters) {
        this.backupKeyStoreParameters = keyStoreParameters;
    }

    protected void tearDown() throws Exception {
        this.authenticationComponent.clearCurrentSecurityContext();
        this.tx.rollback();
        super.tearDown();
    }

    protected KeyProvider getKeyProvider(final KeyMap keyMap) {
        return new KeyProvider() { // from class: org.alfresco.encryption.EncryptionTests.1
            public Key getKey(String str) {
                return keyMap.getCachedKey(str).getKey();
            }
        };
    }

    protected void createEncryptedProperties(List<NodeRef> list) {
        for (int i = 0; i < NUM_PROPERTIES; i++) {
            NodeRef childRef = this.nodeService.createNode(this.rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("assoc1"), NODE_TYPE).getChildRef();
            list.add(childRef);
            HashMap hashMap = new HashMap();
            hashMap.put(PROP, childRef.toString());
            this.nodeService.setProperties(childRef, this.metadataEncryptor.encrypt(hashMap));
        }
    }

    public byte[] generateKeyData() throws NoSuchAlgorithmException {
        SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
        secureRandom.setSeed(System.currentTimeMillis());
        byte[] bArr = new byte[24];
        secureRandom.nextBytes(bArr);
        return bArr;
    }

    protected Key generateSecretKey(String str) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException {
        return SecretKeyFactory.getInstance(str).generateSecret(new DESedeKeySpec(generateKeyData()));
    }

    public void testReEncrypt() {
        KeyProvider keyProvider = this.backupEncryptor.getKeyProvider();
        KeyProvider keyProvider2 = this.mainEncryptor.getKeyProvider();
        try {
            try {
                createEncryptedProperties(this.before);
                KeyProvider keyProvider3 = getKeyProvider(this.newKeys);
                this.backupEncryptor.setKeyProvider(this.mainEncryptor.getKeyProvider());
                this.mainEncryptor.setKeyProvider(keyProvider3);
                createEncryptedProperties(this.after);
                long currentTimeMillis = System.currentTimeMillis();
                System.out.println(this.reEncryptor.reEncrypt() + " properties re-encrypted");
                System.out.println("Re-encrypted " + (NUM_PROPERTIES * 2) + " properties in " + (System.currentTimeMillis() - currentTimeMillis) + "ms");
                for (NodeRef nodeRef : this.before) {
                    Map<QName, Serializable> decrypt = this.metadataEncryptor.decrypt(this.nodeService.getProperties(nodeRef));
                    assertNotNull("", decrypt.get(PROP));
                    assertEquals("", nodeRef.toString(), decrypt.get(PROP));
                }
                for (NodeRef nodeRef2 : this.after) {
                    Map<QName, Serializable> decrypt2 = this.metadataEncryptor.decrypt(this.nodeService.getProperties(nodeRef2));
                    assertNotNull("", decrypt2.get(PROP));
                    assertEquals("", nodeRef2.toString(), decrypt2.get(PROP));
                }
                this.backupEncryptor.setKeyProvider(keyProvider);
                this.mainEncryptor.setKeyProvider(keyProvider2);
            } catch (AlfrescoRuntimeException e) {
                if (e.getCause() instanceof InvalidKeyException) {
                    e.printStackTrace();
                    fail();
                }
                this.backupEncryptor.setKeyProvider(keyProvider);
                this.mainEncryptor.setKeyProvider(keyProvider2);
            } catch (MissingKeyException e2) {
                fail(e2.getMessage());
                this.backupEncryptor.setKeyProvider(keyProvider);
                this.mainEncryptor.setKeyProvider(keyProvider2);
            }
        } catch (Throwable th) {
            this.backupEncryptor.setKeyProvider(keyProvider);
            this.mainEncryptor.setKeyProvider(keyProvider2);
            throw th;
        }
    }

    public void testBootstrapReEncrypt() {
        try {
            this.backupKeyStoreParameters.setLocation("");
            this.mainKeyStore.reload();
            this.reEncryptor.bootstrapReEncrypt();
            fail("Should have caught missing backup key store");
        } catch (MissingKeyException e) {
            System.out.println("Successfully caught missing key exception");
        } catch (InvalidKeystoreException e2) {
            fail("Unexpected exception: " + e2.getMessage());
        }
    }

    protected void testChangeKeysImpl(boolean z) throws Throwable {
        final KeyMap keyMap = new KeyMap();
        keyMap.setKey("test", generateSecretKey("DESede"));
        KeyProvider keyProvider = new KeyProvider() { // from class: org.alfresco.encryption.EncryptionTests.2
            public Key getKey(String str) {
                return keyMap.getCachedKey(str).getKey();
            }
        };
        DefaultEncryptor defaultEncryptor = new DefaultEncryptor();
        defaultEncryptor.setCipherAlgorithm("DESede/CBC/PKCS5Padding");
        defaultEncryptor.setCipherProvider((String) null);
        defaultEncryptor.setKeyProvider(keyProvider);
        defaultEncryptor.setCacheCiphers(z);
        Pair encrypt = defaultEncryptor.encrypt("test", (AlgorithmParameters) null, "hello world".getBytes("UTF-8"));
        byte[] decrypt = defaultEncryptor.decrypt("test", (AlgorithmParameters) encrypt.getSecond(), (byte[]) encrypt.getFirst());
        assertEquals("Expected encrypt,decrypt to end up with the original value", "hello world", new String(decrypt, "UTF-8"));
        System.out.println("1:" + new String(decrypt, "UTF-8"));
        keyMap.setKey("test", generateSecretKey("DESede"));
        assertNotNull(defaultEncryptor);
        assertNotNull(encrypt);
        try {
            new String(defaultEncryptor.decrypt("test", (AlgorithmParameters) encrypt.getSecond(), (byte[]) encrypt.getFirst()), "UTF-8");
        } catch (AlfrescoRuntimeException e) {
        }
    }

    public void testChangeKeys() throws Throwable {
        testChangeKeysImpl(false);
    }

    public void testChangeKeysCachedCiphers() throws Throwable {
        testChangeKeysImpl(true);
    }

    public void testFailedEncryptionWithCachedCiphers() throws Throwable {
        final KeyMap keyMap = new KeyMap();
        Key generateSecretKey = generateSecretKey("DESede");
        keyMap.setKey("test", generateSecretKey);
        KeyProvider keyProvider = new KeyProvider() { // from class: org.alfresco.encryption.EncryptionTests.3
            public Key getKey(String str) {
                return keyMap.getCachedKey(str).getKey();
            }
        };
        DefaultEncryptor defaultEncryptor = new DefaultEncryptor();
        defaultEncryptor.setCipherAlgorithm("DESede/CBC/PKCS5Padding");
        defaultEncryptor.setCipherProvider((String) null);
        defaultEncryptor.setKeyProvider(keyProvider);
        defaultEncryptor.setCacheCiphers(true);
        Pair encrypt = defaultEncryptor.encrypt("test", (AlgorithmParameters) null, "hello world".getBytes("UTF-8"));
        keyMap.setKey("test", generateSecretKey("DESede"));
        assertNotNull(defaultEncryptor);
        assertNotNull(encrypt);
        try {
            new String(defaultEncryptor.decrypt("test", (AlgorithmParameters) encrypt.getSecond(), (byte[]) encrypt.getFirst()), "UTF-8");
            fail("Decryption should have failed");
        } catch (AlfrescoRuntimeException e) {
        }
        keyMap.setKey("test", generateSecretKey);
        try {
            new String(defaultEncryptor.decrypt("test", (AlgorithmParameters) encrypt.getSecond(), (byte[]) encrypt.getFirst()), "UTF-8");
        } catch (AlfrescoRuntimeException e2) {
            fail("Expected decryption to work ok");
        }
    }
}
