package org.dataone.client.auth;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import org.apache.commons.lang.SystemUtils;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.dataone.client.exception.ClientSideException;
import org.dataone.client.v1.impl.MultipartCNode;
import org.dataone.configuration.Settings;
import org.dataone.service.exceptions.BaseException;
import org.dataone.service.types.v1.Session;
import org.dataone.service.types.v1.Subject;
import org.dataone.service.types.v1.SubjectInfo;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;

/* loaded from: input_file:org/dataone/client/auth/CertificateManagerTest.class */
public class CertificateManagerTest {
    private static final String user_cert_location = Settings.getConfiguration().getString("certificate.location");
    private static final String CA_VALID = "cilogon-basic";
    private static final String CA_INVALID = "cilogon-silver";

    @Before
    public void setUp() throws Exception {
    }

    @Test
    public void testHarnessCheck() {
        Assert.assertTrue(true);
    }

    @Test
    public void showTLSProtocols() throws NoSuchAlgorithmException, KeyManagementException, IOException {
        for (Provider provider : Security.getProviders()) {
            System.out.println(provider.getName() + ": " + provider.getClass().getCanonicalName());
            for (Map.Entry<Object, Object> entry : provider.entrySet()) {
                if (entry.getKey().toString().contains("SSLContext")) {
                    System.out.println(String.format("    %s : %s", entry.getKey(), entry.getValue()));
                }
            }
        }
        System.out.println("");
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, null, null);
        SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket();
        System.out.println(sSLSocket.getClass().getCanonicalName());
        String[] supportedProtocols = sSLSocket.getSupportedProtocols();
        System.out.println("Supported Protocols: " + supportedProtocols.length);
        for (String str : supportedProtocols) {
            System.out.println(" " + str);
        }
        String[] enabledProtocols = sSLSocket.getEnabledProtocols();
        System.out.println("Enabled Protocols: " + enabledProtocols.length);
        for (String str2 : enabledProtocols) {
            System.out.println(" " + str2);
        }
    }

    @Test
    public void testTrustManager() {
        CertificateManager certificateManager = CertificateManager.getInstance();
        Assert.assertNotNull(certificateManager);
        X509Certificate cACert = certificateManager.getCACert("cn=dataone root ca,dc=dataone,dc=org");
        Assert.assertNotNull(cACert);
        System.out.println(cACert.getSubjectDN());
    }

    public void testWildcardCert() throws BaseException, IOException, ClientSideException {
        for (String str : new String[]{"https://cn-dev-unm-1.test.dataone.org/cn", "https://cn-dev-ucsb-1.test.dataone.org/cn", "https://mn-demo-5.test.dataone.org/knb/d1/mn", "https://cn-dev-orc-1.test.dataone.org/cn"}) {
            System.out.println(str);
            try {
                new MultipartCNode("https://cn-dev-unm-1.test.dataone.org/cn").ping();
            } catch (BaseException e) {
                System.out.println("Failed: " + e.getDescription());
            }
        }
    }

    @Test
    @Ignore("will not pass until certificates installed on Hudson")
    public void testCertificateManager() {
        CertificateManager certificateManager = CertificateManager.getInstance();
        Assert.assertNotNull(certificateManager);
        X509Certificate cACert = certificateManager.getCACert("cn=dataone root ca,dc=dataone,dc=org");
        Assert.assertNotNull(cACert);
        certificateManager.displayCertificate(cACert);
        X509Certificate loadCertificate = certificateManager.loadCertificate();
        Assert.assertNotNull(loadCertificate);
        certificateManager.displayCertificate(loadCertificate);
        Assert.assertTrue(CertificateManager.verify(loadCertificate, cACert));
    }

    @Test
    @Ignore("will not pass until certificates installed on Hudson")
    public void testCertificateManagerExtension() {
        try {
            X509Certificate loadCertificate = CertificateManager.getInstance().loadCertificate();
            Assert.assertNotNull(loadCertificate);
            SubjectInfo subjectInfo = CertificateManager.getInstance().getSubjectInfo(loadCertificate);
            if (subjectInfo != null) {
                String standardizeDN = CertificateManager.getInstance().standardizeDN(subjectInfo.getPerson(0).getSubject().getValue());
                String subjectDN = CertificateManager.getInstance().getSubjectDN(loadCertificate);
                System.out.println("Subject from certificate extension: " + standardizeDN);
                Assert.assertEquals(standardizeDN, subjectDN);
            }
        } catch (Exception e) {
            e.printStackTrace();
            Assert.fail();
        }
    }

    @Test
    @Ignore("will not pass until certificates installed on Hudson")
    public void testCustomCertificateManager() {
        X509Certificate cACert = CertificateManager.getInstance().getCACert(CA_VALID);
        Assert.assertNotNull(cACert);
        CertificateManager.getInstance().displayCertificate(cACert);
        X509Certificate loadCertificate = CertificateManager.getInstance().loadCertificate();
        Assert.assertNotNull(loadCertificate);
        CertificateManager.getInstance().displayCertificate(loadCertificate);
        PrivateKey loadKey = CertificateManager.getInstance().loadKey();
        String subjectDN = CertificateManager.getInstance().getSubjectDN(loadCertificate);
        CertificateManager.getInstance().registerCertificate(subjectDN, loadCertificate, loadKey);
        Session session = new Session();
        Subject subject = new Subject();
        subject.setValue(subjectDN);
        session.setSubject(subject);
        try {
            Assert.assertNotNull(CertificateManager.getInstance().getSSLSocketFactory(session.getSubject().getValue()));
        } catch (Exception e) {
            e.printStackTrace();
            Assert.fail();
        }
    }

    @Test
    @Ignore("will not pass untilcertificates installed on Hudson")
    public void testIncorrectCA() {
        CertificateManager certificateManager = CertificateManager.getInstance();
        Assert.assertNotNull(certificateManager);
        X509Certificate cACert = certificateManager.getCACert(CA_INVALID);
        Assert.assertNotNull(cACert);
        certificateManager.displayCertificate(cACert);
        X509Certificate loadCertificate = certificateManager.loadCertificate();
        Assert.assertNotNull(loadCertificate);
        certificateManager.displayCertificate(loadCertificate);
        Assert.assertFalse(CertificateManager.verify(loadCertificate, cACert));
    }

    @Test
    public void testStandardizeSubjectDN() {
        try {
            Assert.assertEquals("CN=test,DC=dataone,DC=org", CertificateManager.getInstance().standardizeDN("cn=test,dc=dataone,dc=org"));
            Assert.assertEquals("CN=test,DC=dataone,DC=org", CertificateManager.getInstance().standardizeDN("CN=test, DC=dataone, DC=org"));
            Assert.assertFalse(CertificateManager.getInstance().standardizeDN("CN=test,DC=dataone,DC=org").equals(CertificateManager.getInstance().standardizeDN("DC=org, DC=dataone, CN=test")));
            Assert.assertTrue(CertificateManager.getInstance().equalsDN("CN=test,DC=dataone,DC=org", "cn=test,dc=dataone,dc=org"));
        } catch (Exception e) {
            e.printStackTrace();
            Assert.fail();
        }
    }

    @Test
    public void testDecodeSubjectDN() {
        try {
            Assert.assertEquals("CN=Fl\\+AOE-via Pezzini T6821,O=Google,C=US,DC=cilogon,DC=org", CertificateManager.getInstance().standardizeDN("CN=Fl\\+AOE-via Pezzini T6821,O=Google,C=US,DC=cilogon,DC=org"));
            Assert.assertEquals("CN=\\+aQVbUA-,O=Google,C=US,DC=cilogon,DC=org", CertificateManager.getInstance().standardizeDN("CN=\\+aQVbUA-,O=Google,C=US,DC=cilogon,DC=org"));
            Assert.assertFalse(CertificateManager.getInstance().standardizeDN("CN=Fl\\+AOE-via Pezzini T6821,O=Google,C=US,DC=cilogon,DC=org").equals(CertificateManager.getInstance().standardizeDN("CN=Flávia Pezzini T6821,O=Google,C=US,DC=cilogon,DC=org")));
            Assert.assertTrue(CertificateManager.getInstance().equalsDN(CertificateManager.getInstance().standardizeDN("CN=Fl\\+AOE-via Pezzini T6821,O=Google,C=US,DC=cilogon,DC=org"), "CN=Fl\\+AOE-via Pezzini T6821,O=Google,C=US,DC=cilogon,DC=org"));
            Assert.assertFalse(CertificateManager.getInstance().equalsDN("CN=\\+aQVbUA-,O=Google,C=US,DC=cilogon,DC=org", "CN=椅子,O=Google,C=US,DC=cilogon,DC=org"));
        } catch (Exception e) {
            e.printStackTrace();
            Assert.fail();
        }
    }

    @Test
    public void testGetSSLSocketFactory_badSubjectValue() {
        try {
            CertificateManager.getInstance().getSSLSocketFactory("blah_blah");
        } catch (KeyStoreException e) {
        } catch (Exception e2) {
            e2.printStackTrace();
            Assert.fail();
        }
    }

    @Test
    public void testLocateDefaultCertificate() {
        try {
            File locateDefaultCertificate = CertificateManager.getInstance().locateDefaultCertificate();
            System.out.println("Default Certificate Loation: " + locateDefaultCertificate.getAbsolutePath());
            Assert.assertTrue(locateDefaultCertificate.exists());
            String property = System.getProperty("tmpdir") == null ? "/tmp" : System.getProperty("tmpdir");
            System.out.println("user tempDir: " + property);
            Assert.assertTrue(locateDefaultCertificate.getAbsolutePath().startsWith(property + "/x509up_u"));
        } catch (FileNotFoundException e) {
        }
    }

    @Test
    public void testTLSPreferenceSetting_TLS_Alias() {
        Settings.getConfiguration().setProperty("tls.protocol.preferences", "TLS");
        try {
            CertificateManager.getInstance().getSSLSocketFactory((String) null);
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            e.printStackTrace();
            Assert.fail("Threw exception when 'TLS' alias provided");
        }
    }

    @Test
    public void testTLSPreferenceSetting_ForwardCompatible() {
        Settings.getConfiguration().setProperty("tls.protocol.preferences", "TLSv1.3, TLSv1.2, TLS");
        try {
            try {
                CertificateManager.getInstance().getSSLSocketFactory((String) null);
                Settings.getConfiguration().setProperty("tls.protocol.preferences", CertificateManager.defaultTlsPreferences);
            } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
                e.printStackTrace();
                Assert.fail("Threw exception when 'TLS' alias provided");
                Settings.getConfiguration().setProperty("tls.protocol.preferences", CertificateManager.defaultTlsPreferences);
            }
        } catch (Throwable th) {
            Settings.getConfiguration().setProperty("tls.protocol.preferences", CertificateManager.defaultTlsPreferences);
            throw th;
        }
    }

    @Test
    public void testTLSPreferenceSetting_NoRealProtocols() {
        Settings.getConfiguration().setProperty("tls.protocol.preferences", "foo, weboiudg");
        try {
            try {
                CertificateManager.getInstance().getSSLSocketFactory((String) null);
                Assert.fail("Didn't throw exception when only fake protocols ('foov1.2, weboiudg') were provided");
                Settings.getConfiguration().setProperty("tls.protocol.preferences", CertificateManager.defaultTlsPreferences);
            } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
                e.printStackTrace();
                Settings.getConfiguration().setProperty("tls.protocol.preferences", CertificateManager.defaultTlsPreferences);
            }
        } catch (Throwable th) {
            Settings.getConfiguration().setProperty("tls.protocol.preferences", CertificateManager.defaultTlsPreferences);
            throw th;
        }
    }

    public void testSetupSSLSocketFactory() throws UnrecoverableKeyException, KeyManagementException, NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException {
        System.out.println(SystemUtils.JAVA_RUNTIME_NAME + " " + SystemUtils.JAVA_RUNTIME_VERSION);
        System.out.println("%%%%%%%%%%%%%%%%% SSLContext Profile %%%%%%%%%%%%%%%%%%%");
        for (Provider provider : Security.getProviders()) {
            System.out.println(provider.getName() + ": " + provider.getClass().getCanonicalName());
            for (Map.Entry<Object, Object> entry : provider.entrySet()) {
                if (entry.getKey().toString().contains("SSLContext")) {
                    System.out.println(String.format("    %s : %s", entry.getKey(), entry.getValue()));
                }
            }
        }
        System.out.println("");
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        System.out.println(sSLContext.getProtocol());
        sSLContext.init(null, null, null);
        SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket();
        System.out.println("Engine impl: " + sSLSocket.getClass().getCanonicalName());
        String[] supportedProtocols = sSLSocket.getSupportedProtocols();
        System.out.println("Supported Protocols: " + supportedProtocols.length);
        for (String str : supportedProtocols) {
            System.out.println(" " + str);
        }
        String[] enabledProtocols = sSLSocket.getEnabledProtocols();
        System.out.println("Enabled Protocols: " + enabledProtocols.length);
        for (String str2 : enabledProtocols) {
            System.out.println(" " + str2);
        }
        new DefaultHttpClient().getConnectionManager().getSchemeRegistry().register(new Scheme("https", 443, (SchemeSocketFactory) CertificateManager.getInstance().getSSLSocketFactory((String) null)));
    }
}
