package com.floragunn.searchguard.ssl;

import com.floragunn.searchguard.ssl.util.CertificateValidator;
import com.floragunn.searchguard.ssl.util.ExceptionUtils;
import java.io.File;
import java.io.FileInputStream;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.net.URLDecoder;
import java.security.cert.CRL;
import java.security.cert.CertPathBuilderException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateRevokedException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.ExceptionsHelper;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/ssl/CertificateValidatorTest.class */
public class CertificateValidatorTest {
    public static final Date CRL_DATE = new Date(1525546426000L);
    protected final Logger log = LogManager.getLogger(getClass());

    @Test
    public void testStaticCRL() throws Exception {
        Throwable th;
        Collection<? extends CRL> generateCRLs;
        FileInputStream fileInputStream = new FileInputStream(getAbsoluteFilePathFromClassPath("crl/revoked.crl"));
        Throwable th2 = null;
        try {
            try {
                generateCRLs = CertificateFactory.getInstance("X.509").generateCRLs(fileInputStream);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                Assert.assertEquals(generateCRLs.size(), 1L);
                fileInputStream = new FileInputStream(getAbsoluteFilePathFromClassPath("chain-ca.pem"));
                th = null;
            } catch (Throwable th4) {
                th2 = th4;
                throw th4;
            }
            try {
                try {
                    Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th5) {
                                th.addSuppressed(th5);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    Assert.assertEquals(generateCertificates.size(), 2L);
                    FileInputStream fileInputStream2 = new FileInputStream(getAbsoluteFilePathFromClassPath("crl/revoked.crt.pem"));
                    Throwable th6 = null;
                    try {
                        Collection<? extends Certificate> generateCertificates2 = CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream2);
                        if (fileInputStream2 != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream2.close();
                                } catch (Throwable th7) {
                                    th6.addSuppressed(th7);
                                }
                            } else {
                                fileInputStream2.close();
                            }
                        }
                        Assert.assertEquals(generateCertificates2.size(), 2L);
                        CertificateValidator certificateValidator = new CertificateValidator((X509Certificate[]) generateCertificates.toArray(new X509Certificate[0]), generateCRLs);
                        certificateValidator.setDate(CRL_DATE);
                        try {
                            certificateValidator.validate((Certificate[]) generateCertificates2.toArray(new X509Certificate[0]));
                            Assert.fail();
                        } catch (CertificateException e) {
                            Assert.assertTrue(ExceptionUtils.getRootCause(e) instanceof CertificateRevokedException);
                        }
                    } catch (Throwable th8) {
                        if (fileInputStream2 != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream2.close();
                                } catch (Throwable th9) {
                                    th6.addSuppressed(th9);
                                }
                            } else {
                                fileInputStream2.close();
                            }
                        }
                        throw th8;
                    }
                } catch (Throwable th10) {
                    th = th10;
                    throw th10;
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testStaticCRLOk() throws Exception {
        Throwable th;
        Collection<? extends CRL> generateCRLs;
        FileInputStream fileInputStream = new FileInputStream(getAbsoluteFilePathFromClassPath("crl/revoked.crl"));
        Throwable th2 = null;
        try {
            try {
                generateCRLs = CertificateFactory.getInstance("X.509").generateCRLs(fileInputStream);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                Assert.assertEquals(generateCRLs.size(), 1L);
                fileInputStream = new FileInputStream(getAbsoluteFilePathFromClassPath("chain-ca.pem"));
                th = null;
            } catch (Throwable th4) {
                th2 = th4;
                throw th4;
            }
            try {
                try {
                    Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th5) {
                                th.addSuppressed(th5);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    Assert.assertEquals(generateCertificates.size(), 2L);
                    FileInputStream fileInputStream2 = new FileInputStream(getAbsoluteFilePathFromClassPath("node-0.crt.pem"));
                    Throwable th6 = null;
                    try {
                        Collection<? extends Certificate> generateCertificates2 = CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream2);
                        if (fileInputStream2 != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream2.close();
                                } catch (Throwable th7) {
                                    th6.addSuppressed(th7);
                                }
                            } else {
                                fileInputStream2.close();
                            }
                        }
                        Assert.assertEquals(generateCertificates2.size(), 3L);
                        CertificateValidator certificateValidator = new CertificateValidator((X509Certificate[]) generateCertificates.toArray(new X509Certificate[0]), generateCRLs);
                        certificateValidator.setDate(CRL_DATE);
                        try {
                            certificateValidator.validate((Certificate[]) generateCertificates2.toArray(new X509Certificate[0]));
                        } catch (CertificateException e) {
                            Assert.fail(ExceptionsHelper.stackTrace(ExceptionUtils.getRootCause(e)));
                        }
                    } catch (Throwable th8) {
                        if (fileInputStream2 != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream2.close();
                                } catch (Throwable th9) {
                                    th6.addSuppressed(th9);
                                }
                            } else {
                                fileInputStream2.close();
                            }
                        }
                        throw th8;
                    }
                } catch (Throwable th10) {
                    th = th10;
                    throw th10;
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testNoValidationPossible() throws Exception {
        Collection<? extends Certificate> generateCertificates;
        Throwable th;
        FileInputStream fileInputStream = new FileInputStream(getAbsoluteFilePathFromClassPath("chain-ca.pem"));
        Throwable th2 = null;
        try {
            try {
                generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                Assert.assertEquals(generateCertificates.size(), 2L);
                fileInputStream = new FileInputStream(getAbsoluteFilePathFromClassPath("crl/revoked.crt.pem"));
                th = null;
            } catch (Throwable th4) {
                th2 = th4;
                throw th4;
            }
            try {
                try {
                    Collection<? extends Certificate> generateCertificates2 = CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th5) {
                                th.addSuppressed(th5);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    Assert.assertEquals(generateCertificates2.size(), 2L);
                    CertificateValidator certificateValidator = new CertificateValidator((X509Certificate[]) generateCertificates.toArray(new X509Certificate[0]), Collections.emptyList());
                    certificateValidator.setDate(CRL_DATE);
                    try {
                        certificateValidator.validate((Certificate[]) generateCertificates2.toArray(new X509Certificate[0]));
                        Assert.fail();
                    } catch (CertificateException e) {
                        Assert.assertTrue(e.getCause() instanceof CertPathBuilderException);
                        Assert.assertTrue(e.getCause().getMessage().contains("unable to find valid certification path to requested target"));
                    }
                } catch (Throwable th6) {
                    th = th6;
                    throw th6;
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testCRLDP() throws Exception {
        Throwable th;
        Collection<? extends Certificate> generateCertificates;
        FileInputStream fileInputStream = new FileInputStream(getAbsoluteFilePathFromClassPath("root-ca.pem"));
        Throwable th2 = null;
        try {
            try {
                generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                Assert.assertEquals(generateCertificates.size(), 1L);
                fileInputStream = new FileInputStream(getAbsoluteFilePathFromClassPath("crl/revoked.crt.pem"));
                th = null;
            } catch (Throwable th4) {
                th2 = th4;
                throw th4;
            }
            try {
                try {
                    Collection<? extends Certificate> generateCertificates2 = CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th5) {
                                th.addSuppressed(th5);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    Assert.assertEquals(generateCertificates2.size(), 2L);
                    CertificateValidator certificateValidator = new CertificateValidator((X509Certificate[]) generateCertificates.toArray(new X509Certificate[0]), Collections.emptyList());
                    certificateValidator.setEnableCRLDP(true);
                    certificateValidator.setEnableOCSP(true);
                    certificateValidator.setDate(CRL_DATE);
                    try {
                        certificateValidator.validate((Certificate[]) generateCertificates2.toArray(new X509Certificate[0]));
                        Assert.fail();
                    } catch (CertificateException e) {
                        Assert.assertTrue(ExceptionUtils.getRootCause(e) instanceof CertificateRevokedException);
                    }
                } catch (Throwable th6) {
                    th = th6;
                    throw th6;
                }
            } finally {
            }
        } finally {
        }
    }

    public File getAbsoluteFilePathFromClassPath(String str) {
        URL resource = AbstractUnitTest.class.getClassLoader().getResource(str);
        if (resource == null) {
            this.log.error("Failed to load " + str);
            return null;
        }
        try {
            File file = new File(URLDecoder.decode(resource.getFile(), "UTF-8"));
            if (file.exists() && file.canRead()) {
                return file;
            }
            this.log.error("Cannot read from {}, maybe the file does not exists? ", file.getAbsolutePath());
            return null;
        } catch (UnsupportedEncodingException e) {
            return null;
        }
    }
}
