package org.wildfly.security.credential.store;

import java.io.File;
import java.lang.reflect.Field;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.spec.InvalidKeySpecException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.function.Supplier;
import org.apache.commons.lang3.RandomStringUtils;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.wildfly.security.auth.server.IdentityCredentials;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.store.CredentialStore;
import org.wildfly.security.credential.store.impl.KeyStoreCredentialStore;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.WildFlyElytronPasswordProvider;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.password.spec.ClearPasswordSpec;

/* loaded from: input_file:org/wildfly/security/credential/store/KeystorePasswordStoreTest.class */
public class KeystorePasswordStoreTest {
    private static Map<String, String> stores = new HashMap();
    private static String BASE_STORE_DIRECTORY = "target/ks-cred-stores";

    private static void cleanCredentialStores() {
        new File(BASE_STORE_DIRECTORY).mkdirs();
        Iterator<String> it = stores.values().iterator();
        while (it.hasNext()) {
            new File(it.next()).delete();
        }
    }

    private static CredentialStore newCredentialStoreInstance() throws NoSuchAlgorithmException {
        return CredentialStore.getInstance(KeyStoreCredentialStore.KEY_STORE_CREDENTIAL_STORE, WildFlyElytronCredentialStoreProvider.getInstance());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public PasswordCredential createCredentialFromPassword(char[] cArr) throws UnsupportedCredentialTypeException {
        try {
            return new PasswordCredential(PasswordFactory.getInstance("clear", WildFlyElytronPasswordProvider.getInstance()).generatePassword(new ClearPasswordSpec(cArr)));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new UnsupportedCredentialTypeException(e);
        }
    }

    private char[] getPasswordFromCredential(PasswordCredential passwordCredential) {
        Assert.assertNotNull("passwordCredential parameter", passwordCredential);
        return (char[]) passwordCredential.getPassword().castAndApply(ClearPassword.class, (v0) -> {
            return v0.getPassword();
        });
    }

    @BeforeClass
    public static void setup() throws Exception {
        cleanCredentialStores();
        CredentialStoreBuilder.get().setKeyStoreFile(stores.get("TWO")).setProviders(WildFlyElytronCredentialStoreProvider.getInstance()).setKeyStoreType("JCEKS").setKeyStorePassword("secret_store_TWO").addPassword("alias1", "secret-password-1").addPassword("alias2", "secret-password-2").build();
        CredentialStoreBuilder.get().setKeyStoreFile(stores.get("THREE")).setProviders(WildFlyElytronCredentialStoreProvider.getInstance()).setKeyStoreType("JCEKS").setKeyStorePassword("secret_store_THREE").addPassword("db-pass-1", "1-secret-info").addPassword("db-pass-2", "2-secret-info").addPassword("db-pass-3", "3-secret-info").addPassword("db-pass-4", "4-secret-info").addPassword("db-pass-5", "5-secret-info").build();
        CredentialStoreBuilder.get().setKeyStoreFile(stores.get("TO_DELETE")).setProviders(WildFlyElytronCredentialStoreProvider.getInstance()).setKeyStorePassword("secret_store_DELETE").addPassword("alias1", "secret-password-1").addPassword("alias2", "secret-password-2").build();
    }

    @Test
    public void testRecreatingKSTest() throws NoSuchAlgorithmException, CredentialStoreException, UnsupportedCredentialTypeException {
        File file = new File(stores.get("TO_DELETE"));
        if (!file.exists()) {
            Assert.fail("KeyStore must exists!");
        }
        char[] charArray = "secret-password1".toCharArray();
        char[] charArray2 = "secret-password2".toCharArray();
        HashMap hashMap = new HashMap();
        hashMap.put("location", stores.get("TO_DELETE"));
        hashMap.put("keyStoreType", "JCEKS");
        CredentialStore newCredentialStoreInstance = newCredentialStoreInstance();
        newCredentialStoreInstance.initialize(hashMap, new CredentialStore.CredentialSourceProtectionParameter(IdentityCredentials.NONE.withCredential(new PasswordCredential(ClearPassword.createRaw("clear", "secret_store_DELETE".toCharArray())))), new Provider[]{WildFlyElytronPasswordProvider.getInstance()});
        newCredentialStoreInstance.store("passAlias1", createCredentialFromPassword(charArray));
        newCredentialStoreInstance.store("passAlias2", createCredentialFromPassword(charArray2));
        Assert.assertArrayEquals(charArray, getPasswordFromCredential((PasswordCredential) newCredentialStoreInstance.retrieve("passAlias1", PasswordCredential.class)));
        if (!file.delete()) {
            Assert.fail("KeyStore [" + file.getAbsolutePath() + "] delete fail");
        }
        Assert.assertArrayEquals(charArray, getPasswordFromCredential((PasswordCredential) newCredentialStoreInstance.retrieve("passAlias1", PasswordCredential.class)));
        Assert.assertArrayEquals(charArray2, getPasswordFromCredential((PasswordCredential) newCredentialStoreInstance.retrieve("passAlias2", PasswordCredential.class)));
        newCredentialStoreInstance.store("abc", createCredentialFromPassword(charArray));
        newCredentialStoreInstance.flush();
        if (file.exists()) {
            return;
        }
        Assert.fail("KeyStore [" + file.getAbsolutePath() + "] must exist yet.");
    }

    @Test
    public void testReadOnly() throws NoSuchAlgorithmException, CredentialStoreException, UnsupportedCredentialTypeException {
        char[] charArray = "secret-password1".toCharArray();
        HashMap hashMap = new HashMap();
        hashMap.put("location", stores.get("TWO"));
        hashMap.put("keyStoreType", "JCEKS");
        hashMap.put("modifiable", "false");
        CredentialStore newCredentialStoreInstance = newCredentialStoreInstance();
        newCredentialStoreInstance.initialize(hashMap, new CredentialStore.CredentialSourceProtectionParameter(IdentityCredentials.NONE.withCredential(new PasswordCredential(ClearPassword.createRaw("clear", "secret_store_TWO".toCharArray())))));
        try {
            newCredentialStoreInstance.store("passAlias_readonly", createCredentialFromPassword(charArray));
            Assert.fail("This Credential Store should be read-only.");
        } catch (CredentialStoreException e) {
        }
        Assert.assertNull("'passAlias_readonly' must not be in this Credential Store because is read-only.", newCredentialStoreInstance.retrieve("passAlias_readonly", PasswordCredential.class));
    }

    @Test
    public void testCaseInsensitiveAlias() throws NoSuchAlgorithmException, CredentialStoreException, UnsupportedCredentialTypeException {
        HashMap hashMap = new HashMap();
        hashMap.put("location", stores.get("TWO"));
        hashMap.put("keyStoreType", "JCEKS");
        CredentialStore newCredentialStoreInstance = newCredentialStoreInstance();
        newCredentialStoreInstance.initialize(hashMap, new CredentialStore.CredentialSourceProtectionParameter(IdentityCredentials.NONE.withCredential(new PasswordCredential(ClearPassword.createRaw("clear", "secret_store_TWO".toCharArray())))), new Provider[]{WildFlyElytronPasswordProvider.getInstance()});
        String upperCase = "caseSensitiveName".toUpperCase();
        char[] charArray = "new-secret-passONE".toCharArray();
        char[] charArray2 = "new-secret-passTWO".toCharArray();
        newCredentialStoreInstance.store("caseSensitiveName", createCredentialFromPassword(charArray));
        if (!newCredentialStoreInstance.exists("caseSensitiveName", PasswordCredential.class)) {
            Assert.fail("'caseSensitiveName' must exist");
        }
        if (!newCredentialStoreInstance.exists("caseSensitiveName".toLowerCase(), PasswordCredential.class)) {
            Assert.fail("'" + "caseSensitiveName".toLowerCase() + "' in lowercase must exist");
        }
        newCredentialStoreInstance.remove("caseSensitiveName", PasswordCredential.class);
        if (newCredentialStoreInstance.exists("caseSensitiveName", PasswordCredential.class)) {
            Assert.fail("caseSensitiveName has been removed from the vault, but it exists");
        }
        newCredentialStoreInstance.store(upperCase, createCredentialFromPassword(charArray2));
        Assert.assertArrayEquals(charArray2, getPasswordFromCredential((PasswordCredential) newCredentialStoreInstance.retrieve("caseSensitiveName", PasswordCredential.class)));
        Assert.assertArrayEquals(charArray2, getPasswordFromCredential((PasswordCredential) newCredentialStoreInstance.retrieve(upperCase, PasswordCredential.class)));
        Assert.assertArrayEquals(charArray2, getPasswordFromCredential((PasswordCredential) newCredentialStoreInstance.retrieve("caseSensitiveName".toLowerCase(), PasswordCredential.class)));
        hashMap.put("location", stores.get("TWO"));
        hashMap.put("keyStoreType", "JCEKS");
        hashMap.put("modifiable", "false");
        newCredentialStoreInstance().initialize(hashMap, new CredentialStore.CredentialSourceProtectionParameter(IdentityCredentials.NONE.withCredential(new PasswordCredential(ClearPassword.createRaw("clear", "secret_store_TWO".toCharArray())))));
        Assert.assertArrayEquals(charArray2, getPasswordFromCredential((PasswordCredential) newCredentialStoreInstance.retrieve("caseSensitiveName", PasswordCredential.class)));
        Assert.assertArrayEquals(charArray2, getPasswordFromCredential((PasswordCredential) newCredentialStoreInstance.retrieve(upperCase, PasswordCredential.class)));
        Assert.assertArrayEquals(charArray2, getPasswordFromCredential((PasswordCredential) newCredentialStoreInstance.retrieve("caseSensitiveName".toLowerCase(), PasswordCredential.class)));
    }

    @Test
    public void basicKeystorePasswordStoreTest() throws Exception {
        char[] charArray = "db-secret-pass1".toCharArray();
        char[] charArray2 = "PangmaŠišatá".toCharArray();
        char[] charArray3 = "Červenavý střizlíček a žľúva ďobali ve šťavnatých ocúnech".toCharArray();
        HashMap hashMap = new HashMap();
        hashMap.put("location", stores.get("ONE"));
        hashMap.put("keyStoreType", "JCEKS");
        hashMap.put("create", Boolean.TRUE.toString());
        CredentialStore newCredentialStoreInstance = newCredentialStoreInstance();
        newCredentialStoreInstance.initialize(hashMap, new CredentialStore.CredentialSourceProtectionParameter(IdentityCredentials.NONE.withCredential(createCredentialFromPassword("test".toCharArray()))), new Provider[]{WildFlyElytronPasswordProvider.getInstance()});
        newCredentialStoreInstance.store("db1-password1", createCredentialFromPassword(charArray));
        newCredentialStoreInstance.store("db1-password2", createCredentialFromPassword(charArray2));
        newCredentialStoreInstance.store("db1-password3", createCredentialFromPassword(charArray3));
        newCredentialStoreInstance.flush();
        Assert.assertArrayEquals(charArray2, getPasswordFromCredential((PasswordCredential) newCredentialStoreInstance.retrieve("db1-password2", PasswordCredential.class)));
        Assert.assertArrayEquals(charArray, getPasswordFromCredential((PasswordCredential) newCredentialStoreInstance.retrieve("db1-password1", PasswordCredential.class)));
        Assert.assertArrayEquals(charArray3, getPasswordFromCredential((PasswordCredential) newCredentialStoreInstance.retrieve("db1-password3", PasswordCredential.class)));
        char[] charArray4 = "new-secret-pass1".toCharArray();
        newCredentialStoreInstance.store("db1-password1", createCredentialFromPassword(charArray4));
        Assert.assertArrayEquals(charArray4, getPasswordFromCredential((PasswordCredential) newCredentialStoreInstance.retrieve("db1-password1", PasswordCredential.class)));
        newCredentialStoreInstance.remove("db1-password2", PasswordCredential.class);
        if (newCredentialStoreInstance.exists("db1-password2", PasswordCredential.class)) {
            Assert.fail("db1-password2 has been removed from the vault, but it exists");
        }
    }

    @Test
    public void basicTestOnAlreadyCreatedKeystorePasswordStore() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("location", stores.get("TWO"));
        hashMap.put("keyStoreType", "JCEKS");
        CredentialStore newCredentialStoreInstance = newCredentialStoreInstance();
        newCredentialStoreInstance.initialize(hashMap, new CredentialStore.CredentialSourceProtectionParameter(IdentityCredentials.NONE.withCredential(new PasswordCredential(ClearPassword.createRaw("clear", "secret_store_TWO".toCharArray())))), new Provider[]{WildFlyElytronPasswordProvider.getInstance()});
        Assert.assertArrayEquals("secret-password-1".toCharArray(), getPasswordFromCredential((PasswordCredential) newCredentialStoreInstance.retrieve("alias1", PasswordCredential.class)));
        Assert.assertArrayEquals("secret-password-2".toCharArray(), getPasswordFromCredential((PasswordCredential) newCredentialStoreInstance.retrieve("alias2", PasswordCredential.class)));
        Assert.assertNull(newCredentialStoreInstance.retrieve("wrong_alias", PasswordCredential.class));
        newCredentialStoreInstance.store("db-password", createCredentialFromPassword("supersecretdbpass".toCharArray()));
        newCredentialStoreInstance.remove("alias2", PasswordCredential.class);
        Assert.assertFalse("Alias \"alias2\" should be removed.", newCredentialStoreInstance.getAliases().contains("alias2"));
        if (!newCredentialStoreInstance.exists("db-password", PasswordCredential.class)) {
            Assert.fail("'db-password' has to exist");
        }
        if (newCredentialStoreInstance.exists("alias2", PasswordCredential.class)) {
            Assert.fail("alias2 has been removed from the vault, but it exists");
        }
        char[] charArray = "new-secret-pass1".toCharArray();
        newCredentialStoreInstance.store("alias1", createCredentialFromPassword(charArray));
        Assert.assertArrayEquals(charArray, getPasswordFromCredential((PasswordCredential) newCredentialStoreInstance.retrieve("alias1", PasswordCredential.class)));
    }

    @Test
    public void testParallelAccessToCS() throws UnsupportedCredentialTypeException, CredentialStoreException, NoSuchAlgorithmException {
        HashMap hashMap = new HashMap();
        hashMap.put("location", stores.get("ONE"));
        hashMap.put("keyStoreType", "JCEKS");
        hashMap.put("create", Boolean.TRUE.toString());
        CredentialStore newCredentialStoreInstance = newCredentialStoreInstance();
        newCredentialStoreInstance.initialize(hashMap, new CredentialStore.CredentialSourceProtectionParameter(IdentityCredentials.NONE.withCredential(createCredentialFromPassword("test".toCharArray()))), new Provider[]{WildFlyElytronPasswordProvider.getInstance()});
        newCredentialStoreInstance.flush();
        ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(4);
        ReadWriteLock csLock = getCsLock(newCredentialStoreInstance);
        try {
            testAccessFromMultipleCredentialStores(newFixedThreadPool, () -> {
                return prepareParallelCsStoreTask(newCredentialStoreInstance, newFixedThreadPool, csLock);
            });
            testAccessFromMultipleCredentialStores(newFixedThreadPool, () -> {
                return prepareParallelCsRemoveTask(newCredentialStoreInstance, newFixedThreadPool, csLock);
            });
            newFixedThreadPool.shutdown();
            if (csLock.readLock().tryLock()) {
                csLock.readLock().unlock();
            }
        } catch (Throwable th) {
            newFixedThreadPool.shutdown();
            if (csLock.readLock().tryLock()) {
                csLock.readLock().unlock();
            }
            throw th;
        }
    }

    private void testAccessFromMultipleCredentialStores(ExecutorService executorService, Supplier<Callable<Object>> supplier) {
        try {
            executorService.submit(supplier.get()).get(15L, TimeUnit.SECONDS);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private Callable<Object> prepareParallelCsStoreTask(final CredentialStore credentialStore, final ExecutorService executorService, final ReadWriteLock readWriteLock) {
        return new Callable<Object>() { // from class: org.wildfly.security.credential.store.KeystorePasswordStoreTest.1
            @Override // java.util.concurrent.Callable
            public Object call() throws Exception {
                final String addRandomSuffix = KeystorePasswordStoreTest.addRandomSuffix("alias");
                readWriteLock.readLock().lock();
                Future submit = executorService.submit(new Callable<Object>() { // from class: org.wildfly.security.credential.store.KeystorePasswordStoreTest.1.1
                    @Override // java.util.concurrent.Callable
                    public Object call() throws Exception {
                        credentialStore.store(addRandomSuffix, KeystorePasswordStoreTest.this.createCredentialFromPassword("secret".toCharArray()));
                        return null;
                    }
                });
                try {
                    submit.get(1L, TimeUnit.SECONDS);
                    Assert.fail("We expect timeout.");
                } catch (TimeoutException e) {
                }
                if (credentialStore.exists(addRandomSuffix, PasswordCredential.class)) {
                    throw new IllegalStateException(String.format("Alias '%s' doesn't must exist yet!", addRandomSuffix));
                }
                readWriteLock.readLock().unlock();
                submit.get(10L, TimeUnit.SECONDS);
                if (credentialStore.exists(addRandomSuffix, PasswordCredential.class)) {
                    return null;
                }
                throw new IllegalStateException(String.format("Alias '%s' have to exist!", addRandomSuffix));
            }
        };
    }

    private Callable<Object> prepareParallelCsRemoveTask(final CredentialStore credentialStore, final ExecutorService executorService, final ReadWriteLock readWriteLock) {
        return new Callable<Object>() { // from class: org.wildfly.security.credential.store.KeystorePasswordStoreTest.2
            @Override // java.util.concurrent.Callable
            public Object call() throws Exception {
                final String addRandomSuffix = KeystorePasswordStoreTest.addRandomSuffix("alias");
                credentialStore.store(addRandomSuffix, KeystorePasswordStoreTest.this.createCredentialFromPassword("secret".toCharArray()));
                readWriteLock.readLock().lock();
                Future submit = executorService.submit(new Callable<Object>() { // from class: org.wildfly.security.credential.store.KeystorePasswordStoreTest.2.1
                    @Override // java.util.concurrent.Callable
                    public Object call() throws Exception {
                        credentialStore.remove(addRandomSuffix, PasswordCredential.class);
                        return null;
                    }
                });
                try {
                    submit.get(1L, TimeUnit.SECONDS);
                    Assert.fail("We expect timeout.");
                } catch (TimeoutException e) {
                }
                if (!credentialStore.exists(addRandomSuffix, PasswordCredential.class)) {
                    throw new IllegalStateException(String.format("Alias '%s' must exist!", addRandomSuffix));
                }
                readWriteLock.readLock().unlock();
                submit.get(10L, TimeUnit.SECONDS);
                if (credentialStore.exists(addRandomSuffix, PasswordCredential.class)) {
                    throw new IllegalStateException(String.format("Alias '%s' should be deleted!", addRandomSuffix));
                }
                return null;
            }
        };
    }

    private ReadWriteLock getCsLock(CredentialStore credentialStore) {
        try {
            Field declaredField = CredentialStore.class.getDeclaredField("spi");
            declaredField.setAccessible(true);
            KeyStoreCredentialStore keyStoreCredentialStore = (KeyStoreCredentialStore) declaredField.get(credentialStore);
            declaredField.setAccessible(false);
            Field declaredField2 = KeyStoreCredentialStore.class.getDeclaredField("readWriteLock");
            declaredField2.setAccessible(true);
            ReadWriteLock readWriteLock = (ReadWriteLock) declaredField2.get(keyStoreCredentialStore);
            declaredField2.setAccessible(false);
            return readWriteLock;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String addRandomSuffix(String str) {
        return str + "_" + getRandomString();
    }

    private static String getRandomString() {
        return RandomStringUtils.randomAlphanumeric(10);
    }

    static {
        stores.put("ONE", BASE_STORE_DIRECTORY + "/keystore1.jceks");
        stores.put("TWO", BASE_STORE_DIRECTORY + "/keystore2.jceks");
        stores.put("THREE", BASE_STORE_DIRECTORY + "/keystore3.jceks");
        stores.put("TO_DELETE", BASE_STORE_DIRECTORY + "/keystore4.jceks");
    }
}
