package org.wildfly.security.ldap;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.Provider;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.regex.Pattern;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.x500.X500Principal;
import org.junit.rules.TestRule;
import org.junit.runner.Description;
import org.junit.runners.model.Statement;
import org.wildfly.common.function.ExceptionSupplier;
import org.wildfly.common.iteration.ByteIterator;
import org.wildfly.common.iteration.CodePointIterator;
import org.wildfly.security.apacheds.LdapService;
import org.wildfly.security.auth.realm.ldap.DirContextFactory;
import org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder;
import org.wildfly.security.password.WildFlyElytronPasswordProvider;
import org.wildfly.security.x500.cert.BasicConstraintsExtension;
import org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKey;
import org.wildfly.security.x500.cert.X509CertificateBuilder;

/* loaded from: input_file:org/wildfly/security/ldap/DirContextFactoryRule.class */
public class DirContextFactoryRule implements TestRule {
    static final String SERVER_DN = "uid=server,dc=elytron,dc=wildfly,dc=org";
    static final String SERVER_CREDENTIAL = "serverPassword";
    static final int LDAP_PORT = 11390;
    private static final Provider provider = WildFlyElytronPasswordProvider.getInstance();
    private static final char[] PASSWORD = "Elytron".toCharArray();
    private static final String LDAP_DIRECTORY_LOCATION = "./target/test-classes/ldap";
    private static final String LDIF_LOCATION = "/elytron-x509-verification.ldif";
    private static final String CA_JKS_LOCATION = "./target/test-classes/ca/jks";

    private static void createStoreFiles(File file, KeyStore keyStore, File file2, KeyStore keyStore2, File file3, KeyStore keyStore3) throws Exception {
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        try {
            keyStore.store(fileOutputStream, PASSWORD);
            fileOutputStream.close();
            FileOutputStream fileOutputStream2 = new FileOutputStream(file2);
            try {
                keyStore2.store(fileOutputStream2, PASSWORD);
                fileOutputStream2.close();
                fileOutputStream = new FileOutputStream(file3);
                try {
                    keyStore3.store(fileOutputStream, PASSWORD);
                    fileOutputStream.close();
                } finally {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th) {
                        th.addSuppressed(th);
                    }
                }
            } finally {
            }
        } finally {
        }
    }

    private static void createStores(KeyStore keyStore, KeyStore keyStore2, KeyStore keyStore3) throws Exception {
        X500Principal x500Principal = new X500Principal("O=Root Certificate Authority, EMAILADDRESS=elytron@wildfly.org, C=UK, ST=Elytron, CN=Elytron CA");
        X500Principal x500Principal2 = new X500Principal("OU=Elytron, O=Elytron, C=CZ, ST=Elytron, CN=localhost");
        X500Principal x500Principal3 = new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=Scarab");
        SelfSignedX509CertificateAndSigningKey build = SelfSignedX509CertificateAndSigningKey.builder().setDn(x500Principal).setKeyAlgorithmName("RSA").setSignatureAlgorithmName("SHA256withRSA").addExtension(false, "BasicConstraints", "CA:true,pathlen:2147483647").build();
        Certificate selfSignedCertificate = build.getSelfSignedCertificate();
        keyStore3.setCertificateEntry("mykey", selfSignedCertificate);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        keyStore.setKeyEntry("localhost", generateKeyPair.getPrivate(), PASSWORD, new X509Certificate[]{new X509CertificateBuilder().setIssuerDn(x500Principal).setSubjectDn(x500Principal2).setSignatureAlgorithmName("SHA256withRSA").setSigningKey(build.getSigningKey()).setPublicKey(generateKeyPair.getPublic()).setSerialNumber(new BigInteger("3")).addExtension(new BasicConstraintsExtension(false, false, -1)).build(), selfSignedCertificate});
        KeyPair generateKeyPair2 = keyPairGenerator.generateKeyPair();
        Key key = generateKeyPair2.getPrivate();
        X509Certificate build2 = new X509CertificateBuilder().setIssuerDn(x500Principal).setSubjectDn(x500Principal3).setSignatureAlgorithmName("SHA256withRSA").setSigningKey(build.getSigningKey()).setPublicKey(generateKeyPair2.getPublic()).setSerialNumber(new BigInteger("4")).addExtension(new BasicConstraintsExtension(false, false, -1)).build();
        keyStore2.setKeyEntry("scarab", key, PASSWORD, new X509Certificate[]{build2, selfSignedCertificate});
        String drainToString = ByteIterator.ofBytes(MessageDigest.getInstance("SHA-1").digest(build2.getEncoded())).hexEncode(true).drainToString();
        File file = new File(LDAP_DIRECTORY_LOCATION);
        if (!file.exists()) {
            file.mkdirs();
        }
        CodePointIterator base64Encode = ByteIterator.ofBytes(build2.getEncoded()).base64Encode();
        String str = "usercertificate:: " + base64Encode.drainToString();
        String str2 = "";
        int i = 0;
        for (int i2 = 0; i2 < str.length(); i2++) {
            if (i2 == 78 || i2 == 78 + (77 * i)) {
                str2 = (str2 + System.getProperty("line.separator")) + " ";
                i++;
            }
            str2 = str2 + str.charAt(i2);
        }
        String str3 = "usercertificate;binary:: " + base64Encode.drainToString();
        String str4 = "";
        int i3 = 0;
        for (int i4 = 0; i4 < str3.length(); i4++) {
            if (i4 == 78 || i4 == 78 + (77 * i3)) {
                str4 = (str4 + System.getProperty("line.separator")) + " ";
                i3++;
            }
            str4 = str4 + str3.charAt(i4);
        }
        Path path = Paths.get(file.toString() + LDIF_LOCATION, new String[0]);
        Files.write(path, new String(Files.readAllBytes(path), StandardCharsets.UTF_8).replaceAll(Pattern.quote("x509digest:"), "x509digest: " + drainToString).replaceAll(Pattern.quote("usercertificate::"), str2).replaceAll(Pattern.quote("usercertificate;binary::"), str2).getBytes(StandardCharsets.UTF_8), new OpenOption[0]);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void setUp() throws Exception {
        File file = new File(CA_JKS_LOCATION);
        if (!file.exists()) {
            file.mkdirs();
        }
        File file2 = new File(LDAP_DIRECTORY_LOCATION);
        if (!file2.exists()) {
            file2.mkdirs();
        }
        Files.copy(Paths.get(file2 + LDIF_LOCATION, new String[0]), Paths.get(file2 + LDIF_LOCATION + ".bak", new String[0]), StandardCopyOption.REPLACE_EXISTING);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        KeyStore keyStore2 = KeyStore.getInstance("JKS");
        keyStore2.load(null, null);
        KeyStore keyStore3 = KeyStore.getInstance("JKS");
        keyStore3.load(null, null);
        File file3 = new File(file, "localhost.keystore");
        File file4 = new File(file, "scarab.keystore");
        File file5 = new File(file, "ca.truststore");
        createStores(keyStore, keyStore2, keyStore3);
        createStoreFiles(file3, keyStore, file4, keyStore2, file5, keyStore3);
    }

    public Statement apply(final Statement statement, Description description) {
        return new Statement() { // from class: org.wildfly.security.ldap.DirContextFactoryRule.1
            public void evaluate() throws Throwable {
                DirContextFactoryRule.setUp();
                Security.addProvider(DirContextFactoryRule.provider);
                LdapService startEmbeddedServer = DirContextFactoryRule.this.startEmbeddedServer();
                try {
                    try {
                        statement.evaluate();
                        if (startEmbeddedServer != null) {
                            startEmbeddedServer.close();
                        }
                        Security.removeProvider(DirContextFactoryRule.provider.getName());
                    } catch (Exception e) {
                        throw e;
                    }
                } catch (Throwable th) {
                    if (startEmbeddedServer != null) {
                        startEmbeddedServer.close();
                    }
                    Security.removeProvider(DirContextFactoryRule.provider.getName());
                    throw th;
                }
            }
        };
    }

    public ExceptionSupplier<DirContext, NamingException> create() {
        try {
            if (!new File(new File(CA_JKS_LOCATION), "ca.truststore").exists()) {
                setUp();
            }
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(new FileInputStream(getClass().getResource("/ca/jks/ca.truststore").getFile()), PASSWORD);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            return () -> {
                return SimpleDirContextFactoryBuilder.builder().setProviderUrl(String.format("ldap://localhost:%d/", 11390)).setSecurityPrincipal(SERVER_DN).setSecurityCredential(SERVER_CREDENTIAL).setSocketFactory(socketFactory).build().obtainDirContext(DirContextFactory.ReferralMode.IGNORE);
            };
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public LdapService startEmbeddedServer() {
        try {
            return LdapService.builder().setWorkingDir(new File("./target/apache-ds/working")).createDirectoryService("Test Service").addPartition("Elytron", "dc=elytron,dc=wildfly,dc=org", 5, "uid").importLdif(PasswordSupportSuiteChild.class.getResourceAsStream("/ldap/elytron-credential-tests.ldif")).importLdif(PasswordSupportSuiteChild.class.getResourceAsStream("/ldap/memberOf-schema.ldif")).importLdif(PasswordSupportSuiteChild.class.getResourceAsStream("/ldap/elytron-attribute-tests.ldif")).importLdif(PasswordSupportSuiteChild.class.getResourceAsStream("/ldap/elytron-role-mapping-tests.ldif")).importLdif(PasswordSupportSuiteChild.class.getResourceAsStream("/ldap/elytron-group-mapping-tests.ldif")).importLdif(PasswordSupportSuiteChild.class.getResourceAsStream("/ldap/elytron-otp-tests.ldif")).importLdif(PasswordSupportSuiteChild.class.getResourceAsStream("/ldap/elytron-keystore-tests.ldif")).importLdif(PasswordSupportSuiteChild.class.getResourceAsStream("/ldap/elytron-x509-verification.ldif")).addTcpServer("Default TCP", "localhost", 11390, "/ca/jks/localhost.keystore", "Elytron").start();
        } catch (Exception e) {
            throw new RuntimeException("Could not start LDAP embedded server.", e);
        }
    }
}
