package io.fabric8.kubernetes.client.internal;

import io.fabric8.kubernetes.client.Custom;
import io.fabric8.kubernetes.client.KubernetesClientException;
import io.fabric8.kubernetes.client.utils.IOHelpers;
import io.fabric8.kubernetes.client.utils.Utils;
import java.io.File;
import java.io.IOException;
import java.net.URL;
import java.nio.file.Files;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;
import java.util.Collections;
import java.util.Objects;
import java.util.Properties;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;

/* loaded from: input_file:io/fabric8/kubernetes/client/internal/CertUtilsTest.class */
class CertUtilsTest {
    private static final String FABRIC8_STORE_PATH = Utils.filePath(CertUtilsTest.class.getResource("/ssl-test/fabric8-store"));
    private static final String FABRIC8_STORE_PASSPHRASE = "fabric8";
    private Properties systemProperties;

    CertUtilsTest() {
    }

    @BeforeEach
    public void storeSystemProperties() {
        this.systemProperties = new Properties();
        storeSystemProperty("javax.net.ssl.trustStore");
        storeSystemProperty("javax.net.ssl.trustStorePassword");
        storeSystemProperty("javax.net.ssl.trustStoreType");
        storeSystemProperty("javax.net.ssl.keyStore");
        storeSystemProperty("javax.net.ssl.keyStorePassword");
    }

    private void storeSystemProperty(String str) {
        String property = System.getProperty(str);
        if (Utils.isNotNullOrEmpty(property)) {
            this.systemProperties.put(str, property);
        }
    }

    @AfterEach
    public void resetSystemPropertiesBack() {
        System.setProperties(this.systemProperties);
    }

    @Test
    void handleReadOnlyJavaTrustStore() throws Exception {
        KeyStore keyStore = (KeyStore) Mockito.spy(CertUtils.loadTrustStore((String) null, "changeit".toCharArray()));
        ((KeyStore) Mockito.doThrow(KeyStoreException.class).when(keyStore)).setCertificateEntry(Mockito.anyString(), (Certificate) Mockito.any());
        KeyStore mergePemCertsIntoTrustStore = CertUtils.mergePemCertsIntoTrustStore(CertUtils.getInputStreamFromDataOrFile((String) null, "src/test/resources/ssl-test/multiple-certs.pem"), keyStore, true);
        Assertions.assertNotSame(keyStore, mergePemCertsIntoTrustStore);
        org.assertj.core.api.Assertions.assertThat(Collections.list(mergePemCertsIntoTrustStore.aliases())).hasSizeGreaterThanOrEqualTo(2).satisfiesOnlyOnce(str -> {
            org.assertj.core.api.Assertions.assertThat(str).contains(new CharSequence[]{"openshift-signer"});
        }).satisfiesOnlyOnce(str2 -> {
            org.assertj.core.api.Assertions.assertThat(str2).contains(new CharSequence[]{"openshift-service-serving-signer"});
        });
    }

    @Test
    void loadingMultipleCertsFromSameFile() throws Exception {
        org.assertj.core.api.Assertions.assertThat(Collections.list(CertUtils.createTrustStore((String) null, "src/test/resources/ssl-test/multiple-certs.pem", (String) null, "changeit").aliases())).hasSizeGreaterThanOrEqualTo(2).satisfiesOnlyOnce(str -> {
            org.assertj.core.api.Assertions.assertThat(str).contains(new CharSequence[]{"openshift-signer"});
        }).satisfiesOnlyOnce(str2 -> {
            org.assertj.core.api.Assertions.assertThat(str2).contains(new CharSequence[]{"openshift-service-serving-signer"});
        });
    }

    @Test
    void loadingMultipleCertsWithSameSubjectFromSameFile() throws Exception {
        Assertions.assertTrue(CertUtils.createTrustStore((String) null, "src/test/resources/ssl-test/nonunique-subject.pem", (String) null, "changeit").size() >= 2);
    }

    @Test
    void loadTrustStoreFromFileUsingConfigProperties() throws Exception {
        KeyStore createTrustStore = CertUtils.createTrustStore((String) null, "src/test/resources/ssl-test/multiple-certs.pem", FABRIC8_STORE_PATH, FABRIC8_STORE_PASSPHRASE);
        org.assertj.core.api.Assertions.assertThat(Collections.list(createTrustStore.aliases())).hasSizeGreaterThanOrEqualTo(3).satisfiesOnlyOnce(str -> {
            org.assertj.core.api.Assertions.assertThat(str).contains(new CharSequence[]{"openshift-signer"});
        }).satisfiesOnlyOnce(str2 -> {
            org.assertj.core.api.Assertions.assertThat(str2).contains(new CharSequence[]{"openshift-service-serving-signer"});
        }).satisfiesOnlyOnce(str3 -> {
            org.assertj.core.api.Assertions.assertThat(str3).contains(new CharSequence[]{"fabric8-in-store"});
        });
        verifyFabric8InStore(createTrustStore);
    }

    @Test
    void loadTrustStoreFromFileUsingSystemProperties() throws Exception {
        System.setProperty("javax.net.ssl.trustStore", FABRIC8_STORE_PATH);
        System.setProperty("javax.net.ssl.trustStorePassword", FABRIC8_STORE_PASSPHRASE);
        KeyStore createTrustStore = CertUtils.createTrustStore((String) null, "src/test/resources/ssl-test/multiple-certs.pem", (String) null, (String) null);
        Assertions.assertEquals(3, createTrustStore.size());
        verifyFabric8InStore(createTrustStore);
    }

    @Test
    void loadKeyStoreFromFileUsingConfigProperties() throws Exception {
        KeyStore createKeyStore = CertUtils.createKeyStore((String) null, "src/test/resources/ssl-test/multiple-certs.pem", (String) null, "src/test/resources/ssl-test/fabric8", "RSA", "changeit", FABRIC8_STORE_PATH, FABRIC8_STORE_PASSPHRASE);
        Assertions.assertEquals(2, createKeyStore.size());
        verifyFabric8InStore(createKeyStore);
    }

    @Test
    void loadKeyStoreFromFileUsingSystemProperties() throws Exception {
        System.setProperty("javax.net.ssl.keyStore", FABRIC8_STORE_PATH);
        System.setProperty("javax.net.ssl.keyStorePassword", String.valueOf(FABRIC8_STORE_PASSPHRASE));
        KeyStore createKeyStore = CertUtils.createKeyStore((String) null, Utils.filePath(getClass().getResource("/ssl-test/multiple-certs.pem")), (String) null, Utils.filePath(getClass().getResource("/ssl-test/fabric8")), "RSA", "changeit", (String) null, (String) null);
        Assertions.assertEquals(2, createKeyStore.size());
        verifyFabric8InStore(createKeyStore);
    }

    @Test
    void getInputStreamFromDataOrFileShouldNotDecodedPEMAgain() throws IOException {
        String str = new String(Files.readAllBytes(new File(((URL) Objects.requireNonNull(getClass().getResource("/ssl-test/valid-non-base64-encoded-cert.pem"))).getFile()).toPath()));
        Assertions.assertEquals(str, IOHelpers.readFully(CertUtils.getInputStreamFromDataOrFile(str, (String) null)));
    }

    @Test
    void getInputStreamFromDataOrFileShouldDecodeBase64EncodedString() throws IOException {
        Assertions.assertEquals("this is a test", IOHelpers.readFully(CertUtils.getInputStreamFromDataOrFile(Base64.getEncoder().encodeToString("this is a test".getBytes()), (String) null)));
    }

    @Test
    void loadECkeys() throws InvalidKeySpecException, CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
        Assertions.assertEquals(1, CertUtils.createKeyStore((String) null, Utils.filePath(getClass().getResource("/ssl-test/fabric8-ec.cert")), (String) null, Utils.filePath(getClass().getResource("/ssl-test/fabric8-ec.paired.key")), "EC", Custom.SINGULAR, (String) null, (String) null).size());
    }

    @Test
    void loadECPrivateOnlyKey() throws InvalidKeySpecException, CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
        Assertions.assertEquals(1, CertUtils.createKeyStore((String) null, Utils.filePath(getClass().getResource("/ssl-test/fabric8-ec.cert")), (String) null, Utils.filePath(getClass().getResource("/ssl-test/fabric8-ec.private-only.key")), "EC", Custom.SINGULAR, (String) null, (String) null).size());
    }

    @Test
    void loadNothingError() {
        String filePath = Utils.filePath(getClass().getResource("/ssl-test/empty"));
        String filePath2 = Utils.filePath(getClass().getResource("/ssl-test/empty"));
        org.assertj.core.api.Assertions.assertThatExceptionOfType(IOException.class).isThrownBy(() -> {
            CertUtils.createKeyStore((String) null, filePath2, (String) null, filePath, "EC", Custom.SINGULAR, (String) null, (String) null);
        }).withMessage("PEM is invalid: no begin marker");
    }

    @Test
    void loadUnknownError() {
        String filePath = Utils.filePath(getClass().getResource("/ssl-test/multiple-certs.p7b"));
        String filePath2 = Utils.filePath(getClass().getResource("/ssl-test/multiple-certs.p7b"));
        org.assertj.core.api.Assertions.assertThatExceptionOfType(KubernetesClientException.class).isThrownBy(() -> {
            CertUtils.createKeyStore((String) null, filePath2, (String) null, filePath, "EC", Custom.SINGULAR, (String) null, (String) null);
        }).withMessageContaining("Invalid DER");
    }

    @Test
    void storeKeyFallbacksToDefault() throws Exception {
        org.assertj.core.api.Assertions.assertThat(Collections.list(CertUtils.createTrustStore((String) null, "src/test/resources/ssl-test/multiple-certs.pem", (String) null, "").aliases())).hasSizeGreaterThanOrEqualTo(2).satisfiesOnlyOnce(str -> {
            org.assertj.core.api.Assertions.assertThat(str).contains(new CharSequence[]{"openshift-signer"});
        }).satisfiesOnlyOnce(str2 -> {
            org.assertj.core.api.Assertions.assertThat(str2).contains(new CharSequence[]{"openshift-service-serving-signer"});
        });
    }

    private void verifyFabric8InStore(KeyStore keyStore) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        Certificate certificate = keyStore.getCertificate("fabric8-in-store");
        Assertions.assertNotNull(certificate);
        Assertions.assertNotNull(CertUtils.createTrustStore((String) null, "src/test/resources/ssl-test/fabric8.crt", (String) null, "").getCertificateAlias(certificate));
    }
}
