package org.bitrepository.protocol.security;

import java.io.UnsupportedEncodingException;
import org.bitrepository.bitrepositorymessages.GetFileRequest;
import org.bitrepository.bitrepositorymessages.PutFileRequest;
import org.bitrepository.common.settings.Settings;
import org.bitrepository.common.settings.TestSettingsProvider;
import org.bitrepository.protocol.security.exception.CertificateUseException;
import org.bitrepository.protocol.security.exception.MessageAuthenticationException;
import org.bitrepository.protocol.security.exception.MessageSigningException;
import org.bitrepository.protocol.security.exception.OperationAuthorizationException;
import org.bitrepository.settings.collectionsettings.Certificate;
import org.bitrepository.settings.collectionsettings.ComponentIDs;
import org.bitrepository.settings.collectionsettings.Operation;
import org.bitrepository.settings.collectionsettings.OperationPermission;
import org.bitrepository.settings.collectionsettings.Permission;
import org.bitrepository.settings.collectionsettings.PermissionSet;
import org.bouncycastle.util.encoders.Base64;
import org.jaccept.structure.ExtendedTestCase;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/bitrepository/protocol/security/SecurityManagerTest.class */
public class SecurityManagerTest extends ExtendedTestCase {
    private final Logger log = LoggerFactory.getLogger(getClass());
    private SecurityManager securityManager;
    private PermissionStore permissionStore;

    @BeforeMethod(alwaysRun = true)
    public void setUp() throws Exception {
        this.permissionStore = new PermissionStore();
        BasicMessageAuthenticator basicMessageAuthenticator = new BasicMessageAuthenticator(this.permissionStore);
        BasicOperationAuthorizor basicOperationAuthorizor = new BasicOperationAuthorizor(this.permissionStore);
        BasicMessageSigner basicMessageSigner = new BasicMessageSigner();
        Settings reloadSettings = TestSettingsProvider.reloadSettings(getClass().getSimpleName());
        reloadSettings.getCollectionSettings().getProtocolSettings().setRequireMessageAuthentication(true);
        reloadSettings.getCollectionSettings().getProtocolSettings().setRequireOperationAuthorization(true);
        reloadSettings.getCollectionSettings().setPermissionSet(SecurityTestConstants.getDefaultPermissions());
        this.securityManager = new BasicSecurityManager(reloadSettings.getCollectionSettings(), SecurityTestConstants.getKeyFile(), basicMessageAuthenticator, basicMessageSigner, basicOperationAuthorizor, this.permissionStore, SecurityTestConstants.getComponentID());
    }

    @Test(groups = {"regressiontest"})
    public void operationAuthorizationBehaviourTest() throws Exception {
        addDescription("Tests that a signature only allows the correct requests.");
        addStep("Check that GET_FILE is allowed.", "GET_FILE is allowed.");
        try {
            this.securityManager.authorizeOperation(GetFileRequest.class.getSimpleName(), SecurityTestConstants.getTestData(), SecurityTestConstants.getSignature());
        } catch (OperationAuthorizationException e) {
            Assert.fail(e.getMessage());
        }
        try {
            this.securityManager.authorizeOperation(PutFileRequest.class.getSimpleName(), SecurityTestConstants.getTestData(), SecurityTestConstants.getSignature());
            Assert.fail("SecurityManager did not throw the expected OperationAuthorizationException");
        } catch (OperationAuthorizationException e2) {
        }
    }

    @Test(groups = {"regressiontest"})
    public void certificateAuthorizationBehaviourTest() throws Exception {
        addDescription("Tests that a certificate is only allowed by registered users (component).");
        addStep("Check that the registered component is allowed.", "The registered component is allowed.");
        this.permissionStore.loadPermissions(getSigningCertPermission(), SecurityTestConstants.getComponentID());
        try {
            this.securityManager.authorizeCertificateUse(SecurityTestConstants.getAllowedCertificateUser(), SecurityTestConstants.getTestData(), SecurityTestConstants.getSignature());
        } catch (CertificateUseException e) {
            Assert.fail(e.getMessage());
        }
        Assert.assertNotNull(((Permission) getSigningCertPermission().getPermission().get(0)).getCertificate().getAllowedCertificateUsers());
        addStep("Check that an unregistered component is not allowed.", "The unregistered component is not allowed.");
        try {
            this.securityManager.authorizeCertificateUse(SecurityTestConstants.getDisallowedCertificateUser(), SecurityTestConstants.getTestData(), SecurityTestConstants.getSignature());
            Assert.fail("SecurityManager did not throw the expected CertificateUseException");
        } catch (CertificateUseException e2) {
        }
    }

    @Test(groups = {"regressiontest"})
    public void positiveSigningAuthenticationRoundtripTest() throws Exception {
        addDescription("Tests that a roundtrip of signing a request and afterwards authenticating is succedes.");
        addStep("Sign a chunck of data.", "Data is signed succesfully");
        String str = null;
        try {
            str = this.securityManager.signMessage(SecurityTestConstants.getTestData());
        } catch (MessageSigningException e) {
            Assert.fail("Failed signing test data!", e);
        }
        this.permissionStore.loadPermissions(getSigningCertPermission(), SecurityTestConstants.getComponentID());
        this.log.info("Signature for testdata is: " + new String(Base64.encode(str.getBytes("UTF-8"))));
        addStep("Check signature matches the data ", "Signature and data matches");
        try {
            this.securityManager.authenticateMessage(SecurityTestConstants.getTestData(), str);
        } catch (MessageAuthenticationException e2) {
            Assert.fail("Failed authenticating test data!", e2);
        }
    }

    @Test(groups = {"regressiontest"})
    public void negativeSigningAuthenticationRoundtripUnkonwnCertificateTest() throws Exception {
        addDescription("Tests that a roundtrip of signing a request and afterwards authenticating it fails due to a unknown certificate.");
        addStep("Sign a chunck of data.", "Data is signed succesfully");
        String str = null;
        try {
            str = this.securityManager.signMessage(SecurityTestConstants.getTestData());
        } catch (MessageSigningException e) {
            Assert.fail("Failed signing test data!", e);
        }
        this.log.info("Signature for testdata is: " + new String(Base64.encode(str.getBytes("UTF-8"))));
        addStep("Check signature matches the data", "Signature cant be matched as certificate is unknown.");
        try {
            this.securityManager.authenticateMessage(SecurityTestConstants.getTestData(), str);
            Assert.fail("Authentication did not fail as expected");
        } catch (MessageAuthenticationException e2) {
            this.log.info(e2.getMessage());
        }
    }

    @Test(groups = {"regressiontest"})
    public void negativeSigningAuthenticationRoundtripBadDataTest() throws Exception {
        addDescription("Tests that a roundtrip of signing a request and afterwards authenticating it fails due to bad data");
        addDescription("Tests that a roundtrip of signing a request and afterwards authenticating is succedes.");
        addStep("Sign a chunck of data.", "Data is signed succesfully");
        String str = null;
        try {
            str = this.securityManager.signMessage(SecurityTestConstants.getTestData());
        } catch (MessageSigningException e) {
            Assert.fail("Failed signing test data!", e);
        }
        this.permissionStore.loadPermissions(getSigningCertPermission(), SecurityTestConstants.getComponentID());
        this.log.info("Signature for testdata is: " + new String(Base64.encode(str.getBytes("UTF-8"))));
        addStep("Check signature matches the data ", "Signature and data matches does not match");
        try {
            this.securityManager.authenticateMessage(SecurityTestConstants.getTestData() + "foobar", str);
            Assert.fail("Authentication did not fail as expected!");
        } catch (MessageAuthenticationException e2) {
            this.log.info(e2.getMessage());
        }
    }

    private PermissionSet getSigningCertPermission() throws UnsupportedEncodingException {
        PermissionSet permissionSet = new PermissionSet();
        ComponentIDs componentIDs = new ComponentIDs();
        componentIDs.getIDs().add(SecurityTestConstants.getAllowedCertificateUser());
        Permission permission = new Permission();
        Certificate certificate = new Certificate();
        certificate.setCertificateData(SecurityTestConstants.getSigningCertificate().getBytes("UTF-8"));
        certificate.setAllowedCertificateUsers(componentIDs);
        permission.setCertificate(certificate);
        OperationPermission operationPermission = new OperationPermission();
        operationPermission.setOperation(Operation.ALL);
        permission.getOperationPermission().add(operationPermission);
        permissionSet.getPermission().add(permission);
        return permissionSet;
    }
}
