package org.apache.kafka.common.security.ssl;

import java.nio.ByteBuffer;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.kafka.common.security.ssl.CommonNameLoggingTrustManagerFactoryWrapper;
import org.apache.kafka.common.utils.LogCaptureAppender;
import org.apache.kafka.test.TestSslUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInstance;

@TestInstance(TestInstance.Lifecycle.PER_CLASS)
/* loaded from: input_file:org/apache/kafka/common/security/ssl/CommonNameLoggingTrustManagerFactoryWrapperTest.class */
public class CommonNameLoggingTrustManagerFactoryWrapperTest {
    private X509Certificate[] chainWithValidEndCertificate;
    private X509Certificate[] chainWithExpiredEndCertificate;
    private X509Certificate[] chainWithInvalidEndCertificate;
    private X509Certificate[] chainWithMultipleEndCertificates;
    private X509Certificate[] chainWithValidAndInvalidEndCertificates;

    @BeforeAll
    public void setUpOnce() throws CertificateException, NoSuchAlgorithmException {
        this.chainWithValidEndCertificate = generateKeyChainIncludingCA(false, false, true, false);
        this.chainWithExpiredEndCertificate = generateKeyChainIncludingCA(true, false, true, false);
        this.chainWithInvalidEndCertificate = generateKeyChainIncludingCA(false, false, false, false);
        this.chainWithMultipleEndCertificates = generateKeyChainIncludingCA(false, true, false, true);
        this.chainWithValidAndInvalidEndCertificates = generateKeyChainIncludingCA(false, true, true, false);
    }

    @Test
    void testNeverExpiringX509Certificate() throws Exception {
        KeyPair generateKeyPair = TestSslUtils.generateKeyPair("RSA");
        X509Certificate[] x509CertificateArr = {TestSslUtils.generateCertificate("CN=Test, L=London, C=GB", generateKeyPair, 1, "SHA512withRSA"), TestSslUtils.generateCertificate("CN=Test, L=London, C=GB", generateKeyPair, -1, "SHA512withRSA"), this.chainWithValidEndCertificate[0], this.chainWithExpiredEndCertificate[0], this.chainWithInvalidEndCertificate[0]};
        PublicKey[] publicKeyArr = {x509CertificateArr[0].getPublicKey(), x509CertificateArr[1].getPublicKey(), this.chainWithValidEndCertificate[1].getPublicKey(), this.chainWithExpiredEndCertificate[1].getPublicKey(), this.chainWithInvalidEndCertificate[1].getPublicKey()};
        boolean[] zArr = {true, true, true, true, false};
        for (int i = 0; i < x509CertificateArr.length; i++) {
            X509Certificate x509Certificate = x509CertificateArr[i];
            CommonNameLoggingTrustManagerFactoryWrapper.NeverExpiringX509Certificate neverExpiringX509Certificate = new CommonNameLoggingTrustManagerFactoryWrapper.NeverExpiringX509Certificate(x509Certificate);
            Assertions.assertEquals(x509Certificate.getCriticalExtensionOIDs(), neverExpiringX509Certificate.getCriticalExtensionOIDs());
            Assertions.assertEquals(x509Certificate.getExtensionValue("2.5.29.14"), neverExpiringX509Certificate.getExtensionValue("2.5.29.14"));
            Assertions.assertEquals(x509Certificate.getNonCriticalExtensionOIDs(), neverExpiringX509Certificate.getNonCriticalExtensionOIDs());
            Assertions.assertEquals(Boolean.valueOf(x509Certificate.hasUnsupportedCriticalExtension()), Boolean.valueOf(neverExpiringX509Certificate.hasUnsupportedCriticalExtension()));
            Assertions.assertEquals(x509Certificate.getBasicConstraints(), neverExpiringX509Certificate.getBasicConstraints());
            Assertions.assertEquals(x509Certificate.getIssuerDN(), neverExpiringX509Certificate.getIssuerDN());
            Assertions.assertEquals(x509Certificate.getIssuerUniqueID(), neverExpiringX509Certificate.getIssuerUniqueID());
            Assertions.assertEquals(x509Certificate.getKeyUsage(), neverExpiringX509Certificate.getKeyUsage());
            Assertions.assertEquals(x509Certificate.getNotAfter(), neverExpiringX509Certificate.getNotAfter());
            Assertions.assertEquals(x509Certificate.getNotBefore(), neverExpiringX509Certificate.getNotBefore());
            Assertions.assertEquals(x509Certificate.getSerialNumber(), neverExpiringX509Certificate.getSerialNumber());
            Assertions.assertEquals(x509Certificate.getSigAlgName(), neverExpiringX509Certificate.getSigAlgName());
            Assertions.assertEquals(x509Certificate.getSigAlgOID(), neverExpiringX509Certificate.getSigAlgOID());
            Assertions.assertArrayEquals(x509Certificate.getSigAlgParams(), neverExpiringX509Certificate.getSigAlgParams());
            Assertions.assertArrayEquals(x509Certificate.getSignature(), neverExpiringX509Certificate.getSignature());
            Assertions.assertEquals(x509Certificate.getSubjectDN(), neverExpiringX509Certificate.getSubjectDN());
            Assertions.assertEquals(x509Certificate.getSubjectUniqueID(), neverExpiringX509Certificate.getSubjectUniqueID());
            Assertions.assertArrayEquals(x509Certificate.getTBSCertificate(), neverExpiringX509Certificate.getTBSCertificate());
            Assertions.assertEquals(x509Certificate.getVersion(), neverExpiringX509Certificate.getVersion());
            Assertions.assertArrayEquals(x509Certificate.getEncoded(), neverExpiringX509Certificate.getEncoded());
            Assertions.assertEquals(x509Certificate.getPublicKey(), neverExpiringX509Certificate.getPublicKey());
            Assertions.assertEquals(x509Certificate.toString(), neverExpiringX509Certificate.toString());
            PublicKey publicKey = publicKeyArr[i];
            if (zArr[i]) {
                Assertions.assertDoesNotThrow(() -> {
                    x509Certificate.verify(publicKey);
                });
                Assertions.assertDoesNotThrow(() -> {
                    neverExpiringX509Certificate.verify(publicKey);
                });
            } else {
                Assertions.assertEquals(((Exception) Assertions.assertThrows(SignatureException.class, () -> {
                    x509Certificate.verify(publicKey);
                })).getMessage(), ((Exception) Assertions.assertThrows(SignatureException.class, () -> {
                    neverExpiringX509Certificate.verify(publicKey);
                })).getMessage());
            }
            Date date = new Date();
            if (x509Certificate.getNotBefore().before(date) && x509Certificate.getNotAfter().after(date)) {
                Assertions.assertDoesNotThrow(() -> {
                    x509Certificate.checkValidity();
                });
            } else {
                Assertions.assertThrows(CertificateException.class, () -> {
                    x509Certificate.checkValidity();
                });
            }
            Assertions.assertDoesNotThrow(() -> {
                neverExpiringX509Certificate.checkValidity();
            });
            if (x509Certificate.getNotBefore().before(date) && x509Certificate.getNotAfter().after(date)) {
                Assertions.assertDoesNotThrow(() -> {
                    x509Certificate.checkValidity(date);
                });
            } else {
                Assertions.assertThrows(CertificateException.class, () -> {
                    x509Certificate.checkValidity(date);
                });
            }
            Assertions.assertDoesNotThrow(() -> {
                neverExpiringX509Certificate.checkValidity(date);
            });
            Date date2 = new Date(System.currentTimeMillis() - 43200000);
            if (x509Certificate.getNotBefore().before(date2) && x509Certificate.getNotAfter().after(date2)) {
                Assertions.assertDoesNotThrow(() -> {
                    x509Certificate.checkValidity(date2);
                });
                Assertions.assertDoesNotThrow(() -> {
                    neverExpiringX509Certificate.checkValidity(date2);
                });
            } else {
                Assertions.assertDoesNotThrow(() -> {
                    neverExpiringX509Certificate.checkValidity(date2);
                });
            }
            Date date3 = new Date(System.currentTimeMillis() - 259200000);
            Assertions.assertThrows(CertificateException.class, () -> {
                x509Certificate.checkValidity(date3);
            });
            Assertions.assertDoesNotThrow(() -> {
                neverExpiringX509Certificate.checkValidity(date3);
            });
            Date date4 = new Date(System.currentTimeMillis() + 259200000);
            Assertions.assertThrows(CertificateException.class, () -> {
                x509Certificate.checkValidity(date4);
            });
            Assertions.assertDoesNotThrow(() -> {
                neverExpiringX509Certificate.checkValidity(date4);
            });
        }
    }

    private static X509TrustManager getX509TrustManager(TrustManagerFactory trustManagerFactory) throws Exception {
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new Exception("Unable to find X509TrustManager");
    }

    @Test
    public void testCommonNameLoggingTrustManagerFactoryWrapper() throws Exception {
        X509Certificate x509Certificate = this.chainWithValidEndCertificate[2];
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry("CA", x509Certificate);
        String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm);
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        CommonNameLoggingTrustManagerFactoryWrapper commonNameLoggingTrustManagerFactoryWrapper = CommonNameLoggingTrustManagerFactoryWrapper.getInstance(defaultAlgorithm);
        commonNameLoggingTrustManagerFactoryWrapper.init(keyStore);
        CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager[] trustManagers2 = commonNameLoggingTrustManagerFactoryWrapper.getTrustManagers();
        Assertions.assertEquals(trustManagers.length, trustManagers2.length);
        Assertions.assertEquals(trustManagerFactory.getAlgorithm(), commonNameLoggingTrustManagerFactoryWrapper.getAlgorithm());
        for (int i = 0; i < trustManagers.length; i++) {
            TrustManager trustManager = trustManagers[i];
            CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager commonNameLoggingTrustManager = trustManagers2[i];
            if (trustManager instanceof X509TrustManager) {
                Assertions.assertInstanceOf(CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager.class, commonNameLoggingTrustManager);
                Assertions.assertEquals(trustManager.getClass(), commonNameLoggingTrustManager.getOriginalTrustManager().getClass());
            } else {
                Assertions.assertEquals(trustManager.getClass(), commonNameLoggingTrustManager.getClass());
            }
        }
    }

    @Test
    public void testCommonNameLoggingTrustManagerValidChain() throws Exception {
        X509Certificate x509Certificate = this.chainWithValidEndCertificate[0];
        X509Certificate x509Certificate2 = this.chainWithValidEndCertificate[1];
        X509Certificate x509Certificate3 = this.chainWithValidEndCertificate[2];
        X509Certificate[] x509CertificateArr = {x509Certificate, x509Certificate2};
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry("CA", x509Certificate3);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        X509TrustManager x509TrustManager = getX509TrustManager(trustManagerFactory);
        LogCaptureAppender createAndRegister = LogCaptureAppender.createAndRegister(CommonNameLoggingSslEngineFactory.class);
        Throwable th = null;
        try {
            try {
                int size = createAndRegister.getMessages().size();
                CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager commonNameLoggingTrustManager = new CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager(x509TrustManager, 2);
                Assertions.assertEquals(commonNameLoggingTrustManager.getOriginalTrustManager(), x509TrustManager);
                Assertions.assertDoesNotThrow(() -> {
                    x509TrustManager.checkClientTrusted(x509CertificateArr, "RSA");
                });
                Assertions.assertDoesNotThrow(() -> {
                    commonNameLoggingTrustManager.checkClientTrusted(x509CertificateArr, "RSA");
                });
                Assertions.assertEquals(size, createAndRegister.getMessages().size());
                Assertions.assertEquals(commonNameLoggingTrustManager.getOriginalTrustManager(), x509TrustManager);
                Assertions.assertDoesNotThrow(() -> {
                    x509TrustManager.checkClientTrusted(x509CertificateArr, "RSA");
                });
                Assertions.assertDoesNotThrow(() -> {
                    commonNameLoggingTrustManager.checkClientTrusted(x509CertificateArr, "RSA");
                });
                Assertions.assertEquals(size, createAndRegister.getMessages().size());
                Assertions.assertDoesNotThrow(() -> {
                    x509TrustManager.checkServerTrusted(x509CertificateArr, "RSA");
                });
                Assertions.assertDoesNotThrow(() -> {
                    commonNameLoggingTrustManager.checkServerTrusted(x509CertificateArr, "RSA");
                });
                Assertions.assertEquals(size, createAndRegister.getMessages().size());
                Assertions.assertArrayEquals(x509TrustManager.getAcceptedIssuers(), commonNameLoggingTrustManager.getAcceptedIssuers());
                if (createAndRegister != null) {
                    if (0 == 0) {
                        createAndRegister.close();
                        return;
                    }
                    try {
                        createAndRegister.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (createAndRegister != null) {
                if (th != null) {
                    try {
                        createAndRegister.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    createAndRegister.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testCommonNameLoggingTrustManagerValidChainWithCA() throws Exception {
        X509Certificate x509Certificate = this.chainWithValidEndCertificate[0];
        X509Certificate x509Certificate2 = this.chainWithValidEndCertificate[1];
        X509Certificate x509Certificate3 = this.chainWithValidEndCertificate[2];
        X509Certificate[] x509CertificateArr = {x509Certificate, x509Certificate2, x509Certificate3};
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry("CA", x509Certificate3);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        X509TrustManager x509TrustManager = getX509TrustManager(trustManagerFactory);
        LogCaptureAppender createAndRegister = LogCaptureAppender.createAndRegister(CommonNameLoggingSslEngineFactory.class);
        Throwable th = null;
        try {
            int size = createAndRegister.getMessages().size();
            CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager commonNameLoggingTrustManager = new CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager(x509TrustManager, 2);
            Assertions.assertEquals(commonNameLoggingTrustManager.getOriginalTrustManager(), x509TrustManager);
            Assertions.assertDoesNotThrow(() -> {
                x509TrustManager.checkClientTrusted(x509CertificateArr, "RSA");
            });
            Assertions.assertDoesNotThrow(() -> {
                commonNameLoggingTrustManager.checkClientTrusted(x509CertificateArr, "RSA");
            });
            Assertions.assertEquals(size, createAndRegister.getMessages().size());
            Assertions.assertDoesNotThrow(() -> {
                x509TrustManager.checkServerTrusted(x509CertificateArr, "RSA");
            });
            Assertions.assertDoesNotThrow(() -> {
                commonNameLoggingTrustManager.checkServerTrusted(x509CertificateArr, "RSA");
            });
            Assertions.assertEquals(size, createAndRegister.getMessages().size());
            Assertions.assertArrayEquals(x509TrustManager.getAcceptedIssuers(), commonNameLoggingTrustManager.getAcceptedIssuers());
            if (createAndRegister != null) {
                if (0 == 0) {
                    createAndRegister.close();
                    return;
                }
                try {
                    createAndRegister.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (createAndRegister != null) {
                if (0 != 0) {
                    try {
                        createAndRegister.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    createAndRegister.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testCommonNameLoggingTrustManagerWithInvalidEndCert() throws Exception {
        X509Certificate x509Certificate = this.chainWithInvalidEndCertificate[0];
        X509Certificate x509Certificate2 = this.chainWithInvalidEndCertificate[1];
        X509Certificate x509Certificate3 = this.chainWithInvalidEndCertificate[2];
        X509Certificate[] x509CertificateArr = {x509Certificate, x509Certificate2};
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry("CA", x509Certificate3);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        X509TrustManager x509TrustManager = getX509TrustManager(trustManagerFactory);
        LogCaptureAppender createAndRegister = LogCaptureAppender.createAndRegister(CommonNameLoggingSslEngineFactory.class);
        Throwable th = null;
        try {
            try {
                int size = createAndRegister.getMessages().size();
                CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager commonNameLoggingTrustManager = new CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager(x509TrustManager, 2);
                Assertions.assertEquals(commonNameLoggingTrustManager.getOriginalTrustManager(), x509TrustManager);
                Assertions.assertEquals(((Exception) Assertions.assertThrows(CertificateException.class, () -> {
                    x509TrustManager.checkClientTrusted(x509CertificateArr, "RSA");
                })).getMessage(), ((Exception) Assertions.assertThrows(CertificateException.class, () -> {
                    commonNameLoggingTrustManager.checkClientTrusted(x509CertificateArr, "RSA");
                })).getMessage());
                Assertions.assertEquals(size, createAndRegister.getMessages().size());
                Assertions.assertEquals(commonNameLoggingTrustManager.getOriginalTrustManager(), x509TrustManager);
                Assertions.assertEquals(((Exception) Assertions.assertThrows(CertificateException.class, () -> {
                    x509TrustManager.checkClientTrusted(x509CertificateArr, "RSA");
                })).getMessage(), ((Exception) Assertions.assertThrows(CertificateException.class, () -> {
                    commonNameLoggingTrustManager.checkClientTrusted(x509CertificateArr, "RSA");
                })).getMessage());
                Assertions.assertEquals(size, createAndRegister.getMessages().size());
                Assertions.assertEquals(((Exception) Assertions.assertThrows(CertificateException.class, () -> {
                    x509TrustManager.checkServerTrusted(x509CertificateArr, "RSA");
                })).getMessage(), ((Exception) Assertions.assertThrows(CertificateException.class, () -> {
                    commonNameLoggingTrustManager.checkServerTrusted(x509CertificateArr, "RSA");
                })).getMessage());
                Assertions.assertEquals(size, createAndRegister.getMessages().size());
                Assertions.assertArrayEquals(x509TrustManager.getAcceptedIssuers(), commonNameLoggingTrustManager.getAcceptedIssuers());
                if (createAndRegister != null) {
                    if (0 == 0) {
                        createAndRegister.close();
                        return;
                    }
                    try {
                        createAndRegister.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (createAndRegister != null) {
                if (th != null) {
                    try {
                        createAndRegister.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    createAndRegister.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testCommonNameLoggingTrustManagerWithExpiredEndCert() throws Exception {
        X509Certificate x509Certificate = this.chainWithExpiredEndCertificate[0];
        X509Certificate x509Certificate2 = this.chainWithExpiredEndCertificate[1];
        X509Certificate x509Certificate3 = this.chainWithExpiredEndCertificate[2];
        X509Certificate[] x509CertificateArr = {x509Certificate, x509Certificate2};
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry("CA", x509Certificate3);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        X509TrustManager x509TrustManager = getX509TrustManager(trustManagerFactory);
        LogCaptureAppender createAndRegister = LogCaptureAppender.createAndRegister(CommonNameLoggingTrustManagerFactoryWrapper.class);
        Throwable th = null;
        try {
            try {
                int size = createAndRegister.getMessages().size();
                CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager commonNameLoggingTrustManager = new CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager(x509TrustManager, 2);
                Assertions.assertEquals(x509TrustManager, commonNameLoggingTrustManager.getOriginalTrustManager());
                Assertions.assertEquals(((Exception) Assertions.assertThrows(CertificateException.class, () -> {
                    x509TrustManager.checkClientTrusted(x509CertificateArr, "RSA");
                })).getMessage(), ((Exception) Assertions.assertThrows(CertificateException.class, () -> {
                    commonNameLoggingTrustManager.checkClientTrusted(x509CertificateArr, "RSA");
                })).getMessage());
                List<String> messages = createAndRegister.getMessages();
                Assertions.assertEquals(size + 1, messages.size());
                Assertions.assertEquals("Certificate with common name \"" + x509Certificate.getSubjectX500Principal() + "\" expired on " + x509Certificate.getNotAfter(), messages.get(messages.size() - 1));
                Assertions.assertEquals(((Exception) Assertions.assertThrows(CertificateException.class, () -> {
                    commonNameLoggingTrustManager.checkServerTrusted(x509CertificateArr, "RSA");
                })).getMessage(), ((Exception) Assertions.assertThrows(CertificateException.class, () -> {
                    commonNameLoggingTrustManager.checkServerTrusted(x509CertificateArr, "RSA");
                })).getMessage());
                Assertions.assertEquals(size + 1, createAndRegister.getMessages().size());
                Assertions.assertArrayEquals(x509TrustManager.getAcceptedIssuers(), commonNameLoggingTrustManager.getAcceptedIssuers());
                if (createAndRegister != null) {
                    if (0 == 0) {
                        createAndRegister.close();
                        return;
                    }
                    try {
                        createAndRegister.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (createAndRegister != null) {
                if (th != null) {
                    try {
                        createAndRegister.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    createAndRegister.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testCommonNameLoggingTrustManagerWithExpiredEndCertWithCA() throws Exception {
        X509Certificate x509Certificate = this.chainWithExpiredEndCertificate[0];
        X509Certificate x509Certificate2 = this.chainWithExpiredEndCertificate[1];
        X509Certificate x509Certificate3 = this.chainWithExpiredEndCertificate[2];
        X509Certificate[] x509CertificateArr = {x509Certificate, x509Certificate2, x509Certificate3};
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry("CA", x509Certificate3);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        X509TrustManager x509TrustManager = getX509TrustManager(trustManagerFactory);
        LogCaptureAppender createAndRegister = LogCaptureAppender.createAndRegister(CommonNameLoggingTrustManagerFactoryWrapper.class);
        Throwable th = null;
        try {
            try {
                int size = createAndRegister.getMessages().size();
                CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager commonNameLoggingTrustManager = new CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager(x509TrustManager, 2);
                Assertions.assertEquals(x509TrustManager, commonNameLoggingTrustManager.getOriginalTrustManager());
                Assertions.assertEquals(((Exception) Assertions.assertThrows(CertificateException.class, () -> {
                    x509TrustManager.checkClientTrusted(x509CertificateArr, "RSA");
                })).getMessage(), ((Exception) Assertions.assertThrows(CertificateException.class, () -> {
                    commonNameLoggingTrustManager.checkClientTrusted(x509CertificateArr, "RSA");
                })).getMessage());
                List<String> messages = createAndRegister.getMessages();
                Assertions.assertEquals(size + 1, messages.size());
                Assertions.assertEquals("Certificate with common name \"" + x509Certificate.getSubjectX500Principal() + "\" expired on " + x509Certificate.getNotAfter(), messages.get(messages.size() - 1));
                Assertions.assertEquals(((Exception) Assertions.assertThrows(CertificateException.class, () -> {
                    commonNameLoggingTrustManager.checkServerTrusted(x509CertificateArr, "RSA");
                })).getMessage(), ((Exception) Assertions.assertThrows(CertificateException.class, () -> {
                    commonNameLoggingTrustManager.checkServerTrusted(x509CertificateArr, "RSA");
                })).getMessage());
                Assertions.assertEquals(size + 1, createAndRegister.getMessages().size());
                Assertions.assertArrayEquals(x509TrustManager.getAcceptedIssuers(), commonNameLoggingTrustManager.getAcceptedIssuers());
                if (createAndRegister != null) {
                    if (0 == 0) {
                        createAndRegister.close();
                        return;
                    }
                    try {
                        createAndRegister.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (createAndRegister != null) {
                if (th != null) {
                    try {
                        createAndRegister.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    createAndRegister.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testCommonNameLoggingTrustManagerMixValidAndInvalidCertificates() throws Exception {
        X509Certificate x509Certificate = this.chainWithValidAndInvalidEndCertificates[0];
        X509Certificate x509Certificate2 = this.chainWithValidAndInvalidEndCertificates[1];
        X509Certificate x509Certificate3 = this.chainWithValidAndInvalidEndCertificates[2];
        X509Certificate x509Certificate4 = this.chainWithValidAndInvalidEndCertificates[3];
        X509Certificate[] x509CertificateArr = {x509Certificate, x509Certificate3};
        X509Certificate[] x509CertificateArr2 = {x509Certificate2, x509Certificate3};
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry("CA", x509Certificate4);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        X509TrustManager x509TrustManager = getX509TrustManager(trustManagerFactory);
        LogCaptureAppender createAndRegister = LogCaptureAppender.createAndRegister(CommonNameLoggingSslEngineFactory.class);
        Throwable th = null;
        try {
            try {
                CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager commonNameLoggingTrustManager = new CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager(x509TrustManager, 2);
                Assertions.assertThrows(CertificateException.class, () -> {
                    commonNameLoggingTrustManager.checkClientTrusted(x509CertificateArr2, "RSA");
                });
                Assertions.assertThrows(CertificateException.class, () -> {
                    commonNameLoggingTrustManager.checkClientTrusted(x509CertificateArr2, "RSA");
                });
                if (createAndRegister != null) {
                    if (0 == 0) {
                        createAndRegister.close();
                        return;
                    }
                    try {
                        createAndRegister.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (createAndRegister != null) {
                if (th != null) {
                    try {
                        createAndRegister.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    createAndRegister.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testSortChainAnWrapEndCertificate() {
        Assertions.assertThrows(CertificateException.class, () -> {
            CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager.sortChainAnWrapEndCertificate((X509Certificate[]) null);
        });
        Assertions.assertThrows(CertificateException.class, () -> {
            CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager.sortChainAnWrapEndCertificate(new X509Certificate[0]);
        });
        X509Certificate x509Certificate = this.chainWithExpiredEndCertificate[0];
        X509Certificate x509Certificate2 = this.chainWithExpiredEndCertificate[1];
        X509Certificate x509Certificate3 = this.chainWithExpiredEndCertificate[2];
        X509Certificate[] x509CertificateArr = {x509Certificate};
        Assertions.assertEquals(x509Certificate.getSubjectX500Principal(), ((X509Certificate[]) Assertions.assertDoesNotThrow(() -> {
            return CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager.sortChainAnWrapEndCertificate(x509CertificateArr);
        }))[0].getSubjectX500Principal());
        X509Certificate[] x509CertificateArr2 = {x509Certificate, x509Certificate2};
        X509Certificate[] x509CertificateArr3 = (X509Certificate[]) Assertions.assertDoesNotThrow(() -> {
            return CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager.sortChainAnWrapEndCertificate(x509CertificateArr2);
        });
        Assertions.assertEquals(x509Certificate.getSubjectX500Principal(), x509CertificateArr3[0].getSubjectX500Principal());
        Assertions.assertEquals(x509Certificate2.getSubjectX500Principal(), x509CertificateArr3[1].getSubjectX500Principal());
        X509Certificate[] x509CertificateArr4 = {x509Certificate2, x509Certificate};
        X509Certificate[] x509CertificateArr5 = (X509Certificate[]) Assertions.assertDoesNotThrow(() -> {
            return CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager.sortChainAnWrapEndCertificate(x509CertificateArr4);
        });
        Assertions.assertEquals(x509Certificate.getSubjectX500Principal(), x509CertificateArr5[0].getSubjectX500Principal());
        Assertions.assertEquals(x509Certificate2.getSubjectX500Principal(), x509CertificateArr5[1].getSubjectX500Principal());
        X509Certificate[] x509CertificateArr6 = {x509Certificate3, x509Certificate2, x509Certificate};
        X509Certificate[] x509CertificateArr7 = (X509Certificate[]) Assertions.assertDoesNotThrow(() -> {
            return CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager.sortChainAnWrapEndCertificate(x509CertificateArr6);
        });
        Assertions.assertEquals(x509Certificate.getSubjectX500Principal(), x509CertificateArr7[0].getSubjectX500Principal());
        Assertions.assertEquals(x509Certificate2.getSubjectX500Principal(), x509CertificateArr7[1].getSubjectX500Principal());
        Assertions.assertEquals(x509Certificate3.getSubjectX500Principal(), x509CertificateArr7[2].getSubjectX500Principal());
    }

    @Test
    public void testSortChainWithMultipleEndCertificate() {
        Assertions.assertThrows(CertificateException.class, () -> {
            CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager.sortChainAnWrapEndCertificate(this.chainWithMultipleEndCertificates);
        });
    }

    @Test
    public void testCalcDigestForCertificateChain() {
        ByteBuffer byteBuffer = (ByteBuffer) Assertions.assertDoesNotThrow(() -> {
            return CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager.calcDigestForCertificateChain(this.chainWithValidEndCertificate);
        });
        Assertions.assertEquals(byteBuffer, (ByteBuffer) Assertions.assertDoesNotThrow(() -> {
            return CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager.calcDigestForCertificateChain(this.chainWithValidEndCertificate);
        }));
        ByteBuffer byteBuffer2 = (ByteBuffer) Assertions.assertDoesNotThrow(() -> {
            return CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager.calcDigestForCertificateChain(this.chainWithInvalidEndCertificate);
        });
        Assertions.assertNotEquals(byteBuffer, byteBuffer2);
        ByteBuffer byteBuffer3 = (ByteBuffer) Assertions.assertDoesNotThrow(() -> {
            return CommonNameLoggingTrustManagerFactoryWrapper.CommonNameLoggingTrustManager.calcDigestForCertificateChain(this.chainWithExpiredEndCertificate);
        });
        Assertions.assertNotEquals(byteBuffer, byteBuffer3);
        Assertions.assertNotEquals(byteBuffer2, byteBuffer3);
    }

    private X509Certificate[] generateKeyChainIncludingCA(boolean z, boolean z2, boolean z3, boolean z4) throws CertificateException, NoSuchAlgorithmException {
        int i = z2 ? 4 : 3;
        KeyPair[] keyPairArr = new KeyPair[i];
        for (int i2 = 0; i2 < i; i2++) {
            keyPairArr[i2] = TestSslUtils.generateKeyPair("RSA");
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[i];
        int i3 = z ? 0 : 1;
        int i4 = i - 1;
        x509CertificateArr[i4] = TestSslUtils.generateSignedCertificate("CN=CA", keyPairArr[i4], 365, 365, null, null, "SHA512withRSA", true, false, false);
        int i5 = i4 - 1;
        x509CertificateArr[i5] = TestSslUtils.generateSignedCertificate("CN=Intermediate CA", keyPairArr[i5], 365, 365, x509CertificateArr[i4].getSubjectX500Principal().getName(), keyPairArr[i4], "SHA512withRSA", true, false, false);
        int i6 = i5 - 1;
        while (i6 >= 0) {
            if (i6 == 0 ? z3 : z4) {
                x509CertificateArr[i6] = TestSslUtils.generateSignedCertificate("CN=kafka", keyPairArr[i6], 1, i3, x509CertificateArr[i5].getSubjectX500Principal().getName(), keyPairArr[i5], "SHA512withRSA", false, true, true);
            } else {
                x509CertificateArr[i6] = TestSslUtils.generateSignedCertificate("C=GB, L=London, CN=kafka", keyPairArr[i6], 1, i3, null, null, "SHA512withRSA", false, true, true);
            }
            i6--;
        }
        return x509CertificateArr;
    }
}
