package org.apache.qpid.server.security.encryption;

import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.qpid.test.utils.QpidTestCase;

/* loaded from: input_file:org/apache/qpid/server/security/encryption/AESKeyFileEncrypterTest.class */
public class AESKeyFileEncrypterTest extends QpidTestCase {
    private final SecureRandom _random = new SecureRandom();
    public static final String PLAINTEXT = "notaverygoodpassword";

    public void testSimpleEncryptDecrypt() throws Exception {
        if (isStrongEncryptionEnabled()) {
            doTestSimpleEncryptDecrypt(PLAINTEXT);
        }
    }

    public void testRepeatedEncryptionsReturnDifferentValues() throws Exception {
        if (isStrongEncryptionEnabled()) {
            AESKeyFileEncrypter aESKeyFileEncrypter = new AESKeyFileEncrypter(createSecretKey());
            HashSet hashSet = new HashSet();
            for (int i = 0; i < 100; i++) {
                hashSet.add(aESKeyFileEncrypter.encrypt(PLAINTEXT));
            }
            assertEquals("Not all encryptions were distinct", 100, hashSet.size());
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                assertEquals("Not all encryptions decrypt correctly", PLAINTEXT, aESKeyFileEncrypter.decrypt((String) it.next()));
            }
        }
    }

    public void testCreationFailsOnInvalidSecret() throws Exception {
        if (isStrongEncryptionEnabled()) {
            try {
                new AESKeyFileEncrypter((SecretKey) null);
                fail("An encrypter should not be creatable from a null key");
            } catch (NullPointerException e) {
            }
            try {
                new AESKeyFileEncrypter(SecretKeyFactory.getInstance("PBEWithMD5AndDES").generateSecret(new PBEKeySpec("password".toCharArray())));
                fail("An encrypter should not be creatable from the wrong type of secret key");
            } catch (IllegalArgumentException e2) {
            }
        }
    }

    public void testEncryptionOfEmptyString() throws Exception {
        if (isStrongEncryptionEnabled()) {
            doTestSimpleEncryptDecrypt("");
        }
    }

    private void doTestSimpleEncryptDecrypt(String str) {
        AESKeyFileEncrypter aESKeyFileEncrypter = new AESKeyFileEncrypter(createSecretKey());
        String encrypt = aESKeyFileEncrypter.encrypt(str);
        assertNotNull("Encrypter did not return a result from encryption", encrypt);
        assertFalse("Plain text and encrypted version are equal", str.equals(encrypt));
        Object decrypt = aESKeyFileEncrypter.decrypt(encrypt);
        assertNotNull("Encrypter did not return a result from decryption", decrypt);
        assertTrue("Encryption was not reversible", str.equals(decrypt));
    }

    public void testEncryptingNullFails() throws Exception {
        if (isStrongEncryptionEnabled()) {
            try {
                new AESKeyFileEncrypter(createSecretKey()).encrypt((String) null);
                fail("Attempting to encrypt null should fail");
            } catch (NullPointerException e) {
            }
        }
    }

    public void testEncryptingVeryLargeSecret() throws Exception {
        if (isStrongEncryptionEnabled()) {
            byte[] bArr = new byte[4096];
            new Random().nextBytes(bArr);
            for (int i = 0; i < bArr.length; i++) {
                bArr[i] = (byte) (bArr[i] & 239);
            }
            doTestSimpleEncryptDecrypt(new String(bArr, StandardCharsets.US_ASCII));
        }
    }

    private boolean isStrongEncryptionEnabled() throws NoSuchAlgorithmException {
        return Cipher.getMaxAllowedKeyLength("AES") >= 256;
    }

    public void testDecryptNonsense() throws Exception {
        if (isStrongEncryptionEnabled()) {
            AESKeyFileEncrypter aESKeyFileEncrypter = new AESKeyFileEncrypter(createSecretKey());
            try {
                aESKeyFileEncrypter.decrypt((String) null);
                fail("Should not decrypt a null value");
            } catch (NullPointerException e) {
            }
            try {
                aESKeyFileEncrypter.decrypt("");
                fail("Should not decrypt the empty String");
            } catch (IllegalArgumentException e2) {
            }
            try {
                aESKeyFileEncrypter.decrypt("thisisnonsense");
                fail("Should not decrypt a small amount of nonsense");
            } catch (IllegalArgumentException e3) {
            }
            try {
                aESKeyFileEncrypter.decrypt("thisisn'tvalidBase64!soitshouldfailwithanIllegalArgumentException");
                fail("Should not decrypt a larger amount of nonsense");
            } catch (IllegalArgumentException e4) {
            }
        }
    }

    private SecretKeySpec createSecretKey() {
        byte[] bArr = new byte[32];
        this._random.nextBytes(bArr);
        return new SecretKeySpec(bArr, "AES");
    }
}
