package org.apache.pulsar.jetty.tls;

import com.google.common.io.Resources;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import lombok.Generated;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.pulsar.common.util.DefaultPulsarSslFactory;
import org.apache.pulsar.common.util.PulsarSslConfiguration;
import org.apache.pulsar.common.util.SecurityUtility;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/pulsar/jetty/tls/JettySslContextFactoryTest.class */
public class JettySslContextFactoryTest {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(JettySslContextFactoryTest.class);

    @Test
    public void testJettyTlsServerTls() throws Exception {
        Server server = new Server();
        try {
            ArrayList arrayList = new ArrayList();
            PulsarSslConfiguration build = PulsarSslConfiguration.builder().tlsTrustCertsFilePath(Resources.getResource("ssl/my-ca/ca.pem").getPath()).tlsCertificateFilePath(Resources.getResource("ssl/my-ca/server-ca.pem").getPath()).tlsKeyFilePath(Resources.getResource("ssl/my-ca/server-key.pem").getPath()).allowInsecureConnection(false).requireTrustedClientCertOnConnect(true).tlsEnabledWithKeystore(false).isHttps(true).build();
            DefaultPulsarSslFactory defaultPulsarSslFactory = new DefaultPulsarSslFactory();
            defaultPulsarSslFactory.initialize(build);
            defaultPulsarSslFactory.createInternalSslContext();
            ServerConnector serverConnector = new ServerConnector(server, JettySslContextFactory.createSslContextFactory((String) null, defaultPulsarSslFactory, true, (Set) null, (Set) null));
            serverConnector.setPort(0);
            arrayList.add(serverConnector);
            server.setConnectors((Connector[]) arrayList.toArray(new ServerConnector[0]));
            server.start();
            HttpClientBuilder custom = HttpClients.custom();
            RegistryBuilder create = RegistryBuilder.create();
            create.register("https", new SSLConnectionSocketFactory(getClientSslContext(), new NoopHostnameVerifier()));
            custom.setConnectionManager(new PoolingHttpClientConnectionManager(create.build()));
            CloseableHttpClient build2 = custom.build();
            try {
                build2.execute(new HttpGet("https://localhost:" + serverConnector.getLocalPort()));
                if (Collections.singletonList(build2).get(0) != null) {
                    build2.close();
                }
            } catch (Throwable th) {
                if (Collections.singletonList(build2).get(0) != null) {
                    build2.close();
                }
                throw th;
            }
        } finally {
            if (Collections.singletonList(server).get(0) != null) {
                server.stop();
            }
        }
    }

    @Test(expectedExceptions = {SSLHandshakeException.class})
    public void testJettyTlsServerInvalidTlsProtocol() throws Exception {
        Server server = new Server();
        try {
            ArrayList arrayList = new ArrayList();
            PulsarSslConfiguration build = PulsarSslConfiguration.builder().tlsProtocols(new HashSet<String>() { // from class: org.apache.pulsar.jetty.tls.JettySslContextFactoryTest.1
                {
                    add("TLSv1.3");
                }
            }).tlsTrustCertsFilePath(Resources.getResource("ssl/my-ca/ca.pem").getPath()).tlsCertificateFilePath(Resources.getResource("ssl/my-ca/server-ca.pem").getPath()).tlsKeyFilePath(Resources.getResource("ssl/my-ca/server-key.pem").getPath()).allowInsecureConnection(false).requireTrustedClientCertOnConnect(true).tlsEnabledWithKeystore(false).isHttps(true).build();
            DefaultPulsarSslFactory defaultPulsarSslFactory = new DefaultPulsarSslFactory();
            defaultPulsarSslFactory.initialize(build);
            defaultPulsarSslFactory.createInternalSslContext();
            SslContextFactory.Server createSslContextFactory = JettySslContextFactory.createSslContextFactory((String) null, defaultPulsarSslFactory, true, (Set) null, new HashSet<String>() { // from class: org.apache.pulsar.jetty.tls.JettySslContextFactoryTest.2
                {
                    add("TLSv1.3");
                }
            });
            createSslContextFactory.setHostnameVerifier((str, sSLSession) -> {
                return true;
            });
            ServerConnector serverConnector = new ServerConnector(server, createSslContextFactory);
            serverConnector.setPort(0);
            arrayList.add(serverConnector);
            server.setConnectors((Connector[]) arrayList.toArray(new ServerConnector[0]));
            server.start();
            HttpClientBuilder custom = HttpClients.custom();
            RegistryBuilder create = RegistryBuilder.create();
            create.register("https", new SSLConnectionSocketFactory(getClientSslContext(), new String[]{"TLSv1.2"}, (String[]) null, new NoopHostnameVerifier()));
            custom.setConnectionManager(new PoolingHttpClientConnectionManager(create.build()));
            CloseableHttpClient build2 = custom.build();
            try {
                build2.execute(new HttpGet("https://localhost:" + serverConnector.getLocalPort()));
                if (Collections.singletonList(build2).get(0) != null) {
                    build2.close();
                }
            } catch (Throwable th) {
                if (Collections.singletonList(build2).get(0) != null) {
                    build2.close();
                }
                throw th;
            }
        } finally {
            if (Collections.singletonList(server).get(0) != null) {
                server.stop();
            }
        }
    }

    @Test(expectedExceptions = {SSLHandshakeException.class})
    public void testJettyTlsServerInvalidCipher() throws Exception {
        Server server = new Server();
        try {
            ArrayList arrayList = new ArrayList();
            PulsarSslConfiguration build = PulsarSslConfiguration.builder().tlsCiphers(new HashSet<String>() { // from class: org.apache.pulsar.jetty.tls.JettySslContextFactoryTest.4
                {
                    add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
                }
            }).tlsProtocols(new HashSet<String>() { // from class: org.apache.pulsar.jetty.tls.JettySslContextFactoryTest.3
                {
                    add("TLSv1.3");
                }
            }).tlsTrustCertsFilePath(Resources.getResource("ssl/my-ca/ca.pem").getPath()).tlsCertificateFilePath(Resources.getResource("ssl/my-ca/server-ca.pem").getPath()).tlsKeyFilePath(Resources.getResource("ssl/my-ca/server-key.pem").getPath()).allowInsecureConnection(false).requireTrustedClientCertOnConnect(true).isHttps(true).tlsEnabledWithKeystore(false).build();
            DefaultPulsarSslFactory defaultPulsarSslFactory = new DefaultPulsarSslFactory();
            defaultPulsarSslFactory.initialize(build);
            defaultPulsarSslFactory.createInternalSslContext();
            SslContextFactory.Server createSslContextFactory = JettySslContextFactory.createSslContextFactory((String) null, defaultPulsarSslFactory, true, new HashSet<String>() { // from class: org.apache.pulsar.jetty.tls.JettySslContextFactoryTest.5
                {
                    add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
                }
            }, new HashSet<String>() { // from class: org.apache.pulsar.jetty.tls.JettySslContextFactoryTest.6
                {
                    add("TLSv1.3");
                }
            });
            createSslContextFactory.setHostnameVerifier((str, sSLSession) -> {
                return true;
            });
            ServerConnector serverConnector = new ServerConnector(server, createSslContextFactory);
            serverConnector.setPort(0);
            arrayList.add(serverConnector);
            server.setConnectors((Connector[]) arrayList.toArray(new ServerConnector[0]));
            server.start();
            HttpClientBuilder custom = HttpClients.custom();
            RegistryBuilder create = RegistryBuilder.create();
            create.register("https", new SSLConnectionSocketFactory(getClientSslContext(), new String[]{"TLSv1.2"}, new String[]{"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}, new NoopHostnameVerifier()));
            custom.setConnectionManager(new PoolingHttpClientConnectionManager(create.build()));
            CloseableHttpClient build2 = custom.build();
            try {
                build2.execute(new HttpGet("https://localhost:" + serverConnector.getLocalPort()));
                if (Collections.singletonList(build2).get(0) != null) {
                    build2.close();
                }
            } catch (Throwable th) {
                if (Collections.singletonList(build2).get(0) != null) {
                    build2.close();
                }
                throw th;
            }
        } finally {
            if (Collections.singletonList(server).get(0) != null) {
                server.stop();
            }
        }
    }

    private static SSLContext getClientSslContext() throws GeneralSecurityException, IOException {
        return SecurityUtility.createSslContext(false, Resources.getResource("ssl/my-ca/ca.pem").getPath(), Resources.getResource("ssl/my-ca/client-ca.pem").getPath(), Resources.getResource("ssl/my-ca/client-key.pem").getPath(), (String) null);
    }
}
