package org.apache.pulsar.jetty.tls;

import com.google.common.io.Resources;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.TrustManagerFactory;
import lombok.Generated;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.logging.log4j.Level;
import org.apache.logging.log4j.core.config.Configurator;
import org.apache.pulsar.common.util.DefaultPulsarSslFactory;
import org.apache.pulsar.common.util.PulsarSslConfiguration;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/pulsar/jetty/tls/JettySslContextFactoryWithKeyStoreTest.class */
public class JettySslContextFactoryWithKeyStoreTest {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(JettySslContextFactoryWithKeyStoreTest.class);
    static final String BROKEN_KEY_STORE_PATH = Resources.getResource("certificate-authority/jks/broker.keystore.jks").getPath();
    static final String BROKER_TRUST_STORE_PATH = Resources.getResource("certificate-authority/jks/broker.truststore.jks").getPath();
    static final String CLIENT_KEY_STORE_PATH = Resources.getResource("certificate-authority/jks/client.keystore.jks").getPath();
    static final String CLIENT_TRUST_STORE_PATH = Resources.getResource("certificate-authority/jks/client.truststore.jks").getPath();
    static final String KEY_STORE_TYPE = "JKS";
    static final String KEY_STORE_PASSWORD = "111111";

    @Test
    public void testJettyTlsServerTls() throws Exception {
        Server server = new Server();
        try {
            ArrayList arrayList = new ArrayList();
            PulsarSslConfiguration build = PulsarSslConfiguration.builder().tlsKeyStoreType(KEY_STORE_TYPE).tlsKeyStorePath(BROKEN_KEY_STORE_PATH).tlsKeyStorePassword(KEY_STORE_PASSWORD).tlsTrustStoreType(KEY_STORE_TYPE).tlsTrustStorePath(CLIENT_TRUST_STORE_PATH).tlsTrustStorePassword(KEY_STORE_PASSWORD).requireTrustedClientCertOnConnect(true).tlsEnabledWithKeystore(true).isHttps(true).build();
            DefaultPulsarSslFactory defaultPulsarSslFactory = new DefaultPulsarSslFactory();
            defaultPulsarSslFactory.initialize(build);
            defaultPulsarSslFactory.createInternalSslContext();
            SslContextFactory.Server createSslContextFactory = JettySslContextFactory.createSslContextFactory((String) null, defaultPulsarSslFactory, true, (Set) null, (Set) null);
            createSslContextFactory.setHostnameVerifier((str, sSLSession) -> {
                return true;
            });
            ServerConnector serverConnector = new ServerConnector(server, createSslContextFactory);
            serverConnector.setPort(0);
            arrayList.add(serverConnector);
            server.setConnectors((Connector[]) arrayList.toArray(new ServerConnector[0]));
            server.start();
            HttpClientBuilder custom = HttpClients.custom();
            RegistryBuilder create = RegistryBuilder.create();
            create.register("https", new SSLConnectionSocketFactory(getClientSslContext(), new NoopHostnameVerifier()));
            custom.setConnectionManager(new PoolingHttpClientConnectionManager(create.build()));
            CloseableHttpClient build2 = custom.build();
            try {
                build2.execute(new HttpGet("https://localhost:" + serverConnector.getLocalPort()));
                if (Collections.singletonList(build2).get(0) != null) {
                    build2.close();
                }
            } catch (Throwable th) {
                if (Collections.singletonList(build2).get(0) != null) {
                    build2.close();
                }
                throw th;
            }
        } finally {
            if (Collections.singletonList(server).get(0) != null) {
                server.stop();
            }
        }
    }

    @Test(expectedExceptions = {SSLHandshakeException.class})
    public void testJettyTlsServerInvalidTlsProtocol() throws Exception {
        Configurator.setRootLevel(Level.INFO);
        Server server = new Server();
        try {
            ArrayList arrayList = new ArrayList();
            PulsarSslConfiguration build = PulsarSslConfiguration.builder().tlsKeyStoreType(KEY_STORE_TYPE).tlsKeyStorePath(BROKEN_KEY_STORE_PATH).tlsKeyStorePassword(KEY_STORE_PASSWORD).tlsTrustStoreType(KEY_STORE_TYPE).tlsTrustStorePath(CLIENT_TRUST_STORE_PATH).tlsTrustStorePassword(KEY_STORE_PASSWORD).tlsProtocols(new HashSet<String>() { // from class: org.apache.pulsar.jetty.tls.JettySslContextFactoryWithKeyStoreTest.1
                {
                    add("TLSv1.3");
                }
            }).requireTrustedClientCertOnConnect(true).tlsEnabledWithKeystore(true).isHttps(true).build();
            DefaultPulsarSslFactory defaultPulsarSslFactory = new DefaultPulsarSslFactory();
            defaultPulsarSslFactory.initialize(build);
            defaultPulsarSslFactory.createInternalSslContext();
            SslContextFactory.Server createSslContextFactory = JettySslContextFactory.createSslContextFactory((String) null, defaultPulsarSslFactory, true, (Set) null, new HashSet<String>() { // from class: org.apache.pulsar.jetty.tls.JettySslContextFactoryWithKeyStoreTest.2
                {
                    add("TLSv1.3");
                }
            });
            createSslContextFactory.setHostnameVerifier((str, sSLSession) -> {
                return true;
            });
            ServerConnector serverConnector = new ServerConnector(server, createSslContextFactory);
            serverConnector.setPort(0);
            arrayList.add(serverConnector);
            server.setConnectors((Connector[]) arrayList.toArray(new ServerConnector[0]));
            server.start();
            HttpClientBuilder custom = HttpClients.custom();
            RegistryBuilder create = RegistryBuilder.create();
            create.register("https", new SSLConnectionSocketFactory(getClientSslContext(), new String[]{"TLSv1.2"}, (String[]) null, new NoopHostnameVerifier()));
            custom.setConnectionManager(new PoolingHttpClientConnectionManager(create.build()));
            CloseableHttpClient build2 = custom.build();
            try {
                build2.execute(new HttpGet("https://localhost:" + serverConnector.getLocalPort()));
                if (Collections.singletonList(build2).get(0) != null) {
                    build2.close();
                }
            } catch (Throwable th) {
                if (Collections.singletonList(build2).get(0) != null) {
                    build2.close();
                }
                throw th;
            }
        } finally {
            if (Collections.singletonList(server).get(0) != null) {
                server.stop();
            }
        }
    }

    @Test(expectedExceptions = {SSLHandshakeException.class})
    public void testJettyTlsServerInvalidCipher() throws Exception {
        Server server = new Server();
        try {
            ArrayList arrayList = new ArrayList();
            PulsarSslConfiguration build = PulsarSslConfiguration.builder().tlsKeyStoreType(KEY_STORE_TYPE).tlsKeyStorePath(BROKEN_KEY_STORE_PATH).tlsKeyStorePassword(KEY_STORE_PASSWORD).tlsTrustStoreType(KEY_STORE_TYPE).tlsTrustStorePath(CLIENT_TRUST_STORE_PATH).tlsTrustStorePassword(KEY_STORE_PASSWORD).tlsCiphers(new HashSet<String>() { // from class: org.apache.pulsar.jetty.tls.JettySslContextFactoryWithKeyStoreTest.4
                {
                    add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
                }
            }).tlsProtocols(new HashSet<String>() { // from class: org.apache.pulsar.jetty.tls.JettySslContextFactoryWithKeyStoreTest.3
                {
                    add("TLSv1.3");
                }
            }).requireTrustedClientCertOnConnect(true).tlsEnabledWithKeystore(true).isHttps(true).build();
            DefaultPulsarSslFactory defaultPulsarSslFactory = new DefaultPulsarSslFactory();
            defaultPulsarSslFactory.initialize(build);
            defaultPulsarSslFactory.createInternalSslContext();
            SslContextFactory.Server createSslContextFactory = JettySslContextFactory.createSslContextFactory((String) null, defaultPulsarSslFactory, true, new HashSet<String>() { // from class: org.apache.pulsar.jetty.tls.JettySslContextFactoryWithKeyStoreTest.5
                {
                    add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
                }
            }, new HashSet<String>() { // from class: org.apache.pulsar.jetty.tls.JettySslContextFactoryWithKeyStoreTest.6
                {
                    add("TLSv1.2");
                    add("TLSv1.3");
                }
            });
            createSslContextFactory.setHostnameVerifier((str, sSLSession) -> {
                return true;
            });
            ServerConnector serverConnector = new ServerConnector(server, createSslContextFactory);
            serverConnector.setPort(0);
            arrayList.add(serverConnector);
            server.setConnectors((Connector[]) arrayList.toArray(new ServerConnector[0]));
            server.start();
            HttpClientBuilder custom = HttpClients.custom();
            RegistryBuilder create = RegistryBuilder.create();
            create.register("https", new SSLConnectionSocketFactory(getClientSslContext(), new String[]{"TLSv1.2"}, new String[]{"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}, new NoopHostnameVerifier()));
            custom.setConnectionManager(new PoolingHttpClientConnectionManager(create.build()));
            CloseableHttpClient build2 = custom.build();
            try {
                build2.execute(new HttpGet("https://localhost:" + serverConnector.getLocalPort()));
                if (Collections.singletonList(build2).get(0) != null) {
                    build2.close();
                }
            } catch (Throwable th) {
                if (Collections.singletonList(build2).get(0) != null) {
                    build2.close();
                }
                throw th;
            }
        } finally {
            if (Collections.singletonList(server).get(0) != null) {
                server.stop();
            }
        }
    }

    private static SSLContext getClientSslContext() {
        return getSslContext(CLIENT_KEY_STORE_PATH, KEY_STORE_PASSWORD, BROKER_TRUST_STORE_PATH, KEY_STORE_PASSWORD);
    }

    private static SSLContext getSslContext(String str, String str2, String str3, String str4) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE);
            FileInputStream fileInputStream = new FileInputStream(str);
            try {
                keyStore.load(fileInputStream, str2.toCharArray());
                fileInputStream.close();
                keyManagerFactory.init(keyStore, str2.toCharArray());
                KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                KeyStore keyStore2 = KeyStore.getInstance(KEY_STORE_TYPE);
                fileInputStream = new FileInputStream(str3);
                try {
                    keyStore2.load(fileInputStream, str4.toCharArray());
                    fileInputStream.close();
                    trustManagerFactory.init(keyStore2);
                    sSLContext.init(keyManagers, trustManagerFactory.getTrustManagers(), new SecureRandom());
                    return sSLContext;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            log.error("load ssl context error ", e);
            return null;
        }
    }
}
