package io.vertx.amqp.tests;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.IdentityCipherSuiteFilter;
import io.netty.handler.ssl.JdkSslContext;
import io.netty.handler.ssl.SslContext;
import io.vertx.amqp.AmqpClient;
import io.vertx.amqp.AmqpClientOptions;
import io.vertx.core.net.JdkSSLEngineOptions;
import io.vertx.core.net.PfxOptions;
import io.vertx.core.spi.tls.SslContextFactory;
import io.vertx.ext.unit.Async;
import io.vertx.ext.unit.TestContext;
import io.vertx.proton.ProtonConnection;
import io.vertx.proton.ProtonServerOptions;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.StandardOpenOption;
import java.security.KeyStore;
import java.util.concurrent.ExecutionException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import org.apache.qpid.proton.amqp.messaging.Source;
import org.apache.qpid.proton.amqp.transport.Target;
import org.junit.After;
import org.junit.Test;

/* loaded from: input_file:io/vertx/amqp/tests/SSLTest.class */
public class SSLTest extends BareTestBase {
    private static final String PASSWORD = "password";
    private static final String KEYSTORE = "src/test/resources/broker-pkcs12.keystore";
    private static final String WRONG_HOST_KEYSTORE = "src/test/resources/broker-wrong-host-pkcs12.keystore";
    private static final String TRUSTSTORE = "src/test/resources/client-pkcs12.truststore";
    private static final String KEYSTORE_CLIENT = "src/test/resources/client-pkcs12.keystore";
    private static final String OTHER_CA_TRUSTSTORE = "src/test/resources/other-ca-pkcs12.truststore";
    private static final String VERIFY_HTTPS = "HTTPS";
    private static final String NO_VERIFY = "";
    private MockServer server;

    @After
    public void cleanup() {
        if (this.server != null) {
            this.server.close();
        }
    }

    @Test(timeout = 20000)
    public void testConnectWithSslSucceeds(TestContext testContext) throws Exception {
        Async async = testContext.async();
        ProtonServerOptions protonServerOptions = new ProtonServerOptions();
        protonServerOptions.setSsl(true);
        protonServerOptions.setKeyCertOptions(new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD));
        this.server = new MockServer(this.vertx, protonConnection -> {
            handleStartupProcess(protonConnection, testContext);
        }, protonServerOptions);
        AmqpClient.create(this.vertx, new AmqpClientOptions().setSsl(true).setHost("localhost").setPort(this.server.actualPort()).setTrustOptions(new PfxOptions().setPath(TRUSTSTORE).setPassword(PASSWORD))).connect().onComplete(testContext.asyncAssertSuccess(amqpConnection -> {
            async.complete();
        }));
        async.awaitSuccess();
    }

    @Test(timeout = 20000)
    public void testConnectWithSuppliedSslContextSucceeds(TestContext testContext) throws Exception {
        Async async = testContext.async();
        ProtonServerOptions protonServerOptions = new ProtonServerOptions();
        protonServerOptions.setSsl(true);
        protonServerOptions.setKeyCertOptions(new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD));
        this.server = new MockServer(this.vertx, protonConnection -> {
            handleStartupProcess(protonConnection, testContext);
        }, protonServerOptions);
        InputStream newInputStream = Files.newInputStream(Paths.get(".", new String[0]).resolve(TRUSTSTORE), StandardOpenOption.READ);
        try {
            KeyStore keyStore = KeyStore.getInstance("pkcs12");
            keyStore.load(newInputStream, PASSWORD.toCharArray());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            if (newInputStream != null) {
                newInputStream.close();
            }
            final SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
            AmqpClient.create(this.vertx, new AmqpClientOptions().setSsl(true).setHost("localhost").setPort(this.server.actualPort()).setSslEngineOptions(new JdkSSLEngineOptions() { // from class: io.vertx.amqp.tests.SSLTest.1
                public SslContextFactory sslContextFactory() {
                    return new SslContextFactory() { // from class: io.vertx.amqp.tests.SSLTest.1.1
                        public SslContext create() throws SSLException {
                            return new JdkSslContext(sSLContext, true, (Iterable) null, IdentityCipherSuiteFilter.INSTANCE, ApplicationProtocolConfig.DISABLED, ClientAuth.NONE, (String[]) null, false);
                        }
                    };
                }
            })).connect().onComplete(testContext.asyncAssertSuccess(amqpConnection -> {
                async.complete();
            }));
            async.awaitSuccess();
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test(timeout = 20000)
    public void testConnectWithSslToNonSslServerFails(TestContext testContext) throws Exception {
        Async async = testContext.async();
        ProtonServerOptions protonServerOptions = new ProtonServerOptions();
        protonServerOptions.setSsl(false);
        this.server = new MockServer(this.vertx, protonConnection -> {
            handleStartupProcess(protonConnection, testContext);
        }, protonServerOptions);
        AmqpClient.create(this.vertx, new AmqpClientOptions().setSsl(true).setHost("localhost").setPort(this.server.actualPort()).setTrustOptions(new PfxOptions().setPath(TRUSTSTORE).setPassword(PASSWORD))).connect().onComplete(testContext.asyncAssertFailure(th -> {
            async.complete();
        }));
        async.awaitSuccess();
    }

    @Test(timeout = 20000)
    public void testConnectWithSslToServerWithUntrustedKeyFails(TestContext testContext) throws Exception {
        Async async = testContext.async();
        ProtonServerOptions protonServerOptions = new ProtonServerOptions();
        protonServerOptions.setSsl(true);
        protonServerOptions.setKeyCertOptions(new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD));
        this.server = new MockServer(this.vertx, protonConnection -> {
            handleStartupProcess(protonConnection, testContext);
        }, protonServerOptions);
        AmqpClientOptions amqpClientOptions = new AmqpClientOptions();
        amqpClientOptions.setSsl(true).setHost("localhost").setPort(this.server.actualPort()).setTrustOptions(new PfxOptions().setPath(OTHER_CA_TRUSTSTORE).setPassword(PASSWORD));
        this.client = AmqpClient.create(this.vertx, amqpClientOptions);
        this.client.connect().onComplete(testContext.asyncAssertFailure(th -> {
            async.complete();
        }));
        async.awaitSuccess();
    }

    @Test(timeout = 20000)
    public void testConnectWithSslToServerWhileUsingTrustAll(TestContext testContext) throws Exception {
        Async async = testContext.async();
        ProtonServerOptions protonServerOptions = new ProtonServerOptions();
        protonServerOptions.setSsl(true);
        protonServerOptions.setKeyCertOptions(new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD));
        this.server = new MockServer(this.vertx, protonConnection -> {
            handleStartupProcess(protonConnection, testContext);
        }, protonServerOptions);
        this.client = AmqpClient.create(this.vertx, new AmqpClientOptions().setHost("localhost").setPort(this.server.actualPort()).setSsl(true).setTrustAll(true));
        this.client.connect().onComplete(testContext.asyncAssertSuccess(amqpConnection -> {
            async.complete();
        }));
        async.awaitSuccess();
    }

    private void handleStartupProcess(ProtonConnection protonConnection, TestContext testContext) {
        protonConnection.openHandler(asyncResult -> {
            protonConnection.open();
        });
        protonConnection.closeHandler(asyncResult2 -> {
            protonConnection.close();
        });
        protonConnection.sessionOpenHandler((v0) -> {
            v0.open();
        });
        protonConnection.receiverOpenHandler(protonReceiver -> {
            Target remoteTarget = protonReceiver.getRemoteTarget();
            testContext.assertNotNull(remoteTarget, "target should not be null");
            testContext.assertNull(remoteTarget.getAddress(), "expected null address");
            protonReceiver.setTarget(remoteTarget);
            protonReceiver.open();
        });
        protonConnection.senderOpenHandler(protonSender -> {
            Source remoteSource = protonSender.getRemoteSource();
            testContext.assertNotNull(remoteSource, "source should not be null");
            testContext.assertTrue(remoteSource.getDynamic(), "source should be dynamic");
            testContext.assertNull(remoteSource.getAddress(), "expected null address");
            Source copy = remoteSource.copy();
            copy.setAddress("should-be-random-generated-address");
            protonSender.setSource(copy);
            protonSender.open();
        });
    }

    @Test(timeout = 20000)
    public void testConnectWithSslWithoutRequiredClientKeyFails(TestContext testContext) throws Exception {
        doClientCertificateTestImpl(testContext, false);
    }

    @Test(timeout = 20000)
    public void testConnectWithSslWithRequiredClientKeySucceeds(TestContext testContext) throws Exception {
        doClientCertificateTestImpl(testContext, true);
    }

    private void doClientCertificateTestImpl(TestContext testContext, boolean z) throws InterruptedException, ExecutionException {
        Async async = testContext.async();
        ProtonServerOptions protonServerOptions = new ProtonServerOptions();
        protonServerOptions.setSsl(true);
        protonServerOptions.setClientAuth(io.vertx.core.http.ClientAuth.REQUIRED);
        protonServerOptions.setKeyCertOptions(new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD));
        PfxOptions password = new PfxOptions().setPath(TRUSTSTORE).setPassword(PASSWORD);
        protonServerOptions.setTrustOptions(password);
        this.server = new MockServer(this.vertx, protonConnection -> {
            handleStartupProcess(protonConnection, testContext);
        }, protonServerOptions);
        AmqpClientOptions trustOptions = new AmqpClientOptions().setHost("localhost").setPort(this.server.actualPort()).setSsl(true).setTrustOptions(password);
        if (z) {
            trustOptions.setKeyCertOptions(new PfxOptions().setPath(KEYSTORE_CLIENT).setPassword(PASSWORD));
        }
        this.client = AmqpClient.create(this.vertx, trustOptions);
        this.client.connect().onComplete(asyncResult -> {
            if (z) {
                testContext.assertTrue(asyncResult.succeeded(), "expected start to succeed due to supplying client certs");
            } else {
                testContext.assertFalse(asyncResult.succeeded(), "expected start to fail due to withholding client cert");
            }
            async.complete();
        });
        async.awaitSuccess();
    }

    @Test(timeout = 20000)
    public void testConnectWithHostnameVerification(TestContext testContext) throws Exception {
        doHostnameVerificationTestImpl(testContext, true);
    }

    @Test(timeout = 20000)
    public void testConnectWithoutHostnameVerification(TestContext testContext) throws Exception {
        doHostnameVerificationTestImpl(testContext, false);
    }

    private void doHostnameVerificationTestImpl(TestContext testContext, boolean z) throws Exception {
        Async async = testContext.async();
        ProtonServerOptions protonServerOptions = new ProtonServerOptions();
        protonServerOptions.setSsl(true);
        protonServerOptions.setKeyCertOptions(new PfxOptions().setPath(WRONG_HOST_KEYSTORE).setPassword(PASSWORD));
        this.server = new MockServer(this.vertx, protonConnection -> {
            handleStartupProcess(protonConnection, testContext);
        }, protonServerOptions);
        AmqpClientOptions trustOptions = new AmqpClientOptions().setHost("localhost").setPort(this.server.actualPort()).setSsl(true).setTrustOptions(new PfxOptions().setPath(TRUSTSTORE).setPassword(PASSWORD));
        testContext.assertEquals(VERIFY_HTTPS, trustOptions.getHostnameVerificationAlgorithm(), "expected host verification to be on by default");
        if (!z) {
            trustOptions.setHostnameVerificationAlgorithm(NO_VERIFY);
        }
        this.client = AmqpClient.create(this.vertx, trustOptions);
        this.client.connect().onComplete(asyncResult -> {
            if (z) {
                testContext.assertFalse(asyncResult.succeeded(), "expected start to fail due to server cert not matching hostname");
            } else {
                testContext.assertTrue(asyncResult.succeeded(), "expected start to succeed due to not verifying server hostname");
            }
            async.complete();
        });
        async.awaitSuccess();
    }
}
