package io.vertx.tests;

import io.vertx.core.Handler;
import io.vertx.core.Promise;
import io.vertx.core.Vertx;
import io.vertx.core.http.ClientAuth;
import io.vertx.core.internal.logging.Logger;
import io.vertx.core.internal.logging.LoggerFactory;
import io.vertx.core.net.NetSocket;
import io.vertx.core.net.PfxOptions;
import io.vertx.ext.unit.Async;
import io.vertx.ext.unit.TestContext;
import io.vertx.ext.unit.junit.VertxUnitRunner;
import io.vertx.proton.ProtonClient;
import io.vertx.proton.ProtonClientOptions;
import io.vertx.proton.ProtonConnection;
import io.vertx.proton.ProtonServer;
import io.vertx.proton.ProtonServerOptions;
import io.vertx.proton.sasl.MechanismMismatchException;
import io.vertx.proton.sasl.ProtonSaslAuthenticator;
import java.util.concurrent.ExecutionException;
import javax.security.sasl.AuthenticationException;
import org.apache.qpid.proton.engine.Sasl;
import org.apache.qpid.proton.engine.Transport;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;

@RunWith(VertxUnitRunner.class)
/* loaded from: input_file:io/vertx/tests/ProtonClientSaslTest.class */
public class ProtonClientSaslTest extends ActiveMQTestBase {
    private static Logger LOG = LoggerFactory.getLogger(ProtonClientSaslTest.class);
    private static final String SERVER_KEYSTORE = "src/test/resources/broker-pkcs12.keystore";
    private static final String TRUSTSTORE = "src/test/resources/client-pkcs12.truststore";
    private static final String KEYSTORE_CLIENT = "src/test/resources/client-pkcs12.keystore";
    private static final String STORE_PASSWORD = "password";
    private Vertx vertx;
    private ProtonServer protonServer;
    private boolean anonymousAccessAllowed = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/vertx/tests/ProtonClientSaslTest$TestExternalAuthenticator.class */
    public static final class TestExternalAuthenticator implements ProtonSaslAuthenticator {
        private Sasl sasl;
        private String[] offeredMechs;
        private String chosenMech = null;
        boolean succeeded = false;
        NetSocket socket;

        public TestExternalAuthenticator(String... strArr) {
            this.offeredMechs = strArr;
        }

        public void init(NetSocket netSocket, ProtonConnection protonConnection, Transport transport) {
            this.socket = netSocket;
            this.sasl = transport.sasl();
            this.sasl.server();
            this.sasl.allowSkip(false);
            this.sasl.setMechanisms(this.offeredMechs);
        }

        public void process(Handler<Boolean> handler) {
            boolean z = false;
            String[] remoteMechanisms = this.sasl.getRemoteMechanisms();
            if (remoteMechanisms.length > 0) {
                this.chosenMech = remoteMechanisms[0];
                byte[] bArr = new byte[this.sasl.pending()];
                this.sasl.recv(bArr, 0, bArr.length);
                this.sasl.done(Sasl.SaslOutcome.PN_SASL_OK);
                this.succeeded = true;
                z = true;
            }
            handler.handle(Boolean.valueOf(z));
        }

        public boolean succeeded() {
            return this.succeeded;
        }

        public String getChosenMech() {
            return this.chosenMech;
        }

        public NetSocket getClientSocket() {
            return this.socket;
        }
    }

    @Override // io.vertx.tests.ActiveMQTestBase
    @Before
    public void setUp() throws Exception {
        super.setUp();
        this.vertx = Vertx.vertx();
    }

    @Override // io.vertx.tests.ActiveMQTestBase
    @After
    public void tearDown() throws Exception {
        try {
            super.tearDown();
            try {
                if (this.protonServer != null) {
                    this.protonServer.close();
                }
            } finally {
                if (this.vertx != null) {
                    this.vertx.close();
                }
            }
        } catch (Throwable th) {
            try {
                if (this.protonServer != null) {
                    this.protonServer.close();
                }
                if (this.vertx != null) {
                    this.vertx.close();
                }
                throw th;
            } finally {
                if (this.vertx != null) {
                    this.vertx.close();
                }
            }
        }
    }

    @Override // io.vertx.tests.ActiveMQTestBase
    protected boolean isAnonymousAccessAllowed() {
        return this.anonymousAccessAllowed;
    }

    @Test(timeout = 20000)
    public void testConnectWithValidUserPassSucceeds(TestContext testContext) throws Exception {
        doConnectWithGivenCredentialsTestImpl(testContext, ActiveMQTestBase.USERNAME_GUEST, ActiveMQTestBase.PASSWORD_GUEST, null);
    }

    @Test(timeout = 20000)
    public void testConnectWithInvalidUserPassFails(TestContext testContext) throws Exception {
        doConnectWithGivenCredentialsTestImpl(testContext, ActiveMQTestBase.USERNAME_GUEST, "wrongpassword", AuthenticationException.class);
    }

    @Test(timeout = 20000)
    public void testConnectAnonymousWithoutUserPass(TestContext testContext) throws Exception {
        doConnectWithGivenCredentialsTestImpl(testContext, null, null, AuthenticationException.class);
        this.anonymousAccessAllowed = true;
        restartBroker();
        doConnectWithGivenCredentialsTestImpl(testContext, null, null, null);
    }

    @Test(timeout = 20000)
    public void testRestrictSaslMechanisms(TestContext testContext) throws Exception {
        ProtonClientOptions protonClientOptions = new ProtonClientOptions();
        doConnectWithGivenCredentialsTestImpl(testContext, protonClientOptions, ActiveMQTestBase.USERNAME_GUEST, "wrongpassword", AuthenticationException.class);
        this.anonymousAccessAllowed = true;
        restartBroker();
        doConnectWithGivenCredentialsTestImpl(testContext, protonClientOptions, ActiveMQTestBase.USERNAME_GUEST, "wrongpassword", AuthenticationException.class);
        protonClientOptions.addEnabledSaslMechanism("ANONYMOUS");
        doConnectWithGivenCredentialsTestImpl(testContext, protonClientOptions, ActiveMQTestBase.USERNAME_GUEST, "wrongpassword", null);
    }

    @Test(timeout = 20000)
    public void testConnectWithUnsupportedSaslMechanisms(TestContext testContext) throws Exception {
        ProtonClientOptions protonClientOptions = new ProtonClientOptions();
        protonClientOptions.addEnabledSaslMechanism("NON_EXISTING");
        doConnectWithGivenCredentialsTestImpl(testContext, protonClientOptions, ActiveMQTestBase.USERNAME_GUEST, "wrongpassword", MechanismMismatchException.class);
    }

    private void doConnectWithGivenCredentialsTestImpl(TestContext testContext, String str, String str2, Class<?> cls) {
        doConnectWithGivenCredentialsTestImpl(testContext, new ProtonClientOptions(), str, str2, cls);
    }

    private void doConnectWithGivenCredentialsTestImpl(TestContext testContext, ProtonClientOptions protonClientOptions, String str, String str2, Class<?> cls) {
        Async async = testContext.async();
        ProtonClient.create(this.vertx).connect(protonClientOptions, "localhost", getBrokerAmqpConnectorPort(), str, str2, asyncResult -> {
            if (cls == null) {
                testContext.assertTrue(asyncResult.succeeded());
                ((ProtonConnection) asyncResult.result()).openHandler(asyncResult -> {
                    testContext.assertTrue(asyncResult.succeeded());
                    LOG.trace("Client connection open");
                    async.complete();
                }).open();
            } else {
                testContext.assertFalse(asyncResult.succeeded());
                testContext.assertTrue(cls.isInstance(asyncResult.cause()));
                LOG.trace("Connect failed: " + asyncResult.cause().getMessage());
                async.complete();
            }
        });
        async.awaitSuccess();
    }

    @Test(timeout = 20000)
    public void testConnectWithSslWithClientCertSelectsOfferedExternalSaslMech(TestContext testContext) throws Exception {
        doExternalMechTestImpl(testContext, true);
    }

    @Test(timeout = 20000)
    public void testConnectWithSslWithoutClientCertIgnoresOfferedExternalSaslMech(TestContext testContext) throws Exception {
        doExternalMechTestImpl(testContext, false);
    }

    private void doExternalMechTestImpl(TestContext testContext, boolean z) throws Exception {
        stopBroker();
        Async async = testContext.async();
        ProtonServerOptions protonServerOptions = new ProtonServerOptions();
        protonServerOptions.setSsl(true);
        protonServerOptions.setClientAuth(z ? ClientAuth.REQUIRED : ClientAuth.NONE);
        protonServerOptions.setKeyCertOptions(new PfxOptions().setPath(SERVER_KEYSTORE).setPassword(STORE_PASSWORD));
        PfxOptions password = new PfxOptions().setPath(TRUSTSTORE).setPassword(STORE_PASSWORD);
        protonServerOptions.setTrustOptions(password);
        TestExternalAuthenticator testExternalAuthenticator = new TestExternalAuthenticator("EXTERNAL", "PLAIN", "ANONYMOUS");
        this.protonServer = createTestServer(protonServerOptions, testExternalAuthenticator);
        ProtonClientOptions protonClientOptions = new ProtonClientOptions();
        protonClientOptions.setSsl(true);
        protonClientOptions.setTrustOptions(password);
        if (z) {
            protonClientOptions.setKeyCertOptions(new PfxOptions().setPath(KEYSTORE_CLIENT).setPassword(STORE_PASSWORD));
        }
        ProtonClient.create(this.vertx).connect(protonClientOptions, "localhost", this.protonServer.actualPort(), asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            async.complete();
        });
        async.awaitSuccess();
        if (!z) {
            testContext.assertEquals("ANONYMOUS", testExternalAuthenticator.getChosenMech());
        } else {
            testContext.assertEquals("EXTERNAL", testExternalAuthenticator.getChosenMech());
            testContext.assertNotNull(testExternalAuthenticator.getClientSocket().sslSession().getPeerPrincipal());
        }
    }

    private ProtonServer createTestServer(ProtonServerOptions protonServerOptions, TestExternalAuthenticator testExternalAuthenticator) throws InterruptedException, ExecutionException {
        ProtonServer create = ProtonServer.create(this.vertx, protonServerOptions);
        create.connectHandler(protonConnection -> {
            protonConnection.closeHandler(asyncResult -> {
                protonConnection.close();
                protonConnection.disconnect();
            });
            protonConnection.openHandler(asyncResult2 -> {
                protonConnection.open();
            });
        });
        create.saslAuthenticatorFactory(() -> {
            return testExternalAuthenticator;
        });
        Promise promise = Promise.promise();
        create.listen(0, asyncResult -> {
            if (asyncResult.succeeded()) {
                promise.complete((ProtonServer) asyncResult.result());
            } else {
                promise.fail(asyncResult.cause());
            }
        });
        return (ProtonServer) promise.future().await();
    }
}
