package org.infinispan.server.security.authorization;

import io.vertx.core.net.JdkSSLEngineOptions;
import io.vertx.core.net.PfxOptions;
import io.vertx.redis.client.RedisClientType;
import io.vertx.redis.client.RedisOptions;
import org.infinispan.client.hotrod.configuration.ConfigurationBuilder;
import org.infinispan.client.rest.configuration.RestClientConfigurationBuilder;
import org.infinispan.server.functional.ClusteredIT;
import org.infinispan.server.security.AbstractAuthenticationKeyCloak;
import org.infinispan.server.test.api.TestUser;
import org.infinispan.server.test.core.ServerRunMode;
import org.infinispan.server.test.core.tags.Security;
import org.infinispan.server.test.junit5.InfinispanServerExtension;
import org.infinispan.server.test.junit5.InfinispanServerExtensionBuilder;
import org.infinispan.server.test.junit5.InfinispanSuite;
import org.junit.jupiter.api.extension.RegisterExtension;
import org.junit.platform.suite.api.SelectClasses;
import org.junit.platform.suite.api.Suite;

@SelectClasses({HotRod.class, Resp.class, Rest.class})
@Suite(failIfNoTests = false)
@Security
/* loaded from: input_file:org/infinispan/server/security/authorization/AuthorizationCertIT.class */
public class AuthorizationCertIT extends InfinispanSuite {

    @RegisterExtension
    public static InfinispanServerExtension SERVERS = InfinispanServerExtensionBuilder.config("configuration/AuthorizationCertTest.xml").runMode(ServerRunMode.CONTAINER).mavenArtifacts(ClusteredIT.mavenArtifacts()).artifacts(ClusteredIT.artifacts()).build();

    /* loaded from: input_file:org/infinispan/server/security/authorization/AuthorizationCertIT$HotRod.class */
    static class HotRod extends HotRodAuthorizationTest {

        @RegisterExtension
        static InfinispanServerExtension SERVERS = AuthorizationCertIT.SERVERS;

        public HotRod() {
            super(SERVERS, AuthorizationCertIT::expectedServerPrincipalName, testUser -> {
                ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
                SERVERS.getServerDriver().applyTrustStore(configurationBuilder, "ca.pfx");
                if (testUser == TestUser.ANONYMOUS) {
                    SERVERS.getServerDriver().applyKeyStore(configurationBuilder, "server.pfx");
                } else {
                    SERVERS.getServerDriver().applyKeyStore(configurationBuilder, testUser.getUser() + ".pfx");
                }
                configurationBuilder.security().ssl().sniHostName("infinispan.test").authentication().saslMechanism("EXTERNAL").serverName(AbstractAuthenticationKeyCloak.INFINISPAN_REALM).realm("default");
                return configurationBuilder;
            });
        }
    }

    /* loaded from: input_file:org/infinispan/server/security/authorization/AuthorizationCertIT$Resp.class */
    static class Resp extends RESPAuthorizationTest {

        @RegisterExtension
        static InfinispanServerExtension SERVERS = AuthorizationCertIT.SERVERS;

        public Resp() {
            super(SERVERS, true, AuthorizationCertIT::expectedServerPrincipalName, testUser -> {
                int numServers = SERVERS.getServerDriver().getConfiguration().numServers();
                RedisOptions poolName = new RedisOptions().setPoolName("pool-" + testUser.getUser());
                RedisOptions type = numServers > 1 ? poolName.setType(RedisClientType.CLUSTER) : poolName.setType(RedisClientType.STANDALONE);
                for (int i = 0; i < numServers; i++) {
                    type = type.addConnectionString(redisURI(SERVERS.getServerDriver().getServerSocket(i, 11222), null, testUser != TestUser.ANONYMOUS));
                }
                type.getNetClientOptions().setTrustAll(true).setSsl(true).setSslEngineOptions(new JdkSSLEngineOptions()).setKeyCertOptions(testUser == TestUser.ANONYMOUS ? new PfxOptions().setPath(SERVERS.getServerDriver().getCertificateFile("server.pfx").getPath()).setPassword("secret") : new PfxOptions().setPath(SERVERS.getServerDriver().getCertificateFile(testUser.getUser() + ".pfx").getPath()).setPassword("secret")).setTrustOptions(new PfxOptions().setPath(SERVERS.getServerDriver().getCertificateFile("ca.pfx").getPath()).setPassword("secret")).setHostnameVerificationAlgorithm("");
                return type;
            });
        }
    }

    /* loaded from: input_file:org/infinispan/server/security/authorization/AuthorizationCertIT$Rest.class */
    static class Rest extends RESTAuthorizationTest {

        @RegisterExtension
        static InfinispanServerExtension SERVERS = AuthorizationCertIT.SERVERS;

        public Rest() {
            super(SERVERS, AuthorizationCertIT::expectedServerPrincipalName, testUser -> {
                RestClientConfigurationBuilder restClientConfigurationBuilder = new RestClientConfigurationBuilder();
                SERVERS.getServerDriver().applyTrustStore(restClientConfigurationBuilder, "ca.pfx");
                if (testUser == TestUser.ANONYMOUS) {
                    SERVERS.getServerDriver().applyKeyStore(restClientConfigurationBuilder, "server.pfx");
                } else {
                    SERVERS.getServerDriver().applyKeyStore(restClientConfigurationBuilder, testUser.getUser() + ".pfx");
                }
                restClientConfigurationBuilder.security().authentication().ssl().sniHostName(AbstractAuthenticationKeyCloak.INFINISPAN_REALM).hostnameVerifier((str, sSLSession) -> {
                    return true;
                }).connectionTimeout(120000L).socketTimeout(120000L);
                return restClientConfigurationBuilder;
            });
        }
    }

    private static String expectedServerPrincipalName(TestUser testUser) {
        return String.format("CN=%s,OU=Infinispan,O=JBoss,L=Red Hat", testUser.getUser());
    }
}
