package org.infinispan.server.security;

import java.util.concurrent.CompletionStage;
import org.infinispan.client.hotrod.RemoteCache;
import org.infinispan.client.hotrod.configuration.ConfigurationBuilder;
import org.infinispan.client.hotrod.exceptions.TransportException;
import org.infinispan.client.rest.RestCacheClient;
import org.infinispan.client.rest.RestResponse;
import org.infinispan.client.rest.configuration.Protocol;
import org.infinispan.client.rest.configuration.RestClientConfigurationBuilder;
import org.infinispan.commons.dataconversion.internal.Json;
import org.infinispan.commons.test.Exceptions;
import org.infinispan.commons.util.concurrent.CompletionStages;
import org.infinispan.configuration.cache.CacheMode;
import org.infinispan.rest.assertion.ResponseAssertion;
import org.infinispan.server.test.core.Common;
import org.infinispan.server.test.core.tags.Security;
import org.infinispan.server.test.junit5.InfinispanServerExtension;
import org.infinispan.server.test.junit5.InfinispanServerExtensionBuilder;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

@Security
/* loaded from: input_file:org/infinispan/server/security/AuthenticationCertIT.class */
public class AuthenticationCertIT {

    @RegisterExtension
    public static InfinispanServerExtension SERVERS = InfinispanServerExtensionBuilder.config("configuration/AuthenticationServerTrustTest.xml").build();

    @Test
    public void testTrustedCertificateHotRod() {
        ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
        configurationBuilder.maxRetries(1).connectionPool().maxActive(1);
        SERVERS.getServerDriver().applyTrustStore(configurationBuilder, "ca.pfx");
        SERVERS.getServerDriver().applyKeyStore(configurationBuilder, "admin.pfx");
        configurationBuilder.security().ssl().sniHostName("infinispan.test");
        configurationBuilder.security().authentication().saslMechanism("EXTERNAL").serverName(AbstractAuthenticationKeyCloak.INFINISPAN_REALM).realm("default");
        RemoteCache create = SERVERS.hotrod().withClientConfiguration(configurationBuilder).withCacheMode(CacheMode.DIST_SYNC).create();
        create.put("k1", "v1");
        Assertions.assertEquals(1, create.size());
        Assertions.assertEquals("v1", create.get("k1"));
    }

    @Test
    public void testUntrustedCertificateHotRod() {
        ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
        configurationBuilder.maxRetries(1).connectionPool().maxActive(1);
        SERVERS.getServerDriver().applyTrustStore(configurationBuilder, "ca.pfx");
        SERVERS.getServerDriver().applyKeyStore(configurationBuilder, "untrusted.pfx");
        configurationBuilder.security().ssl().sniHostName("infinispan.test");
        configurationBuilder.security().authentication().saslMechanism("EXTERNAL").serverName(AbstractAuthenticationKeyCloak.INFINISPAN_REALM).realm("default");
        Exceptions.expectException(TransportException.class, () -> {
            SERVERS.hotrod().withClientConfiguration(configurationBuilder).withCacheMode(CacheMode.DIST_SYNC).create();
        });
    }

    @Test
    public void testTrustedCertificateREST_HTTP11() {
        testTrustedCertificateREST(Protocol.HTTP_11);
    }

    @Test
    public void testTrustedCertificateREST_HTTP20() {
        testTrustedCertificateREST(Protocol.HTTP_20);
    }

    private void testTrustedCertificateREST(Protocol protocol) {
        RestClientConfigurationBuilder restClientConfigurationBuilder = new RestClientConfigurationBuilder();
        SERVERS.getServerDriver().applyTrustStore(restClientConfigurationBuilder, "ca.pfx");
        SERVERS.getServerDriver().applyKeyStore(restClientConfigurationBuilder, "admin.pfx");
        restClientConfigurationBuilder.protocol(protocol).security().authentication().ssl().sniHostName(AbstractAuthenticationKeyCloak.INFINISPAN_REALM).hostnameVerifier((str, sSLSession) -> {
            return true;
        }).connectionTimeout(120000L).socketTimeout(120000L);
        RestCacheClient cache = SERVERS.rest().withClientConfiguration(restClientConfigurationBuilder).withCacheMode(CacheMode.DIST_SYNC).create().cache(SERVERS.getMethodName());
        Common.assertStatus(204, cache.put("k1", "v1"));
        Common.assertStatusAndBodyContains(200, "1", cache.size());
        Common.assertStatusAndBodyContains(200, "v1", cache.get("k1"));
    }

    @Test
    public void overviewReport() {
        RestClientConfigurationBuilder restClientConfigurationBuilder = new RestClientConfigurationBuilder();
        SERVERS.getServerDriver().applyTrustStore(restClientConfigurationBuilder, "ca.pfx");
        SERVERS.getServerDriver().applyKeyStore(restClientConfigurationBuilder, "admin.pfx");
        restClientConfigurationBuilder.protocol(Protocol.HTTP_20).security().authentication().ssl().sniHostName(AbstractAuthenticationKeyCloak.INFINISPAN_REALM).hostnameVerifier((str, sSLSession) -> {
            return true;
        }).connectionTimeout(120000L).socketTimeout(120000L);
        CompletionStage overviewReport = SERVERS.rest().withClientConfiguration(restClientConfigurationBuilder).withCacheMode(CacheMode.DIST_SYNC).create().server().overviewReport();
        ResponseAssertion.assertThat(overviewReport).isOk();
        Json at = Json.read(((RestResponse) CompletionStages.join(overviewReport)).body()).at("security");
        org.assertj.core.api.Assertions.assertThat(at.at("security-realms").at("default").at("tls").asString()).isEqualTo("CLIENT");
        org.assertj.core.api.Assertions.assertThat(at.at("tls-endpoints").asJsonList()).extracting((v0) -> {
            return v0.asString();
        }).containsExactly(new String[]{"endpoint-default-default"});
    }
}
