package org.apache.activemq.artemis.tests.integration.ssl;

import java.io.File;
import java.lang.management.ManagementFactory;
import java.net.URL;
import java.util.HashMap;
import java.util.HashSet;
import org.apache.activemq.artemis.api.core.ActiveMQSecurityException;
import org.apache.activemq.artemis.api.core.RoutingType;
import org.apache.activemq.artemis.api.core.SimpleString;
import org.apache.activemq.artemis.api.core.TransportConfiguration;
import org.apache.activemq.artemis.api.core.client.ActiveMQClient;
import org.apache.activemq.artemis.api.core.client.ClientConsumer;
import org.apache.activemq.artemis.api.core.client.ClientMessage;
import org.apache.activemq.artemis.api.core.client.ClientProducer;
import org.apache.activemq.artemis.api.core.client.ClientSession;
import org.apache.activemq.artemis.api.core.client.ClientSessionFactory;
import org.apache.activemq.artemis.api.core.client.ServerLocator;
import org.apache.activemq.artemis.core.config.impl.ConfigurationImpl;
import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.core.server.ActiveMQServer;
import org.apache.activemq.artemis.core.server.ActiveMQServers;
import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
import org.apache.activemq.artemis.tests.util.ActiveMQTestBase;
import org.apache.activemq.artemis.utils.RandomUtil;
import org.apache.hadoop.minikdc.MiniKdc;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLKerb5Test.class */
public class CoreClientOverOneWaySSLKerb5Test extends ActiveMQTestBase {
    public static final SimpleString QUEUE = new SimpleString("QueueOverKrb5SSL");
    public static final String CLIENT_PRINCIPAL = "client";
    public static final String SNI_HOST = "sni.host";
    public static final String SERVICE_PRINCIPAL = "host/sni.host";
    private MiniKdc kdc;
    private ActiveMQServer server;
    private TransportConfiguration tc;
    private TransportConfiguration inVMTc;
    private String userPrincipal;

    @Test
    public void testOneWaySSLWithGoodClientCipherSuite() throws Exception {
        this.kdc.createPrincipal(new File("target/test.krb5.keytab"), new String[]{CLIENT_PRINCIPAL, SERVICE_PRINCIPAL});
        createCustomSslServer();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("enabledCipherSuites", getSuitableCipherSuite());
        this.tc.getParams().put("sniHost", SNI_HOST);
        this.tc.getParams().put("sslKrb5Config", "core-tls-krb5-client");
        ServerLocator addServerLocator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc}));
        ClientSessionFactory clientSessionFactory = null;
        try {
            try {
                clientSessionFactory = createSessionFactory(addServerLocator);
                ClientSession createSession = clientSessionFactory.createSession(false, true, true);
                createSession.createQueue(QUEUE, RoutingType.ANYCAST, QUEUE);
                ClientProducer createProducer = createSession.createProducer(QUEUE);
                String randomString = RandomUtil.randomString();
                createProducer.send(createTextMessage(createSession, randomString));
                ClientConsumer createConsumer = createSession.createConsumer(QUEUE);
                createSession.start();
                ClientMessage receive = createConsumer.receive(1000L);
                Assert.assertNotNull(receive);
                Assert.assertEquals(randomString, receive.getReadOnlyBodyBuffer().readString());
                System.err.println("m:" + receive + ", user:" + receive.getValidatedUserID());
                Assert.assertNotNull("got validated user", receive.getValidatedUserID());
                Assert.assertTrue("krb id in validated user", receive.getValidatedUserID().contains(CLIENT_PRINCIPAL));
                if (clientSessionFactory != null) {
                    clientSessionFactory.close();
                }
                addServerLocator.close();
            } catch (Exception e) {
                e.printStackTrace();
                Assert.fail();
                if (clientSessionFactory != null) {
                    clientSessionFactory.close();
                }
                addServerLocator.close();
            }
            ServerLocator addServerLocator2 = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.inVMTc}));
            ClientSessionFactory clientSessionFactory2 = null;
            try {
                clientSessionFactory2 = createSessionFactory(addServerLocator2);
                clientSessionFactory2.createSession(this.userPrincipal, "", false, false, false, false, 10);
                fail("supposed to throw exception");
                if (clientSessionFactory2 != null) {
                    clientSessionFactory2.close();
                }
                addServerLocator2.close();
            } catch (ActiveMQSecurityException e2) {
                if (clientSessionFactory2 != null) {
                    clientSessionFactory2.close();
                }
                addServerLocator2.close();
            } catch (Throwable th) {
                if (clientSessionFactory2 != null) {
                    clientSessionFactory2.close();
                }
                addServerLocator2.close();
                throw th;
            }
        } catch (Throwable th2) {
            if (clientSessionFactory != null) {
                clientSessionFactory.close();
            }
            addServerLocator.close();
            throw th2;
        }
    }

    public String getSuitableCipherSuite() throws Exception {
        return "TLS_KRB5_WITH_3DES_EDE_CBC_SHA";
    }

    @Before
    public void setUp() throws Exception {
        super.setUp();
        this.kdc = new MiniKdc(MiniKdc.createConf(), this.temporaryFolder.newFolder("kdc"));
        this.kdc.start();
    }

    @After
    public void tearDown() throws Exception {
        try {
            this.kdc.stop();
        } finally {
            super.tearDown();
        }
    }

    private void createCustomSslServer() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("sslEnabled", true);
        hashMap.put("enabledCipherSuites", getSuitableCipherSuite());
        hashMap.put("sslKrb5Config", "core-tls-krb5-server");
        ConfigurationImpl addAcceptorConfiguration = createBasicConfig().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, hashMap, "nettySSL"));
        addAcceptorConfiguration.setPopulateValidatedUser(true);
        addAcceptorConfiguration.setSecurityEnabled(true);
        addAcceptorConfiguration.addAcceptorConfiguration(new TransportConfiguration(INVM_ACCEPTOR_FACTORY));
        this.server = addServer(ActiveMQServers.newActiveMQServer(addAcceptorConfiguration, ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager("Krb5Plus"), false));
        HierarchicalRepository securityRepository = this.server.getSecurityRepository();
        Role role = new Role("ALLOW_ALL", true, true, true, true, true, true, true, true, true, true);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        securityRepository.addMatch(QUEUE.toString(), hashSet);
        this.server.start();
        waitForServerToStart(this.server);
        this.userPrincipal = "client@" + this.kdc.getRealm();
        this.tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY);
        this.inVMTc = new TransportConfiguration(INVM_CONNECTOR_FACTORY);
    }

    static {
        URL resource;
        if (System.getProperty("java.security.auth.login.config") != null || (resource = CoreClientOverOneWaySSLKerb5Test.class.getClassLoader().getResource("login.config")) == null) {
            return;
        }
        System.setProperty("java.security.auth.login.config", resource.getFile());
    }
}
