package org.infinispan.server.security;

import javax.net.ssl.SSLHandshakeException;
import org.infinispan.client.hotrod.RemoteCache;
import org.infinispan.client.hotrod.configuration.ConfigurationBuilder;
import org.infinispan.client.hotrod.exceptions.TransportException;
import org.infinispan.configuration.cache.CacheMode;
import org.infinispan.server.test.InfinispanServerRule;
import org.infinispan.server.test.InfinispanServerRuleBuilder;
import org.infinispan.server.test.InfinispanServerTestMethodRule;
import org.infinispan.server.test.category.Security;
import org.infinispan.test.Exceptions;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({Security.class})
/* loaded from: input_file:org/infinispan/server/security/AuthenticationCertIT.class */
public class AuthenticationCertIT {

    @ClassRule
    public static InfinispanServerRule SERVERS = InfinispanServerRuleBuilder.config("configuration/AuthenticationServerTrustTest.xml").build();

    @Rule
    public InfinispanServerTestMethodRule SERVER_TEST = new InfinispanServerTestMethodRule(SERVERS);

    @Test
    public void testTrustedCertificate() {
        ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
        SERVERS.getServerDriver().applyTrustStore(configurationBuilder, "ca");
        SERVERS.getServerDriver().applyKeyStore(configurationBuilder, "admin");
        configurationBuilder.security().authentication().saslMechanism("EXTERNAL").serverName("infinispan").realm("default");
        RemoteCache create = this.SERVER_TEST.hotrod().withClientConfiguration(configurationBuilder).withCacheMode(CacheMode.DIST_SYNC).create();
        create.put("k1", "v1");
        Assert.assertEquals(1L, create.size());
        Assert.assertEquals("v1", create.get("k1"));
    }

    @Test
    public void testUntrustedCertificate() {
        ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
        SERVERS.getServerDriver().applyTrustStore(configurationBuilder, "ca");
        SERVERS.getServerDriver().applyKeyStore(configurationBuilder, "untrusted");
        configurationBuilder.security().authentication().saslMechanism("EXTERNAL").serverName("infinispan").realm("default");
        Exceptions.expectException(TransportException.class, SSLHandshakeException.class, () -> {
            this.SERVER_TEST.hotrod().withClientConfiguration(configurationBuilder).withCacheMode(CacheMode.DIST_SYNC).create();
        });
    }
}
