package org.apache.activemq.artemis.tests.integration.amqp;

import jakarta.jms.Connection;
import jakarta.jms.JMSSecurityException;
import jakarta.jms.MessageConsumer;
import jakarta.jms.MessageProducer;
import jakarta.jms.Queue;
import jakarta.jms.Session;
import jakarta.jms.TextMessage;
import java.io.File;
import java.io.OutputStream;
import java.lang.invoke.MethodHandles;
import java.net.URI;
import java.net.URL;
import java.nio.ByteBuffer;
import java.nio.channels.Channels;
import java.nio.channels.WritableByteChannel;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.activemq.artemis.core.config.impl.SecurityConfiguration;
import org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector;
import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.core.server.ActiveMQServer;
import org.apache.activemq.artemis.protocol.amqp.broker.ProtonProtocolManagerFactory;
import org.apache.activemq.artemis.protocol.amqp.client.AMQPClientConnectionFactory;
import org.apache.activemq.artemis.protocol.amqp.client.ProtonClientConnectionManager;
import org.apache.activemq.artemis.protocol.amqp.client.ProtonClientProtocolManager;
import org.apache.activemq.artemis.protocol.amqp.proton.handler.EventHandler;
import org.apache.activemq.artemis.protocol.amqp.proton.handler.ProtonHandler;
import org.apache.activemq.artemis.protocol.amqp.sasl.ClientSASL;
import org.apache.activemq.artemis.protocol.amqp.sasl.ClientSASLFactory;
import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
import org.apache.activemq.artemis.tests.integration.persistence.XmlImportExportTest;
import org.apache.activemq.artemis.tests.util.Wait;
import org.apache.activemq.artemis.utils.RandomUtil;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.qpid.jms.JmsConnectionFactory;
import org.apache.qpid.jms.sasl.GssapiMechanism;
import org.apache.qpid.proton.amqp.Symbol;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/activemq/artemis/tests/integration/amqp/JMSSaslGssapiTest.class */
public class JMSSaslGssapiTest extends JMSClientTestSupport {
    private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private static final String KRB5_TCP_PORT_TEMPLATE = "MINI_KDC_PORT";
    private static final String KRB5_CONFIG_TEMPLATE = "minikdc-krb5-template.conf";
    private static final String KRB5_DEFAULT_KEYTAB = "target/test.krb5.keytab";
    private static MiniKdc kdc;
    private static final boolean debug = false;

    @BeforeClass
    public static void setUpKerberos() throws Exception {
        Properties createConf = MiniKdc.createConf();
        createConf.setProperty("debug", Boolean.toString(false));
        kdc = new MiniKdc(createConf, new File("target/"));
        kdc.start();
        kdc.createPrincipal(new File(KRB5_DEFAULT_KEYTAB), new String[]{"client", "amqp/localhost"});
        rewriteKrbConfFile(kdc);
    }

    @AfterClass
    public static void stopKerberos() throws Exception {
        if (kdc != null) {
            kdc.stop();
        }
    }

    @Override // org.apache.activemq.artemis.tests.integration.amqp.AmqpClientTestSupport
    protected boolean isSecurityEnabled() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.activemq.artemis.tests.integration.amqp.AmqpClientTestSupport, org.apache.activemq.artemis.tests.integration.amqp.AmqpTestSupport
    public void configureBrokerSecurity(ActiveMQServer activeMQServer) {
        activeMQServer.getConfiguration().setSecurityEnabled(isSecurityEnabled());
        ActiveMQJAASSecurityManager securityManager = activeMQServer.getSecurityManager();
        securityManager.setConfigurationName("Krb5Plus");
        securityManager.setConfiguration((SecurityConfiguration) null);
        Role role = new Role("ALLOW_ALL", true, true, true, true, true, true, true, true, true, true);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        activeMQServer.getSecurityRepository().addMatch(getQueueName().toString(), hashSet);
    }

    @Override // org.apache.activemq.artemis.tests.integration.amqp.JMSClientTestSupport
    protected String getJmsConnectionURIOptions() {
        return "amqp.saslMechanisms=GSSAPI";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.activemq.artemis.tests.integration.amqp.JMSClientTestSupport
    public URI getBrokerQpidJMSConnectionURI() {
        try {
            String str = "amqp://localhost:" + 5672;
            if (!getJmsConnectionURIOptions().isEmpty()) {
                str = str + "?" + getJmsConnectionURIOptions();
            }
            return new URI(str);
        } catch (Exception e) {
            throw new RuntimeException();
        }
    }

    @Override // org.apache.activemq.artemis.tests.integration.amqp.AmqpTestSupport
    protected void configureAMQPAcceptorParameters(Map<String, Object> map) {
        map.put("saslMechanisms", "GSSAPI");
        map.put("saslLoginConfigScope", "amqp-sasl-gssapi");
    }

    @Test(timeout = 600000)
    public void testConnection() throws Exception {
        Connection createConnection = createConnection("client", (String) null);
        createConnection.start();
        try {
            Session createSession = createConnection.createSession(false, 1);
            Queue createQueue = createSession.createQueue(getQueueName());
            MessageConsumer createConsumer = createSession.createConsumer(createQueue);
            MessageProducer createProducer = createSession.createProducer(createQueue);
            String randomString = RandomUtil.randomString();
            createProducer.send(createSession.createTextMessage(randomString));
            TextMessage receive = createConsumer.receive(1000L);
            assertNotNull(receive);
            assertEquals(randomString, receive.getText());
            createConnection.close();
        } catch (Throwable th) {
            createConnection.close();
            throw th;
        }
    }

    @Test(timeout = 600000)
    public void testSaslPlainConnectionDenied() throws Exception {
        try {
            new JmsConnectionFactory(new URI("amqp://localhost:5672?amqp.saslMechanisms=PLAIN")).createConnection("plain", "secret");
            fail("Expect sasl failure");
        } catch (JMSSecurityException e) {
            assertTrue(e.getMessage().contains("SASL"));
        }
    }

    @Test(timeout = 900000)
    public void testOutboundWithSlowMech() throws Exception {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("host", "localhost");
        linkedHashMap.put("port", String.valueOf(5672));
        ClientSASLFactory clientSASLFactory = new ClientSASLFactory() { // from class: org.apache.activemq.artemis.tests.integration.amqp.JMSSaslGssapiTest.1
            public ClientSASL chooseMechanism(String[] strArr) {
                final GssapiMechanism gssapiMechanism = new GssapiMechanism();
                return new ClientSASL() { // from class: org.apache.activemq.artemis.tests.integration.amqp.JMSSaslGssapiTest.1.1
                    public String getName() {
                        return gssapiMechanism.getName();
                    }

                    public byte[] getInitialResponse() {
                        gssapiMechanism.setUsername("client");
                        gssapiMechanism.setServerName("localhost");
                        try {
                            return gssapiMechanism.getInitialResponse();
                        } catch (Exception e) {
                            e.printStackTrace();
                            return new byte[0];
                        }
                    }

                    public byte[] getResponse(byte[] bArr) {
                        try {
                            TimeUnit.SECONDS.sleep(4L);
                        } catch (InterruptedException e) {
                            e.printStackTrace();
                        }
                        try {
                            return gssapiMechanism.getChallengeResponse(bArr);
                        } catch (Exception e2) {
                            e2.printStackTrace();
                            return new byte[0];
                        }
                    }
                };
            }
        };
        final AtomicBoolean atomicBoolean = new AtomicBoolean();
        final AtomicBoolean atomicBoolean2 = new AtomicBoolean();
        ProtonClientConnectionManager protonClientConnectionManager = new ProtonClientConnectionManager(new AMQPClientConnectionFactory(this.server, "myid", Collections.singletonMap(Symbol.getSymbol("myprop"), "propvalue"), XmlImportExportTest.CONSUMER_TIMEOUT), Optional.of(new EventHandler() { // from class: org.apache.activemq.artemis.tests.integration.amqp.JMSSaslGssapiTest.2
            public void onRemoteOpen(org.apache.qpid.proton.engine.Connection connection) throws Exception {
                atomicBoolean.set(true);
            }

            public void onAuthFailed(ProtonHandler protonHandler, org.apache.qpid.proton.engine.Connection connection) {
                atomicBoolean2.set(true);
            }
        }), clientSASLFactory);
        NettyConnector nettyConnector = new NettyConnector(linkedHashMap, protonClientConnectionManager, protonClientConnectionManager, this.server.getExecutorFactory().getExecutor(), this.server.getExecutorFactory().getExecutor(), this.server.getScheduledPool(), new ProtonClientProtocolManager(new ProtonProtocolManagerFactory(), this.server));
        nettyConnector.start();
        nettyConnector.createConnection();
        try {
            ActiveMQServer activeMQServer = this.server;
            Objects.requireNonNull(activeMQServer);
            Wait.assertEquals(1, activeMQServer::getConnectionCount);
            Objects.requireNonNull(atomicBoolean);
            Wait.assertTrue(atomicBoolean::get);
            Objects.requireNonNull(atomicBoolean2);
            Wait.assertFalse(atomicBoolean2::get);
            protonClientConnectionManager.stop();
            ActiveMQServer activeMQServer2 = this.server;
            Objects.requireNonNull(activeMQServer2);
            Wait.assertEquals(0, activeMQServer2::getConnectionCount);
            protonClientConnectionManager.stop();
        } catch (Throwable th) {
            protonClientConnectionManager.stop();
            throw th;
        }
    }

    private static void rewriteKrbConfFile(MiniKdc miniKdc) throws Exception {
        String replaceAll = new String(Files.readAllBytes(Paths.get(JMSSaslGssapiTest.class.getClassLoader().getResource(KRB5_CONFIG_TEMPLATE).toURI())), StandardCharsets.UTF_8).replaceAll(KRB5_TCP_PORT_TEMPLATE, Integer.toString(miniKdc.getPort()));
        OutputStream newOutputStream = Files.newOutputStream(miniKdc.getKrb5conf().toPath(), new OpenOption[0]);
        try {
            WritableByteChannel newChannel = Channels.newChannel(newOutputStream);
            try {
                newChannel.write(ByteBuffer.wrap(replaceAll.getBytes(StandardCharsets.UTF_8)));
                if (newChannel != null) {
                    newChannel.close();
                }
                if (newOutputStream != null) {
                    newOutputStream.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (newOutputStream != null) {
                try {
                    newOutputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    static {
        URL resource;
        if (System.getProperty("java.security.auth.login.config") != null || (resource = JMSSaslGssapiTest.class.getClassLoader().getResource("login.config")) == null) {
            return;
        }
        System.setProperty("java.security.auth.login.config", resource.getFile());
    }
}
