package org.apache.activemq.artemis.tests.integration.management;

import java.lang.management.ManagementFactory;
import java.net.URL;
import java.util.HashMap;
import java.util.HashSet;
import org.apache.activemq.artemis.api.config.ActiveMQDefaultConfiguration;
import org.apache.activemq.artemis.api.core.ActiveMQException;
import org.apache.activemq.artemis.api.core.QueueConfiguration;
import org.apache.activemq.artemis.api.core.RoutingType;
import org.apache.activemq.artemis.api.core.SimpleString;
import org.apache.activemq.artemis.api.core.TransportConfiguration;
import org.apache.activemq.artemis.api.core.client.ActiveMQClient;
import org.apache.activemq.artemis.api.core.client.ClientConsumer;
import org.apache.activemq.artemis.api.core.client.ClientMessage;
import org.apache.activemq.artemis.api.core.client.ClientSession;
import org.apache.activemq.artemis.api.core.client.ClientSessionFactory;
import org.apache.activemq.artemis.api.core.management.CoreNotificationType;
import org.apache.activemq.artemis.api.core.management.ManagementHelper;
import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.core.server.ActiveMQServer;
import org.apache.activemq.artemis.core.server.ActiveMQServers;
import org.apache.activemq.artemis.core.server.plugin.impl.NotificationActiveMQServerPlugin;
import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
import org.apache.activemq.artemis.tests.integration.security.SecurityTest;
import org.apache.activemq.artemis.tests.util.ActiveMQTestBase;
import org.apache.activemq.artemis.utils.RandomUtil;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/apache/activemq/artemis/tests/integration/management/SSLSecurityNotificationTest.class */
public class SSLSecurityNotificationTest extends ActiveMQTestBase {
    private ActiveMQServer server;
    private ClientSession adminSession;
    private ClientConsumer notifConsumer;
    private SimpleString notifQueue;

    @Test
    public void testSECURITY_AUTHENTICATION_VIOLATION() throws Exception {
        TransportConfiguration transportConfiguration = new TransportConfiguration(NETTY_CONNECTOR_FACTORY);
        transportConfiguration.getParams().put("sslEnabled", true);
        transportConfiguration.getParams().put("trustStorePath", "server-ca-truststore.jks");
        transportConfiguration.getParams().put("trustStorePassword", "securepass");
        transportConfiguration.getParams().put("keyStorePath", "unknown-client-keystore.jks");
        transportConfiguration.getParams().put("keyStorePassword", "securepass");
        ClientSessionFactory addSessionFactory = addSessionFactory(createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{transportConfiguration}))));
        flush(this.notifConsumer);
        long currentTimeMillis = System.currentTimeMillis();
        try {
            addSessionFactory.createSession();
            Assertions.fail("authentication must fail and a notification of security violation must be sent");
        } catch (Exception e) {
        }
        ClientMessage[] consumeMessages = consumeMessages(1, this.notifConsumer);
        Assertions.assertEquals(CoreNotificationType.SECURITY_AUTHENTICATION_VIOLATION.toString(), consumeMessages[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString());
        Assertions.assertNull(consumeMessages[0].getObjectProperty(ManagementHelper.HDR_USER));
        Assertions.assertEquals("CN=ActiveMQ Artemis Unknown Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ", consumeMessages[0].getObjectProperty(ManagementHelper.HDR_CERT_SUBJECT_DN).toString());
        Assertions.assertTrue(consumeMessages[0].getObjectProperty(ManagementHelper.HDR_REMOTE_ADDRESS).toString().startsWith("127.0.0.1"));
        Assertions.assertTrue(consumeMessages[0].getTimestamp() >= currentTimeMillis);
        Assertions.assertTrue(((Long) consumeMessages[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP)).longValue() >= currentTimeMillis);
        Assertions.assertEquals(consumeMessages[0].getTimestamp(), ((Long) consumeMessages[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP)).longValue());
    }

    @Test
    public void testCONSUMER_CREATED() throws Exception {
        SimpleString randomSimpleString = RandomUtil.randomSimpleString();
        SimpleString randomSimpleString2 = RandomUtil.randomSimpleString();
        Role role = new Role("notif", true, true, true, true, false, true, true, true, true, true, false, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        this.server.getSecurityRepository().addMatch("#", hashSet);
        TransportConfiguration transportConfiguration = new TransportConfiguration(NETTY_CONNECTOR_FACTORY);
        transportConfiguration.getParams().put("sslEnabled", true);
        transportConfiguration.getParams().put("trustStorePath", "server-ca-truststore.jks");
        transportConfiguration.getParams().put("trustStorePassword", "securepass");
        transportConfiguration.getParams().put("keyStorePath", "client-keystore.jks");
        transportConfiguration.getParams().put("keyStorePassword", "securepass");
        ClientSession createSession = addSessionFactory(createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{transportConfiguration})))).createSession("guest", "guest", false, true, true, false, 1);
        createSession.createQueue(QueueConfiguration.of(randomSimpleString).setAddress(randomSimpleString2).setRoutingType(RoutingType.ANYCAST));
        flush(this.notifConsumer);
        long currentTimeMillis = System.currentTimeMillis();
        createSession.createConsumer(randomSimpleString);
        ClientMessage[] consumeMessages = SecurityNotificationTest.consumeMessages(1, this.notifConsumer);
        Assertions.assertEquals(CoreNotificationType.CONSUMER_CREATED.toString(), consumeMessages[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString());
        Assertions.assertEquals("guest", consumeMessages[0].getObjectProperty(ManagementHelper.HDR_USER).toString());
        Assertions.assertEquals("first", consumeMessages[0].getObjectProperty(ManagementHelper.HDR_VALIDATED_USER).toString());
        Assertions.assertEquals(randomSimpleString2.toString(), consumeMessages[0].getObjectProperty(ManagementHelper.HDR_ADDRESS).toString());
        Assertions.assertEquals("CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ", consumeMessages[0].getObjectProperty(ManagementHelper.HDR_CERT_SUBJECT_DN).toString());
        Assertions.assertTrue(consumeMessages[0].getTimestamp() >= currentTimeMillis);
        Assertions.assertTrue(((Long) consumeMessages[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP)).longValue() >= currentTimeMillis);
        Assertions.assertEquals(consumeMessages[0].getTimestamp(), ((Long) consumeMessages[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP)).longValue());
        createSession.close();
    }

    @Test
    public void testCONNECTION_CREATED() throws Exception {
        Role role = new Role("notif", true, true, true, true, false, true, true, true, true, true, false, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        this.server.getSecurityRepository().addMatch("#", hashSet);
        TransportConfiguration transportConfiguration = new TransportConfiguration(NETTY_CONNECTOR_FACTORY);
        transportConfiguration.getParams().put("sslEnabled", true);
        transportConfiguration.getParams().put("trustStorePath", "server-ca-truststore.jks");
        transportConfiguration.getParams().put("trustStorePassword", "securepass");
        transportConfiguration.getParams().put("keyStorePath", "client-keystore.jks");
        transportConfiguration.getParams().put("keyStorePassword", "securepass");
        flush(this.notifConsumer);
        long currentTimeMillis = System.currentTimeMillis();
        addSessionFactory(createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{transportConfiguration}))));
        ClientMessage clientMessage = SecurityNotificationTest.consumeMessages(1, this.notifConsumer)[0];
        Assertions.assertEquals(CoreNotificationType.CONNECTION_CREATED.toString(), clientMessage.getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString());
        Assertions.assertNotNull(clientMessage.getObjectProperty(ManagementHelper.HDR_CERT_SUBJECT_DN));
        Assertions.assertEquals("CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ", clientMessage.getObjectProperty(ManagementHelper.HDR_CERT_SUBJECT_DN).toString());
        Assertions.assertTrue(clientMessage.getObjectProperty(ManagementHelper.HDR_REMOTE_ADDRESS).toString().startsWith("127.0.0.1"));
        Assertions.assertTrue(clientMessage.getTimestamp() >= currentTimeMillis);
        Assertions.assertTrue(((Long) clientMessage.getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP)).longValue() >= currentTimeMillis);
        Assertions.assertEquals(clientMessage.getTimestamp(), ((Long) clientMessage.getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP)).longValue());
    }

    @Override // org.apache.activemq.artemis.tests.util.ActiveMQTestBase
    @BeforeEach
    public void setUp() throws Exception {
        super.setUp();
        this.server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager("CertLogin"), false));
        HashMap hashMap = new HashMap();
        hashMap.put("sslEnabled", true);
        hashMap.put("keyStorePath", "server-keystore.jks");
        hashMap.put("keyStorePassword", "securepass");
        hashMap.put("trustStorePath", "client-ca-truststore.jks");
        hashMap.put("trustStorePassword", "securepass");
        hashMap.put("needClientAuth", true);
        this.server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, hashMap));
        NotificationActiveMQServerPlugin notificationActiveMQServerPlugin = new NotificationActiveMQServerPlugin();
        HashMap hashMap2 = new HashMap();
        hashMap2.put("SEND_CONNECTION_NOTIFICATIONS", "true");
        notificationActiveMQServerPlugin.init(hashMap2);
        this.server.registerBrokerPlugin(notificationActiveMQServerPlugin);
        this.server.start();
        this.notifQueue = RandomUtil.randomSimpleString();
        Role role = new Role("notif", true, true, true, true, true, true, true, true, true, true, false, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        this.server.getSecurityRepository().addMatch(ActiveMQDefaultConfiguration.getDefaultManagementNotificationAddress().toString(), hashSet);
        TransportConfiguration transportConfiguration = new TransportConfiguration(NETTY_CONNECTOR_FACTORY);
        transportConfiguration.getParams().put("sslEnabled", true);
        transportConfiguration.getParams().put("trustStorePath", "server-ca-truststore.jks");
        transportConfiguration.getParams().put("trustStorePassword", "securepass");
        transportConfiguration.getParams().put("keyStorePath", "client-keystore.jks");
        transportConfiguration.getParams().put("keyStorePassword", "securepass");
        this.adminSession = addSessionFactory(createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{transportConfiguration})))).createSession(true, true, 1);
        this.adminSession.start();
        this.adminSession.createQueue(QueueConfiguration.of(this.notifQueue).setAddress(ActiveMQDefaultConfiguration.getDefaultManagementNotificationAddress()).setDurable(false).setTemporary(true));
        this.notifConsumer = this.adminSession.createConsumer(this.notifQueue);
    }

    private static void flush(ClientConsumer clientConsumer) throws ActiveMQException {
        do {
        } while (clientConsumer.receive(500L) != null);
    }

    protected static ClientMessage[] consumeMessages(int i, ClientConsumer clientConsumer) throws Exception {
        ClientMessage[] clientMessageArr = new ClientMessage[i];
        for (int i2 = 0; i2 < i; i2++) {
            ClientMessage receive = clientConsumer.receive(500L);
            Assertions.assertNotNull(receive, "expected to received " + i + " messages, got only " + i2);
            clientMessageArr[i2] = receive;
            receive.acknowledge();
        }
        Assertions.assertNull(clientConsumer.receiveImmediate(), "received one more message than expected (" + i + ")");
        return clientMessageArr;
    }

    static {
        URL resource;
        if (System.getProperty("java.security.auth.login.config") != null || (resource = SecurityTest.class.getClassLoader().getResource("login.config")) == null) {
            return;
        }
        System.setProperty("java.security.auth.login.config", resource.getFile());
    }
}
