package org.apache.activemq.artemis.tests.integration.ssl;

import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import javax.net.ssl.SSLContext;
import org.apache.activemq.artemis.api.core.ActiveMQConnectionTimedOutException;
import org.apache.activemq.artemis.api.core.ActiveMQException;
import org.apache.activemq.artemis.api.core.ActiveMQNotConnectedException;
import org.apache.activemq.artemis.api.core.Pair;
import org.apache.activemq.artemis.api.core.QueueConfiguration;
import org.apache.activemq.artemis.api.core.RoutingType;
import org.apache.activemq.artemis.api.core.SimpleString;
import org.apache.activemq.artemis.api.core.TransportConfiguration;
import org.apache.activemq.artemis.api.core.client.ActiveMQClient;
import org.apache.activemq.artemis.api.core.client.ClientConsumer;
import org.apache.activemq.artemis.api.core.client.ClientMessage;
import org.apache.activemq.artemis.api.core.client.ClientProducer;
import org.apache.activemq.artemis.api.core.client.ClientSession;
import org.apache.activemq.artemis.api.core.client.ClientSessionFactory;
import org.apache.activemq.artemis.api.core.client.ServerLocator;
import org.apache.activemq.artemis.core.config.Configuration;
import org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor;
import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
import org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport;
import org.apache.activemq.artemis.core.server.ActiveMQServer;
import org.apache.activemq.artemis.logs.AssertionLoggerHandler;
import org.apache.activemq.artemis.tests.extensions.parameterized.ParameterizedTestExtension;
import org.apache.activemq.artemis.tests.extensions.parameterized.Parameters;
import org.apache.activemq.artemis.tests.util.ActiveMQTestBase;
import org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec;
import org.apache.activemq.artemis.utils.PasswordMaskingUtil;
import org.apache.activemq.artemis.utils.RandomUtil;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.TestTemplate;
import org.junit.jupiter.api.extension.ExtendWith;

@ExtendWith({ParameterizedTestExtension.class})
/* loaded from: input_file:org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.class */
public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
    public static final SimpleString QUEUE = SimpleString.of("QueueOverSSL");
    private boolean generateWarning;
    private boolean useKeystoreAlias;
    private String storeProvider;
    private String storeType;
    private String SERVER_SIDE_KEYSTORE;
    private String CLIENT_SIDE_TRUSTSTORE;
    private final String PASSWORD = "securepass";
    private String suffix;
    private ActiveMQServer server;
    private TransportConfiguration tc;
    private AssertionLoggerHandler loggerHandler;

    @Parameters(name = "storeProvider={0}, storeType={1}, generateWarning={2}, useKeystoreAlias={3}")
    public static Collection getParameters() {
        return Arrays.asList(new Object[]{TransportConstants.DEFAULT_KEYSTORE_PROVIDER, "JKS", false, false}, new Object[]{TransportConstants.DEFAULT_KEYSTORE_PROVIDER, "JKS", false, true}, new Object[]{"SunJCE", "JCEKS", false, false}, new Object[]{"SUN", "JKS", false, false}, new Object[]{"SunJSSE", "PKCS12", false, false}, new Object[]{"JCEKS", null, true, false}, new Object[]{"JKS", null, true, false}, new Object[]{"PKCS12", null, true, false});
    }

    public CoreClientOverOneWaySSLTest(String str, String str2, boolean z, boolean z2) {
        this.suffix = "";
        this.storeProvider = str;
        this.storeType = str2;
        this.generateWarning = z;
        this.useKeystoreAlias = z2;
        this.suffix = (str2 == null || str2.length() == 0) ? str.toLowerCase() : str2.toLowerCase();
        if (this.suffix.equalsIgnoreCase("PKCS12")) {
            this.suffix = "p12";
        }
        this.SERVER_SIDE_KEYSTORE = "server-keystore." + this.suffix;
        this.CLIENT_SIDE_TRUSTSTORE = "server-ca-truststore." + this.suffix;
    }

    @Override // org.apache.activemq.artemis.tests.util.ActiveMQTestBase
    @BeforeEach
    public void setUp() throws Exception {
        this.loggerHandler = new AssertionLoggerHandler();
        super.setUp();
    }

    @AfterEach
    public void afterValidateLogging() throws Exception {
        try {
            if (this.generateWarning) {
                Assertions.assertTrue(this.loggerHandler.findText(new String[]{"AMQ212080"}));
            } else {
                Assertions.assertFalse(this.loggerHandler.findText(new String[]{"AMQ212080"}));
            }
        } finally {
            this.loggerHandler.close();
        }
    }

    @TestTemplate
    public void testOneWaySSL() throws Exception {
        createCustomSslServer();
        String randomString = RandomUtil.randomString();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "securepass");
        ClientSession addClientSession = addClientSession(addSessionFactory(createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})))).createSession(false, true, true));
        addClientSession.createQueue(QueueConfiguration.of(QUEUE).setDurable(false));
        addClientProducer(addClientSession.createProducer(QUEUE)).send(createTextMessage(addClientSession, randomString));
        ClientConsumer addClientConsumer = addClientConsumer(addClientSession.createConsumer(QUEUE));
        addClientSession.start();
        ClientMessage receive = addClientConsumer.receive(1000L);
        Assertions.assertNotNull(receive);
        Assertions.assertEquals(randomString, receive.getBodyBuffer().readString());
    }

    @TestTemplate
    public void testOneWaySSLwithSNI() throws Exception {
        createCustomSslServer("myhost\\.com");
        String randomString = RandomUtil.randomString();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "securepass");
        this.tc.getParams().put("sniHost", "myhost.com");
        ClientSession addClientSession = addClientSession(addSessionFactory(createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})))).createSession(false, true, true));
        addClientSession.createQueue(QueueConfiguration.of(QUEUE).setDurable(false));
        addClientProducer(addClientSession.createProducer(QUEUE)).send(createTextMessage(addClientSession, randomString));
        ClientConsumer addClientConsumer = addClientConsumer(addClientSession.createConsumer(QUEUE));
        addClientSession.start();
        ClientMessage receive = addClientConsumer.receive(1000L);
        Assertions.assertNotNull(receive);
        Assertions.assertEquals(randomString, receive.getBodyBuffer().readString());
    }

    @TestTemplate
    public void testOneWaySSLwithSNINegative() throws Exception {
        createCustomSslServer("myhost\\.com");
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "securepass");
        this.tc.getParams().put("sniHost", "badhost.com");
        try {
            addSessionFactory(createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc}))));
            Assertions.fail("Should have failed due to unrecognized SNI host name");
        } catch (Exception e) {
        }
    }

    @TestTemplate
    public void testOneWaySSLwithSNINegativeAndURL() throws Exception {
        createCustomSslServer("myhost\\.com");
        try {
            addSessionFactory(createSessionFactory(addServerLocator(ActiveMQClient.createServerLocator("tcp://127.0.0.1:61616?sslEnabled=true;trustStoreProvider=" + this.storeProvider + ";trustStoreType=" + this.storeType + ";trustStorePath=" + this.CLIENT_SIDE_TRUSTSTORE + ";trustStorePassword=securepass;sniHost=badhost.com"))));
            Assertions.fail("Should have failed due to unrecognized SNI host name");
        } catch (Exception e) {
        }
    }

    @TestTemplate
    public void testOneWaySSLwithSNIOnlyOnTheClient() throws Exception {
        createCustomSslServer();
        String randomString = RandomUtil.randomString();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "securepass");
        this.tc.getParams().put("sniHost", "myhost.com");
        ClientSession addClientSession = addClientSession(addSessionFactory(createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})))).createSession(false, true, true));
        addClientSession.createQueue(QueueConfiguration.of(QUEUE).setDurable(false));
        addClientProducer(addClientSession.createProducer(QUEUE)).send(createTextMessage(addClientSession, randomString));
        ClientConsumer addClientConsumer = addClientConsumer(addClientSession.createConsumer(QUEUE));
        addClientSession.start();
        ClientMessage receive = addClientConsumer.receive(1000L);
        Assertions.assertNotNull(receive);
        Assertions.assertEquals(randomString, receive.getBodyBuffer().readString());
    }

    @TestTemplate
    public void testOneWaySSLwithSNIOnlyOnTheBroker() throws Exception {
        createCustomSslServer("myhost\\.com");
        String randomString = RandomUtil.randomString();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "securepass");
        ClientSession addClientSession = addClientSession(addSessionFactory(createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})))).createSession(false, true, true));
        addClientSession.createQueue(QueueConfiguration.of(QUEUE).setDurable(false));
        addClientProducer(addClientSession.createProducer(QUEUE)).send(createTextMessage(addClientSession, randomString));
        ClientConsumer addClientConsumer = addClientConsumer(addClientSession.createConsumer(QUEUE));
        addClientSession.start();
        ClientMessage receive = addClientConsumer.receive(1000L);
        Assertions.assertNotNull(receive);
        Assertions.assertEquals(randomString, receive.getBodyBuffer().readString());
    }

    @TestTemplate
    public void testOneWaySSLwithTrustManagerPlugin() throws Exception {
        createCustomSslServer(null, null, false, null, TestTrustManagerFactoryPlugin.class.getName());
        String randomString = RandomUtil.randomString();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "securepass");
        ClientSessionFactory addSessionFactory = addSessionFactory(createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc}))));
        Assertions.assertTrue(TestTrustManagerFactoryPlugin.triggered.get());
        ClientSession addClientSession = addClientSession(addSessionFactory.createSession(false, true, true));
        addClientSession.createQueue(QueueConfiguration.of(QUEUE).setDurable(false));
        addClientProducer(addClientSession.createProducer(QUEUE)).send(createTextMessage(addClientSession, randomString));
        ClientConsumer addClientConsumer = addClientConsumer(addClientSession.createConsumer(QUEUE));
        addClientSession.start();
        ClientMessage receive = addClientConsumer.receive(1000L);
        Assertions.assertNotNull(receive);
        Assertions.assertEquals(randomString, receive.getBodyBuffer().readString());
    }

    @TestTemplate
    public void testOneWaySSLwithURL() throws Exception {
        createCustomSslServer();
        String randomString = RandomUtil.randomString();
        String str = "tcp://127.0.0.1:61616?sslEnabled=true;trustStorePath=" + this.CLIENT_SIDE_TRUSTSTORE + ";trustStorePassword=securepass";
        if (this.storeProvider != null && !this.storeProvider.equals(TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER)) {
            str = str + ";trustStoreProvider=" + this.storeProvider;
        }
        if (this.storeType != null && !this.storeType.equals("JKS")) {
            str = str + ";trustStoreType=" + this.storeType;
        }
        ClientSession addClientSession = addClientSession(addSessionFactory(createSessionFactory(addServerLocator(ActiveMQClient.createServerLocator(str)))).createSession(false, true, true));
        addClientSession.createQueue(QueueConfiguration.of(QUEUE).setDurable(false));
        addClientProducer(addClientSession.createProducer(QUEUE)).send(createTextMessage(addClientSession, randomString));
        ClientConsumer addClientConsumer = addClientConsumer(addClientSession.createConsumer(QUEUE));
        addClientSession.start();
        ClientMessage receive = addClientConsumer.receive(1000L);
        Assertions.assertNotNull(receive);
        Assertions.assertEquals(randomString, receive.getBodyBuffer().readString());
    }

    @TestTemplate
    public void testOneWaySSLwithURLandMaskedPasswordProperty() throws Exception {
        createCustomSslServer();
        String randomString = RandomUtil.randomString();
        DefaultSensitiveStringCodec defaultCodec = PasswordMaskingUtil.getDefaultCodec();
        defaultCodec.init(new HashMap());
        String str = "tcp://127.0.0.1:61616?sslEnabled=true;trustStorePath=" + this.CLIENT_SIDE_TRUSTSTORE + ";trustStorePassword=" + defaultCodec.encode("securepass") + ";activemq.usemaskedpassword=true";
        if (this.storeProvider != null && !this.storeProvider.equals(TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER)) {
            str = str + ";trustStoreProvider=" + this.storeProvider;
        }
        if (this.storeType != null && !this.storeType.equals("JKS")) {
            str = str + ";trustStoreType=" + this.storeType;
        }
        ClientSession addClientSession = addClientSession(addSessionFactory(createSessionFactory(addServerLocator(ActiveMQClient.createServerLocator(str)))).createSession(false, true, true));
        addClientSession.createQueue(QueueConfiguration.of(QUEUE).setDurable(false));
        addClientProducer(addClientSession.createProducer(QUEUE)).send(createTextMessage(addClientSession, randomString));
        ClientConsumer addClientConsumer = addClientConsumer(addClientSession.createConsumer(QUEUE));
        addClientSession.start();
        ClientMessage receive = addClientConsumer.receive(1000L);
        Assertions.assertNotNull(receive);
        Assertions.assertEquals(randomString, receive.getBodyBuffer().readString());
    }

    @TestTemplate
    public void testOneWaySSLwithURLandMaskedPasswordENCSyntax() throws Exception {
        createCustomSslServer();
        String randomString = RandomUtil.randomString();
        DefaultSensitiveStringCodec defaultCodec = PasswordMaskingUtil.getDefaultCodec();
        defaultCodec.init(new HashMap());
        String str = "tcp://127.0.0.1:61616?sslEnabled=true;trustStorePath=" + this.CLIENT_SIDE_TRUSTSTORE + ";trustStorePassword=ENC(" + defaultCodec.encode("securepass") + ")";
        if (this.storeProvider != null && !this.storeProvider.equals(TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER)) {
            str = str + ";trustStoreProvider=" + this.storeProvider;
        }
        if (this.storeType != null && !this.storeType.equals("JKS")) {
            str = str + ";trustStoreType=" + this.storeType;
        }
        ClientSession addClientSession = addClientSession(addSessionFactory(createSessionFactory(addServerLocator(ActiveMQClient.createServerLocator(str)))).createSession(false, true, true));
        addClientSession.createQueue(QueueConfiguration.of(QUEUE).setDurable(false));
        addClientProducer(addClientSession.createProducer(QUEUE)).send(createTextMessage(addClientSession, randomString));
        ClientConsumer addClientConsumer = addClientConsumer(addClientSession.createConsumer(QUEUE));
        addClientSession.start();
        ClientMessage receive = addClientConsumer.receive(1000L);
        Assertions.assertNotNull(receive);
        Assertions.assertEquals(randomString, receive.getBodyBuffer().readString());
    }

    @TestTemplate
    public void testOneWaySSLUsingDefaultSslContext() throws Exception {
        createCustomSslServer();
        String randomString = RandomUtil.randomString();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("useDefaultSslContext", true);
        Pair validProviderAndType = SSLSupport.getValidProviderAndType(this.storeProvider, this.storeType);
        SSLContext.setDefault(new SSLSupport().setTruststoreProvider((String) validProviderAndType.getA()).setTruststoreType((String) validProviderAndType.getB()).setTruststorePath(this.CLIENT_SIDE_TRUSTSTORE).setTruststorePassword("securepass").createContext());
        ClientSession addClientSession = addClientSession(addSessionFactory(createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})))).createSession(false, true, true));
        addClientSession.createQueue(QueueConfiguration.of(QUEUE).setDurable(false));
        addClientProducer(addClientSession.createProducer(QUEUE)).send(createTextMessage(addClientSession, randomString));
        ClientConsumer addClientConsumer = addClientConsumer(addClientSession.createConsumer(QUEUE));
        addClientSession.start();
        ClientMessage receive = addClientConsumer.receive(1000L);
        Assertions.assertNotNull(receive);
        Assertions.assertEquals(randomString, receive.getBodyBuffer().readString());
    }

    @TestTemplate
    public void testOneWaySSLVerifyHost() throws Exception {
        createCustomSslServer();
        String randomString = RandomUtil.randomString();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "securepass");
        this.tc.getParams().put("verifyHost", true);
        ClientSession addClientSession = addClientSession(addSessionFactory(createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})))).createSession(false, true, true));
        addClientSession.createQueue(QueueConfiguration.of(QUEUE).setDurable(false));
        addClientProducer(addClientSession.createProducer(QUEUE)).send(createTextMessage(addClientSession, randomString));
        ClientConsumer addClientConsumer = addClientConsumer(addClientSession.createConsumer(QUEUE));
        addClientSession.start();
        ClientMessage receive = addClientConsumer.receive(1000L);
        Assertions.assertNotNull(receive);
        Assertions.assertEquals(randomString, receive.getBodyBuffer().readString());
    }

    @TestTemplate
    public void testOneWaySSLVerifyHostNegative() throws Exception {
        createCustomSslServer(true);
        RandomUtil.randomString();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "securepass");
        this.tc.getParams().put("verifyHost", true);
        try {
            addSessionFactory(createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc}))));
            Assertions.fail("Creating a session here should fail due to a certificate with a CN that doesn't match the host name.");
        } catch (Exception e) {
        }
    }

    @TestTemplate
    public void testOneWaySSLReloaded() throws Exception {
        createCustomSslServer();
        this.server.createQueue(QueueConfiguration.of(QUEUE).setRoutingType(RoutingType.ANYCAST).setDurable(false));
        String randomString = RandomUtil.randomString();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "securepass");
        ServerLocator addServerLocator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc}));
        addServerLocator.setCallTimeout(3000L);
        ClientSession addClientSession = addClientSession(addSessionFactory(createSessionFactory(addServerLocator)).createSession(false, true, true));
        ClientConsumer addClientConsumer = addClientConsumer(addClientSession.createConsumer(QUEUE));
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", "other-server-truststore." + this.suffix);
        this.tc.getParams().put("trustStorePassword", "securepass");
        ServerLocator callTimeout = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})).setCallTimeout(3000L);
        try {
            addSessionFactory(createSessionFactory(callTimeout));
            Assertions.fail("Creating session here should fail due to SSL handshake problems.");
        } catch (Exception e) {
        }
        NettyAcceptor acceptor = this.server.getRemotingService().getAcceptor("nettySSL");
        if (this.useKeystoreAlias) {
            acceptor.setKeyStoreParameters("other-" + this.SERVER_SIDE_KEYSTORE, "other-server");
        } else {
            acceptor.setKeyStoreParameters("other-" + this.SERVER_SIDE_KEYSTORE, (String) null);
        }
        acceptor.reload();
        ClientSession addClientSession2 = addClientSession(addSessionFactory(createSessionFactory(callTimeout)).createSession(false, true, true));
        ClientProducer addClientProducer = addClientProducer(addClientSession2.createProducer(QUEUE));
        ClientMessage createTextMessage = createTextMessage(addClientSession2, randomString);
        addClientProducer.send(createTextMessage);
        addClientProducer.send(createTextMessage);
        ClientConsumer addClientConsumer2 = addClientConsumer(addClientSession2.createConsumer(QUEUE));
        addClientSession2.start();
        ClientMessage receive = addClientConsumer2.receive(1000L);
        Assertions.assertNotNull(receive);
        Assertions.assertEquals(randomString, receive.getBodyBuffer().readString());
        addClientConsumer2.close();
        addClientSession.start();
        ClientMessage receive2 = addClientConsumer.receive(1000L);
        Assertions.assertNotNull(receive2);
        Assertions.assertEquals(randomString, receive2.getBodyBuffer().readString());
    }

    @TestTemplate
    public void testOneWaySSLWithBadClientCipherSuite() throws Exception {
        createCustomSslServer();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "securepass");
        this.tc.getParams().put("enabledCipherSuites", "myBadCipherSuite");
        try {
            createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})));
            Assertions.fail();
        } catch (ActiveMQNotConnectedException e) {
            Assertions.assertTrue(true);
        }
    }

    @TestTemplate
    public void testOneWaySSLWithBadServerCipherSuite() throws Exception {
        createCustomSslServer("myBadCipherSuite", null);
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "securepass");
        try {
            createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})));
            Assertions.fail();
        } catch (ActiveMQNotConnectedException e) {
            Assertions.assertTrue(true);
        }
    }

    @TestTemplate
    public void testOneWaySSLWithMismatchedCipherSuites() throws Exception {
        createCustomSslServer(getEnabledCipherSuites()[0], "TLSv1.2");
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "securepass");
        this.tc.getParams().put("enabledCipherSuites", getEnabledCipherSuites()[1]);
        this.tc.getParams().put("enabledProtocols", "TLSv1.2");
        try {
            createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})));
            Assertions.fail();
        } catch (ActiveMQNotConnectedException e) {
            Assertions.assertTrue(true);
        }
    }

    @TestTemplate
    public void testOneWaySSLWithBadClientProtocol() throws Exception {
        createCustomSslServer();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "securepass");
        this.tc.getParams().put("enabledProtocols", "myBadProtocol");
        try {
            createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})));
            Assertions.fail();
        } catch (ActiveMQNotConnectedException e) {
            Assertions.assertTrue(true);
        }
    }

    @TestTemplate
    public void testOneWaySSLWithBadServerProtocol() throws Exception {
        createCustomSslServer(null, "myBadProtocol");
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "securepass");
        try {
            createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})));
            Assertions.fail();
        } catch (ActiveMQNotConnectedException e) {
            Assertions.assertTrue(true);
        }
    }

    @TestTemplate
    public void testOneWaySSLWithMismatchedProtocols() throws Exception {
        createCustomSslServer(null, "TLSv1");
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "securepass");
        this.tc.getParams().put("enabledProtocols", "TLSv1.2");
        try {
            createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})));
            Assertions.fail();
        } catch (ActiveMQNotConnectedException e) {
            Assertions.assertTrue(true);
        }
    }

    @TestTemplate
    public void testPOODLE() throws Exception {
        createCustomSslServer(null, "SSLv3");
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "securepass");
        this.tc.getParams().put("enabledProtocols", "SSLv3");
        try {
            createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})));
            Assertions.fail();
        } catch (ActiveMQNotConnectedException e) {
            Assertions.assertTrue(true);
        }
    }

    @TestTemplate
    public void testOneWaySSLWithGoodClientCipherSuite() throws Exception {
        createCustomSslServer();
        String randomString = RandomUtil.randomString();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "securepass");
        this.tc.getParams().put("enabledCipherSuites", getSuitableCipherSuite());
        this.tc.getParams().put("enabledProtocols", "TLSv1.2");
        ClientSessionFactory clientSessionFactory = null;
        try {
            clientSessionFactory = createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})));
        } catch (ActiveMQNotConnectedException e) {
            Assertions.fail();
        }
        ClientSession createSession = clientSessionFactory.createSession(false, true, true);
        createSession.createQueue(QueueConfiguration.of(QUEUE).setDurable(false));
        createSession.createProducer(QUEUE).send(createTextMessage(createSession, randomString));
        ClientConsumer createConsumer = createSession.createConsumer(QUEUE);
        createSession.start();
        ClientMessage receive = createConsumer.receive(1000L);
        Assertions.assertNotNull(receive);
        Assertions.assertEquals(randomString, receive.getBodyBuffer().readString());
    }

    @TestTemplate
    public void testOneWaySSLWithGoodServerCipherSuite() throws Exception {
        createCustomSslServer(getSuitableCipherSuite(), null);
        String randomString = RandomUtil.randomString();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "securepass");
        this.tc.getParams().put("enabledProtocols", "TLSv1.2");
        ClientSessionFactory clientSessionFactory = null;
        try {
            clientSessionFactory = createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})));
        } catch (ActiveMQNotConnectedException e) {
            Assertions.fail();
        }
        ClientSession createSession = clientSessionFactory.createSession(false, true, true);
        createSession.createQueue(QueueConfiguration.of(QUEUE).setDurable(false));
        createSession.createProducer(QUEUE).send(createTextMessage(createSession, randomString));
        ClientConsumer createConsumer = createSession.createConsumer(QUEUE);
        createSession.start();
        ClientMessage receive = createConsumer.receive(1000L);
        Assertions.assertNotNull(receive);
        Assertions.assertEquals(randomString, receive.getBodyBuffer().readString());
    }

    @TestTemplate
    public void testOneWaySSLWithGoodClientProtocol() throws Exception {
        createCustomSslServer();
        String randomString = RandomUtil.randomString();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "securepass");
        this.tc.getParams().put("enabledProtocols", "TLSv1.2");
        ClientSessionFactory clientSessionFactory = null;
        try {
            clientSessionFactory = createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})));
            Assertions.assertTrue(true);
        } catch (ActiveMQNotConnectedException e) {
            Assertions.fail();
        }
        ClientSession createSession = clientSessionFactory.createSession(false, true, true);
        createSession.createQueue(QueueConfiguration.of(QUEUE).setDurable(false));
        createSession.createProducer(QUEUE).send(createTextMessage(createSession, randomString));
        ClientConsumer createConsumer = createSession.createConsumer(QUEUE);
        createSession.start();
        ClientMessage receive = createConsumer.receive(1000L);
        Assertions.assertNotNull(receive);
        Assertions.assertEquals(randomString, receive.getBodyBuffer().readString());
    }

    @TestTemplate
    public void testOneWaySSLWithGoodServerProtocol() throws Exception {
        createCustomSslServer(null, "TLSv1.2");
        String randomString = RandomUtil.randomString();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "securepass");
        ClientSessionFactory clientSessionFactory = null;
        try {
            clientSessionFactory = createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})));
            Assertions.assertTrue(true);
        } catch (ActiveMQNotConnectedException e) {
            Assertions.fail();
        }
        ClientSession createSession = clientSessionFactory.createSession(false, true, true);
        createSession.createQueue(QueueConfiguration.of(QUEUE).setDurable(false));
        createSession.createProducer(QUEUE).send(createTextMessage(createSession, randomString));
        ClientConsumer createConsumer = createSession.createConsumer(QUEUE);
        createSession.start();
        ClientMessage receive = createConsumer.receive(1000L);
        Assertions.assertNotNull(receive);
        Assertions.assertEquals(randomString, receive.getBodyBuffer().readString());
    }

    public String getSuitableCipherSuite() throws Exception {
        String str = "";
        for (String str2 : getEnabledCipherSuites()) {
            String str3 = (String) SSLSupport.getValidProviderAndType(this.storeProvider, this.storeType).getB();
            if (str3 != null && ((str3.equals("JCEKS") && str2.contains("RSA") && !str2.contains("ECDH_")) || (!str3.equals("JCEKS") && !str2.contains("ECDSA") && str2.contains("RSA")))) {
                str = str2;
                break;
            }
        }
        return str;
    }

    public String[] getEnabledCipherSuites() throws Exception {
        Pair validProviderAndType = SSLSupport.getValidProviderAndType(this.storeProvider, this.storeType);
        return new SSLSupport().setKeystoreProvider((String) validProviderAndType.getA()).setKeystoreType((String) validProviderAndType.getB()).setKeystorePath(this.SERVER_SIDE_KEYSTORE).setKeystorePassword("securepass").setTruststoreProvider((String) validProviderAndType.getA()).setTruststoreType((String) validProviderAndType.getB()).setTruststorePath(this.CLIENT_SIDE_TRUSTSTORE).setTruststorePassword("securepass").createContext().createSSLEngine().getEnabledCipherSuites();
    }

    @TestTemplate
    public void testOneWaySSLWithoutTrustStore() throws Exception {
        createCustomSslServer();
        this.tc.getParams().put("sslEnabled", true);
        try {
            createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})));
            Assertions.fail();
        } catch (ActiveMQException e) {
            Assertions.fail("Invalid Exception type:" + e.getType());
        } catch (ActiveMQNotConnectedException e2) {
        }
    }

    @TestTemplate
    public void testOneWaySSLWithIncorrectTrustStorePassword() throws Exception {
        createCustomSslServer();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeProvider);
        this.tc.getParams().put("trustStoreType", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "invalid password");
        try {
            createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})));
            Assertions.fail();
        } catch (ActiveMQNotConnectedException e) {
        } catch (ActiveMQException e2) {
            Assertions.fail("Invalid Exception type:" + e2.getType());
        }
    }

    @TestTemplate
    public void testOneWaySSLWithIncorrectTrustStorePath() throws Exception {
        createCustomSslServer();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStorePath", "incorrect path");
        this.tc.getParams().put("trustStorePassword", "securepass");
        try {
            createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})));
            Assertions.fail();
        } catch (ActiveMQException e) {
            Assertions.fail("Invalid Exception type:" + e.getType());
        } catch (ActiveMQNotConnectedException e2) {
        }
    }

    @TestTemplate
    public void testPlainConnectionToSSLEndpoint() throws Exception {
        createCustomSslServer();
        this.tc.getParams().put("sslEnabled", false);
        try {
            createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})).setCallTimeout(2000L));
            Assertions.fail("expecting exception");
        } catch (ActiveMQConnectionTimedOutException e) {
        } catch (ActiveMQException e2) {
            Assertions.fail("Invalid Exception type:" + e2.getType());
        } catch (ActiveMQNotConnectedException e3) {
        }
    }

    private void createCustomSslServer() throws Exception {
        createCustomSslServer(null, null);
    }

    private void createCustomSslServer(String str, String str2) throws Exception {
        createCustomSslServer(str, str2, false, null);
    }

    private void createCustomSslServer(String str) throws Exception {
        createCustomSslServer(null, null, false, str);
    }

    private void createCustomSslServer(boolean z) throws Exception {
        createCustomSslServer(null, null, z, null);
    }

    private void createCustomSslServer(String str, String str2, boolean z, String str3) throws Exception {
        createCustomSslServer(str, str2, z, str3, null);
    }

    private void createCustomSslServer(String str, String str2, boolean z, String str3, String str4) throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("sslEnabled", true);
        hashMap.put("keyStoreProvider", this.storeProvider);
        hashMap.put("keyStoreType", this.storeType);
        if (str3 != null) {
            hashMap.put("sniHost", str3);
        }
        if (z) {
            hashMap.put("keyStorePath", "unknown-" + this.SERVER_SIDE_KEYSTORE);
        } else {
            hashMap.put("keyStorePath", this.SERVER_SIDE_KEYSTORE);
        }
        hashMap.put("keyStorePassword", "securepass");
        if (this.useKeystoreAlias) {
            hashMap.put("keyStoreAlias", "server");
        }
        hashMap.put("host", "localhost");
        if (str != null) {
            hashMap.put("enabledCipherSuites", str);
        }
        if (str2 != null) {
            hashMap.put("enabledProtocols", str2);
        }
        if (str4 != null) {
            hashMap.put("trustManagerFactoryPlugin", str4);
        }
        this.server = createServer(false, (Configuration) createBasicConfig().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, hashMap, "nettySSL")));
        this.server.start();
        waitForServerToStart(this.server);
        this.tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY);
    }
}
