package org.apache.activemq.artemis.tests.integration.ssl;

import io.netty.handler.ssl.SslHandler;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.apache.activemq.artemis.api.core.ActiveMQException;
import org.apache.activemq.artemis.api.core.ActiveMQNotConnectedException;
import org.apache.activemq.artemis.api.core.Interceptor;
import org.apache.activemq.artemis.api.core.SimpleString;
import org.apache.activemq.artemis.api.core.TransportConfiguration;
import org.apache.activemq.artemis.api.core.client.ActiveMQClient;
import org.apache.activemq.artemis.api.core.client.ClientConsumer;
import org.apache.activemq.artemis.api.core.client.ClientMessage;
import org.apache.activemq.artemis.api.core.client.ClientSession;
import org.apache.activemq.artemis.core.protocol.core.Packet;
import org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor;
import org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnection;
import org.apache.activemq.artemis.core.server.ActiveMQServer;
import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
import org.apache.activemq.artemis.tests.util.ActiveMQTestBase;
import org.apache.activemq.artemis.utils.RandomUtil;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.class */
public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase {
    public static final SimpleString QUEUE = new SimpleString("QueueOverSSL");
    private String storeType;
    private String SERVER_SIDE_KEYSTORE;
    private String SERVER_SIDE_TRUSTSTORE;
    private String CLIENT_SIDE_TRUSTSTORE;
    private String CLIENT_SIDE_KEYSTORE;
    private final String PASSWORD = "secureexample";
    private ActiveMQServer server;
    private TransportConfiguration tc;

    /* loaded from: input_file:org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest$MyInterceptor.class */
    private class MyInterceptor implements Interceptor {
        private MyInterceptor() {
        }

        public boolean intercept(Packet packet, RemotingConnection remotingConnection) throws ActiveMQException {
            if (packet.getType() != 71) {
                return true;
            }
            try {
                if (remotingConnection.getTransportConnection() instanceof NettyConnection) {
                    System.out.println("Passed through....");
                    SslHandler sslHandler = remotingConnection.getTransportConnection().getChannel().pipeline().get("ssl");
                    Assert.assertNotNull(sslHandler);
                    Assert.assertNotNull(sslHandler.engine().getSession());
                    Assert.assertNotNull(sslHandler.engine().getSession().getPeerCertificateChain());
                }
                return true;
            } catch (SSLPeerUnverifiedException e) {
                Assert.fail(e.getMessage());
                return true;
            }
        }
    }

    @Parameterized.Parameters(name = "storeType={0}")
    public static Collection getParameters() {
        return Arrays.asList(new Object[]{"JCEKS"}, new Object[]{"JKS"});
    }

    public CoreClientOverTwoWaySSLTest(String str) {
        this.storeType = str;
        this.SERVER_SIDE_KEYSTORE = "server-side-keystore." + str.toLowerCase();
        this.SERVER_SIDE_TRUSTSTORE = "server-side-truststore." + str.toLowerCase();
        this.CLIENT_SIDE_TRUSTSTORE = "client-side-truststore." + str.toLowerCase();
        this.CLIENT_SIDE_KEYSTORE = "client-side-keystore." + str.toLowerCase();
    }

    @Test
    public void testTwoWaySSL() throws Exception {
        String randomString = RandomUtil.randomString();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeType);
        this.tc.getParams().put("keyStoreProvider", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "secureexample");
        this.tc.getParams().put("keyStorePath", this.CLIENT_SIDE_KEYSTORE);
        this.tc.getParams().put("keyStorePassword", "secureexample");
        this.server.getRemotingService().addIncomingInterceptor(new MyInterceptor());
        ClientSession createSession = createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc}))).createSession(false, true, true);
        createSession.createQueue(QUEUE, QUEUE, false);
        createSession.createProducer(QUEUE).send(createTextMessage(createSession, randomString));
        ClientConsumer createConsumer = createSession.createConsumer(QUEUE);
        createSession.start();
        ClientMessage receive = createConsumer.receive(1000L);
        Assert.assertNotNull(receive);
        Assert.assertEquals(randomString, receive.getBodyBuffer().readString());
    }

    @Test
    public void testTwoWaySSLVerifyClientHost() throws Exception {
        NettyAcceptor acceptor = this.server.getRemotingService().getAcceptor("nettySSL");
        acceptor.getConfiguration().put("verifyHost", true);
        acceptor.getConfiguration().put("trustStorePath", "verified-" + this.SERVER_SIDE_TRUSTSTORE);
        this.server.getRemotingService().stop(false);
        this.server.getRemotingService().start();
        this.server.getRemotingService().startAcceptors();
        String randomString = RandomUtil.randomString();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeType);
        this.tc.getParams().put("keyStoreProvider", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "secureexample");
        this.tc.getParams().put("keyStorePath", "verified-" + this.CLIENT_SIDE_KEYSTORE);
        this.tc.getParams().put("keyStorePassword", "secureexample");
        this.server.getRemotingService().addIncomingInterceptor(new MyInterceptor());
        ClientSession createSession = createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc}))).createSession(false, true, true);
        createSession.createQueue(QUEUE, QUEUE, false);
        createSession.createProducer(QUEUE).send(createTextMessage(createSession, randomString));
        ClientConsumer createConsumer = createSession.createConsumer(QUEUE);
        createSession.start();
        ClientMessage receive = createConsumer.receive(1000L);
        Assert.assertNotNull(receive);
        Assert.assertEquals(randomString, receive.getBodyBuffer().readString());
    }

    @Test
    public void testTwoWaySSLVerifyClientHostNegative() throws Exception {
        this.server.getRemotingService().getAcceptor("nettySSL").getConfiguration().put("verifyHost", true);
        this.server.getRemotingService().stop(false);
        this.server.getRemotingService().start();
        this.server.getRemotingService().startAcceptors();
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeType);
        this.tc.getParams().put("keyStoreProvider", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "secureexample");
        this.tc.getParams().put("keyStorePath", this.CLIENT_SIDE_KEYSTORE);
        this.tc.getParams().put("keyStorePassword", "secureexample");
        this.server.getRemotingService().addIncomingInterceptor(new MyInterceptor());
        try {
            createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})));
            fail("Creating a session here should fail due to a certificate with a CN that doesn't match the host name.");
        } catch (Exception e) {
        }
    }

    @Test
    public void testTwoWaySSLWithoutClientKeyStore() throws Exception {
        this.tc.getParams().put("sslEnabled", true);
        this.tc.getParams().put("trustStoreProvider", this.storeType);
        this.tc.getParams().put("trustStorePath", this.CLIENT_SIDE_TRUSTSTORE);
        this.tc.getParams().put("trustStorePassword", "secureexample");
        try {
            createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{this.tc})));
            Assert.fail();
        } catch (ActiveMQException e) {
            Assert.fail("Invalid Exception type:" + e.getType());
        } catch (ActiveMQNotConnectedException e2) {
        }
    }

    @Before
    public void setUp() throws Exception {
        super.setUp();
        HashMap hashMap = new HashMap();
        hashMap.put("sslEnabled", true);
        hashMap.put("keyStorePath", this.SERVER_SIDE_KEYSTORE);
        hashMap.put("keyStorePassword", "secureexample");
        hashMap.put("trustStorePath", this.SERVER_SIDE_TRUSTSTORE);
        hashMap.put("trustStorePassword", "secureexample");
        hashMap.put("trustStoreProvider", this.storeType);
        hashMap.put("keyStoreProvider", this.storeType);
        hashMap.put("needClientAuth", true);
        this.server = createServer(false, createBasicConfig().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, hashMap, "nettySSL")));
        this.server.start();
        waitForServerToStart(this.server);
        this.tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY);
    }
}
