package org.infinispan.server.test.security.rest;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.SocketException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpHead;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.infinispan.arquillian.core.InfinispanResource;
import org.infinispan.arquillian.core.RemoteInfinispanServer;
import org.infinispan.arquillian.core.RunningServer;
import org.infinispan.arquillian.core.WithRunningServer;
import org.jboss.arquillian.junit.Arquillian;
import org.jboss.security.JBossJSSESecurityDomain;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;

@RunWith(Arquillian.class)
/* loaded from: input_file:org/infinispan/server/test/security/rest/RESTCertSecurityIT.class */
public class RESTCertSecurityIT {
    private static final String CONTAINER = "rest-security-cert";
    private static final String KEY_A = "a";
    private static final String KEY_B = "b";
    private static final String KEY_C = "c";
    private static final String KEY_D = "d";
    private static final String client1Alias = "client1";
    private static final String client2Alias = "client2";

    @InfinispanResource(CONTAINER)
    RemoteInfinispanServer server;
    static CloseableHttpClient client1;
    static CloseableHttpClient client2;

    @BeforeClass
    public static void setup() throws Exception {
        client1 = securedClient(client1Alias);
        client2 = securedClient(client2Alias);
    }

    @AfterClass
    public static void tearDown() {
        try {
            client1.close();
        } catch (IOException e) {
        }
        try {
            client2.close();
        } catch (IOException e2) {
        }
    }

    @Ignore
    public void testSecuredReadWriteOperations() throws Exception {
        put(client1, keyAddress("a"), 200);
        put(client2, keyAddress("b"), 403);
        put(client1, keyAddressUnsecured("b"), 401);
        post(client1, keyAddress("c"), 200);
        post(client2, keyAddress(KEY_D), 403);
        Assert.assertEquals("data", new BufferedReader(new InputStreamReader(get(client1, keyAddress("a"), 200).getEntity().getContent())).readLine());
        get(client2, keyAddress("a"), 403);
        get(client1, keyAddressUnsecured("a"), 401);
        head(client2, keyAddress("a"), 403);
        head(client1, keyAddressUnsecured("a"), 401);
        head(client1, keyAddress("a"), 200);
        delete(client2, keyAddress("a"), 403);
        delete(client1, keyAddress("a"), 200);
        delete(client1, keyAddress("c"), 200);
    }

    @Test
    @WithRunningServer({@RunningServer(name = CONTAINER, config = "testsuite/rest-sec-cert.xml")})
    public void testValidCertificateAccess() throws Exception {
        put(client1, keyAddress("a"), 200);
    }

    @Test
    @WithRunningServer({@RunningServer(name = CONTAINER, config = "testsuite/rest-sec-cert.xml")})
    public void testInvalidCertificateAccess() throws Exception {
        put(client2, keyAddress("a"), 403);
    }

    private String keyAddress(String str) {
        return "https://" + this.server.getRESTEndpoint().getInetAddress().getHostName() + ":8443" + this.server.getRESTEndpoint().getContextPath() + "/default/" + str;
    }

    private String keyAddressUnsecured(String str) {
        return "http://" + this.server.getRESTEndpoint().getInetAddress().getHostName() + ":8080" + this.server.getRESTEndpoint().getContextPath() + "/default/" + str;
    }

    private HttpResponse handleIOException(IOException iOException, int i) throws IOException {
        if (i == 403 && ((iOException instanceof SSLHandshakeException) || (iOException instanceof SocketException))) {
            return null;
        }
        throw iOException;
    }

    private HttpResponse put(CloseableHttpClient closeableHttpClient, String str, int i) throws Exception {
        HttpPut httpPut = new HttpPut(str);
        httpPut.setEntity(new StringEntity("data", "UTF-8"));
        try {
            CloseableHttpResponse execute = closeableHttpClient.execute(httpPut);
            Assert.assertEquals(i, execute.getStatusLine().getStatusCode());
            return execute;
        } catch (IOException e) {
            return handleIOException(e, i);
        }
    }

    private HttpResponse post(CloseableHttpClient closeableHttpClient, String str, int i) throws Exception {
        HttpPost httpPost = new HttpPost(str);
        httpPost.setEntity(new StringEntity("data", "UTF-8"));
        CloseableHttpResponse execute = closeableHttpClient.execute(httpPost);
        Assert.assertEquals(i, execute.getStatusLine().getStatusCode());
        return execute;
    }

    private HttpResponse get(CloseableHttpClient closeableHttpClient, String str, int i) throws Exception {
        CloseableHttpResponse execute = closeableHttpClient.execute(new HttpGet(str));
        Assert.assertEquals(i, execute.getStatusLine().getStatusCode());
        return execute;
    }

    private HttpResponse delete(CloseableHttpClient closeableHttpClient, String str, int i) throws Exception {
        CloseableHttpResponse execute = closeableHttpClient.execute(new HttpDelete(str));
        Assert.assertEquals(i, execute.getStatusLine().getStatusCode());
        return execute;
    }

    private HttpResponse head(CloseableHttpClient closeableHttpClient, String str, int i) throws Exception {
        CloseableHttpResponse execute = closeableHttpClient.execute(new HttpHead(str));
        Assert.assertEquals(i, execute.getStatusLine().getStatusCode());
        return execute;
    }

    public static CloseableHttpClient securedClient(String str) throws Exception {
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        JBossJSSESecurityDomain jBossJSSESecurityDomain = new JBossJSSESecurityDomain("client_cert_auth");
        jBossJSSESecurityDomain.setKeyStoreURL(contextClassLoader.getResource("keystore_client.jks").getPath());
        jBossJSSESecurityDomain.setKeyStorePassword("secret");
        jBossJSSESecurityDomain.setClientAlias(str);
        jBossJSSESecurityDomain.setTrustStoreURL(contextClassLoader.getResource("ca.jks").getPath());
        jBossJSSESecurityDomain.setTrustStorePassword("secret");
        jBossJSSESecurityDomain.reloadKeyAndTrustStore();
        sSLContext.init(jBossJSSESecurityDomain.getKeyManagers(), jBossJSSESecurityDomain.getTrustManagers(), null);
        return HttpClients.custom().setConnectionManager(new PoolingHttpClientConnectionManager(RegistryBuilder.create().register("http", new PlainConnectionSocketFactory()).register("https", new SSLConnectionSocketFactory(sSLContext, (str2, sSLSession) -> {
            return true;
        })).build())).build();
    }
}
