package org.infinispan.server.test.rest.security;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpHead;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.infinispan.arquillian.core.InfinispanResource;
import org.infinispan.arquillian.core.RemoteInfinispanServer;
import org.jboss.arquillian.container.test.api.Config;
import org.jboss.arquillian.container.test.api.ContainerController;
import org.jboss.arquillian.junit.Arquillian;
import org.jboss.arquillian.junit.InSequence;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.security.JBossJSSESecurityDomain;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;

@RunWith(Arquillian.class)
/* loaded from: input_file:org/infinispan/server/test/rest/security/RESTCertSecurityTest.class */
public class RESTCertSecurityTest {
    private static final String SERVER_CONFIG_PROPERTY = "serverConfig";
    private static final String CONFIG_READ_WRITE_SECURED = "testsuite/rest-sec-cert-rw.xml";
    private static final String KEY_A = "a";
    private static final String KEY_B = "b";
    private static final String KEY_C = "c";
    private static final String KEY_D = "d";
    private static final String CONTAINER1 = "rest-security-cert";
    private static final String testAlias = "test";
    private static final String test2Alias = "test2";

    @InfinispanResource(CONTAINER1)
    RemoteInfinispanServer server1;

    @ArquillianResource
    ContainerController controller;

    @Test
    @InSequence(1)
    public void testSecuredWriteOperations() throws Exception {
        try {
            this.controller.start(CONTAINER1);
            put(securedClient(testAlias), keyAddress("a"), 200);
            put(securedClient(test2Alias), keyAddress("b"), 403);
            put(securedClient(testAlias), keyAddressUnsecured("b"), 401);
            post(securedClient(testAlias), keyAddress("c"), 200);
            post(securedClient(test2Alias), keyAddress(KEY_D), 403);
            Assert.assertEquals("data", new BufferedReader(new InputStreamReader(get(securedClient(test2Alias), keyAddressUnsecured("a"), 200).getEntity().getContent())).readLine());
            head(securedClient(test2Alias), keyAddressUnsecured("a"), 200);
            delete(securedClient(test2Alias), keyAddress("a"), 403);
            delete(securedClient(testAlias), keyAddress("a"), 200);
            delete(securedClient(testAlias), keyAddress("c"), 200);
            this.controller.stop(CONTAINER1);
        } catch (Throwable th) {
            this.controller.stop(CONTAINER1);
            throw th;
        }
    }

    @Test
    @InSequence(2)
    public void testSecuredReadWriteOperations() throws Exception {
        try {
            this.controller.start(CONTAINER1, new Config().add(SERVER_CONFIG_PROPERTY, CONFIG_READ_WRITE_SECURED).map());
            put(securedClient(testAlias), keyAddress("a"), 200);
            put(securedClient(test2Alias), keyAddress("b"), 403);
            put(securedClient(testAlias), keyAddressUnsecured("b"), 401);
            post(securedClient(testAlias), keyAddress("c"), 200);
            post(securedClient(test2Alias), keyAddress(KEY_D), 403);
            Assert.assertEquals("data", new BufferedReader(new InputStreamReader(get(securedClient(testAlias), keyAddress("a"), 200).getEntity().getContent())).readLine());
            get(securedClient(test2Alias), keyAddress("a"), 403);
            get(securedClient(testAlias), keyAddressUnsecured("a"), 401);
            head(securedClient(test2Alias), keyAddress("a"), 403);
            head(securedClient(testAlias), keyAddressUnsecured("a"), 401);
            head(securedClient(testAlias), keyAddress("a"), 200);
            delete(securedClient(test2Alias), keyAddress("a"), 403);
            delete(securedClient(testAlias), keyAddress("a"), 200);
            delete(securedClient(testAlias), keyAddress("c"), 200);
            this.controller.stop(CONTAINER1);
        } catch (Throwable th) {
            this.controller.stop(CONTAINER1);
            throw th;
        }
    }

    private String keyAddress(String str) {
        return "https://" + this.server1.getRESTEndpoint().getInetAddress().getHostName() + ":8443" + this.server1.getRESTEndpoint().getContextPath() + "/default/" + str;
    }

    private String keyAddressUnsecured(String str) {
        return "http://" + this.server1.getRESTEndpoint().getInetAddress().getHostName() + ":8080" + this.server1.getRESTEndpoint().getContextPath() + "/default/" + str;
    }

    private HttpResponse put(CloseableHttpClient closeableHttpClient, String str, int i) throws Exception {
        HttpPut httpPut = new HttpPut(str);
        httpPut.setEntity(new StringEntity("data", "UTF-8"));
        CloseableHttpResponse execute = closeableHttpClient.execute(httpPut);
        Assert.assertEquals(i, execute.getStatusLine().getStatusCode());
        return execute;
    }

    private HttpResponse post(CloseableHttpClient closeableHttpClient, String str, int i) throws Exception {
        HttpPost httpPost = new HttpPost(str);
        httpPost.setEntity(new StringEntity("data", "UTF-8"));
        CloseableHttpResponse execute = closeableHttpClient.execute(httpPost);
        Assert.assertEquals(i, execute.getStatusLine().getStatusCode());
        return execute;
    }

    private HttpResponse get(CloseableHttpClient closeableHttpClient, String str, int i) throws Exception {
        CloseableHttpResponse execute = closeableHttpClient.execute(new HttpGet(str));
        Assert.assertEquals(i, execute.getStatusLine().getStatusCode());
        return execute;
    }

    private HttpResponse delete(CloseableHttpClient closeableHttpClient, String str, int i) throws Exception {
        CloseableHttpResponse execute = closeableHttpClient.execute(new HttpDelete(str));
        Assert.assertEquals(i, execute.getStatusLine().getStatusCode());
        return execute;
    }

    private HttpResponse head(CloseableHttpClient closeableHttpClient, String str, int i) throws Exception {
        CloseableHttpResponse execute = closeableHttpClient.execute(new HttpHead(str));
        Assert.assertEquals(i, execute.getStatusLine().getStatusCode());
        return execute;
    }

    public static CloseableHttpClient securedClient(String str) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            JBossJSSESecurityDomain jBossJSSESecurityDomain = new JBossJSSESecurityDomain("client_cert_auth");
            jBossJSSESecurityDomain.setKeyStorePassword("changeit");
            jBossJSSESecurityDomain.setKeyStoreURL(Thread.currentThread().getContextClassLoader().getResource("client.keystore").getPath());
            jBossJSSESecurityDomain.setClientAlias(str);
            jBossJSSESecurityDomain.reloadKeyAndTrustStore();
            sSLContext.init(jBossJSSESecurityDomain.getKeyManagers(), jBossJSSESecurityDomain.getTrustManagers(), null);
            return HttpClients.custom().setConnectionManager(new PoolingHttpClientConnectionManager(RegistryBuilder.create().register("http", new PlainConnectionSocketFactory()).register("https", new SSLConnectionSocketFactory(sSLContext, new X509HostnameVerifier() { // from class: org.infinispan.server.test.rest.security.RESTCertSecurityTest.1
                @Override // org.apache.http.conn.ssl.X509HostnameVerifier
                public void verify(String str2, SSLSocket sSLSocket) throws IOException {
                }

                @Override // org.apache.http.conn.ssl.X509HostnameVerifier
                public void verify(String str2, X509Certificate x509Certificate) throws SSLException {
                }

                @Override // org.apache.http.conn.ssl.X509HostnameVerifier
                public void verify(String str2, String[] strArr, String[] strArr2) throws SSLException {
                }

                @Override // org.apache.http.conn.ssl.X509HostnameVerifier, javax.net.ssl.HostnameVerifier
                public boolean verify(String str2, SSLSession sSLSession) {
                    return true;
                }
            })).build())).build();
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }
}
