package org.opensaml.security.httpclient;

import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import net.shibboleth.ext.spring.resource.HTTPResource;
import net.shibboleth.ext.spring.resource.ResourceTestHelper;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.httpclient.HttpClientBuilder;
import net.shibboleth.utilities.java.support.repository.RepositorySupport;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.springframework.core.io.ClassPathResource;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/opensaml/security/httpclient/SecurityEnhancedHTTPResourceTest.class */
public class SecurityEnhancedHTTPResourceTest {
    private final String path = "net/shibboleth/ext/spring/resource/document.xml";
    private final String pathPrefix = "src/test/resources/";
    private final String existsHttps = RepositorySupport.buildHTTPSResourceURL("spring-extensions", "src/test/resources/net/shibboleth/ext/spring/resource/document.xml");
    private final String existsHttp = RepositorySupport.buildHTTPResourceURL("spring-extensions", "src/test/resources/net/shibboleth/ext/spring/resource/document.xml", false);
    private HttpClient client;
    private HttpClientSecurityParameters params;
    private HttpClientSecurityContextHandler handler;

    @BeforeClass
    public void setupClient() throws Exception {
        this.client = new HttpClientBuilder().buildClient();
    }

    @BeforeMethod
    public void setUp() throws ComponentInitializationException {
        this.params = new HttpClientSecurityParameters();
        this.handler = new HttpClientSecurityContextHandler();
        this.handler.setHttpClientSecurityParameters(this.params);
        this.handler.initialize();
    }

    @Test
    public void testNoSecurityAdded() throws IOException, ComponentInitializationException {
        HTTPResource hTTPResource = new HTTPResource(this.client, this.existsHttp);
        hTTPResource.setHttpClientContextHandler(this.handler);
        Assert.assertTrue(ResourceTestHelper.compare(hTTPResource, new ClassPathResource("net/shibboleth/ext/spring/resource/document.xml")));
    }

    @Test
    public void testHostnameRejected() throws IOException, ComponentInitializationException {
        HTTPResource hTTPResource = new HTTPResource(this.client, this.existsHttps);
        hTTPResource.setHttpClientContextHandler(this.handler);
        this.params.setHostnameVerifier(new X509HostnameVerifier() { // from class: org.opensaml.security.httpclient.SecurityEnhancedHTTPResourceTest.1
            @Override // org.apache.http.conn.ssl.X509HostnameVerifier, javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return false;
            }

            @Override // org.apache.http.conn.ssl.X509HostnameVerifier
            public void verify(String str, SSLSocket sSLSocket) throws IOException {
                throw new IOException("Rejecting hostname for test");
            }

            @Override // org.apache.http.conn.ssl.X509HostnameVerifier
            public void verify(String str, X509Certificate x509Certificate) throws SSLException {
                throw new SSLException("Rejecting hostname for test");
            }

            @Override // org.apache.http.conn.ssl.X509HostnameVerifier
            public void verify(String str, String[] strArr, String[] strArr2) throws SSLException {
                throw new SSLException("Rejecting hostname for test");
            }
        });
        Assert.assertFalse(hTTPResource.exists());
    }

    @Test
    public void testBadSSLProtocol() throws IOException, ComponentInitializationException {
        HTTPResource hTTPResource = new HTTPResource(this.client, this.existsHttps);
        hTTPResource.setHttpClientContextHandler(this.handler);
        this.params.setTLSProtocols(Collections.singletonList("SSLv3"));
        Assert.assertFalse(hTTPResource.exists());
    }
}
