package co.cask.cdap.security.server;

import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.conf.SConfiguration;
import java.io.FileInputStream;
import java.net.URL;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;

/* loaded from: input_file:co/cask/cdap/security/server/ExternalMTLSAuthenticationServerTest.class */
public class ExternalMTLSAuthenticationServerTest extends ExternalMTLSAuthenticationServerTestBase {
    static final String AUTH_HANDLER_CONFIG_BASE = "security.authentication.handler.";
    static ExternalMTLSAuthenticationServerTest testServer;
    static String validClientCN = "client";

    @BeforeClass
    public static void beforeClass() throws Exception {
        URL resource = ExternalMTLSAuthenticationServerTest.class.getClassLoader().getResource("server-trust.jks");
        URL resource2 = ExternalMTLSAuthenticationServerTest.class.getClassLoader().getResource("server-key.jks");
        URL resource3 = ExternalMTLSAuthenticationServerTest.class.getClassLoader().getResource("realm.properties");
        Assert.assertNotNull(resource);
        Assert.assertNotNull(resource2);
        Assert.assertNotNull(resource3);
        CConfiguration create = CConfiguration.create();
        SConfiguration create2 = SConfiguration.create();
        create.set("security.auth.server.bind.address", "127.0.0.1");
        create.set("ssl.external.enabled", "true");
        create.set("security.auth.server.ssl.bind.port", "0");
        create.set("security.auth.server.bind.port", "1");
        create.set(AUTH_HANDLER_CONFIG_BASE.concat("ClassName"), "co.cask.cdap.security.server.CertificateAuthenticationHandler");
        create.set(AUTH_HANDLER_CONFIG_BASE.concat("realmfile"), resource3.getPath());
        create.set("security.auth.server.ssl.truststore.path", resource.getPath());
        create.set("security.auth.server.ssl.truststore.password", "secret");
        create.set("security.auth.server.ssl.truststore.type", "JKS");
        create.set("security.auth.server.ssl.keystore.path", resource2.getPath());
        create2.set("security.auth.server.ssl.keystore.path", resource2.getPath());
        create2.set("security.auth.server.ssl.keystore.password", "secret");
        create2.set("security.auth.server.ssl.keystore.keypassword", "secret");
        create2.set("security.auth.server.ssl.keystore.type", "JKS");
        configuration = create;
        sConfiguration = create2;
        testServer = new ExternalMTLSAuthenticationServerTest();
        testServer.setup();
    }

    @AfterClass
    public static void afterClass() throws Exception {
        testServer.tearDown();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // co.cask.cdap.security.server.ExternalAuthenticationServerTestBase
    public String getProtocol() {
        return "https";
    }

    @Override // co.cask.cdap.security.server.ExternalMTLSAuthenticationServerTestBase
    protected KeyManager[] getInvalidKeyManagers() throws Exception {
        URL resource = ExternalMTLSAuthenticationServerTest.class.getClassLoader().getResource("invalid-client.jks");
        Assert.assertNotNull(resource);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance("JKS");
        char[] charArray = "secret".toCharArray();
        FileInputStream fileInputStream = new FileInputStream(resource.getPath());
        Throwable th = null;
        try {
            try {
                keyStore.load(fileInputStream, charArray);
                keyManagerFactory.init(keyStore, configuration.get("security.auth.server.ssl.keystore.password", "secret").toCharArray());
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return keyManagerFactory.getKeyManagers();
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    @Override // co.cask.cdap.security.server.ExternalMTLSAuthenticationServerTestBase
    protected KeyManager[] getKeyManagers() throws Exception {
        URL resource = ExternalMTLSAuthenticationServerTest.class.getClassLoader().getResource("client-key.jks");
        Assert.assertNotNull(resource);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance("JKS");
        char[] charArray = "secret".toCharArray();
        FileInputStream fileInputStream = new FileInputStream(resource.getPath());
        Throwable th = null;
        try {
            try {
                keyStore.load(fileInputStream, charArray);
                keyManagerFactory.init(keyStore, configuration.get("security.auth.server.ssl.keystore.password", "secret").toCharArray());
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return keyManagerFactory.getKeyManagers();
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    @Override // co.cask.cdap.security.server.ExternalMTLSAuthenticationServerTestBase
    protected TrustManager[] getTrustManagers() throws Exception {
        return new TrustManager[]{new X509TrustManager() { // from class: co.cask.cdap.security.server.ExternalMTLSAuthenticationServerTest.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }
        }};
    }

    @Override // co.cask.cdap.security.server.ExternalAuthenticationServerTestBase
    protected Map<String, String> getAuthRequestHeader() throws Exception {
        return null;
    }

    @Override // co.cask.cdap.security.server.ExternalAuthenticationServerTestBase
    protected String getAuthenticatedUserName() throws Exception {
        return validClientCN;
    }
}
