package co.cask.cdap.security.tools;

import co.cask.http.AbstractHttpHandler;
import co.cask.http.HttpHandler;
import co.cask.http.HttpResponder;
import co.cask.http.NettyHttpService;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.codec.http.HttpResponseStatus;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.URL;
import java.security.KeyStore;
import javax.net.ssl.HttpsURLConnection;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:co/cask/cdap/security/tools/HttpsEnablerTest.class */
public class HttpsEnablerTest {

    /* loaded from: input_file:co/cask/cdap/security/tools/HttpsEnablerTest$PingHandler.class */
    public static final class PingHandler extends AbstractHttpHandler {
        @GET
        @Path("/ping")
        public void ping(HttpRequest httpRequest, HttpResponder httpResponder) {
            httpResponder.sendStatus(HttpResponseStatus.OK);
        }
    }

    @Test
    public void testAlwaysTrustedHttpsServer() throws Exception {
        testServer(false, true);
    }

    @Test
    public void testValidHttpsServer() throws Exception {
        testServer(true, false);
    }

    @Test(expected = IOException.class)
    public void testInvalidHttpsServer() throws Exception {
        testServer(false, false);
    }

    @Test
    public void testClientSideAuthentication() throws Exception {
        testClientAuth(true, true);
    }

    @Test(expected = IOException.class)
    public void testInvalidClientAuthentication() throws Exception {
        testClientAuth(true, false);
    }

    @Test(expected = IOException.class)
    public void testMissingClientAuthentication() throws Exception {
        testClientAuth(false, true);
    }

    private void testServer(boolean z, boolean z2) throws Exception {
        String str = "xyz";
        KeyStore generatedCertKeyStore = KeyStores.generatedCertKeyStore(1, "xyz");
        HttpsEnabler httpsEnabler = new HttpsEnabler();
        "xyz".getClass();
        NettyHttpService build = httpsEnabler.setKeyStore(generatedCertKeyStore, str::toCharArray).enable(NettyHttpService.builder("test").setHttpHandlers(new HttpHandler[]{new PingHandler()})).build();
        build.start();
        try {
            InetSocketAddress bindAddress = build.getBindAddress();
            URL url = new URL(String.format("https://%s:%d/ping", bindAddress.getHostName(), Integer.valueOf(bindAddress.getPort())));
            HttpsEnabler httpsEnabler2 = new HttpsEnabler();
            if (z) {
                httpsEnabler2 = httpsEnabler2.setTrustStore(KeyStores.createTrustStore(generatedCertKeyStore));
            }
            Assert.assertEquals(200L, httpsEnabler2.enable((HttpsURLConnection) url.openConnection(), z2).getResponseCode());
            build.stop();
        } catch (Throwable th) {
            build.stop();
            throw th;
        }
    }

    private void testClientAuth(boolean z, boolean z2) throws Exception {
        String str = "abc";
        KeyStore generatedCertKeyStore = KeyStores.generatedCertKeyStore(1, "abc");
        KeyStore generatedCertKeyStore2 = KeyStores.generatedCertKeyStore(1, "abc");
        HttpsEnabler httpsEnabler = new HttpsEnabler();
        "abc".getClass();
        HttpsEnabler keyStore = httpsEnabler.setKeyStore(generatedCertKeyStore, str::toCharArray);
        if (z2) {
            keyStore.setTrustStore(KeyStores.createTrustStore(generatedCertKeyStore2));
        } else {
            keyStore.setTrustStore(KeyStores.createTrustStore(KeyStores.generatedCertKeyStore(1, "abc")));
        }
        NettyHttpService build = keyStore.enable(NettyHttpService.builder("test").setHttpHandlers(new HttpHandler[]{new PingHandler()})).build();
        build.start();
        try {
            InetSocketAddress bindAddress = build.getBindAddress();
            URL url = new URL(String.format("https://%s:%d/ping", bindAddress.getHostName(), Integer.valueOf(bindAddress.getPort())));
            HttpsEnabler httpsEnabler2 = new HttpsEnabler();
            if (z) {
                "abc".getClass();
                httpsEnabler2.setKeyStore(generatedCertKeyStore2, str::toCharArray);
            }
            Assert.assertEquals(200L, httpsEnabler2.enable((HttpsURLConnection) url.openConnection(), true).getResponseCode());
            build.stop();
        } catch (Throwable th) {
            build.stop();
            throw th;
        }
    }
}
