package co.cask.cdap.security.server;

import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.utils.Networks;
import java.net.URL;
import java.security.SecureRandom;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.scheme.SchemeSocketFactory;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.BasicClientConnectionManager;
import org.eclipse.jetty.plus.jaas.spi.PropertyFileLoginModule;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:co/cask/cdap/security/server/ExternalMTLSAuthenticationServerTestBase.class */
public abstract class ExternalMTLSAuthenticationServerTestBase extends ExternalAuthenticationServerTestBase {
    protected abstract KeyManager[] getInvalidKeyManagers() throws Exception;

    protected abstract KeyManager[] getKeyManagers() throws Exception;

    protected abstract TrustManager[] getTrustManagers() throws Exception;

    @Override // co.cask.cdap.security.server.ExternalAuthenticationServerTestBase
    protected CConfiguration getConfiguration(CConfiguration cConfiguration) {
        cConfiguration.set("ssl.external.enabled", Boolean.TRUE.toString());
        cConfiguration.setInt("security.auth.server.bind.port", Networks.getRandomPort());
        cConfiguration.setInt("security.auth.server.ssl.bind.port", Networks.getRandomPort());
        cConfiguration.set("security.authentication.handlerClassName", CertificateAuthenticationHandler.class.getName());
        cConfiguration.set("security.authentication.loginmodule.className", PropertyFileLoginModule.class.getName());
        cConfiguration.set("security.authentication.handler.".concat("debug"), "true");
        cConfiguration.set("security.authentication.handler.".concat("hostname"), "localhost");
        URL resource = ExternalMTLSAuthenticationServerTestBase.class.getClassLoader().getResource("test.keytab");
        Assert.assertNotNull(resource);
        cConfiguration.set("cdap.master.kerberos.keytab", resource.getPath());
        cConfiguration.set("cdap.master.kerberos.principal", "test_principal");
        return cConfiguration;
    }

    @Override // co.cask.cdap.security.server.ExternalAuthenticationServerTestBase
    protected void startExternalAuthenticationServer() throws Exception {
    }

    @Override // co.cask.cdap.security.server.ExternalAuthenticationServerTestBase
    protected void stopExternalAuthenticationServer() throws Exception {
    }

    @Override // co.cask.cdap.security.server.ExternalAuthenticationServerTestBase
    protected HttpClient getHTTPClient() throws Exception {
        return getHTTPClient(getKeyManagers(), getTrustManagers());
    }

    private HttpClient getHTTPClient(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) throws Exception {
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(keyManagerArr, trustManagerArr, new SecureRandom());
        Scheme scheme = new Scheme("https", getAuthServerPort(), (SchemeSocketFactory) new SSLSocketFactory(sSLContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER));
        SchemeRegistry schemeRegistry = new SchemeRegistry();
        schemeRegistry.register(scheme);
        return new DefaultHttpClient((ClientConnectionManager) new BasicClientConnectionManager(schemeRegistry));
    }

    @Override // co.cask.cdap.security.server.ExternalAuthenticationServerTestBase
    @Test
    public void testInvalidAuthentication() throws Exception {
        Assert.assertEquals(403L, getHTTPClient(getInvalidKeyManagers(), getTrustManagers()).execute(new HttpGet(String.format("%s://%s:%d/%s", getProtocol(), getServer().getSocketAddress().getAddress().getHostAddress(), Integer.valueOf(getServer().getSocketAddress().getPort()), "token"))).getStatusLine().getStatusCode());
    }

    @Test
    public void testInvalidClientCertForStatusEndpoint() throws Exception {
        Assert.assertEquals(200L, getHTTPClient(getInvalidKeyManagers(), getTrustManagers()).execute(new HttpGet(String.format("%s://%s:%d/%s", getProtocol(), getServer().getSocketAddress().getAddress().getHostAddress(), Integer.valueOf(getServer().getSocketAddress().getPort()), "/status"))).getStatusLine().getStatusCode());
    }

    @Test
    public void testMissingClientCertAuthentication() throws Exception {
        Assert.assertEquals(403L, getHTTPClient(null, getTrustManagers()).execute(new HttpGet(String.format("%s://%s:%d/%s", getProtocol(), getServer().getSocketAddress().getAddress().getHostAddress(), Integer.valueOf(getServer().getSocketAddress().getPort()), "token"))).getStatusLine().getStatusCode());
    }
}
