package com.datastax.driver.core;

import com.datastax.driver.core.CreateCCM;
import com.datastax.driver.core.SSLTestBase;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import java.net.Socket;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.TrustManagerFactorySpi;
import javax.net.ssl.X509ExtendedTrustManager;
import org.testng.annotations.Test;

@CreateCCM(CreateCCM.TestMode.PER_METHOD)
@CCMConfig(auth = {false})
/* loaded from: input_file:com/datastax/driver/core/Jdk8SSLEncryptionTest.class */
public class Jdk8SSLEncryptionTest extends SSLTestBase {

    /* loaded from: input_file:com/datastax/driver/core/Jdk8SSLEncryptionTest$EngineInspectingTrustManagerFactory.class */
    static class EngineInspectingTrustManagerFactory extends TrustManagerFactory {
        private static final Provider provider = new Provider("", 0.0d, "") { // from class: com.datastax.driver.core.Jdk8SSLEncryptionTest.EngineInspectingTrustManagerFactory.1
        };
        final EngineInspectingTrustManagerFactorySpi spi;

        EngineInspectingTrustManagerFactory(String str, int i) {
            this(new EngineInspectingTrustManagerFactorySpi(str, i));
        }

        private EngineInspectingTrustManagerFactory(EngineInspectingTrustManagerFactorySpi engineInspectingTrustManagerFactorySpi) {
            super(engineInspectingTrustManagerFactorySpi, provider, "EngineInspectingTrustManagerFactory");
            this.spi = engineInspectingTrustManagerFactorySpi;
        }
    }

    /* loaded from: input_file:com/datastax/driver/core/Jdk8SSLEncryptionTest$EngineInspectingTrustManagerFactorySpi.class */
    static class EngineInspectingTrustManagerFactorySpi extends TrustManagerFactorySpi {
        String expectedPeerHost;
        int expectedPeerPort;
        private final TrustManager tm = new X509ExtendedTrustManager() { // from class: com.datastax.driver.core.Jdk8SSLEncryptionTest.EngineInspectingTrustManagerFactorySpi.1
            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
                String peerHost = sSLEngine.getPeerHost();
                int peerPort = sSLEngine.getPeerPort();
                if (peerHost == null || !peerHost.equals(EngineInspectingTrustManagerFactorySpi.this.expectedPeerHost)) {
                    throw new CertificateException(String.format("Expected SSLEngine.getPeerHost() (%s) to equal (%s)", peerHost, EngineInspectingTrustManagerFactorySpi.this.expectedPeerHost));
                }
                if (peerPort != EngineInspectingTrustManagerFactorySpi.this.expectedPeerPort) {
                    throw new CertificateException(String.format("Expected SSLEngine.getPeerPort() (%d) to equal (%d)", Integer.valueOf(peerPort), Integer.valueOf(EngineInspectingTrustManagerFactorySpi.this.expectedPeerPort)));
                }
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
                throw new UnsupportedOperationException("TrustManger is for establishing server trust only.");
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
                throw new UnsupportedOperationException("TrustManger is for establishing server trust only.");
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                throw new UnsupportedOperationException("TrustManger is for establishing server trust only.");
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        };

        EngineInspectingTrustManagerFactorySpi(String str, int i) {
            this.expectedPeerHost = str;
            this.expectedPeerPort = i;
        }

        @Override // javax.net.ssl.TrustManagerFactorySpi
        protected void engineInit(KeyStore keyStore) throws KeyStoreException {
        }

        @Override // javax.net.ssl.TrustManagerFactorySpi
        protected void engineInit(ManagerFactoryParameters managerFactoryParameters) throws InvalidAlgorithmParameterException {
        }

        @Override // javax.net.ssl.TrustManagerFactorySpi
        protected TrustManager[] engineGetTrustManagers() {
            return new TrustManager[]{this.tm};
        }
    }

    @Test(groups = {"short"}, dataProvider = "sslImplementation", dataProviderClass = SSLTestBase.class)
    public void should_pass_peer_address_to_engine(SSLTestBase.SslImplementation sslImplementation) throws Exception {
        EngineInspectingTrustManagerFactory engineInspectingTrustManagerFactory = new EngineInspectingTrustManagerFactory(TestUtils.IP_PREFIX + "1", ccm().getBinaryPort());
        RemoteEndpointAwareJdkSSLOptions remoteEndpointAwareJdkSSLOptions = null;
        switch (sslImplementation) {
            case JDK:
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(null, engineInspectingTrustManagerFactory.getTrustManagers(), new SecureRandom());
                sSLContext.getDefaultSSLParameters().setEndpointIdentificationAlgorithm("HTTPS");
                remoteEndpointAwareJdkSSLOptions = RemoteEndpointAwareJdkSSLOptions.builder().withSSLContext(sSLContext).build();
                break;
            case NETTY_OPENSSL:
                remoteEndpointAwareJdkSSLOptions = new RemoteEndpointAwareNettySSLOptions(SslContextBuilder.forClient().sslProvider(SslProvider.OPENSSL).trustManager(engineInspectingTrustManagerFactory).build());
                break;
        }
        connectWithSSLOptions(remoteEndpointAwareJdkSSLOptions);
    }
}
