package com.github.tomakehurst.wiremock.http;

import com.github.tomakehurst.wiremock.client.WireMock;
import com.github.tomakehurst.wiremock.common.ProxySettings;
import com.github.tomakehurst.wiremock.common.ssl.KeyStoreSettings;
import com.github.tomakehurst.wiremock.core.WireMockConfiguration;
import com.github.tomakehurst.wiremock.crypto.InMemoryKeyStore;
import com.github.tomakehurst.wiremock.crypto.Secret;
import com.github.tomakehurst.wiremock.crypto.X509CertificateSpecification;
import com.github.tomakehurst.wiremock.crypto.X509CertificateVersion;
import com.github.tomakehurst.wiremock.global.GlobalSettingsHolder;
import com.github.tomakehurst.wiremock.junit.WireMockRule;
import com.github.tomakehurst.wiremock.stubbing.ServeEvent;
import com.github.tomakehurst.wiremock.stubbing.StubMapping;
import com.github.tomakehurst.wiremock.verification.LoggedRequest;
import java.io.File;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import org.hamcrest.MatcherAssert;
import org.hamcrest.core.StringContains;
import org.hamcrest.core.StringStartsWith;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;

/* loaded from: input_file:com/github/tomakehurst/wiremock/http/ProxyResponseRendererTest.class */
public class ProxyResponseRendererTest {

    @Rule
    public WireMockRule origin = new WireMockRule(WireMockConfiguration.options().httpDisabled(true).dynamicHttpsPort().keystorePath(generateKeystore().getAbsolutePath()));
    private final ProxyResponseRenderer proxyResponseRenderer = buildProxyResponseRenderer(false);

    @Test
    public void acceptsAnyCertificateForStandardProxying() {
        this.origin.stubFor(WireMock.get("/proxied").willReturn(WireMock.aResponse().withBody("Result")));
        Assert.assertEquals(this.proxyResponseRenderer.render(reverseProxyServeEvent("/proxied")).getBodyAsString(), "Result");
    }

    @Test
    public void rejectsSelfSignedCertificateForForwardProxyingByDefault() {
        this.origin.stubFor(WireMock.get("/proxied").willReturn(WireMock.aResponse().withBody("Result")));
        Response render = this.proxyResponseRenderer.render(forwardProxyServeEvent("/proxied"));
        Assert.assertEquals(500L, render.getStatus());
        MatcherAssert.assertThat(render.getBodyAsString(), StringStartsWith.startsWith("SSL failure trying to make a proxied request from WireMock to " + this.origin.url("/proxied")));
        MatcherAssert.assertThat(render.getBodyAsString(), StringContains.containsString("unable to find valid certification path to requested target"));
    }

    @Test
    public void acceptsSelfSignedCertificateForForwardProxyingIfTrustAllProxyTargets() {
        ProxyResponseRenderer buildProxyResponseRenderer = buildProxyResponseRenderer(true);
        this.origin.stubFor(WireMock.get("/proxied").willReturn(WireMock.aResponse().withBody("Result")));
        Assert.assertEquals(buildProxyResponseRenderer.render(forwardProxyServeEvent("/proxied")).getBodyAsString(), "Result");
    }

    private ServeEvent reverseProxyServeEvent(String str) {
        return serveEvent(str, false);
    }

    private ServeEvent forwardProxyServeEvent(String str) {
        return serveEvent(str, true);
    }

    private ServeEvent serveEvent(String str, boolean z) {
        LoggedRequest loggedRequest = new LoggedRequest(str, this.origin.url(str), RequestMethod.GET, "127.0.0.1", new HttpHeaders(), new HashMap(), z, new Date(), new byte[0], (Collection) null);
        ResponseDefinition build = WireMock.aResponse().proxiedFrom(this.origin.baseUrl()).build();
        build.setOriginalRequest(loggedRequest);
        return ServeEvent.of(loggedRequest, build, new StubMapping());
    }

    private File generateKeystore() throws Exception {
        InMemoryKeyStore inMemoryKeyStore = new InMemoryKeyStore(InMemoryKeyStore.KeyStoreType.JKS, new Secret("password"));
        X509CertificateSpecification x509CertificateSpecification = new X509CertificateSpecification(X509CertificateVersion.V3, "CN=localhost", "CN=wiremock.org", new Date(), new Date(System.currentTimeMillis() + 31536000000L));
        KeyPair generateKeyPair = generateKeyPair();
        inMemoryKeyStore.addPrivateKey("wiremock", generateKeyPair, x509CertificateSpecification.certificateFor(generateKeyPair));
        File createTempFile = File.createTempFile("wiremock-test", "keystore");
        inMemoryKeyStore.saveAs(createTempFile);
        return createTempFile;
    }

    private KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024);
        return keyPairGenerator.generateKeyPair();
    }

    private ProxyResponseRenderer buildProxyResponseRenderer(boolean z) {
        return new ProxyResponseRenderer(ProxySettings.NO_PROXY, KeyStoreSettings.NO_STORE, false, (String) null, new GlobalSettingsHolder(), z, Collections.emptyList());
    }
}
