package com.github.tomakehurst.wiremock.http.ssl;

import com.github.tomakehurst.wiremock.testsupport.TestNotifier;
import java.net.Socket;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.security.auth.x500.X500Principal;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.mockito.BDDMockito;
import org.mockito.Mockito;

/* loaded from: input_file:com/github/tomakehurst/wiremock/http/ssl/CertificateGeneratingX509ExtendedKeyManagerChooseServerAliasDefaultsTest.class */
public class CertificateGeneratingX509ExtendedKeyManagerChooseServerAliasDefaultsTest {
    private final X509ExtendedKeyManager keyManagerMock = (X509ExtendedKeyManager) Mockito.mock(X509ExtendedKeyManager.class);
    private final Socket nonSslSocketMock = (Socket) Mockito.mock(Socket.class);
    private final Socket nullSocket = null;
    private final SSLSocket sslSocketMock = (SSLSocket) Mockito.mock(SSLSocket.class);
    private final SSLSession nonExtendedSslSessionMock = (SSLSession) Mockito.mock(SSLSession.class);
    private final ExtendedSSLSession extendedSslSessionMock = (ExtendedSSLSession) Mockito.mock(ExtendedSSLSession.class);
    private final TestNotifier testNotifier = new TestNotifier();
    private final CertificateGeneratingX509ExtendedKeyManager certificateGeneratingKeyManager = new CertificateGeneratingX509ExtendedKeyManager(this.keyManagerMock, (DynamicKeyStore) Mockito.mock(DynamicKeyStore.class), new ApacheHttpHostNameMatcher(), this.testNotifier);
    private final Principal[] nullPrincipals = null;

    @Test
    public void returnsNullIfDefaultAliasReturnsNull() {
        BDDMockito.given(this.keyManagerMock.chooseServerAlias("RSA", this.nullPrincipals, this.nonSslSocketMock)).willReturn((Object) null);
        Assertions.assertNull(this.certificateGeneratingKeyManager.chooseServerAlias("RSA", this.nullPrincipals, this.nonSslSocketMock));
    }

    @Test
    public void returnsDefaultIfSocketIsNull() {
        BDDMockito.given(this.keyManagerMock.chooseServerAlias("RSA", this.nullPrincipals, this.nullSocket)).willReturn("default_alias");
        Assertions.assertEquals("default_alias", this.certificateGeneratingKeyManager.chooseServerAlias("RSA", this.nullPrincipals, this.nullSocket));
    }

    @Test
    public void returnsDefaultIfSocketIsNotAnAnSSLSocket() {
        BDDMockito.given(this.keyManagerMock.chooseServerAlias("RSA", this.nullPrincipals, this.nonSslSocketMock)).willReturn("default_alias");
        Assertions.assertEquals("default_alias", this.certificateGeneratingKeyManager.chooseServerAlias("RSA", this.nullPrincipals, this.nonSslSocketMock));
    }

    @Test
    public void returnsDefaultIfHandshakeSessionIsNotSupported() {
        BDDMockito.given(this.sslSocketMock.getHandshakeSession()).willThrow(new Throwable[]{new UnsupportedOperationException()});
        Assertions.assertEquals("default_alias", this.certificateGeneratingKeyManager.chooseServerAlias("RSA", this.nullPrincipals, this.sslSocketMock));
        MatcherAssert.assertThat(this.testNotifier.getErrorMessages(), Matchers.contains(new String[]{"Dynamic certificate generation is not supported because your SSL Provider does not support SSLSocket.getHandshakeSession()" + System.lineSeparator() + "All sites will be served using the normal WireMock HTTPS certificate."}));
    }

    @Test
    public void returnsDefaultIfHandshakeSessionIsNotAnAnExtendedSSLSession() {
        BDDMockito.given(this.sslSocketMock.getHandshakeSession()).willReturn(this.nonExtendedSslSessionMock);
        Assertions.assertEquals("default_alias", this.certificateGeneratingKeyManager.chooseServerAlias("RSA", this.nullPrincipals, this.sslSocketMock));
    }

    @Test
    public void returnsDefaultIfGetRequestedServerNamesIsNotSupported() {
        BDDMockito.given(this.extendedSslSessionMock.getRequestedServerNames()).willThrow(new Throwable[]{new UnsupportedOperationException()});
        Assertions.assertEquals("default_alias", this.certificateGeneratingKeyManager.chooseServerAlias("RSA", this.nullPrincipals, this.sslSocketMock));
        MatcherAssert.assertThat(this.testNotifier.getErrorMessages(), Matchers.contains(new String[]{"Dynamic certificate generation is not supported because your SSL Provider does not support ExtendedSSLSession.getRequestedServerNames()" + System.lineSeparator() + "All sites will be served using the normal WireMock HTTPS certificate."}));
    }

    @Test
    public void returnsDefaultIfThereAreNoSNIServerNames() {
        BDDMockito.given(this.extendedSslSessionMock.getRequestedServerNames()).willReturn(Collections.emptyList());
        Assertions.assertEquals("default_alias", this.certificateGeneratingKeyManager.chooseServerAlias("RSA", this.nullPrincipals, this.sslSocketMock));
    }

    @Test
    public void returnsDefaultIfThereAreNoSNIHostNames() {
        BDDMockito.given(this.extendedSslSessionMock.getRequestedServerNames()).willReturn(Collections.singletonList(new SNIServerName(1, new byte[0]) { // from class: com.github.tomakehurst.wiremock.http.ssl.CertificateGeneratingX509ExtendedKeyManagerChooseServerAliasDefaultsTest.1
        }));
        Assertions.assertEquals("default_alias", this.certificateGeneratingKeyManager.chooseServerAlias("RSA", this.nullPrincipals, this.sslSocketMock));
    }

    @Test
    public void returnsDefaultIfAnSNIHostNameMatchesTheDefaultCertificate() {
        BDDMockito.given(this.extendedSslSessionMock.getRequestedServerNames()).willReturn(Arrays.asList(new SNIHostName("example.com"), new SNIHostName("wiremock.org"), new SNIHostName("example.org")));
        BDDMockito.given(this.keyManagerMock.getCertificateChain("default_alias")).willReturn(new X509Certificate[]{certificateWithCn("CN=wiremock.org")});
        Assertions.assertEquals("default_alias", this.certificateGeneratingKeyManager.chooseServerAlias("RSA", this.nullPrincipals, this.sslSocketMock));
    }

    private X509Certificate certificateWithCn(String str) {
        X509Certificate x509Certificate = (X509Certificate) Mockito.mock(X509Certificate.class);
        Mockito.when(x509Certificate.getSubjectX500Principal()).thenReturn(new X500Principal(str));
        return x509Certificate;
    }

    public CertificateGeneratingX509ExtendedKeyManagerChooseServerAliasDefaultsTest() throws Exception {
        Mockito.when(this.keyManagerMock.chooseServerAlias("RSA", this.nullPrincipals, this.sslSocketMock)).thenReturn("default_alias");
        Mockito.when(this.sslSocketMock.getHandshakeSession()).thenReturn(this.extendedSslSessionMock);
    }
}
