package com.google.bigtable.repackaged.org.apache.http.conn.ssl;

import com.google.bigtable.repackaged.org.apache.http.HttpHost;
import com.google.bigtable.repackaged.org.apache.http.impl.bootstrap.HttpServer;
import com.google.bigtable.repackaged.org.apache.http.impl.bootstrap.SSLServerSetupHandler;
import com.google.bigtable.repackaged.org.apache.http.impl.bootstrap.ServerBootstrap;
import com.google.bigtable.repackaged.org.apache.http.localserver.LocalServerTestBase;
import com.google.bigtable.repackaged.org.apache.http.localserver.SSLTestContexts;
import com.google.bigtable.repackaged.org.apache.http.protocol.BasicHttpContext;
import com.google.bigtable.repackaged.org.apache.http.ssl.SSLContexts;
import com.google.cloud.bigtable.hbase.TestBigtableOptionsFactory;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketTimeoutException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.hamcrest.CoreMatchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/google/bigtable/repackaged/org/apache/http/conn/ssl/TestSSLSocketFactory.class */
public class TestSSLSocketFactory {
    private HttpServer server;

    /* loaded from: input_file:com/google/bigtable/repackaged/org/apache/http/conn/ssl/TestSSLSocketFactory$TestX509HostnameVerifier.class */
    static class TestX509HostnameVerifier implements HostnameVerifier {
        private boolean fired = false;

        TestX509HostnameVerifier() {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            this.fired = true;
            return true;
        }

        public boolean isFired() {
            return this.fired;
        }
    }

    @After
    public void shutDown() throws Exception {
        if (this.server != null) {
            this.server.shutdown(10L, TimeUnit.SECONDS);
        }
    }

    @Test
    public void testBasicSSL() throws Exception {
        this.server = ServerBootstrap.bootstrap().setServerInfo(LocalServerTestBase.ORIGIN).setSslContext(SSLTestContexts.createServerSSLContext()).create();
        this.server.start();
        BasicHttpContext basicHttpContext = new BasicHttpContext();
        TestX509HostnameVerifier testX509HostnameVerifier = new TestX509HostnameVerifier();
        SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(SSLTestContexts.createClientSSLContext(), testX509HostnameVerifier);
        SSLSocket sSLSocket = (SSLSocket) sSLConnectionSocketFactory.connectSocket(0, sSLConnectionSocketFactory.createSocket(basicHttpContext), new HttpHost(TestBigtableOptionsFactory.TEST_HOST, this.server.getLocalPort(), "https"), new InetSocketAddress(TestBigtableOptionsFactory.TEST_HOST, this.server.getLocalPort()), (InetSocketAddress) null, basicHttpContext);
        try {
            Assert.assertNotNull(sSLSocket.getSession());
            Assert.assertTrue(testX509HostnameVerifier.isFired());
            sSLSocket.close();
        } catch (Throwable th) {
            sSLSocket.close();
            throw th;
        }
    }

    @Test
    public void testBasicDefaultHostnameVerifier() throws Exception {
        this.server = ServerBootstrap.bootstrap().setServerInfo(LocalServerTestBase.ORIGIN).setSslContext(SSLTestContexts.createServerSSLContext()).create();
        this.server.start();
        BasicHttpContext basicHttpContext = new BasicHttpContext();
        SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(SSLTestContexts.createClientSSLContext(), SSLConnectionSocketFactory.getDefaultHostnameVerifier());
        SSLSocket sSLSocket = (SSLSocket) sSLConnectionSocketFactory.connectSocket(0, sSLConnectionSocketFactory.createSocket(basicHttpContext), new HttpHost(TestBigtableOptionsFactory.TEST_HOST, this.server.getLocalPort(), "https"), new InetSocketAddress(TestBigtableOptionsFactory.TEST_HOST, this.server.getLocalPort()), (InetSocketAddress) null, basicHttpContext);
        try {
            Assert.assertNotNull(sSLSocket.getSession());
            sSLSocket.close();
        } catch (Throwable th) {
            sSLSocket.close();
            throw th;
        }
    }

    @Test
    public void testClientAuthSSL() throws Exception {
        this.server = ServerBootstrap.bootstrap().setServerInfo(LocalServerTestBase.ORIGIN).setSslContext(SSLTestContexts.createServerSSLContext()).create();
        this.server.start();
        BasicHttpContext basicHttpContext = new BasicHttpContext();
        TestX509HostnameVerifier testX509HostnameVerifier = new TestX509HostnameVerifier();
        SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(SSLTestContexts.createClientSSLContext(), testX509HostnameVerifier);
        SSLSocket sSLSocket = (SSLSocket) sSLConnectionSocketFactory.connectSocket(0, sSLConnectionSocketFactory.createSocket(basicHttpContext), new HttpHost(TestBigtableOptionsFactory.TEST_HOST, this.server.getLocalPort(), "https"), new InetSocketAddress(TestBigtableOptionsFactory.TEST_HOST, this.server.getLocalPort()), (InetSocketAddress) null, basicHttpContext);
        try {
            Assert.assertNotNull(sSLSocket.getSession());
            Assert.assertTrue(testX509HostnameVerifier.isFired());
            sSLSocket.close();
        } catch (Throwable th) {
            sSLSocket.close();
            throw th;
        }
    }

    @Test(expected = IOException.class)
    public void testClientAuthSSLFailure() throws Exception {
        this.server = ServerBootstrap.bootstrap().setServerInfo(LocalServerTestBase.ORIGIN).setSslContext(SSLTestContexts.createServerSSLContext()).setSslSetupHandler(new SSLServerSetupHandler() { // from class: com.google.bigtable.repackaged.org.apache.http.conn.ssl.TestSSLSocketFactory.1
            public void initialize(SSLServerSocket sSLServerSocket) throws SSLException {
                sSLServerSocket.setNeedClientAuth(true);
            }
        }).create();
        this.server.start();
        BasicHttpContext basicHttpContext = new BasicHttpContext();
        TestX509HostnameVerifier testX509HostnameVerifier = new TestX509HostnameVerifier();
        SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(SSLTestContexts.createClientSSLContext(), testX509HostnameVerifier);
        SSLSocket sSLSocket = (SSLSocket) sSLConnectionSocketFactory.connectSocket(0, sSLConnectionSocketFactory.createSocket(basicHttpContext), new HttpHost(TestBigtableOptionsFactory.TEST_HOST, this.server.getLocalPort(), "https"), new InetSocketAddress(TestBigtableOptionsFactory.TEST_HOST, this.server.getLocalPort()), (InetSocketAddress) null, basicHttpContext);
        try {
            Assert.assertEquals(-1L, sSLSocket.getInputStream().read());
            Assert.assertNotNull(sSLSocket.getSession());
            Assert.assertTrue(testX509HostnameVerifier.isFired());
            sSLSocket.close();
        } catch (Throwable th) {
            sSLSocket.close();
            throw th;
        }
    }

    @Test(expected = SSLException.class)
    public void testSSLTrustVerification() throws Exception {
        this.server = ServerBootstrap.bootstrap().setServerInfo(LocalServerTestBase.ORIGIN).setSslContext(SSLTestContexts.createServerSSLContext()).create();
        this.server.start();
        BasicHttpContext basicHttpContext = new BasicHttpContext();
        SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(SSLContexts.createDefault(), NoopHostnameVerifier.INSTANCE);
        ((SSLSocket) sSLConnectionSocketFactory.connectSocket(0, sSLConnectionSocketFactory.createSocket(basicHttpContext), new HttpHost(TestBigtableOptionsFactory.TEST_HOST, this.server.getLocalPort(), "https"), new InetSocketAddress(TestBigtableOptionsFactory.TEST_HOST, this.server.getLocalPort()), (InetSocketAddress) null, basicHttpContext)).close();
    }

    @Test
    public void testSSLTrustVerificationOverrideWithCustsom() throws Exception {
        testSSLTrustVerificationOverride(new TrustStrategy() { // from class: com.google.bigtable.repackaged.org.apache.http.conn.ssl.TestSSLSocketFactory.2
            public boolean isTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                return x509CertificateArr.length == 1;
            }
        });
    }

    @Test
    public void testSSLTrustVerificationOverrideWithTrustSelfSignedStrategy() throws Exception {
        testSSLTrustVerificationOverride(TrustSelfSignedStrategy.INSTANCE);
    }

    @Test
    public void testSSLTrustVerificationOverrideWithTrustAllStrategy() throws Exception {
        testSSLTrustVerificationOverride(TrustAllStrategy.INSTANCE);
    }

    private void testSSLTrustVerificationOverride(TrustStrategy trustStrategy) throws Exception, IOException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException {
        this.server = ServerBootstrap.bootstrap().setServerInfo(LocalServerTestBase.ORIGIN).setSslContext(SSLTestContexts.createServerSSLContext()).create();
        this.server.start();
        BasicHttpContext basicHttpContext = new BasicHttpContext();
        SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(SSLContexts.custom().loadTrustMaterial((KeyStore) null, trustStrategy).build(), NoopHostnameVerifier.INSTANCE);
        ((SSLSocket) sSLConnectionSocketFactory.connectSocket(0, sSLConnectionSocketFactory.createSocket(basicHttpContext), new HttpHost(TestBigtableOptionsFactory.TEST_HOST, this.server.getLocalPort(), "https"), new InetSocketAddress(TestBigtableOptionsFactory.TEST_HOST, this.server.getLocalPort()), (InetSocketAddress) null, basicHttpContext)).close();
    }

    @Test
    public void testTLSOnly() throws Exception {
        this.server = ServerBootstrap.bootstrap().setServerInfo(LocalServerTestBase.ORIGIN).setSslContext(SSLTestContexts.createServerSSLContext()).setSslSetupHandler(new SSLServerSetupHandler() { // from class: com.google.bigtable.repackaged.org.apache.http.conn.ssl.TestSSLSocketFactory.3
            public void initialize(SSLServerSocket sSLServerSocket) throws SSLException {
                sSLServerSocket.setEnabledProtocols(new String[]{"TLSv1"});
            }
        }).create();
        this.server.start();
        BasicHttpContext basicHttpContext = new BasicHttpContext();
        SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(SSLTestContexts.createClientSSLContext());
        Assert.assertNotNull(((SSLSocket) sSLConnectionSocketFactory.connectSocket(0, sSLConnectionSocketFactory.createSocket(basicHttpContext), new HttpHost(TestBigtableOptionsFactory.TEST_HOST, this.server.getLocalPort(), "https"), new InetSocketAddress(TestBigtableOptionsFactory.TEST_HOST, this.server.getLocalPort()), (InetSocketAddress) null, basicHttpContext)).getSession());
    }

    @Test(expected = IOException.class)
    public void testSSLDisabledByDefault() throws Exception {
        this.server = ServerBootstrap.bootstrap().setServerInfo(LocalServerTestBase.ORIGIN).setSslContext(SSLTestContexts.createServerSSLContext()).setSslSetupHandler(new SSLServerSetupHandler() { // from class: com.google.bigtable.repackaged.org.apache.http.conn.ssl.TestSSLSocketFactory.4
            public void initialize(SSLServerSocket sSLServerSocket) throws SSLException {
                sSLServerSocket.setEnabledProtocols(new String[]{"SSLv3"});
            }
        }).create();
        this.server.start();
        BasicHttpContext basicHttpContext = new BasicHttpContext();
        SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(SSLTestContexts.createClientSSLContext());
        sSLConnectionSocketFactory.connectSocket(0, sSLConnectionSocketFactory.createSocket(basicHttpContext), new HttpHost(TestBigtableOptionsFactory.TEST_HOST, this.server.getLocalPort(), "https"), new InetSocketAddress(TestBigtableOptionsFactory.TEST_HOST, this.server.getLocalPort()), (InetSocketAddress) null, basicHttpContext);
    }

    @Test
    public void testSSLTimeout() throws Exception {
        this.server = ServerBootstrap.bootstrap().setServerInfo(LocalServerTestBase.ORIGIN).setSslContext(SSLTestContexts.createServerSSLContext()).create();
        this.server.start();
        BasicHttpContext basicHttpContext = new BasicHttpContext();
        SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(SSLTestContexts.createClientSSLContext());
        Socket createSocket = sSLConnectionSocketFactory.createSocket(basicHttpContext);
        Socket connectSocket = sSLConnectionSocketFactory.connectSocket(0, createSocket, new HttpHost(TestBigtableOptionsFactory.TEST_HOST, this.server.getLocalPort(), "https"), new InetSocketAddress(TestBigtableOptionsFactory.TEST_HOST, this.server.getLocalPort()), (InetSocketAddress) null, basicHttpContext);
        InputStream inputStream = connectSocket.getInputStream();
        try {
            try {
                connectSocket.setSoTimeout(1);
                inputStream.read();
                Assert.fail("SocketTimeoutException expected");
                inputStream.close();
            } catch (SocketTimeoutException e) {
                Assert.assertThat(Boolean.valueOf(connectSocket.isClosed()), CoreMatchers.equalTo(false));
                Assert.assertThat(Boolean.valueOf(createSocket.isClosed()), CoreMatchers.equalTo(false));
                inputStream.close();
            }
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    @Test
    public void testStrongCipherSuites() {
        for (String str : new String[]{"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_GCM_SHA384"}) {
            Assert.assertFalse(SSLConnectionSocketFactory.isWeakCipherSuite(str));
        }
    }

    @Test
    public void testWeakCiphersDisabledByDefault() {
        for (String str : new String[]{"SSL_RSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_DH_anon_WITH_AES_128_CBC_SHA", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_RSA_WITH_NULL_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_DH_anon_WITH_AES_256_GCM_SHA384", "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_NULL_SHA256", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"}) {
            Assert.assertTrue(SSLConnectionSocketFactory.isWeakCipherSuite(str));
            try {
                testWeakCipherDisabledByDefault(str);
                Assert.fail("IOException expected");
            } catch (Exception e) {
                Assert.assertTrue((e instanceof IOException) || (e instanceof IllegalArgumentException));
            }
        }
    }

    private void testWeakCipherDisabledByDefault(final String str) throws Exception {
        this.server = ServerBootstrap.bootstrap().setServerInfo(LocalServerTestBase.ORIGIN).setSslContext(SSLTestContexts.createServerSSLContext()).setSslSetupHandler(new SSLServerSetupHandler() { // from class: com.google.bigtable.repackaged.org.apache.http.conn.ssl.TestSSLSocketFactory.5
            public void initialize(SSLServerSocket sSLServerSocket) {
                sSLServerSocket.setEnabledCipherSuites(new String[]{str});
            }
        }).create();
        this.server.start();
        BasicHttpContext basicHttpContext = new BasicHttpContext();
        SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(SSLTestContexts.createClientSSLContext());
        Socket createSocket = sSLConnectionSocketFactory.createSocket(basicHttpContext);
        try {
            sSLConnectionSocketFactory.connectSocket(0, createSocket, new HttpHost(TestBigtableOptionsFactory.TEST_HOST, this.server.getLocalPort(), "https"), new InetSocketAddress(TestBigtableOptionsFactory.TEST_HOST, this.server.getLocalPort()), (InetSocketAddress) null, basicHttpContext);
            createSocket.close();
        } catch (Throwable th) {
            createSocket.close();
            throw th;
        }
    }
}
