package io.airlift.http.server;

import com.google.common.collect.ImmutableSet;
import com.google.common.io.Files;
import com.google.common.io.MoreFiles;
import com.google.common.io.RecursiveDeleteOption;
import com.google.common.io.Resources;
import io.airlift.event.client.NullEventClient;
import io.airlift.node.NodeInfo;
import io.airlift.tracetoken.TraceTokenManager;
import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.concurrent.ExecutionException;
import javax.servlet.http.HttpServlet;
import org.eclipse.jetty.client.HttpClient;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

@Test(singleThreaded = true)
/* loaded from: input_file:io/airlift/http/server/TestHttpServerCipher.class */
public class TestHttpServerCipher {
    private static final String KEY_STORE_PATH = constructKeyStorePath();
    private static final String KEY_STORE_PASSWORD = "airlift";
    public static final String CIPHER_1 = "TLS_RSA_WITH_AES_128_CBC_SHA256";
    public static final String CIPHER_2 = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
    public static final String CIPHER_3 = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
    private File tempDir;

    private static String constructKeyStorePath() {
        try {
            return new File(Resources.getResource("test.keystore").toURI()).getAbsolutePath();
        } catch (URISyntaxException e) {
            throw new RuntimeException(e);
        }
    }

    @BeforeMethod
    public void setup() throws IOException {
        this.tempDir = Files.createTempDir();
    }

    @AfterMethod(alwaysRun = true)
    public void teardown() throws Exception {
        MoreFiles.deleteRecursively(this.tempDir.toPath(), new RecursiveDeleteOption[]{RecursiveDeleteOption.ALLOW_INSECURE});
    }

    @Test
    public void testIncludeCipherEmpty() throws Exception {
        HttpServerConfig httpsIncludedCipherSuites = createHttpServerConfig().setHttpsExcludedCipherSuites("").setHttpsIncludedCipherSuites(" ,   ");
        NodeInfo nodeInfo = new NodeInfo("test");
        HttpServerInfo httpServerInfo = new HttpServerInfo(httpsIncludedCipherSuites, nodeInfo);
        HttpServer createServer = createServer(nodeInfo, httpServerInfo, httpsIncludedCipherSuites);
        try {
            createServer.start();
            URI httpsUri = httpServerInfo.getHttpsUri();
            createClientIncludeCiphers(CIPHER_1).GET(httpsUri);
            createClientIncludeCiphers(CIPHER_2).GET(httpsUri);
            createClientIncludeCiphers(CIPHER_3).GET(httpsUri);
            createServer.stop();
        } catch (Throwable th) {
            createServer.stop();
            throw th;
        }
    }

    @Test
    public void testIncludedCipher() throws Exception {
        HttpServerConfig httpsIncludedCipherSuites = createHttpServerConfig().setHttpsExcludedCipherSuites("").setHttpsIncludedCipherSuites("TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256");
        NodeInfo nodeInfo = new NodeInfo("test");
        HttpServerInfo httpServerInfo = new HttpServerInfo(httpsIncludedCipherSuites, nodeInfo);
        HttpServer createServer = createServer(nodeInfo, httpServerInfo, httpsIncludedCipherSuites);
        try {
            createServer.start();
            URI httpsUri = httpServerInfo.getHttpsUri();
            createClientIncludeCiphers(CIPHER_1).GET(httpsUri);
            createClientIncludeCiphers(CIPHER_2).GET(httpsUri);
            try {
                createClientIncludeCiphers(CIPHER_3).GET(httpsUri);
                Assert.fail("SSL handshake should fail because client included only ciphers the server didn't include");
            } catch (ExecutionException e) {
            }
        } finally {
            createServer.stop();
        }
    }

    @Test
    public void testExcludedCipher() throws Exception {
        HttpServerConfig httpsExcludedCipherSuites = createHttpServerConfig().setHttpsExcludedCipherSuites("TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256");
        NodeInfo nodeInfo = new NodeInfo("test");
        HttpServerInfo httpServerInfo = new HttpServerInfo(httpsExcludedCipherSuites, nodeInfo);
        HttpServer createServer = createServer(nodeInfo, httpServerInfo, httpsExcludedCipherSuites);
        try {
            createServer.start();
            URI httpsUri = httpServerInfo.getHttpsUri();
            createClientIncludeCiphers(new String[0]).GET(httpsUri);
            try {
                createClientIncludeCiphers(CIPHER_1, CIPHER_2).GET(httpsUri);
                Assert.fail("SSL handshake should fail because client included only ciphers the server excluded");
            } catch (ExecutionException e) {
            }
        } finally {
            createServer.stop();
        }
    }

    private HttpServerConfig createHttpServerConfig() {
        return new HttpServerConfig().setHttpEnabled(false).setHttpsEnabled(true).setHttpsPort(0).setKeystorePath(KEY_STORE_PATH).setKeystorePassword(KEY_STORE_PASSWORD).setLogPath(new File(this.tempDir, "http-request.log").getAbsolutePath());
    }

    private static HttpClient createClientIncludeCiphers(String... strArr) throws Exception {
        SslContextFactory.Client client = new SslContextFactory.Client(true);
        client.setIncludeCipherSuites(strArr);
        client.setExcludeCipherSuites(new String[0]);
        client.setKeyStorePath(KEY_STORE_PATH);
        client.setKeyStorePassword(KEY_STORE_PASSWORD);
        HttpClient httpClient = new HttpClient(client);
        httpClient.start();
        return httpClient;
    }

    private static HttpServer createServer(NodeInfo nodeInfo, HttpServerInfo httpServerInfo, HttpServerConfig httpServerConfig) {
        return createServer(new DummyServlet(), nodeInfo, httpServerInfo, httpServerConfig);
    }

    private static HttpServer createServer(HttpServlet httpServlet, NodeInfo nodeInfo, HttpServerInfo httpServerInfo, HttpServerConfig httpServerConfig) {
        HashLoginServiceProvider hashLoginServiceProvider = new HashLoginServiceProvider(httpServerConfig);
        HttpServerProvider httpServerProvider = new HttpServerProvider(httpServerInfo, nodeInfo, httpServerConfig, httpServlet, ImmutableSet.of(new DummyFilter()), ImmutableSet.of(), ImmutableSet.of(), new RequestStats(), new NullEventClient());
        httpServerProvider.setTheAdminServlet(new DummyServlet());
        httpServerProvider.setLoginService(hashLoginServiceProvider.get());
        httpServerProvider.setTokenManager(new TraceTokenManager());
        return httpServerProvider.get();
    }
}
