package io.airlift.http.server;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import io.airlift.configuration.testing.ConfigAssertions;
import io.airlift.testing.ValidationAssertions;
import io.airlift.units.Duration;
import jakarta.validation.constraints.AssertTrue;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:io/airlift/http/server/TestHttpsConfig.class */
public class TestHttpsConfig {
    @Test
    public void testDefaults() {
        ConfigAssertions.assertRecordedDefaults(((HttpsConfig) ConfigAssertions.recordDefaults(HttpsConfig.class)).setHttpsPort(8443).setSecureRandomAlgorithm((String) null).setHttpsIncludedCipherSuites("").setHttpsExcludedCipherSuites(String.join(",", getJettyDefaultExcludedCiphers())).setSslSessionTimeout(new Duration(4.0d, TimeUnit.HOURS)).setSslSessionCacheSize(10000).setKeystorePath((String) null).setKeystorePassword((String) null).setKeyManagerPassword((String) null).setTrustStorePath((String) null).setTrustStorePassword((String) null).setSslContextRefreshTime(new Duration(1.0d, TimeUnit.MINUTES)).setAutomaticHttpsSharedSecret((String) null).setAutomaticHttpsSharedSecret((String) null));
    }

    @Test
    public void testExplicitPropertyMappings() {
        ConfigAssertions.assertFullMapping(new ImmutableMap.Builder().put("http-server.https.port", "2").put("http-server.https.keystore.path", "/keystore").put("http-server.https.keystore.key", "keystore password").put("http-server.https.keymanager.password", "keymanager password").put("http-server.https.truststore.path", "/truststore").put("http-server.https.truststore.key", "truststore password").put("http-server.https.secure-random-algorithm", "NativePRNG").put("http-server.https.included-cipher", "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA").put("http-server.https.excluded-cipher", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA").put("http-server.https.ssl-session-timeout", "7h").put("http-server.https.ssl-session-cache-size", "456").put("http-server.https.ssl-context.refresh-time", "10m").put("http-server.https.automatic-shared-secret", "automatic-secret").build(), new HttpsConfig().setHttpsPort(2).setHttpsIncludedCipherSuites("TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA").setHttpsExcludedCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA").setSslSessionTimeout(new Duration(7.0d, TimeUnit.HOURS)).setSslSessionCacheSize(456).setKeystorePath("/keystore").setKeystorePassword("keystore password").setKeyManagerPassword("keymanager password").setTrustStorePath("/truststore").setTrustStorePassword("truststore password").setSecureRandomAlgorithm("NativePRNG").setSslContextRefreshTime(new Duration(10.0d, TimeUnit.MINUTES)).setAutomaticHttpsSharedSecret("automatic-secret"));
    }

    @Test
    public void testHttpsConfigurationValidation() {
        ValidationAssertions.assertValidates(new HttpsConfig().setKeystorePath("/test/keystore"));
        ValidationAssertions.assertFailsValidation(new HttpsConfig(), "httpsConfigurationValid", "Keystore path or automatic HTTPS shared secret must be provided when HTTPS is enabled", AssertTrue.class);
    }

    private static List<String> getJettyDefaultExcludedCiphers() {
        return ImmutableList.copyOf(new SslContextFactory.Server().getExcludeCipherSuites());
    }
}
