package org.apache.cxf.systest.https.conduit;

import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.xml.namespace.QName;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.bus.spring.BusApplicationContext;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.message.Message;
import org.apache.cxf.systest.https.BusServer;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.transport.http.HTTPConduit;
import org.apache.cxf.transport.http.MessageTrustDecider;
import org.apache.cxf.transport.http.URLConnectionInfo;
import org.apache.cxf.transport.http.UntrustedURLConnectionIOException;
import org.apache.cxf.transport.http.auth.DefaultBasicAuthSupplier;
import org.apache.cxf.transport.http.auth.HttpAuthHeader;
import org.apache.cxf.transport.http.auth.HttpAuthSupplier;
import org.apache.cxf.transport.https.HttpsURLConnectionInfo;
import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
import org.apache.hello_world.Greeter;
import org.apache.hello_world.services.SOAPService;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.springframework.context.ApplicationContext;

/* loaded from: input_file:org/apache/cxf/systest/https/conduit/HTTPSConduitTest.class */
public class HTTPSConduitTest extends AbstractBusClientServerTestBase {
    private static final boolean IN_PROCESS = true;
    private static TLSClientParameters tlsClientParameters = new TLSClientParameters();
    private static List<String> servers = new ArrayList();
    private static Map<String, String> addrMap = new TreeMap();
    private final QName serviceName = new QName("http://apache.org/hello_world", "SOAPService");
    private final QName bethalQ = new QName("http://apache.org/hello_world", "Bethal");
    private final QName gordyQ = new QName("http://apache.org/hello_world", "Gordy");
    private final QName tarpinQ = new QName("http://apache.org/hello_world", "Tarpin");
    private final QName poltimQ = new QName("http://apache.org/hello_world", "Poltim");

    /* loaded from: input_file:org/apache/cxf/systest/https/conduit/HTTPSConduitTest$DefaultBusFactory.class */
    class DefaultBusFactory extends SpringBusFactory {
        DefaultBusFactory() {
        }

        public Bus createBus(URL url) {
            Bus createBus = super.createBus(url, true);
            BusFactory.setDefaultBus(createBus);
            BusFactory.setThreadDefaultBus(createBus);
            return createBus;
        }
    }

    /* loaded from: input_file:org/apache/cxf/systest/https/conduit/HTTPSConduitTest$MyBasicAuthSupplier.class */
    public class MyBasicAuthSupplier implements HttpAuthSupplier {
        String realm;
        String user;
        String pass;

        MyBasicAuthSupplier() {
        }

        MyBasicAuthSupplier(String str, String str2, String str3) {
            this.realm = str;
            this.user = str2;
            this.pass = str3;
        }

        public String getAuthorization(AuthorizationPolicy authorizationPolicy, URI uri, Message message, String str) {
            String realm = new HttpAuthHeader(str).getRealm();
            if (this.realm != null && this.realm.equals(realm)) {
                return createUserPass(this.user, this.pass);
            }
            if ("Andromeda".equals(realm)) {
                return createUserPass("Edward", "password");
            }
            if ("Zorantius".equals(realm)) {
                return createUserPass("George", "password");
            }
            if ("Cronus".equals(realm)) {
                return createUserPass("Mary", "password");
            }
            return null;
        }

        private String createUserPass(String str, String str2) {
            return DefaultBasicAuthSupplier.getBasicAuthHeader(str, str2);
        }

        public boolean requiresRequestCaching() {
            return false;
        }
    }

    /* loaded from: input_file:org/apache/cxf/systest/https/conduit/HTTPSConduitTest$MyHttpsTrustDecider.class */
    class MyHttpsTrustDecider extends MessageTrustDecider {
        private String[] trustName;
        private int called;

        MyHttpsTrustDecider(String str) {
            this.trustName = new String[]{str};
        }

        MyHttpsTrustDecider(String[] strArr) {
            this.trustName = strArr;
        }

        public int wasCalled() {
            return this.called;
        }

        public void establishTrust(String str, URLConnectionInfo uRLConnectionInfo, Message message) throws UntrustedURLConnectionIOException {
            this.called += HTTPSConduitTest.IN_PROCESS;
            HttpsURLConnectionInfo httpsURLConnectionInfo = (HttpsURLConnectionInfo) uRLConnectionInfo;
            boolean z = false;
            for (int i = 0; i < this.trustName.length; i += HTTPSConduitTest.IN_PROCESS) {
                z = z || httpsURLConnectionInfo.getPeerPrincipal().toString().contains(new StringBuilder().append("OU=").append(this.trustName[i]).toString());
            }
            if (!z) {
                throw new UntrustedURLConnectionIOException("Peer Principal \"" + httpsURLConnectionInfo.getPeerPrincipal() + "\" does not contain " + getTrustNames());
            }
        }

        private String getTrustNames() {
            StringBuilder sb = new StringBuilder();
            for (int i = 0; i < this.trustName.length; i += HTTPSConduitTest.IN_PROCESS) {
                sb.append("\"OU=");
                sb.append(this.trustName[i]);
                sb.append('\"');
                if (i < this.trustName.length - HTTPSConduitTest.IN_PROCESS) {
                    sb.append(", ");
                }
            }
            return sb.toString();
        }
    }

    public static String getPort(String str) {
        return BusServer.PORTMAP.get(str);
    }

    @BeforeClass
    public static void allocatePorts() {
        BusServer.resetPortMap();
        addrMap.clear();
        addrMap.put("Mortimer", "http://localhost:" + getPort("PORT0") + "/");
        addrMap.put("Tarpin", "https://localhost:" + getPort("PORT1") + "/");
        addrMap.put("Poltim", "https://localhost:" + getPort("PORT2") + "/");
        addrMap.put("Gordy", "https://localhost:" + getPort("PORT3") + "/");
        addrMap.put("Bethal", "https://localhost:" + getPort("PORT4") + "/");
        addrMap.put("Morpit", "https://localhost:" + getPort("PORT5") + "/");
        tlsClientParameters.setDisableCNCheck(true);
        servers.clear();
    }

    public synchronized boolean startServer(String str) {
        if (servers.contains(str)) {
            return true;
        }
        Bus threadDefaultBus = BusFactory.getThreadDefaultBus(false);
        URL resource = Server.class.getResource(str + ".cxf");
        BusFactory.setDefaultBus((Bus) null);
        BusFactory.setThreadDefaultBus((Bus) null);
        boolean launchServer = launchServer(Server.class, null, new String[]{str, addrMap.get(str), resource.toString()}, true);
        if (launchServer) {
            servers.add(str);
        }
        BusFactory.setDefaultBus((Bus) null);
        BusFactory.setThreadDefaultBus(threadDefaultBus);
        return launchServer;
    }

    @AfterClass
    public static void cleanUp() {
        Bus defaultBus = BusFactory.getDefaultBus(false);
        if (defaultBus != null) {
            defaultBus.shutdown(true);
        }
        Bus threadDefaultBus = BusFactory.getThreadDefaultBus(false);
        if (threadDefaultBus != null) {
            threadDefaultBus.shutdown(true);
        }
    }

    public static KeyStore getKeyStore(String str, InputStream inputStream, String str2) throws GeneralSecurityException, IOException {
        String defaultType = str != null ? str : KeyStore.getDefaultType();
        char[] charArray = str2 != null ? str2.toCharArray() : null;
        KeyStore keyStore = KeyStore.getInstance(defaultType);
        keyStore.load(inputStream, charArray);
        return keyStore;
    }

    public static KeyManager[] getKeyManagers(KeyStore keyStore, String str) throws GeneralSecurityException, IOException {
        String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
        char[] charArray = str != null ? str.toCharArray() : null;
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(defaultAlgorithm);
        keyManagerFactory.init(keyStore, charArray);
        return keyManagerFactory.getKeyManagers();
    }

    public static TrustManager[] getTrustManagers(KeyStore keyStore) throws GeneralSecurityException, IOException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    protected void configureProxy(Client client) {
    }

    protected void resetProxyCount() {
    }

    protected void assertProxyRequestCount(int i) {
    }

    @Test
    public void testHttpsBasicConnectionWithConfig() throws Exception {
        startServer("Bethal");
        new DefaultBusFactory().createBus(getClass().getResource("BethalClientConfig.cxf"));
        URL resource = getClass().getResource("greeting.wsdl");
        Assert.assertNotNull("WSDL is null", resource);
        SOAPService sOAPService = new SOAPService(resource, this.serviceName);
        Assert.assertNotNull("Service is null", sOAPService);
        Greeter greeter = (Greeter) sOAPService.getPort(this.bethalQ, Greeter.class);
        Assert.assertNotNull("Port is null", greeter);
        updateAddressPort(greeter, getPort("PORT4"));
        verifyBethalClient(greeter);
    }

    @Test
    public void testGetClientFromSpringContext() throws Exception {
        startServer("Bethal");
        BusFactory.setDefaultBus((Bus) null);
        Greeter greeter = (Greeter) ((ApplicationContext) new DefaultBusFactory().createBus(getClass().getResource("BethalClientBeans.xml")).getExtension(BusApplicationContext.class)).getBean("Bethal");
        updateAddressPort(greeter, getPort("PORT4"));
        verifyBethalClient(greeter);
    }

    private void verifyBethalClient(Greeter greeter) {
        HTTPConduit conduit = ClientProxy.getClient(greeter).getConduit();
        Assert.assertTrue("the httpClientPolicy's autoRedirect should be true", conduit.getClient().isAutoRedirect());
        Assert.assertNotNull("the http conduit's tlsParameters should not be null", conduit.getTlsClientParameters());
        AuthorizationPolicy authorization = conduit.getAuthorization();
        Assert.assertEquals("Set the wrong user name from the configuration", "Betty", authorization.getUserName());
        Assert.assertEquals("Set the wrong pass word form the configuration", "password", authorization.getPassword());
        configureProxy(ClientProxy.getClient(greeter));
        greeter.sayHi();
        greeter.sayHi();
        greeter.sayHi();
        greeter.sayHi();
        String sayHi = greeter.sayHi();
        Assert.assertTrue("Unexpected answer: " + sayHi, "Bonjour from Bethal".equals(sayHi));
        assertProxyRequestCount(0);
    }

    @Test
    public void testHttpsBasicConnection() throws Exception {
        startServer("Bethal");
        URL resource = getClass().getResource("greeting.wsdl");
        Assert.assertNotNull("WSDL is null", resource);
        SOAPService sOAPService = new SOAPService(resource, this.serviceName);
        Assert.assertNotNull("Service is null", sOAPService);
        Greeter greeter = (Greeter) sOAPService.getPort(this.bethalQ, Greeter.class);
        Assert.assertNotNull("Port is null", greeter);
        updateAddressPort(greeter, getPort("PORT4"));
        Client client = ClientProxy.getClient(greeter);
        HTTPConduit conduit = client.getConduit();
        HTTPClientPolicy hTTPClientPolicy = new HTTPClientPolicy();
        hTTPClientPolicy.setAutoRedirect(false);
        AuthorizationPolicy authorizationPolicy = new AuthorizationPolicy();
        authorizationPolicy.setUserName("Betty");
        authorizationPolicy.setPassword("password");
        conduit.setClient(hTTPClientPolicy);
        conduit.setTlsClientParameters(tlsClientParameters);
        conduit.setAuthorization(authorizationPolicy);
        configureProxy(client);
        String sayHi = greeter.sayHi();
        Assert.assertTrue("Unexpected answer: " + sayHi, "Bonjour from Bethal".equals(sayHi));
        assertProxyRequestCount(0);
    }

    @Test
    public void testHttpsRedirectToHttpFail() throws Exception {
        startServer("Mortimer");
        startServer("Poltim");
        URL resource = getClass().getResource("greeting.wsdl");
        Assert.assertNotNull("WSDL is null", resource);
        SOAPService sOAPService = new SOAPService(resource, this.serviceName);
        Assert.assertNotNull("Service is null", sOAPService);
        Greeter greeter = (Greeter) sOAPService.getPort(this.poltimQ, Greeter.class);
        Assert.assertNotNull("Port is null", greeter);
        updateAddressPort(greeter, getPort("PORT2"));
        Client client = ClientProxy.getClient(greeter);
        HTTPConduit conduit = client.getConduit();
        HTTPClientPolicy hTTPClientPolicy = new HTTPClientPolicy();
        hTTPClientPolicy.setAutoRedirect(true);
        conduit.setClient(hTTPClientPolicy);
        conduit.setTlsClientParameters(tlsClientParameters);
        configureProxy(client);
        greeter.sayHi();
        assertProxyRequestCount(IN_PROCESS);
    }

    @Test
    public void testHttpsTrust() throws Exception {
        startServer("Bethal");
        URL resource = getClass().getResource("greeting.wsdl");
        Assert.assertNotNull("WSDL is null", resource);
        SOAPService sOAPService = new SOAPService(resource, this.serviceName);
        Assert.assertNotNull("Service is null", sOAPService);
        Greeter greeter = (Greeter) sOAPService.getPort(this.bethalQ, Greeter.class);
        Assert.assertNotNull("Port is null", greeter);
        updateAddressPort(greeter, getPort("PORT4"));
        Client client = ClientProxy.getClient(greeter);
        HTTPConduit conduit = client.getConduit();
        HTTPClientPolicy hTTPClientPolicy = new HTTPClientPolicy();
        hTTPClientPolicy.setAutoRedirect(false);
        AuthorizationPolicy authorizationPolicy = new AuthorizationPolicy();
        authorizationPolicy.setUserName("Betty");
        authorizationPolicy.setPassword("password");
        conduit.setClient(hTTPClientPolicy);
        conduit.setTlsClientParameters(tlsClientParameters);
        conduit.setAuthorization(authorizationPolicy);
        conduit.setTrustDecider(new MyHttpsTrustDecider("Bethal"));
        configureProxy(client);
        String sayHi = greeter.sayHi();
        Assert.assertTrue("Unexpected answer: " + sayHi, "Bonjour from Bethal".equals(sayHi));
        assertProxyRequestCount(0);
        conduit.setTrustDecider(new MyHttpsTrustDecider("Nobody"));
        try {
            Assert.fail("Unexpected answer from Bethal: " + greeter.sayHi());
        } catch (Exception e) {
        }
        assertProxyRequestCount(0);
    }

    @Test
    public void testHttpsTrustRedirect() throws Exception {
        startServer("Tarpin");
        startServer("Gordy");
        startServer("Bethal");
        URL resource = getClass().getResource("greeting.wsdl");
        Assert.assertNotNull("WSDL is null", resource);
        SOAPService sOAPService = new SOAPService(resource, this.serviceName);
        Assert.assertNotNull("Service is null", sOAPService);
        Greeter greeter = (Greeter) sOAPService.getPort(this.tarpinQ, Greeter.class);
        Assert.assertNotNull("Port is null", greeter);
        updateAddressPort(greeter, getPort("PORT1"));
        HTTPConduit conduit = ClientProxy.getClient(greeter).getConduit();
        HTTPClientPolicy hTTPClientPolicy = new HTTPClientPolicy();
        hTTPClientPolicy.setAutoRedirect(true);
        AuthorizationPolicy authorizationPolicy = new AuthorizationPolicy();
        authorizationPolicy.setUserName("Betty");
        authorizationPolicy.setPassword("password");
        conduit.setClient(hTTPClientPolicy);
        conduit.setTlsClientParameters(tlsClientParameters);
        conduit.setAuthorization(authorizationPolicy);
        MyHttpsTrustDecider myHttpsTrustDecider = new MyHttpsTrustDecider(new String[]{"Tarpin", "Gordy", "Bethal"});
        conduit.setTrustDecider(myHttpsTrustDecider);
        configureProxy(ClientProxy.getClient(greeter));
        String sayHi = greeter.sayHi();
        assertProxyRequestCount(0);
        Assert.assertTrue("Trust Decider wasn't called correctly", 3 == myHttpsTrustDecider.wasCalled());
        Assert.assertTrue("Unexpected answer: " + sayHi, "Bonjour from Bethal".equals(sayHi));
        conduit.getClient().setMaxRetransmits(IN_PROCESS);
        try {
            Assert.fail("Unexpected answer from Tarpin: " + greeter.sayHi());
        } catch (Exception e) {
        }
        assertProxyRequestCount(0);
        conduit.getClient().setMaxRetransmits(-1);
        MyHttpsTrustDecider myHttpsTrustDecider2 = new MyHttpsTrustDecider(new String[]{"Tarpin", "Bethal"});
        conduit.setTrustDecider(myHttpsTrustDecider2);
        try {
            Assert.fail("Unexpected answer from Tarpin: " + greeter.sayHi());
        } catch (Exception e2) {
            Assert.assertTrue("Trust Decider wasn't called correctly", 2 == myHttpsTrustDecider2.wasCalled());
        }
        assertProxyRequestCount(0);
    }

    @Test
    public void testHttpsRedirect401Response() throws Exception {
        startServer("Gordy");
        startServer("Bethal");
        URL resource = getClass().getResource("greeting.wsdl");
        Assert.assertNotNull("WSDL is null", resource);
        SOAPService sOAPService = new SOAPService(resource, this.serviceName);
        Assert.assertNotNull("Service is null", sOAPService);
        Greeter greeter = (Greeter) sOAPService.getPort(this.gordyQ, Greeter.class);
        Assert.assertNotNull("Port is null", greeter);
        updateAddressPort(greeter, getPort("PORT3"));
        HTTPConduit conduit = ClientProxy.getClient(greeter).getConduit();
        HTTPClientPolicy hTTPClientPolicy = new HTTPClientPolicy();
        hTTPClientPolicy.setAutoRedirect(true);
        conduit.setClient(hTTPClientPolicy);
        conduit.setTlsClientParameters(tlsClientParameters);
        conduit.setTrustDecider(new MyHttpsTrustDecider(new String[]{"Gordy", "Bethal"}));
        conduit.setAuthSupplier(new MyBasicAuthSupplier("Cronus", "Betty", "password"));
        String sayHi = greeter.sayHi();
        Assert.assertTrue("Unexpected answer: " + sayHi, "Bonjour from Bethal".equals(sayHi));
        conduit.setAuthSupplier(new MyBasicAuthSupplier());
        try {
            Assert.fail("Unexpected answer from Gordy: " + greeter.sayHi());
        } catch (Exception e) {
        }
    }

    static {
        try {
            InputStream resourceAsStream = ClassLoaderUtils.getResourceAsStream("keys/Morpit.jks", HTTPSConduitTest.class);
            Throwable th = null;
            try {
                InputStream resourceAsStream2 = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", HTTPSConduitTest.class);
                Throwable th2 = null;
                try {
                    try {
                        KeyManager[] keyManagers = getKeyManagers(getKeyStore("JKS", resourceAsStream, "password"), "password");
                        TrustManager[] trustManagers = getTrustManagers(getKeyStore("JKS", resourceAsStream2, "password"));
                        tlsClientParameters.setKeyManagers(keyManagers);
                        tlsClientParameters.setTrustManagers(trustManagers);
                        if (resourceAsStream2 != null) {
                            if (0 != 0) {
                                try {
                                    resourceAsStream2.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                resourceAsStream2.close();
                            }
                        }
                        if (resourceAsStream != null) {
                            if (0 != 0) {
                                try {
                                    resourceAsStream.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                resourceAsStream.close();
                            }
                        }
                    } finally {
                    }
                } catch (Throwable th5) {
                    if (resourceAsStream2 != null) {
                        if (th2 != null) {
                            try {
                                resourceAsStream2.close();
                            } catch (Throwable th6) {
                                th2.addSuppressed(th6);
                            }
                        } else {
                            resourceAsStream2.close();
                        }
                    }
                    throw th5;
                }
            } finally {
            }
        } catch (Exception e) {
            throw new RuntimeException("Static initialization failed", e);
        }
    }
}
