package org.apache.cxf.systest.https.clientauth;

import java.io.Closeable;
import java.io.InputStream;
import java.net.URL;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collection;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.xml.ws.BindingProvider;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.transport.https.InsecureTrustManager;
import org.apache.hello_world.services.SOAPService;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/cxf/systest/https/clientauth/ClientAuthTest.class */
public class ClientAuthTest extends AbstractBusClientServerTestBase {
    static final String PORT = allocatePort(ClientAuthServer.class);
    static final String PORT2 = allocatePort(ClientAuthServer.class, 2);
    final Boolean async;

    /* loaded from: input_file:org/apache/cxf/systest/https/clientauth/ClientAuthTest$DisableCNCheckVerifier.class */
    private static final class DisableCNCheckVerifier implements HostnameVerifier {
        private DisableCNCheckVerifier() {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }
    }

    public ClientAuthTest(Boolean bool) {
        this.async = bool;
    }

    @BeforeClass
    public static void startServers() throws Exception {
        Assert.assertTrue("Server failed to launch", launchServer(ClientAuthServer.class, true));
    }

    @Parameterized.Parameters(name = "{0}")
    public static Collection<Boolean> data() {
        return Arrays.asList(Boolean.FALSE, Boolean.TRUE);
    }

    @AfterClass
    public static void cleanup() throws Exception {
        stopAllServers();
    }

    @Test
    public void testDirectTrust() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(ClientAuthTest.class.getResource("client-auth.xml").toString());
        BusFactory.setDefaultBus(createBus);
        BusFactory.setThreadDefaultBus(createBus);
        SOAPService sOAPService = new SOAPService(SOAPService.WSDL_LOCATION, SOAPService.SERVICE);
        Assert.assertNotNull("Service is null", sOAPService);
        BindingProvider httpsPort = sOAPService.getHttpsPort();
        Assert.assertNotNull("Port is null", httpsPort);
        updateAddressPort(httpsPort, PORT);
        if (this.async.booleanValue()) {
            httpsPort.getRequestContext().put("use.async.http.conduit", true);
        }
        Assert.assertEquals(httpsPort.greetMe("Kitty"), "Hello Kitty");
        ((Closeable) httpsPort).close();
        createBus.shutdown(true);
    }

    @Test
    public void testInvalidDirectTrust() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(ClientAuthTest.class.getResource("client-auth-invalid.xml").toString());
        BusFactory.setDefaultBus(createBus);
        BusFactory.setThreadDefaultBus(createBus);
        SOAPService sOAPService = new SOAPService(SOAPService.WSDL_LOCATION, SOAPService.SERVICE);
        Assert.assertNotNull("Service is null", sOAPService);
        BindingProvider httpsPort = sOAPService.getHttpsPort();
        Assert.assertNotNull("Port is null", httpsPort);
        updateAddressPort(httpsPort, PORT);
        if (this.async.booleanValue()) {
            httpsPort.getRequestContext().put("use.async.http.conduit", true);
        }
        try {
            httpsPort.greetMe("Kitty");
            Assert.fail("Failure expected on an untrusted cert");
        } catch (Exception e) {
        }
        ((Closeable) httpsPort).close();
        createBus.shutdown(true);
    }

    @Test
    public void testNoClientCert() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(ClientAuthTest.class.getResource("client-no-auth.xml").toString());
        BusFactory.setDefaultBus(createBus);
        BusFactory.setThreadDefaultBus(createBus);
        SOAPService sOAPService = new SOAPService(SOAPService.WSDL_LOCATION, SOAPService.SERVICE);
        Assert.assertNotNull("Service is null", sOAPService);
        BindingProvider httpsPort = sOAPService.getHttpsPort();
        Assert.assertNotNull("Port is null", httpsPort);
        updateAddressPort(httpsPort, PORT);
        if (this.async.booleanValue()) {
            httpsPort.getRequestContext().put("use.async.http.conduit", true);
        }
        try {
            httpsPort.greetMe("Kitty");
            Assert.fail("Failure expected on no trusted cert");
        } catch (Exception e) {
        }
        ((Closeable) httpsPort).close();
        createBus.shutdown(true);
    }

    @Test
    @Ignore
    public void testSystemPropertiesWithEmptyKeystoreConfig() throws Exception {
        try {
            System.setProperty("javax.net.ssl.keyStore", "keys/Morpit.jks");
            System.setProperty("javax.net.ssl.keyStorePassword", "password");
            System.setProperty("javax.net.ssl.keyPassword", "password");
            System.setProperty("javax.net.ssl.keyStoreType", "JKS");
            Bus createBus = new SpringBusFactory().createBus(ClientAuthTest.class.getResource("client-no-auth.xml").toString());
            BusFactory.setDefaultBus(createBus);
            BusFactory.setThreadDefaultBus(createBus);
            SOAPService sOAPService = new SOAPService(SOAPService.WSDL_LOCATION, SOAPService.SERVICE);
            Assert.assertNotNull("Service is null", sOAPService);
            BindingProvider httpsPort = sOAPService.getHttpsPort();
            Assert.assertNotNull("Port is null", httpsPort);
            updateAddressPort(httpsPort, PORT);
            if (this.async.booleanValue()) {
                httpsPort.getRequestContext().put("use.async.http.conduit", true);
            }
            Assert.assertEquals(httpsPort.greetMe("Kitty"), "Hello Kitty");
            ((Closeable) httpsPort).close();
            createBus.shutdown(true);
            System.clearProperty("javax.net.ssl.keyStore");
            System.clearProperty("javax.net.ssl.keyStorePassword");
            System.clearProperty("javax.net.ssl.keyPassword");
            System.clearProperty("javax.net.ssl.keyStoreType");
        } catch (Throwable th) {
            System.clearProperty("javax.net.ssl.keyStore");
            System.clearProperty("javax.net.ssl.keyStorePassword");
            System.clearProperty("javax.net.ssl.keyPassword");
            System.clearProperty("javax.net.ssl.keyStoreType");
            throw th;
        }
    }

    @Test
    public void testChainTrust() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(ClientAuthTest.class.getResource("client-auth-chain.xml").toString());
        BusFactory.setDefaultBus(createBus);
        BusFactory.setThreadDefaultBus(createBus);
        SOAPService sOAPService = new SOAPService(SOAPService.WSDL_LOCATION, SOAPService.SERVICE);
        Assert.assertNotNull("Service is null", sOAPService);
        BindingProvider httpsPort = sOAPService.getHttpsPort();
        Assert.assertNotNull("Port is null", httpsPort);
        updateAddressPort(httpsPort, PORT2);
        if (this.async.booleanValue()) {
            httpsPort.getRequestContext().put("use.async.http.conduit", true);
        }
        Assert.assertEquals(httpsPort.greetMe("Kitty"), "Hello Kitty");
        ((Closeable) httpsPort).close();
        createBus.shutdown(true);
    }

    @Test
    public void testInvalidChainTrust() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(ClientAuthTest.class.getResource("client-auth-invalid2.xml").toString());
        BusFactory.setDefaultBus(createBus);
        BusFactory.setThreadDefaultBus(createBus);
        SOAPService sOAPService = new SOAPService(SOAPService.WSDL_LOCATION, SOAPService.SERVICE);
        Assert.assertNotNull("Service is null", sOAPService);
        BindingProvider httpsPort = sOAPService.getHttpsPort();
        Assert.assertNotNull("Port is null", httpsPort);
        updateAddressPort(httpsPort, PORT2);
        if (this.async.booleanValue()) {
            httpsPort.getRequestContext().put("use.async.http.conduit", true);
        }
        try {
            httpsPort.greetMe("Kitty");
            Assert.fail("Failure expected on no trusted cert");
        } catch (Exception e) {
        }
        ((Closeable) httpsPort).close();
        createBus.shutdown(true);
    }

    @Test
    public void testClientInvalidCertChain() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(ClientAuthTest.class.getResource("client-auth-invalid2.xml").toString());
        BusFactory.setDefaultBus(createBus);
        BusFactory.setThreadDefaultBus(createBus);
        SOAPService sOAPService = new SOAPService(SOAPService.WSDL_LOCATION, SOAPService.SERVICE);
        Assert.assertNotNull("Service is null", sOAPService);
        BindingProvider httpsPort = sOAPService.getHttpsPort();
        Assert.assertNotNull("Port is null", httpsPort);
        updateAddressPort(httpsPort, PORT);
        if (this.async.booleanValue()) {
            httpsPort.getRequestContext().put("use.async.http.conduit", true);
        }
        try {
            httpsPort.greetMe("Kitty");
            Assert.fail("Failure expected on no trusted cert");
        } catch (Exception e) {
        }
        ((Closeable) httpsPort).close();
        createBus.shutdown(true);
    }

    @Test
    public void testClientInvalidDirectTrust() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(ClientAuthTest.class.getResource("client-auth-invalid.xml").toString());
        BusFactory.setDefaultBus(createBus);
        BusFactory.setThreadDefaultBus(createBus);
        SOAPService sOAPService = new SOAPService(SOAPService.WSDL_LOCATION, SOAPService.SERVICE);
        Assert.assertNotNull("Service is null", sOAPService);
        BindingProvider httpsPort = sOAPService.getHttpsPort();
        Assert.assertNotNull("Port is null", httpsPort);
        updateAddressPort(httpsPort, PORT2);
        if (this.async.booleanValue()) {
            httpsPort.getRequestContext().put("use.async.http.conduit", true);
        }
        try {
            httpsPort.greetMe("Kitty");
            Assert.fail("Failure expected on no trusted cert");
        } catch (Exception e) {
        }
        ((Closeable) httpsPort).close();
        createBus.shutdown(true);
    }

    @Test
    public void testSSLConnectionUsingJavaAPIs() throws Exception {
        TrustManagerFactory trustManagerFactory;
        KeyStore keyStore;
        Throwable th;
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL("https://localhost:" + PORT).openConnection();
        httpsURLConnection.setHostnameVerifier(new DisableCNCheckVerifier());
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        KeyStore keyStore2 = KeyStore.getInstance("JKS");
        InputStream resourceAsStream = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", ClientAuthTest.class);
        Throwable th2 = null;
        try {
            try {
                keyStore2.load(resourceAsStream, "password".toCharArray());
                if (resourceAsStream != null) {
                    if (0 != 0) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
                trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore2);
                keyStore = KeyStore.getInstance("JKS");
                resourceAsStream = ClassLoaderUtils.getResourceAsStream("keys/Morpit.jks", ClientAuthTest.class);
                th = null;
            } finally {
            }
            try {
                try {
                    keyStore.load(resourceAsStream, "password".toCharArray());
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore, "password".toCharArray());
                    sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
                    httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
                    httpsURLConnection.connect();
                    httpsURLConnection.disconnect();
                } finally {
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testCheckKeyManagersWithCertAlias() throws Exception {
        SOAPService sOAPService = new SOAPService(SOAPService.WSDL_LOCATION, SOAPService.SERVICE);
        Assert.assertNotNull("Service is null", sOAPService);
        TrustManager[] noOpX509TrustManagers = InsecureTrustManager.getNoOpX509TrustManagers();
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        InputStream resourceAsStream = ClassLoaderUtils.getResourceAsStream("keymanagers.jks", getClass());
        Throwable th = null;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(resourceAsStream, "password".toCharArray());
                keyManagerFactory.init(keyStore, "password".toCharArray());
                if (resourceAsStream != null) {
                    if (0 != 0) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
                KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
                TLSClientParameters tLSClientParameters = new TLSClientParameters();
                tLSClientParameters.setKeyManagers(keyManagers);
                tLSClientParameters.setCertAlias("morpit");
                tLSClientParameters.setTrustManagers(noOpX509TrustManagers);
                tLSClientParameters.setDisableCNCheck(true);
                BindingProvider httpsPort = sOAPService.getHttpsPort();
                Assert.assertNotNull("Port is null", httpsPort);
                updateAddressPort(httpsPort, PORT);
                if (this.async.booleanValue()) {
                    httpsPort.getRequestContext().put("use.async.http.conduit", true);
                }
                ClientProxy.getClient(httpsPort).getConduit().setTlsClientParameters(tLSClientParameters);
                Assert.assertEquals(httpsPort.greetMe("Kitty"), "Hello Kitty");
                ((Closeable) httpsPort).close();
                TLSClientParameters tLSClientParameters2 = new TLSClientParameters();
                tLSClientParameters2.setKeyManagers(keyManagers);
                tLSClientParameters2.setCertAlias("alice");
                tLSClientParameters2.setTrustManagers(noOpX509TrustManagers);
                tLSClientParameters2.setDisableCNCheck(true);
                BindingProvider httpsPort2 = sOAPService.getHttpsPort();
                Assert.assertNotNull("Port is null", httpsPort2);
                updateAddressPort(httpsPort2, PORT2);
                if (this.async.booleanValue()) {
                    httpsPort2.getRequestContext().put("use.async.http.conduit", true);
                }
                ClientProxy.getClient(httpsPort2).getConduit().setTlsClientParameters(tLSClientParameters2);
                Assert.assertEquals(httpsPort2.greetMe("Kitty"), "Hello Kitty");
                ((Closeable) httpsPort2).close();
            } finally {
            }
        } catch (Throwable th3) {
            if (resourceAsStream != null) {
                if (th != null) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testDirectTrustUsingKeyManagers() throws Exception {
        TrustManagerFactory trustManagerFactory;
        KeyStore keyStore;
        Throwable th;
        SOAPService sOAPService = new SOAPService(SOAPService.WSDL_LOCATION, SOAPService.SERVICE);
        Assert.assertNotNull("Service is null", sOAPService);
        BindingProvider httpsPort = sOAPService.getHttpsPort();
        Assert.assertNotNull("Port is null", httpsPort);
        updateAddressPort(httpsPort, PORT);
        if (this.async.booleanValue()) {
            httpsPort.getRequestContext().put("use.async.http.conduit", true);
        }
        KeyStore keyStore2 = KeyStore.getInstance("JKS");
        InputStream resourceAsStream = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", ClientAuthTest.class);
        Throwable th2 = null;
        try {
            try {
                keyStore2.load(resourceAsStream, "password".toCharArray());
                if (resourceAsStream != null) {
                    if (0 != 0) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
                trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore2);
                keyStore = KeyStore.getInstance("JKS");
                resourceAsStream = ClassLoaderUtils.getResourceAsStream("keys/Morpit.jks", ClientAuthTest.class);
                th = null;
            } finally {
            }
            try {
                try {
                    keyStore.load(resourceAsStream, "password".toCharArray());
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore, "password".toCharArray());
                    TLSClientParameters tLSClientParameters = new TLSClientParameters();
                    tLSClientParameters.setKeyManagers(keyManagerFactory.getKeyManagers());
                    tLSClientParameters.setTrustManagers(trustManagerFactory.getTrustManagers());
                    tLSClientParameters.setDisableCNCheck(true);
                    ClientProxy.getClient(httpsPort).getConduit().setTlsClientParameters(tLSClientParameters);
                    Assert.assertEquals(httpsPort.greetMe("Kitty"), "Hello Kitty");
                    ((Closeable) httpsPort).close();
                } finally {
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testDirectTrustUsingSSLContext() throws Exception {
        TrustManagerFactory trustManagerFactory;
        KeyStore keyStore;
        Throwable th;
        SOAPService sOAPService = new SOAPService(SOAPService.WSDL_LOCATION, SOAPService.SERVICE);
        Assert.assertNotNull("Service is null", sOAPService);
        BindingProvider httpsPort = sOAPService.getHttpsPort();
        Assert.assertNotNull("Port is null", httpsPort);
        updateAddressPort(httpsPort, PORT);
        if (this.async.booleanValue()) {
            httpsPort.getRequestContext().put("use.async.http.conduit", true);
        }
        KeyStore keyStore2 = KeyStore.getInstance("JKS");
        InputStream resourceAsStream = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", ClientAuthTest.class);
        Throwable th2 = null;
        try {
            try {
                keyStore2.load(resourceAsStream, "password".toCharArray());
                if (resourceAsStream != null) {
                    if (0 != 0) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
                trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore2);
                keyStore = KeyStore.getInstance("JKS");
                resourceAsStream = ClassLoaderUtils.getResourceAsStream("keys/Morpit.jks", ClientAuthTest.class);
                th = null;
            } finally {
            }
            try {
                try {
                    keyStore.load(resourceAsStream, "password".toCharArray());
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore, "password".toCharArray());
                    SSLContext sSLContext = SSLContext.getInstance("TLS");
                    sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
                    TLSClientParameters tLSClientParameters = new TLSClientParameters();
                    tLSClientParameters.setSslContext(sSLContext);
                    tLSClientParameters.setDisableCNCheck(true);
                    ClientProxy.getClient(httpsPort).getConduit().setTlsClientParameters(tLSClientParameters);
                    Assert.assertEquals(httpsPort.greetMe("Kitty"), "Hello Kitty");
                    httpsPort.getRequestContext().put("use.async.http.conduit", true);
                    Assert.assertEquals(httpsPort.greetMe("Kitty"), "Hello Kitty");
                    ((Closeable) httpsPort).close();
                } finally {
                }
            } finally {
            }
        } finally {
        }
    }
}
