package org.apache.cxf.systest.ws.ssl;

import java.io.Closeable;
import java.io.IOException;
import java.net.URL;
import java.security.SecureRandom;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Service;
import org.apache.cxf.Bus;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.configuration.jsse.SSLUtils;
import org.apache.cxf.systest.ws.common.SecurityTestUtil;
import org.apache.cxf.systest.ws.common.UTPasswordCallback;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.example.contract.doubleit.DoubleItPortType;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/cxf/systest/ws/ssl/SSLTest.class */
public class SSLTest extends AbstractBusClientServerTestBase {
    static final String PORT = allocatePort(Server.class);
    static final String PORT2 = allocatePort(Server.class, 2);
    static final String PORT3 = allocatePort(Server.class, 3);
    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");

    /* loaded from: input_file:org/apache/cxf/systest/ws/ssl/SSLTest$DisableCNCheckVerifier.class */
    private static final class DisableCNCheckVerifier implements HostnameVerifier {
        private DisableCNCheckVerifier() {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }
    }

    @BeforeClass
    public static void startServers() throws Exception {
        assertTrue("Server failed to launch", launchServer(Server.class, true));
    }

    public static void cleanup() throws Exception {
        SecurityTestUtil.cleanup();
        stopAllServers();
    }

    @Test
    public void testSSLv3NotAllowed() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SSLTest.class.getResource("client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        System.setProperty("https.protocols", "SSLv3");
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL("https://localhost:" + PORT).openConnection();
        httpsURLConnection.setHostnameVerifier(new DisableCNCheckVerifier());
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(null, SSLUtils.getTrustStoreManagers(false, "jks", SSLTest.class.getResource("../security/Truststore.jks").getPath(), "PKIX", LogUtils.getL7dLogger(SSLTest.class)), new SecureRandom());
        httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
        try {
            httpsURLConnection.connect();
            fail("Failure expected on an SSLv3 connection attempt");
        } catch (IOException e) {
        }
        System.clearProperty("https.protocols");
        createBus.shutdown(true);
    }

    @Test
    public void testSSLv3Allowed() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SSLTest.class.getResource("client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        System.setProperty("https.protocols", "SSLv3");
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL("https://localhost:" + PORT2).openConnection();
        httpsURLConnection.setHostnameVerifier(new DisableCNCheckVerifier());
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(null, SSLUtils.getTrustStoreManagers(false, "jks", SSLTest.class.getResource("../security/Truststore.jks").getPath(), "PKIX", LogUtils.getL7dLogger(SSLTest.class)), new SecureRandom());
        httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
        httpsURLConnection.connect();
        httpsURLConnection.disconnect();
        System.clearProperty("https.protocols");
        createBus.shutdown(true);
    }

    @Test
    public void testClientSSL3NotAllowed() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SSLTest.class.getResource("client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(SSLTest.class.getResource("DoubleItSSL.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItPlaintextPort3"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT3);
        ((BindingProvider) closeable).getRequestContext().put("ws-security.username", "Alice");
        ((BindingProvider) closeable).getRequestContext().put("ws-security.callback-handler", new UTPasswordCallback());
        try {
            closeable.doubleIt(25);
            fail("Failure expected on the client not supporting SSLv3 by default");
        } catch (Exception e) {
        }
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testClientSSL3Allowed() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SSLTest.class.getResource("client-ssl3.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(SSLTest.class.getResource("DoubleItSSL.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItPlaintextPort3"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT3);
        ((BindingProvider) closeable).getRequestContext().put("ws-security.username", "Alice");
        ((BindingProvider) closeable).getRequestContext().put("ws-security.callback-handler", new UTPasswordCallback());
        closeable.doubleIt(25);
        closeable.close();
        createBus.shutdown(true);
    }
}
