package org.apache.flink.runtime.net;

import java.net.ServerSocket;
import java.util.Arrays;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLServerSocket;
import org.apache.flink.configuration.Configuration;
import org.apache.flink.configuration.SecurityOptions;
import org.apache.flink.runtime.net.SSLUtils;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/flink/runtime/net/SSLUtilsTest.class */
public class SSLUtilsTest {
    private static final String TRUST_STORE_PATH = SSLUtilsTest.class.getResource("/local127.truststore").getFile();
    private static final String KEY_STORE_PATH = SSLUtilsTest.class.getResource("/local127.keystore").getFile();
    private static final String TRUST_STORE_PASSWORD = "password";
    private static final String KEY_STORE_PASSWORD = "password";
    private static final String KEY_PASSWORD = "password";

    @Test
    public void testCreateSSLClientContext() throws Exception {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_ENABLED, true);
        configuration.setString(SecurityOptions.SSL_TRUSTSTORE, "src/test/resources/local127.truststore");
        configuration.setString(SecurityOptions.SSL_TRUSTSTORE_PASSWORD, "password");
        Assert.assertNotNull(SSLUtils.createSSLClientContext(configuration));
    }

    @Test
    public void testCreateSSLClientContextWithSSLDisabled() throws Exception {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_ENABLED, false);
        Assert.assertNull(SSLUtils.createSSLClientContext(configuration));
    }

    @Test
    public void testCreateSSLClientContextMisconfiguration() {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_ENABLED, true);
        configuration.setString(SecurityOptions.SSL_TRUSTSTORE, "src/test/resources/local127.truststore");
        configuration.setString(SecurityOptions.SSL_TRUSTSTORE_PASSWORD, "badpassword");
        try {
            SSLUtils.createSSLClientContext(configuration);
            Assert.fail("SSL client context created even with bad SSL configuration ");
        } catch (Exception e) {
        }
    }

    @Test
    public void testCreateSSLServerContext() throws Exception {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_ENABLED, true);
        configuration.setString(SecurityOptions.SSL_KEYSTORE, "src/test/resources/local127.keystore");
        configuration.setString(SecurityOptions.SSL_KEYSTORE_PASSWORD, "password");
        configuration.setString(SecurityOptions.SSL_KEY_PASSWORD, "password");
        Assert.assertNotNull(SSLUtils.createSSLServerContext(configuration));
    }

    @Test
    public void testCreateSSLServerContextWithSSLDisabled() throws Exception {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_ENABLED, false);
        Assert.assertNull(SSLUtils.createSSLServerContext(configuration));
    }

    @Test
    public void testCreateSSLServerContextMisconfiguration() {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_ENABLED, true);
        configuration.setString(SecurityOptions.SSL_KEYSTORE, "src/test/resources/local127.keystore");
        configuration.setString(SecurityOptions.SSL_KEYSTORE_PASSWORD, "badpassword");
        configuration.setString(SecurityOptions.SSL_KEY_PASSWORD, "badpassword");
        try {
            SSLUtils.createSSLServerContext(configuration);
            Assert.fail("SSL server context created even with bad SSL configuration ");
        } catch (Exception e) {
        }
    }

    @Test
    public void testCreateSSLServerContextWithMultiProtocols() {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_ENABLED, true);
        configuration.setString(SecurityOptions.SSL_KEYSTORE, "src/test/resources/local127.keystore");
        configuration.setString(SecurityOptions.SSL_KEYSTORE_PASSWORD, "password");
        configuration.setString(SecurityOptions.SSL_KEY_PASSWORD, "password");
        configuration.setString(SecurityOptions.SSL_PROTOCOL, "TLSv1,TLSv1.2");
        try {
            SSLUtils.createSSLServerContext(configuration);
            Assert.fail("SSL server context created even with multiple protocols set ");
        } catch (Exception e) {
        }
    }

    @Test
    public void testSetSSLVersionAndCipherSuitesForSSLServerSocket() throws Exception {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_ENABLED, true);
        configuration.setString(SecurityOptions.SSL_KEYSTORE, "src/test/resources/local127.keystore");
        configuration.setString(SecurityOptions.SSL_KEYSTORE_PASSWORD, "password");
        configuration.setString(SecurityOptions.SSL_KEY_PASSWORD, "password");
        configuration.setString(SecurityOptions.SSL_PROTOCOL, "TLSv1.1");
        configuration.setString(SecurityOptions.SSL_ALGORITHMS, "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256");
        SSLUtils.SSLContext createSSLServerContext = SSLUtils.createSSLServerContext(configuration);
        Assert.assertNotNull(createSSLServerContext);
        ServerSocket createServerSocket = createSSLServerContext.getSslContext().getServerSocketFactory().createServerSocket(0);
        Throwable th = null;
        try {
            try {
                String[] enabledProtocols = ((SSLServerSocket) createServerSocket).getEnabledProtocols();
                String[] enabledCipherSuites = ((SSLServerSocket) createServerSocket).getEnabledCipherSuites();
                Assert.assertNotEquals(1L, enabledProtocols.length);
                Assert.assertNotEquals(2L, enabledCipherSuites.length);
                SSLUtils.setSSLVerAndCipherSuites(createServerSocket, configuration);
                String[] enabledProtocols2 = ((SSLServerSocket) createServerSocket).getEnabledProtocols();
                String[] enabledCipherSuites2 = ((SSLServerSocket) createServerSocket).getEnabledCipherSuites();
                Assert.assertEquals(1L, enabledProtocols2.length);
                Assert.assertEquals("TLSv1.1", enabledProtocols2[0]);
                Assert.assertEquals(2L, enabledCipherSuites2.length);
                Assert.assertTrue(enabledCipherSuites2[0].equals("TLS_RSA_WITH_AES_128_CBC_SHA") || enabledCipherSuites2[0].equals("TLS_RSA_WITH_AES_128_CBC_SHA256"));
                Assert.assertTrue(enabledCipherSuites2[1].equals("TLS_RSA_WITH_AES_128_CBC_SHA") || enabledCipherSuites2[1].equals("TLS_RSA_WITH_AES_128_CBC_SHA256"));
                if (createServerSocket != null) {
                    if (0 == 0) {
                        createServerSocket.close();
                        return;
                    }
                    try {
                        createServerSocket.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (createServerSocket != null) {
                if (th != null) {
                    try {
                        createServerSocket.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    createServerSocket.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testSetSSLVersionAndCipherSuitesForSSLEngine() throws Exception {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_ENABLED, true);
        configuration.setString(SecurityOptions.SSL_KEYSTORE, "src/test/resources/local127.keystore");
        configuration.setString(SecurityOptions.SSL_KEYSTORE_PASSWORD, "password");
        configuration.setString(SecurityOptions.SSL_KEY_PASSWORD, "password");
        configuration.setString(SecurityOptions.SSL_PROTOCOL, "TLSv1");
        configuration.setString(SecurityOptions.SSL_ALGORITHMS, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256");
        SSLUtils.SSLContext createSSLServerContext = SSLUtils.createSSLServerContext(configuration);
        Assert.assertNotNull(createSSLServerContext);
        SSLEngine createSSLEngine = createSSLServerContext.getSslContext().createSSLEngine();
        String[] enabledProtocols = createSSLEngine.getEnabledProtocols();
        String[] enabledCipherSuites = createSSLEngine.getEnabledCipherSuites();
        Assert.assertNotEquals(1L, enabledProtocols.length);
        Assert.assertNotEquals(2L, enabledCipherSuites.length);
        SSLUtils.setSSLVerAndCipherSuites(createSSLEngine, configuration);
        String[] enabledProtocols2 = createSSLEngine.getEnabledProtocols();
        String[] enabledCipherSuites2 = createSSLEngine.getEnabledCipherSuites();
        Assert.assertEquals(1L, enabledProtocols2.length);
        Assert.assertEquals("TLSv1", enabledProtocols2[0]);
        Assert.assertEquals(2L, enabledCipherSuites2.length);
        Assert.assertTrue(enabledCipherSuites2[0].equals("TLS_DHE_RSA_WITH_AES_128_CBC_SHA") || enabledCipherSuites2[0].equals("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"));
        Assert.assertTrue(enabledCipherSuites2[1].equals("TLS_DHE_RSA_WITH_AES_128_CBC_SHA") || enabledCipherSuites2[1].equals("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"));
    }

    @Test
    public void testCreateSSLEngineFactory() throws Exception {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_ENABLED, true);
        configuration.setString(SecurityOptions.SSL_KEYSTORE, "src/test/resources/local127.keystore");
        configuration.setString(SecurityOptions.SSL_KEYSTORE_PASSWORD, "password");
        configuration.setString(SecurityOptions.SSL_KEY_PASSWORD, "password");
        configuration.setString(SecurityOptions.SSL_PROTOCOL, "TLSv1");
        configuration.setString(SecurityOptions.SSL_ALGORITHMS, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256");
        SSLEngine createSSLEngine = SSLUtils.createServerSSLEngineFactory(configuration).createSSLEngine();
        Assert.assertThat(Arrays.asList(createSSLEngine.getEnabledProtocols()), Matchers.contains(new String[]{"TLSv1"}));
        Assert.assertThat(Arrays.asList(createSSLEngine.getEnabledCipherSuites()), Matchers.containsInAnyOrder(new String[]{"TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"}));
    }

    public static Configuration createInternalSslConfigWithKeyAndTrustStores() {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_ENABLED, true);
        addInternalKeyStoreConfig(configuration);
        addInternalTrustStoreConfig(configuration);
        return configuration;
    }

    private static void addInternalKeyStoreConfig(Configuration configuration) {
        configuration.setString(SecurityOptions.SSL_KEYSTORE, KEY_STORE_PATH);
        configuration.setString(SecurityOptions.SSL_KEYSTORE_PASSWORD, "password");
        configuration.setString(SecurityOptions.SSL_KEY_PASSWORD, "password");
    }

    private static void addInternalTrustStoreConfig(Configuration configuration) {
        configuration.setString(SecurityOptions.SSL_TRUSTSTORE, TRUST_STORE_PATH);
        configuration.setString(SecurityOptions.SSL_TRUSTSTORE_PASSWORD, "password");
    }
}
