package org.apache.flink.runtime.net;

import java.net.ServerSocket;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLServerSocket;
import org.apache.flink.configuration.Configuration;
import org.apache.flink.configuration.IllegalConfigurationException;
import org.apache.flink.configuration.SecurityOptions;
import org.apache.flink.util.TestLogger;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/flink/runtime/net/SSLUtilsTest.class */
public class SSLUtilsTest extends TestLogger {
    private static final String TRUST_STORE_PATH = SSLUtilsTest.class.getResource("/local127.truststore").getFile();
    private static final String KEY_STORE_PATH = SSLUtilsTest.class.getResource("/local127.keystore").getFile();
    private static final String TRUST_STORE_PASSWORD = "password";
    private static final String KEY_STORE_PASSWORD = "password";
    private static final String KEY_PASSWORD = "password";

    @Test
    public void checkEnableSSL() {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_ENABLED, true);
        Assert.assertTrue(SSLUtils.isInternalSSLEnabled(configuration));
        Assert.assertTrue(SSLUtils.isRestSSLEnabled(configuration));
        Configuration configuration2 = new Configuration();
        configuration2.setBoolean(SecurityOptions.SSL_INTERNAL_ENABLED, true);
        configuration2.setBoolean(SecurityOptions.SSL_REST_ENABLED, false);
        Assert.assertTrue(SSLUtils.isInternalSSLEnabled(configuration2));
        Assert.assertFalse(SSLUtils.isRestSSLEnabled(configuration2));
        Configuration configuration3 = new Configuration();
        configuration3.setBoolean(SecurityOptions.SSL_ENABLED, true);
        configuration3.setBoolean(SecurityOptions.SSL_INTERNAL_ENABLED, false);
        configuration3.setBoolean(SecurityOptions.SSL_REST_ENABLED, false);
        Assert.assertFalse(SSLUtils.isInternalSSLEnabled(configuration3));
        Assert.assertFalse(SSLUtils.isRestSSLEnabled(configuration3));
    }

    @Test
    public void testSocketFactoriesWhenSslDisabled() throws Exception {
        Configuration configuration = new Configuration();
        try {
            SSLUtils.createSSLServerSocketFactory(configuration);
            Assert.fail("exception expected");
        } catch (IllegalConfigurationException e) {
        }
        try {
            SSLUtils.createSSLClientSocketFactory(configuration);
            Assert.fail("exception expected");
        } catch (IllegalConfigurationException e2) {
        }
    }

    @Test
    public void testRESTClientSSL() throws Exception {
        Assert.assertNotNull(SSLUtils.createRestClientSSLEngineFactory(createRestSslConfigWithTrustStore()));
    }

    @Test
    public void testRESTClientSSLDisabled() throws Exception {
        Configuration createRestSslConfigWithTrustStore = createRestSslConfigWithTrustStore();
        createRestSslConfigWithTrustStore.setBoolean(SecurityOptions.SSL_REST_ENABLED, false);
        try {
            SSLUtils.createRestClientSSLEngineFactory(createRestSslConfigWithTrustStore);
            Assert.fail("exception expected");
        } catch (IllegalConfigurationException e) {
        }
    }

    @Test
    public void testRESTClientSSLMissingTrustStore() throws Exception {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_REST_ENABLED, true);
        configuration.setString(SecurityOptions.SSL_REST_TRUSTSTORE_PASSWORD, "some password");
        try {
            SSLUtils.createRestClientSSLEngineFactory(configuration);
            Assert.fail("exception expected");
        } catch (IllegalConfigurationException e) {
        }
    }

    @Test
    public void testRESTClientSSLMissingPassword() throws Exception {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_REST_ENABLED, true);
        configuration.setString(SecurityOptions.SSL_REST_TRUSTSTORE, TRUST_STORE_PATH);
        try {
            SSLUtils.createRestClientSSLEngineFactory(configuration);
            Assert.fail("exception expected");
        } catch (IllegalConfigurationException e) {
        }
    }

    @Test
    public void testRESTClientSSLWrongPassword() throws Exception {
        Configuration createRestSslConfigWithTrustStore = createRestSslConfigWithTrustStore();
        createRestSslConfigWithTrustStore.setString(SecurityOptions.SSL_REST_TRUSTSTORE_PASSWORD, "badpassword");
        try {
            SSLUtils.createRestClientSSLEngineFactory(createRestSslConfigWithTrustStore);
            Assert.fail("exception expected");
        } catch (Exception e) {
        }
    }

    @Test
    public void testRESTServerSSL() throws Exception {
        Assert.assertNotNull(SSLUtils.createRestServerSSLEngineFactory(createRestSslConfigWithKeyStore()));
    }

    @Test
    public void testRESTServerSSLDisabled() throws Exception {
        Configuration createRestSslConfigWithKeyStore = createRestSslConfigWithKeyStore();
        createRestSslConfigWithKeyStore.setBoolean(SecurityOptions.SSL_REST_ENABLED, false);
        try {
            SSLUtils.createRestServerSSLEngineFactory(createRestSslConfigWithKeyStore);
            Assert.fail("exception expected");
        } catch (IllegalConfigurationException e) {
        }
    }

    @Test
    public void testRESTServerSSLBadKeystorePassword() {
        Configuration createRestSslConfigWithKeyStore = createRestSslConfigWithKeyStore();
        createRestSslConfigWithKeyStore.setString(SecurityOptions.SSL_REST_KEYSTORE_PASSWORD, "badpassword");
        try {
            SSLUtils.createRestServerSSLEngineFactory(createRestSslConfigWithKeyStore);
            Assert.fail("exception expected");
        } catch (Exception e) {
        }
    }

    @Test
    public void testRESTServerSSLBadKeyPassword() {
        Configuration createRestSslConfigWithKeyStore = createRestSslConfigWithKeyStore();
        createRestSslConfigWithKeyStore.setString(SecurityOptions.SSL_REST_KEY_PASSWORD, "badpassword");
        try {
            SSLUtils.createRestServerSSLEngineFactory(createRestSslConfigWithKeyStore);
            Assert.fail("exception expected");
        } catch (Exception e) {
        }
    }

    @Test
    public void testInternalSSL() throws Exception {
        Configuration createInternalSslConfigWithKeyAndTrustStores = createInternalSslConfigWithKeyAndTrustStores();
        Assert.assertNotNull(SSLUtils.createInternalServerSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores));
        Assert.assertNotNull(SSLUtils.createInternalClientSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores));
    }

    @Test
    public void testInternalSSLDisables() throws Exception {
        Configuration createInternalSslConfigWithKeyAndTrustStores = createInternalSslConfigWithKeyAndTrustStores();
        createInternalSslConfigWithKeyAndTrustStores.setBoolean(SecurityOptions.SSL_INTERNAL_ENABLED, false);
        try {
            SSLUtils.createInternalServerSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores);
            Assert.fail("exception expected");
        } catch (Exception e) {
        }
        try {
            SSLUtils.createInternalClientSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores);
            Assert.fail("exception expected");
        } catch (Exception e2) {
        }
    }

    @Test
    public void testInternalSSLKeyStoreOnly() throws Exception {
        Configuration createInternalSslConfigWithKeyStore = createInternalSslConfigWithKeyStore();
        try {
            SSLUtils.createInternalServerSSLEngineFactory(createInternalSslConfigWithKeyStore);
            Assert.fail("exception expected");
        } catch (Exception e) {
        }
        try {
            SSLUtils.createInternalClientSSLEngineFactory(createInternalSslConfigWithKeyStore);
            Assert.fail("exception expected");
        } catch (Exception e2) {
        }
    }

    @Test
    public void testInternalSSLTrustStoreOnly() throws Exception {
        Configuration createInternalSslConfigWithTrustStore = createInternalSslConfigWithTrustStore();
        try {
            SSLUtils.createInternalServerSSLEngineFactory(createInternalSslConfigWithTrustStore);
            Assert.fail("exception expected");
        } catch (Exception e) {
        }
        try {
            SSLUtils.createInternalClientSSLEngineFactory(createInternalSslConfigWithTrustStore);
            Assert.fail("exception expected");
        } catch (Exception e2) {
        }
    }

    @Test
    public void testInternalSSLWrongKeystorePassword() throws Exception {
        Configuration createInternalSslConfigWithKeyAndTrustStores = createInternalSslConfigWithKeyAndTrustStores();
        createInternalSslConfigWithKeyAndTrustStores.setString(SecurityOptions.SSL_INTERNAL_KEYSTORE_PASSWORD, "badpw");
        try {
            SSLUtils.createInternalServerSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores);
            Assert.fail("exception expected");
        } catch (Exception e) {
        }
        try {
            SSLUtils.createInternalClientSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores);
            Assert.fail("exception expected");
        } catch (Exception e2) {
        }
    }

    @Test
    public void testInternalSSLWrongTruststorePassword() throws Exception {
        Configuration createInternalSslConfigWithKeyAndTrustStores = createInternalSslConfigWithKeyAndTrustStores();
        createInternalSslConfigWithKeyAndTrustStores.setString(SecurityOptions.SSL_INTERNAL_TRUSTSTORE_PASSWORD, "badpw");
        try {
            SSLUtils.createInternalServerSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores);
            Assert.fail("exception expected");
        } catch (Exception e) {
        }
        try {
            SSLUtils.createInternalClientSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores);
            Assert.fail("exception expected");
        } catch (Exception e2) {
        }
    }

    @Test
    public void testInternalSSLWrongKeyPassword() throws Exception {
        Configuration createInternalSslConfigWithKeyAndTrustStores = createInternalSslConfigWithKeyAndTrustStores();
        createInternalSslConfigWithKeyAndTrustStores.setString(SecurityOptions.SSL_INTERNAL_KEY_PASSWORD, "badpw");
        try {
            SSLUtils.createInternalServerSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores);
            Assert.fail("exception expected");
        } catch (Exception e) {
        }
        try {
            SSLUtils.createInternalClientSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores);
            Assert.fail("exception expected");
        } catch (Exception e2) {
        }
    }

    @Test
    public void testSetSSLVersionAndCipherSuitesForSSLServerSocket() throws Exception {
        Configuration createInternalSslConfigWithKeyAndTrustStores = createInternalSslConfigWithKeyAndTrustStores();
        createInternalSslConfigWithKeyAndTrustStores.setString(SecurityOptions.SSL_PROTOCOL, "TLSv1.1");
        createInternalSslConfigWithKeyAndTrustStores.setString(SecurityOptions.SSL_ALGORITHMS, "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256");
        ServerSocket createServerSocket = SSLUtils.createSSLServerSocketFactory(createInternalSslConfigWithKeyAndTrustStores).createServerSocket(0);
        Throwable th = null;
        try {
            try {
                Assert.assertTrue(createServerSocket instanceof SSLServerSocket);
                SSLServerSocket sSLServerSocket = (SSLServerSocket) createServerSocket;
                String[] enabledProtocols = sSLServerSocket.getEnabledProtocols();
                String[] enabledCipherSuites = sSLServerSocket.getEnabledCipherSuites();
                Assert.assertEquals(1L, enabledProtocols.length);
                Assert.assertEquals("TLSv1.1", enabledProtocols[0]);
                Assert.assertEquals(2L, enabledCipherSuites.length);
                Assert.assertThat(enabledCipherSuites, Matchers.arrayContainingInAnyOrder(new String[]{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256"}));
                if (createServerSocket != null) {
                    if (0 == 0) {
                        createServerSocket.close();
                        return;
                    }
                    try {
                        createServerSocket.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (createServerSocket != null) {
                if (th != null) {
                    try {
                        createServerSocket.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    createServerSocket.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testCreateSSLEngineFactory() throws Exception {
        Configuration createInternalSslConfigWithKeyAndTrustStores = createInternalSslConfigWithKeyAndTrustStores();
        createInternalSslConfigWithKeyAndTrustStores.setString(SecurityOptions.SSL_PROTOCOL, "TLSv1");
        createInternalSslConfigWithKeyAndTrustStores.setString(SecurityOptions.SSL_ALGORITHMS, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256");
        SSLEngine createSSLEngine = SSLUtils.createInternalServerSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores).createSSLEngine();
        Assert.assertEquals(1L, createSSLEngine.getEnabledProtocols().length);
        Assert.assertEquals("TLSv1", createSSLEngine.getEnabledProtocols()[0]);
        Assert.assertEquals(2L, createSSLEngine.getEnabledCipherSuites().length);
        Assert.assertThat(createSSLEngine.getEnabledCipherSuites(), Matchers.arrayContainingInAnyOrder(new String[]{"TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"}));
    }

    public static Configuration createRestSslConfigWithKeyStore() {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_REST_ENABLED, true);
        addRestKeyStoreConfig(configuration);
        return configuration;
    }

    public static Configuration createRestSslConfigWithTrustStore() {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_REST_ENABLED, true);
        addRestTrustStoreConfig(configuration);
        return configuration;
    }

    public static Configuration createRestSslConfigWithKeyAndTrustStores() {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_REST_ENABLED, true);
        addRestKeyStoreConfig(configuration);
        addRestTrustStoreConfig(configuration);
        return configuration;
    }

    public static Configuration createInternalSslConfigWithKeyStore() {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_INTERNAL_ENABLED, true);
        addInternalKeyStoreConfig(configuration);
        return configuration;
    }

    public static Configuration createInternalSslConfigWithTrustStore() {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_INTERNAL_ENABLED, true);
        addInternalTrustStoreConfig(configuration);
        return configuration;
    }

    public static Configuration createInternalSslConfigWithKeyAndTrustStores() {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_INTERNAL_ENABLED, true);
        addInternalKeyStoreConfig(configuration);
        addInternalTrustStoreConfig(configuration);
        return configuration;
    }

    private static void addRestKeyStoreConfig(Configuration configuration) {
        configuration.setString(SecurityOptions.SSL_REST_KEYSTORE, KEY_STORE_PATH);
        configuration.setString(SecurityOptions.SSL_REST_KEYSTORE_PASSWORD, "password");
        configuration.setString(SecurityOptions.SSL_REST_KEY_PASSWORD, "password");
    }

    private static void addRestTrustStoreConfig(Configuration configuration) {
        configuration.setString(SecurityOptions.SSL_REST_TRUSTSTORE, TRUST_STORE_PATH);
        configuration.setString(SecurityOptions.SSL_REST_TRUSTSTORE_PASSWORD, "password");
    }

    private static void addInternalKeyStoreConfig(Configuration configuration) {
        configuration.setString(SecurityOptions.SSL_INTERNAL_KEYSTORE, KEY_STORE_PATH);
        configuration.setString(SecurityOptions.SSL_INTERNAL_KEYSTORE_PASSWORD, "password");
        configuration.setString(SecurityOptions.SSL_INTERNAL_KEY_PASSWORD, "password");
    }

    private static void addInternalTrustStoreConfig(Configuration configuration) {
        configuration.setString(SecurityOptions.SSL_INTERNAL_TRUSTSTORE, TRUST_STORE_PATH);
        configuration.setString(SecurityOptions.SSL_INTERNAL_TRUSTSTORE_PASSWORD, "password");
    }
}
