package org.apache.qpid.server.transport;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.type.CollectionType;
import java.io.ByteArrayInputStream;
import java.net.InetAddress;
import java.net.SocketAddress;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
import javax.xml.bind.DatatypeConverter;
import org.apache.qpid.server.logging.EventLogger;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.Protocol;
import org.apache.qpid.server.model.Transport;
import org.apache.qpid.server.model.port.AmqpPort;
import org.apache.qpid.test.utils.QpidTestCase;
import org.mockito.Matchers;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/qpid/server/transport/TCPandSSLTransportTest.class */
public class TCPandSSLTransportTest extends QpidTestCase {
    private static final Logger LOGGER = LoggerFactory.getLogger(TCPandSSLTransportTest.class);
    private static String keystoreString = "/u3+7QAAAAIAAAABAAAAAQAKc2VsZnNpZ25lZAAAAUkYmo+uAAAFATCCBP0wDgYKKwYBBAEqAhEBAQUABIIE6bR+b7FHo2BRT/WG+zDIfO8zOXoGIbuNL2znNMnvEp9xwfMQOkhKxEbVtX8uJ7HSwi1VbV2it0CA59sgvRt9awmgg+W1CLgkGKNOB+kQZbjL8R8lXmKibw4yU/EFm5rqDqPEXBRBj40TF0aTGtCCmmLPsH2pGU1wH2Ne/tozk8q7hYK6XMH/i43ZXhS9V2CKzPWrzhXmvjFKCtmYHNLj5nLLE/n0snqAssBoFSAJKmqkqHQBJNQjm4oqJFSISB8pwDX++0kvOMM7j5ryjVwihsCYuHZ6lh5BntDGF41Lf4XADfv3Fma6nZQKfKs0VU2kAWUmjPpyV1FFq/ua4x6SUdZKS22YIQ3t6iO76TDABbQNyUX+Ge4nk6clF8MFswKTT0ug7zjb17d36gwl+UznvFqMSE6Zkrr9nNAcSVlQS+JaazXveiVEXTBYCAZgsNw33KqlLWliAegnwQCQLOguw7bgusnZ/E61/TL8GTryiwN1mltbnsWkCjMj1AGUBM3sYNwbj87VdhijiHJbjcB7q3Dak68khrCTLmqoD43KHBB5g+UMlruXYbE0elWqYpXGjI5cvt4gzfh1V+ira5DOfa4BQskv/dh1uj2xAe1YEvF3xmdO2F6Yuzd88VO0aaPGroYPfRmh2M6rEOlwc2Ku/p23FjSWrLyzori88/OKV4PM2b/NtY51ztTKWR/eUdX6qTPUJMK5CJiOxKGxk9PDtmsbQY685H6QVDKzTkbaPlP97+Oaxv3/2RIWR7KJzsxbqiYhX0fevRJw/RY6ZY3NEE5RAmCjzxD+1qDtu0QM/LspgPxyv5oSInAtT23UBrcNIiQ8jO+6E+fDcVhFSrs6gLGe1BwKYHsosjvup8FETLZgqKY6g1mwECA/Un2agzhI4tGC0O8vlU4VEZKrXwgy/XQ5C2vwwgLvJh94OfE20Wuf7Jjq8IUPcdF201XeYREE/vSNcBnJf22yPouJMIPkyNxlAHcapeFUi00yC19FEIpdoW/8pX2k64jx63CwwVckWWOIWlg8N+z9jsiwdjvm5wL2aFU3+wtu8Nj6Soy7Y3QYAwx17q/nUOJOk5DqLedG+/DKXVs5jghmbQ9wyzqGjGs+xYvSCXtQJygETUU/ddoM/iK4hhnZL2uqZ0wamef4ibdBbhpoRO8C7mSbi7TbDtcfysZrMb6i5MugR+NwKKzN2DznXItvpgzcXm9j7LP8HZcQANa+1o2aIGDqK1fMSAOmBbTWlYkHPDbpoE/lx32iBNL/Aj8aKbtkwy/J2JRvo9m2uBdLK4DoDeTjqG//AwISrwm9y6xxIIPNQq7GiftN6p9KCI87U5pxqs5yUQ1g/e9DCioLe8O3Vug7+1jS1ZHWFtb4BBEF3EhkKa1AOVKNu9+M8lcG9tKWUBjnIFTD68a++6B36ShRnIZNbmbRkLC6wWdBSdyI6FWPxsPvGSF+3wq+n+0bu75N3Xsta5tEOjc67DfnQlyZtP/BIZsKxgEueOcXkjzaXMPYcrlJ2BInovQSHnSHvQfaBKqj/nKcGaDyydfdxF5fyjRPFYF+fFCWXrFkbQgAst8ymJ//UpLomfw+Ni6fxx2XQGt3941zhRuXJI2tdvUb2Czzsp0tq+h46d0WOlYQ57Q70weUQRrtARqCKoSp/gNUzQsvd+FOsUUxKRoJltRYBwAAAAEABVguNTA5AAADdTCCA3EwggJZoAMCAQICBBAXeI4wDQYJKoZIhvcNAQELBQAwaDELMAkGA1UEBhMCVUsxETAPBgNVBAgTCFNjb3RsYW5kMRAwDgYDVQQHEwdHbGFzZ293MQ8wDQYDVQQKEwZBcGFjaGUxDTALBgNVBAsTBFFwaWQxFDASBgNVBAMTC0FwYWNoZSBRcGlkMCAXDTE0MTAxNjEwNTY1NVoYDzIxMTMwNTEwMTA1NjU1WjBoMQswCQYDVQQGEwJVSzERMA8GA1UECBMIU2NvdGxhbmQxEDAOBgNVBAcTB0dsYXNnb3cxDzANBgNVBAoTBkFwYWNoZTENMAsGA1UECxMEUXBpZDEUMBIGA1UEAxMLQXBhY2hlIFFwaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC520Yd1GuXh67h7HawvL5/pwTr46P45R0gx+LDGC1Equ9/wvvsVbCPL0JLDTSKl0qpgbJNMH/A740vSilbFDdqfyOuIkQZN1Ub9CkOaI5uR9RjaC2MfyNUJl7Gp64nSYk9iDX15ddZjsAijUDvET32XzfirlMLdwLXv1Y5dLskV0r6xK4NdLtXi+Ndn+Uy4EllD7VMIFaLt6oG9Vo6mNl0jze7Yz/aYYtWns4x+uG8WbMgtcXo/VxCyp+4ji06XFerwfkS0zBS1wfvxd5Qb1+4dYovSn1v0AaPvZ0XwG4XErP2/svU01ncC43Z4neHdsj8Y/kmXLDD8Nc7Mpv/Wm6hAgMBAAGjITAfMB0GA1UdDgQWBBQfKBRPr/QD7PjpM3s4rD8u6ZxiijANBgkqhkiG9w0BAQsFAAOCAQEAFjyjJ8pbHf6MioZpOOlZh4lz6F+9dW1KyJR0OIc4FXnYnU/CNzjkwPminuZJoYgXBh+sVFN238YFS3I8ONEQJy8uSH33T81sklXhqnrSk9OlWk1v60wHNwwNFz5ZuGrGlvk9EFhbC8FgdkXJbz21drAl18i2oJHPdQQNwdc6mwqhpNfjqZ2opfJPbVscX1P/dbJjfcoZ01fy5687zjpN11G4egwsrya2FZiAw1WPI10OhrJgiGL5aDiDLjauNZmoM7QchUUD1cjEEwvRkU1MesliLg4y3UqDoV6ooHB4ClE2aKmIdbVB/eP1QrEEkey93ptt1z5fLk1l408AkXQtzyw79WC+xnZta0IoYC/vO29IVsok";

    public void testNoSSLv3SupportOnSSLOnlyPort() throws Exception {
        try {
            checkSSLExcluded("SSLv3", Transport.SSL);
            fail("Should not be able to connect using SSLv3");
        } catch (SSLHandshakeException e) {
        }
    }

    public void testNoTLSv1SupportOnSharedPort() throws Exception {
        try {
            checkSSLExcluded("TLSv1", Transport.TCP, Transport.SSL);
            fail("Should not be able to connect using TLSv1");
        } catch (SSLHandshakeException e) {
        }
    }

    public void testNoTLSv1SupportOnSSLOnlyPort() throws Exception {
        try {
            checkSSLExcluded("TLSv1", Transport.SSL);
            fail("Should not be able to connect using TLSv1");
        } catch (SSLHandshakeException e) {
        }
    }

    public void testNoSSLv3SupportOnSharedPort() throws Exception {
        try {
            checkSSLExcluded("SSLv3", Transport.TCP, Transport.SSL);
            fail("Should not be able to connect using SSLv3");
        } catch (SSLHandshakeException e) {
        }
    }

    public void testTLSSupportOnSharedPort() throws Exception {
        try {
            checkSSLExcluded("TLSv1.1", Transport.TCP, Transport.SSL);
        } catch (SSLHandshakeException e) {
            LOGGER.error("Should be able to connect using TLSv1.1", e);
            fail("Should be able to connect using TLSv1.1");
        }
    }

    private void checkSSLExcluded(String str, Transport... transportArr) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(new ByteArrayInputStream(DatatypeConverter.parseBase64Binary(keystoreString)), "password".toCharArray());
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, "password".toCharArray());
        sSLContext.init(keyManagerFactory.getKeyManagers(), null, null);
        AmqpPort amqpPort = (AmqpPort) Mockito.mock(AmqpPort.class);
        Mockito.when(Integer.valueOf(amqpPort.getPort())).thenReturn(0);
        Mockito.when(amqpPort.getName()).thenReturn("testAmqp");
        Mockito.when(Integer.valueOf(amqpPort.getNetworkBufferSize())).thenReturn(65536);
        Mockito.when(Boolean.valueOf(amqpPort.canAcceptNewConnection((SocketAddress) Matchers.any(SocketAddress.class)))).thenReturn(true);
        Mockito.when(Integer.valueOf(amqpPort.getThreadPoolSize())).thenReturn(2);
        Mockito.when(Integer.valueOf(amqpPort.getNumberOfSelectors())).thenReturn(1);
        Mockito.when(amqpPort.getSSLContext()).thenReturn(sSLContext);
        Mockito.when(amqpPort.getContextValue(Long.class, "qpid.port.amqp.threadPool.keep_alive_timeout")).thenReturn(1L);
        Mockito.when(amqpPort.getContextValue(Integer.class, "qpid.port.amqp.acceptBacklog")).thenReturn(1024);
        Mockito.when(Long.valueOf(amqpPort.getProtocolHandshakeTimeout())).thenReturn(2000L);
        ObjectMapper objectMapper = new ObjectMapper();
        CollectionType constructCollectionType = objectMapper.getTypeFactory().constructCollectionType(List.class, String.class);
        List list = (List) objectMapper.readValue("[\"TLSv1\\\\.[0-9]+\"]", constructCollectionType);
        Mockito.when(amqpPort.getTlsProtocolBlackList()).thenReturn((List) objectMapper.readValue("[\"TLSv1\\\\.0\"]", constructCollectionType));
        Mockito.when(amqpPort.getTlsProtocolWhiteList()).thenReturn(list);
        Broker broker = (Broker) Mockito.mock(Broker.class);
        Mockito.when(broker.getEventLogger()).thenReturn(Mockito.mock(EventLogger.class));
        Mockito.when(amqpPort.getParent()).thenReturn(broker);
        TCPandSSLTransport tCPandSSLTransport = new TCPandSSLTransport(new HashSet(Arrays.asList(transportArr)), amqpPort, new HashSet(Arrays.asList(Protocol.AMQP_0_8, Protocol.AMQP_0_9, Protocol.AMQP_0_9_1, Protocol.AMQP_0_10, Protocol.AMQP_1_0)), Protocol.AMQP_0_9_1);
        tCPandSSLTransport.start();
        SSLContext sSLContext2 = SSLContext.getInstance("TLS");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        sSLContext2.init(null, trustManagerFactory.getTrustManagers(), null);
        try {
            SSLSocket sSLSocket = (SSLSocket) sSLContext2.getSocketFactory().createSocket(InetAddress.getLoopbackAddress(), tCPandSSLTransport.getAcceptingPort());
            Throwable th = null;
            try {
                try {
                    sSLSocket.setEnabledProtocols(new String[]{str});
                    sSLSocket.startHandshake();
                    if (sSLSocket != null) {
                        if (0 != 0) {
                            try {
                                sSLSocket.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            sSLSocket.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            tCPandSSLTransport.close();
        }
    }
}
