package org.apache.qpid.server.security;

import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor;
import org.apache.qpid.server.configuration.updater.TaskExecutor;
import org.apache.qpid.server.logging.EventLogger;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.BrokerModel;
import org.apache.qpid.server.model.ConfiguredObjectFactory;
import org.apache.qpid.server.model.Model;
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.test.utils.QpidTestCase;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/qpid/server/security/SiteSpecificTrustStoreTest.class */
public class SiteSpecificTrustStoreTest extends QpidTestCase {
    private static final String EXPECTED_SUBJECT = "CN=localhost,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown";
    private static final String EXPECTED_ISSUER = "CN=MyRootCA,O=ACME,ST=Ontario,C=CA";
    private final Broker<?> _broker = (Broker) Mockito.mock(Broker.class);
    private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
    private final Model _model = BrokerModel.getInstance();
    private final ConfiguredObjectFactory _factory = this._model.getObjectFactory();
    private TestPeer _testPeer;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/qpid/server/security/SiteSpecificTrustStoreTest$TestPeer.class */
    public class TestPeer implements Closeable {
        private final ExecutorService _socketAcceptExecutor;
        private ServerSocket _serverSocket;
        private final AtomicBoolean _shutdown;
        private boolean _accept;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/apache/qpid/server/security/SiteSpecificTrustStoreTest$TestPeer$AcceptingRunnable.class */
        public class AcceptingRunnable implements Runnable {
            private AcceptingRunnable() {
            }

            @Override // java.lang.Runnable
            public void run() {
                Socket accept;
                Throwable th;
                do {
                    try {
                        accept = TestPeer.this._serverSocket.accept();
                        th = null;
                    } catch (IOException e) {
                    }
                    try {
                        try {
                            do {
                            } while (accept.getInputStream().read() != -1);
                            if (accept != null) {
                                if (0 != 0) {
                                    try {
                                        accept.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    accept.close();
                                }
                            }
                        } catch (Throwable th3) {
                            if (accept != null) {
                                if (th != null) {
                                    try {
                                        accept.close();
                                    } catch (Throwable th4) {
                                        th.addSuppressed(th4);
                                    }
                                } else {
                                    accept.close();
                                }
                            }
                            throw th3;
                            break;
                        }
                    } catch (Throwable th5) {
                        th = th5;
                        throw th5;
                        break;
                    }
                } while (!TestPeer.this._shutdown.get());
            }
        }

        private TestPeer() {
            this._socketAcceptExecutor = Executors.newSingleThreadExecutor();
            this._shutdown = new AtomicBoolean();
            this._accept = true;
        }

        public void setAccept(boolean z) {
            this._accept = z;
        }

        public int start() throws Exception {
            this._serverSocket = createTestSSLServerSocket();
            if (this._accept) {
                this._socketAcceptExecutor.execute(new AcceptingRunnable());
            }
            return this._serverSocket.getLocalPort();
        }

        @Override // java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            this._shutdown.set(true);
            try {
                if (this._serverSocket != null) {
                    this._serverSocket.close();
                }
            } finally {
                this._socketAcceptExecutor.shutdown();
            }
        }

        private ServerSocket createTestSSLServerSocket() throws Exception {
            char[] charArray = "password".toCharArray();
            InputStream resourceAsStream = getClass().getResourceAsStream("/java_broker_keystore.jks");
            Throwable th = null;
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyStore.load(resourceAsStream, charArray);
                keyManagerFactory.init(keyStore, charArray);
                KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
                SSLContext sSLContext = SSLContext.getInstance("SSL");
                sSLContext.init(keyManagers, null, new SecureRandom());
                ServerSocket createServerSocket = sSLContext.getServerSocketFactory().createServerSocket(0);
                createServerSocket.setSoTimeout(100);
                if (resourceAsStream != null) {
                    if (0 != 0) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
                return createServerSocket;
            } catch (Throwable th3) {
                if (resourceAsStream != null) {
                    if (0 != 0) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
                throw th3;
            }
        }
    }

    public void setUp() throws Exception {
        super.setUp();
        int intValue = Integer.getInteger("SiteSpecificTrustStoreTest.connectTimeout", 1000).intValue();
        int intValue2 = Integer.getInteger("SiteSpecificTrustStoreTest.readTimeout", 1000).intValue();
        setTestSystemProperty("qpid.trustStore.siteSpecific.connectTimeout", String.valueOf(intValue));
        setTestSystemProperty("qpid.trustStore.siteSpecific.readTimeout", String.valueOf(intValue2));
        Mockito.when(this._broker.getTaskExecutor()).thenReturn(this._taskExecutor);
        Mockito.when(this._broker.getChildExecutor()).thenReturn(this._taskExecutor);
        Mockito.when(this._broker.getModel()).thenReturn(this._model);
        Mockito.when(this._broker.getEventLogger()).thenReturn(new EventLogger());
        Mockito.when(this._broker.getCategoryClass()).thenReturn(Broker.class);
    }

    public void tearDown() throws Exception {
        try {
            super.tearDown();
        } finally {
            if (this._testPeer != null) {
                this._testPeer.close();
            }
        }
    }

    public void testMalformedSiteUrl() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "mySiteSpecificTrustStore");
        hashMap.put("type", "SiteSpecificTrustStore");
        hashMap.put("siteUrl", "notaurl:541");
        try {
            this._factory.create(TrustStore.class, hashMap, this._broker);
            fail("Exception not thrown");
        } catch (IllegalConfigurationException e) {
        }
    }

    public void testSiteUrlDoesNotSupplyHostPort() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "mySiteSpecificTrustStore");
        hashMap.put("type", "SiteSpecificTrustStore");
        hashMap.put("siteUrl", "file:/not/a/host");
        try {
            this._factory.create(TrustStore.class, hashMap, this._broker);
            fail("Exception not thrown");
        } catch (IllegalConfigurationException e) {
        }
    }

    public void testUnresponsiveSite() throws Exception {
        this._testPeer = new TestPeer();
        this._testPeer.setAccept(false);
        try {
            this._factory.create(TrustStore.class, getTrustStoreAttributes(this._testPeer.start()), this._broker);
            fail("Exception not thrown");
        } catch (IllegalConfigurationException e) {
        }
    }

    public void testValidSiteUrl() throws Exception {
        this._testPeer = new TestPeer();
        List certificateDetails = this._factory.create(TrustStore.class, getTrustStoreAttributes(this._testPeer.start()), this._broker).getCertificateDetails();
        assertEquals("Unexpected number of certificates", 1, certificateDetails.size());
        CertificateDetails certificateDetails2 = (CertificateDetails) certificateDetails.get(0);
        assertEquals("Unexpected certificate subject", EXPECTED_SUBJECT, certificateDetails2.getSubjectName());
        assertEquals("Unexpected certificate issuer", EXPECTED_ISSUER, certificateDetails2.getIssuerName());
    }

    public void testRefreshCertificate() throws Exception {
        this._testPeer = new TestPeer();
        SiteSpecificTrustStore create = this._factory.create(TrustStore.class, getTrustStoreAttributes(this._testPeer.start()), this._broker);
        List certificateDetails = create.getCertificateDetails();
        assertEquals("Unexpected number of certificates", 1, certificateDetails.size());
        CertificateDetails certificateDetails2 = (CertificateDetails) certificateDetails.get(0);
        assertEquals("Unexpected certificate subject", EXPECTED_SUBJECT, certificateDetails2.getSubjectName());
        assertEquals("Unexpected certificate issuer", EXPECTED_ISSUER, certificateDetails2.getIssuerName());
        create.refreshCertificate();
        CertificateDetails certificateDetails3 = (CertificateDetails) create.getCertificateDetails().get(0);
        assertEquals("Unexpected certificate subject", EXPECTED_SUBJECT, certificateDetails3.getSubjectName());
        assertEquals("Unexpected certificate issuer", EXPECTED_ISSUER, certificateDetails3.getIssuerName());
    }

    private Map<String, Object> getTrustStoreAttributes(int i) {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "mySiteSpecificTrustStore");
        hashMap.put("type", "SiteSpecificTrustStore");
        hashMap.put("siteUrl", String.format("https://localhost:%d", Integer.valueOf(i)));
        return hashMap;
    }
}
