package org.apache.qpid.server.model.port;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor;
import org.apache.qpid.server.configuration.updater.TaskExecutor;
import org.apache.qpid.server.logging.EventLogger;
import org.apache.qpid.server.logging.LogMessage;
import org.apache.qpid.server.logging.LogSubject;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.BrokerModel;
import org.apache.qpid.server.model.BrokerTestHelper;
import org.apache.qpid.server.model.KeyStore;
import org.apache.qpid.server.model.Model;
import org.apache.qpid.server.model.SystemConfig;
import org.apache.qpid.server.model.Transport;
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.test.utils.UnitTestBase;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/qpid/server/model/port/AmqpPortImplTest.class */
public class AmqpPortImplTest extends UnitTestBase {
    private static final String AUTHENTICATION_PROVIDER_NAME = "test";
    private static final String KEYSTORE_NAME = "keystore";
    private static final String TRUSTSTORE_NAME = "truststore";
    private TaskExecutor _taskExecutor;
    private Broker _broker;
    private AmqpPortImpl _port;

    @Before
    public void setUp() throws Exception {
        this._taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
        Model brokerModel = BrokerModel.getInstance();
        SystemConfig systemConfig = (SystemConfig) Mockito.mock(SystemConfig.class);
        this._broker = BrokerTestHelper.mockWithSystemPrincipal(Broker.class, (Principal) Mockito.mock(Principal.class));
        Mockito.when(this._broker.getParent()).thenReturn(systemConfig);
        Mockito.when(this._broker.getTaskExecutor()).thenReturn(this._taskExecutor);
        Mockito.when(this._broker.getChildExecutor()).thenReturn(this._taskExecutor);
        Mockito.when(this._broker.getModel()).thenReturn(brokerModel);
        Mockito.when(this._broker.getId()).thenReturn(UUID.randomUUID());
        Mockito.when(this._broker.getCategoryClass()).thenReturn(Broker.class);
        Mockito.when(this._broker.getEventLogger()).thenReturn(new EventLogger());
        KeyStore keyStore = (KeyStore) Mockito.mock(KeyStore.class);
        Mockito.when(keyStore.getName()).thenReturn(KEYSTORE_NAME);
        Mockito.when(keyStore.getParent()).thenReturn(this._broker);
        TrustStore trustStore = (TrustStore) Mockito.mock(TrustStore.class);
        Mockito.when(trustStore.getName()).thenReturn(TRUSTSTORE_NAME);
        Mockito.when(trustStore.getParent()).thenReturn(this._broker);
        AuthenticationProvider authenticationProvider = (AuthenticationProvider) Mockito.mock(AuthenticationProvider.class);
        Mockito.when(authenticationProvider.getName()).thenReturn(AUTHENTICATION_PROVIDER_NAME);
        Mockito.when(authenticationProvider.getParent()).thenReturn(this._broker);
        Mockito.when(authenticationProvider.getMechanisms()).thenReturn(Arrays.asList("PLAIN"));
        Mockito.when(this._broker.getChildren(AuthenticationProvider.class)).thenReturn(Collections.singleton(authenticationProvider));
        Mockito.when(this._broker.getChildren(KeyStore.class)).thenReturn(Collections.singleton(keyStore));
        Mockito.when(this._broker.getChildren(TrustStore.class)).thenReturn(Collections.singleton(trustStore));
        Mockito.when(this._broker.getChildByName(AuthenticationProvider.class, AUTHENTICATION_PROVIDER_NAME)).thenReturn(authenticationProvider);
    }

    @After
    public void tearDown() throws Exception {
        AmqpPortImpl amqpPortImpl;
        int connectionCount;
        try {
            this._taskExecutor.stop();
            if (amqpPortImpl == null) {
            } else {
                while (true) {
                    if (connectionCount <= 0) {
                        return;
                    }
                }
            }
        } finally {
            if (this._port != null) {
                while (this._port.getConnectionCount() > 0) {
                    this._port.decrementConnectionCount();
                }
                this._port.close();
            }
        }
    }

    @Test
    public void testPortAlreadyBound() throws Exception {
        ServerSocket openSocket = openSocket();
        Throwable th = null;
        try {
            try {
                createPort(getTestName(), Collections.singletonMap("port", Integer.valueOf(openSocket.getLocalPort())));
                Assert.fail("Creation should fail due to validation check");
            } catch (IllegalConfigurationException e) {
                Assert.assertEquals("Unexpected exception message", String.format("Cannot bind to port %d and binding address '%s'. Port is already is use.", Integer.valueOf(openSocket.getLocalPort()), "*"), e.getMessage());
            }
            if (openSocket != null) {
                if (0 == 0) {
                    openSocket.close();
                    return;
                }
                try {
                    openSocket.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (openSocket != null) {
                if (0 != 0) {
                    try {
                        openSocket.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    openSocket.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testCreateTls() {
        HashMap hashMap = new HashMap();
        hashMap.put("transports", Collections.singletonList(Transport.SSL));
        hashMap.put("keyStore", KEYSTORE_NAME);
        this._port = createPort(getTestName(), hashMap);
    }

    @Test
    public void testCreateTlsClientAuth() {
        HashMap hashMap = new HashMap();
        hashMap.put("transports", Collections.singletonList(Transport.SSL));
        hashMap.put("keyStore", KEYSTORE_NAME);
        hashMap.put("trustStores", Collections.singletonList(TRUSTSTORE_NAME));
        this._port = createPort(getTestName(), hashMap);
    }

    @Test
    public void testTlsWithoutKeyStore() {
        try {
            createPort(getTestName(), Collections.singletonMap("transports", Collections.singletonList(Transport.SSL)));
            Assert.fail("Exception not thrown");
        } catch (IllegalConfigurationException e) {
        }
        try {
            createPort(getTestName(), Collections.singletonMap("transports", Arrays.asList(Transport.SSL, Transport.TCP)));
            Assert.fail("Exception not thrown");
        } catch (IllegalConfigurationException e2) {
        }
    }

    @Test
    public void testTlsWantNeedWithoutTrustStores() {
        HashMap hashMap = new HashMap();
        hashMap.put("transports", Collections.singletonList(Transport.SSL));
        hashMap.put("keyStore", KEYSTORE_NAME);
        try {
            HashMap hashMap2 = new HashMap(hashMap);
            hashMap2.put("needClientAuth", true);
            createPort(getTestName(), hashMap2);
            Assert.fail("Exception not thrown");
        } catch (IllegalConfigurationException e) {
        }
        try {
            HashMap hashMap3 = new HashMap(hashMap);
            hashMap3.put("wantClientAuth", true);
            createPort(getTestName(), hashMap3);
            Assert.fail("Exception not thrown");
        } catch (IllegalConfigurationException e2) {
        }
    }

    @Test
    public void testOnCreateValidation() {
        try {
            createPort(getTestName(), Collections.singletonMap("numberOfSelectors", "-1"));
            Assert.fail("Exception not thrown for negative number of selectors");
        } catch (IllegalConfigurationException e) {
        }
        try {
            createPort(getTestName(), Collections.singletonMap("threadPoolSize", "-1"));
            Assert.fail("Exception not thrown for negative thread pool size");
        } catch (IllegalConfigurationException e2) {
        }
        try {
            createPort(getTestName(), Collections.singletonMap("numberOfSelectors", 8L));
            Assert.fail("Exception not thrown for number of selectors equal to thread pool size");
        } catch (IllegalConfigurationException e3) {
        }
    }

    @Test
    public void testOnChangeThreadPoolValidation() {
        this._port = createPort(getTestName());
        try {
            this._port.setAttributes(Collections.singletonMap("numberOfSelectors", "-1"));
            Assert.fail("Exception not thrown for negative number of selectors");
        } catch (IllegalConfigurationException e) {
        }
        try {
            this._port.setAttributes(Collections.singletonMap("threadPoolSize", "-1"));
            Assert.fail("Exception not thrown for negative thread pool size");
        } catch (IllegalConfigurationException e2) {
        }
        try {
            this._port.setAttributes(Collections.singletonMap("numberOfSelectors", 8L));
            Assert.fail("Exception not thrown for number of selectors equal to thread pool size");
        } catch (IllegalConfigurationException e3) {
        }
    }

    @Test
    public void testConnectionCounting() {
        HashMap hashMap = new HashMap();
        hashMap.put("port", 0);
        hashMap.put("name", getTestName());
        hashMap.put("authenticationProvider", AUTHENTICATION_PROVIDER_NAME);
        hashMap.put("maxOpenConnections", 10);
        hashMap.put("context", Collections.singletonMap("qpid.port.open_connections_warn_percent", "80"));
        this._port = new AmqpPortImpl(hashMap, this._broker);
        this._port.create();
        EventLogger eventLogger = (EventLogger) Mockito.mock(EventLogger.class);
        Mockito.when(this._broker.getEventLogger()).thenReturn(eventLogger);
        for (int i = 0; i < 8; i++) {
            Assert.assertTrue(this._port.canAcceptNewConnection(new InetSocketAddress("example.org", 0)));
            this._port.incrementConnectionCount();
            Assert.assertEquals(i + 1, this._port.getConnectionCount());
            ((EventLogger) Mockito.verify(eventLogger, Mockito.never())).message((LogSubject) ArgumentMatchers.any(LogSubject.class), (LogMessage) ArgumentMatchers.any(LogMessage.class));
        }
        Assert.assertTrue(this._port.canAcceptNewConnection(new InetSocketAddress("example.org", 0)));
        this._port.incrementConnectionCount();
        Assert.assertEquals(9L, this._port.getConnectionCount());
        ((EventLogger) Mockito.verify(eventLogger, Mockito.times(1))).message((LogSubject) ArgumentMatchers.any(LogSubject.class), (LogMessage) ArgumentMatchers.any(LogMessage.class));
        Assert.assertTrue(this._port.canAcceptNewConnection(new InetSocketAddress("example.org", 0)));
        this._port.incrementConnectionCount();
        Assert.assertEquals(10L, this._port.getConnectionCount());
        ((EventLogger) Mockito.verify(eventLogger, Mockito.times(1))).message((LogSubject) ArgumentMatchers.any(LogSubject.class), (LogMessage) ArgumentMatchers.any(LogMessage.class));
        Assert.assertFalse(this._port.canAcceptNewConnection(new InetSocketAddress("example.org", 0)));
    }

    @Test
    public void testTlProtocolsAndCypherSuitesUsingAllowDenyListContextVariable() {
        HashMap hashMap = new HashMap();
        hashMap.put("qpid.security.tls.protocolAllowList", "[\"TLSv1.3\"]");
        hashMap.put("qpid.security.tls.protocolDenyList", "[\"Ssl.*\",\"TLSv1\",\"TLSv1.1\",\"TLSv1.2\"]");
        hashMap.put("qpid.security.tls.cipherSuiteAllowList", "[\"(TLS|SSL)_AES_128_GCM_SHA256\", \"(TLS|SSL)_AES_256_GCM_SHA384\"]");
        hashMap.put("qpid.security.tls.cipherSuiteDenyList", "[\".*CBC.*\"]");
        Mockito.when(this._broker.getContext()).thenReturn(hashMap);
        this._port = createPort(getTestName());
        List singletonList = Collections.singletonList("TLSv1.3");
        List asList = Arrays.asList("Ssl.*", "TLSv1", "TLSv1.1", "TLSv1.2");
        List asList2 = Arrays.asList("(TLS|SSL)_AES_128_GCM_SHA256", "(TLS|SSL)_AES_256_GCM_SHA384");
        List singletonList2 = Collections.singletonList(".*CBC.*");
        MatcherAssert.assertThat(this._port.getTlsProtocolAllowList(), CoreMatchers.is(CoreMatchers.equalTo(singletonList)));
        MatcherAssert.assertThat(this._port.getTlsProtocolWhiteList(), CoreMatchers.is(CoreMatchers.equalTo(singletonList)));
        MatcherAssert.assertThat(this._port.getTlsProtocolDenyList(), CoreMatchers.is(CoreMatchers.equalTo(asList)));
        MatcherAssert.assertThat(this._port.getTlsProtocolBlackList(), CoreMatchers.is(CoreMatchers.equalTo(asList)));
        MatcherAssert.assertThat(this._port.getTlsCipherSuiteAllowList(), CoreMatchers.is(CoreMatchers.equalTo(asList2)));
        MatcherAssert.assertThat(this._port.getTlsCipherSuiteWhiteList(), CoreMatchers.is(CoreMatchers.equalTo(asList2)));
        MatcherAssert.assertThat(this._port.getTlsCipherSuiteDenyList(), CoreMatchers.is(CoreMatchers.equalTo(singletonList2)));
        MatcherAssert.assertThat(this._port.getTlsCipherSuiteBlackList(), CoreMatchers.is(CoreMatchers.equalTo(singletonList2)));
    }

    @Test
    public void testTlProtocolsAndCypherSuitesUsingWhiteBlackListContextVariable() {
        HashMap hashMap = new HashMap();
        hashMap.put("qpid.security.tls.protocolWhiteList", "[\"TLSv1.3\"]");
        hashMap.put("qpid.security.tls.protocolBlackList", "[\"Ssl.*\",\"TLSv1\",\"TLSv1.1\",\"TLSv1.2\"]");
        hashMap.put("qpid.security.tls.cipherSuiteWhiteList", "[\"(TLS|SSL)_AES_128_GCM_SHA256\", \"(TLS|SSL)_AES_256_GCM_SHA384\"]");
        hashMap.put("qpid.security.tls.cipherSuiteBlackList", "[\".*CBC.*\"]");
        Mockito.when(this._broker.getContext()).thenReturn(hashMap);
        this._port = createPort(getTestName());
        List singletonList = Collections.singletonList("TLSv1.3");
        List asList = Arrays.asList("Ssl.*", "TLSv1", "TLSv1.1", "TLSv1.2");
        List asList2 = Arrays.asList("(TLS|SSL)_AES_128_GCM_SHA256", "(TLS|SSL)_AES_256_GCM_SHA384");
        List singletonList2 = Collections.singletonList(".*CBC.*");
        MatcherAssert.assertThat(this._port.getTlsProtocolAllowList(), CoreMatchers.is(CoreMatchers.equalTo(singletonList)));
        MatcherAssert.assertThat(this._port.getTlsProtocolWhiteList(), CoreMatchers.is(CoreMatchers.equalTo(singletonList)));
        MatcherAssert.assertThat(this._port.getTlsProtocolDenyList(), CoreMatchers.is(CoreMatchers.equalTo(asList)));
        MatcherAssert.assertThat(this._port.getTlsProtocolBlackList(), CoreMatchers.is(CoreMatchers.equalTo(asList)));
        MatcherAssert.assertThat(this._port.getTlsCipherSuiteAllowList(), CoreMatchers.is(CoreMatchers.equalTo(asList2)));
        MatcherAssert.assertThat(this._port.getTlsCipherSuiteWhiteList(), CoreMatchers.is(CoreMatchers.equalTo(asList2)));
        MatcherAssert.assertThat(this._port.getTlsCipherSuiteDenyList(), CoreMatchers.is(CoreMatchers.equalTo(singletonList2)));
        MatcherAssert.assertThat(this._port.getTlsCipherSuiteBlackList(), CoreMatchers.is(CoreMatchers.equalTo(singletonList2)));
    }

    @Test
    public void testTlProtocolsAndCypherSuitesUsingAllowDenyAndWhiteBlackListContextVariable() {
        HashMap hashMap = new HashMap();
        hashMap.put("qpid.security.tls.protocolAllowList", "[\"TLSv1.3\"]");
        hashMap.put("qpid.security.tls.protocolDenyList", "[\"Ssl.*\",\"TLSv1\",\"TLSv1.1\",\"TLSv1.2\"]");
        hashMap.put("qpid.security.tls.cipherSuiteAllowList", "[\"(TLS|SSL)_AES_128_GCM_SHA256\", \"(TLS|SSL)_AES_256_GCM_SHA384\"]");
        hashMap.put("qpid.security.tls.cipherSuiteDenyList", "[\".*CBC.*\"]");
        hashMap.put("qpid.security.tls.protocolWhiteList", "[\"TLSv1.2\"]");
        hashMap.put("qpid.security.tls.protocolBlackList", "[\"Ssl.*\",\"TLSv1\",\"TLSv1.1\",\"TLSv1.3\"]");
        hashMap.put("qpid.security.tls.cipherSuiteWhiteList", "[\".*CBC.*\"]");
        hashMap.put("qpid.security.tls.cipherSuiteBlackList", "[\".*GCM.*\"]");
        Mockito.when(this._broker.getContext()).thenReturn(hashMap);
        this._port = createPort(getTestName());
        List singletonList = Collections.singletonList("TLSv1.3");
        List asList = Arrays.asList("Ssl.*", "TLSv1", "TLSv1.1", "TLSv1.2");
        List asList2 = Arrays.asList("(TLS|SSL)_AES_128_GCM_SHA256", "(TLS|SSL)_AES_256_GCM_SHA384");
        List singletonList2 = Collections.singletonList(".*CBC.*");
        MatcherAssert.assertThat(this._port.getTlsProtocolAllowList(), CoreMatchers.is(CoreMatchers.equalTo(singletonList)));
        MatcherAssert.assertThat(this._port.getTlsProtocolWhiteList(), CoreMatchers.is(CoreMatchers.equalTo(singletonList)));
        MatcherAssert.assertThat(this._port.getTlsProtocolDenyList(), CoreMatchers.is(CoreMatchers.equalTo(asList)));
        MatcherAssert.assertThat(this._port.getTlsProtocolBlackList(), CoreMatchers.is(CoreMatchers.equalTo(asList)));
        MatcherAssert.assertThat(this._port.getTlsCipherSuiteAllowList(), CoreMatchers.is(CoreMatchers.equalTo(asList2)));
        MatcherAssert.assertThat(this._port.getTlsCipherSuiteWhiteList(), CoreMatchers.is(CoreMatchers.equalTo(asList2)));
        MatcherAssert.assertThat(this._port.getTlsCipherSuiteDenyList(), CoreMatchers.is(CoreMatchers.equalTo(singletonList2)));
        MatcherAssert.assertThat(this._port.getTlsCipherSuiteBlackList(), CoreMatchers.is(CoreMatchers.equalTo(singletonList2)));
    }

    private AmqpPortImpl createPort(String str) {
        return createPort(str, Collections.emptyMap());
    }

    private AmqpPortImpl createPort(String str, Map<String, Object> map) {
        HashMap hashMap = new HashMap();
        hashMap.put("port", 0);
        hashMap.put("name", str);
        hashMap.put("authenticationProvider", AUTHENTICATION_PROVIDER_NAME);
        hashMap.putAll(map);
        AmqpPortImpl amqpPortImpl = new AmqpPortImpl(hashMap, this._broker);
        amqpPortImpl.create();
        return amqpPortImpl;
    }

    private ServerSocket openSocket() throws IOException {
        ServerSocket serverSocket = new ServerSocket();
        serverSocket.setReuseAddress(true);
        serverSocket.bind(new InetSocketAddress(0));
        return serverSocket;
    }
}
