package com.vmware.xenon.common.http.netty;

import com.vmware.xenon.common.CommandLineArgumentParser;
import com.vmware.xenon.common.Operation;
import com.vmware.xenon.common.ServiceClient;
import com.vmware.xenon.common.ServiceDocument;
import com.vmware.xenon.common.ServiceHost;
import com.vmware.xenon.common.ServiceRequestListener;
import com.vmware.xenon.common.StatelessService;
import com.vmware.xenon.common.UriUtils;
import com.vmware.xenon.common.Utils;
import com.vmware.xenon.common.test.TestProperty;
import com.vmware.xenon.common.test.VerificationHost;
import com.vmware.xenon.services.common.NodeGroupService;
import com.vmware.xenon.services.common.NodeState;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyStore;
import java.util.EnumSet;
import java.util.concurrent.Executors;
import java.util.concurrent.atomic.AtomicReference;
import java.util.logging.Level;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;

/* loaded from: input_file:com/vmware/xenon/common/http/netty/Netty2WaySslAuthTest.class */
public class Netty2WaySslAuthTest {
    public static final String JAVAX_NET_SSL_TRUST_STORE = "javax.net.ssl.trustStore";
    public static final String JAVAX_NET_SSL_TRUST_STORE_PASSWORD = "javax.net.ssl.trustStorePassword";
    public int securePort = 0;
    private VerificationHost host;
    private TemporaryFolder temporaryFolder;
    private static String savedTrustStore;
    private static String savedTrustStorePassword;

    /* loaded from: input_file:com/vmware/xenon/common/http/netty/Netty2WaySslAuthTest$TestService.class */
    public static class TestService extends StatelessService {
        public static final String SELF_LINK = "/ssl_test";

        public TestService() {
            super(ServiceDocument.class);
        }

        public void handleGet(Operation operation) {
            try {
                TestServiceResponse testServiceResponse = new TestServiceResponse();
                testServiceResponse.principal = operation.getPeerPrincipal().toString();
                operation.setBody(testServiceResponse);
                operation.complete();
            } catch (Exception e) {
                operation.fail(e);
            }
        }
    }

    /* loaded from: input_file:com/vmware/xenon/common/http/netty/Netty2WaySslAuthTest$TestServiceResponse.class */
    public static class TestServiceResponse {
        public String principal;
    }

    @BeforeClass
    public static void setUpClass() throws Exception {
        savedTrustStore = System.getProperty(JAVAX_NET_SSL_TRUST_STORE);
        savedTrustStorePassword = System.getProperty(JAVAX_NET_SSL_TRUST_STORE_PASSWORD);
        System.setProperty(JAVAX_NET_SSL_TRUST_STORE, getCanonicalFileForResource("/ssl/trustedcerts.jks").getCanonicalPath());
        System.setProperty(JAVAX_NET_SSL_TRUST_STORE_PASSWORD, "changeit");
    }

    @AfterClass
    public static void tearDownClass() throws Exception {
        if (savedTrustStore == null) {
            System.clearProperty(JAVAX_NET_SSL_TRUST_STORE);
        } else {
            System.setProperty(JAVAX_NET_SSL_TRUST_STORE, savedTrustStore);
        }
        if (savedTrustStorePassword == null) {
            System.clearProperty(JAVAX_NET_SSL_TRUST_STORE_PASSWORD);
        } else {
            System.setProperty(JAVAX_NET_SSL_TRUST_STORE_PASSWORD, savedTrustStorePassword);
        }
    }

    @Before
    public void setUp() throws Throwable {
        CommandLineArgumentParser.parseFromProperties(this);
        this.temporaryFolder = new TemporaryFolder();
        this.temporaryFolder.create();
        this.host = new VerificationHost();
        ServiceHost.Arguments arguments = new ServiceHost.Arguments();
        arguments.securePort = this.securePort;
        arguments.port = 0;
        arguments.keyFile = getCanonicalFileForResource("/ssl/server.pem").toPath();
        arguments.certificateFile = getCanonicalFileForResource("/ssl/server.crt").toPath();
        arguments.sslClientAuthMode = ServiceHost.ServiceHostState.SslClientAuthMode.WANT;
        arguments.sandbox = this.temporaryFolder.getRoot().toPath();
        arguments.bindAddress = "127.0.0.1";
        if (arguments.securePort != 0) {
            arguments.port = 0;
            arguments.peerNodes = new String[]{"https://127.0.0.1:" + arguments.securePort};
        }
        this.host.initialize(arguments);
        this.host.start();
        if (arguments.securePort == 0) {
            return;
        }
        Assert.assertEquals(this.host.getInitialPeerHosts().size(), 0L);
        this.host.waitFor("quorum not set", () -> {
            NodeState nodeState = (NodeState) this.host.getServiceState((EnumSet<TestProperty>) null, NodeGroupService.NodeGroupState.class, UriUtils.buildUri(this.host, "/core/node-groups/default")).nodes.get(this.host.getId());
            return nodeState != null && nodeState.membershipQuorum == 1;
        });
    }

    @After
    public void tearDown() {
        this.host.stop();
        this.temporaryFolder.delete();
    }

    @Test
    public void testCustomSslContext() throws Throwable {
        SslContext build = SslContextBuilder.forServer(getCanonicalFileForResource("/ssl/server.crt").toPath().toFile(), getCanonicalFileForResource("/ssl/server.pem").toPath().toFile(), (String) null).build();
        ServiceRequestListener nettyHttpListener = new NettyHttpListener(this.host);
        nettyHttpListener.setSSLContext(build);
        try {
            this.host.getListener().setSSLContext(build);
            throw new RuntimeException("call should have thrown an exception");
        } catch (IllegalStateException e) {
            this.host.stop();
            this.host.setPort(0);
            this.host.setSecurePort(0);
            this.host.setListener(nettyHttpListener);
            this.host.start();
            Assert.assertEquals(nettyHttpListener, this.host.getListener());
            Assert.assertEquals(this.host.getListener().getSSLContext(), build);
            test2WaySsl();
        }
    }

    @Test
    public void test2WaySsl() throws Throwable {
        this.host.testStart(1L);
        this.host.startService(Operation.createPost(UriUtils.buildUri(this.host, TestService.SELF_LINK)).setCompletion((operation, th) -> {
            this.host.completeIteration();
        }), new TestService());
        this.host.testWait();
        ServiceClient create = NettyHttpServiceClient.create(getClass().getCanonicalName(), Executors.newFixedThreadPool(4), Executors.newScheduledThreadPool(1));
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        InputStream resourceAsStream = Netty2WaySslAuthTest.class.getResourceAsStream("/ssl/client.p12");
        Throwable th2 = null;
        try {
            try {
                keyStore.load(resourceAsStream, "changeit".toCharArray());
                if (resourceAsStream != null) {
                    if (0 != 0) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
                keyManagerFactory.init(keyStore, "changeit".toCharArray());
                sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
                create.setSSLContext(sSLContext);
                create.start();
                this.host.testStart(1L);
                AtomicReference atomicReference = new AtomicReference();
                create.send(Operation.createGet(UriUtils.buildUri(this.host.getSecureUri(), new String[]{TestService.SELF_LINK})).setReferer(this.host.getPublicUri()).setCompletion((operation2, th4) -> {
                    if (th4 == null) {
                        atomicReference.set(((TestServiceResponse) operation2.getBody(TestServiceResponse.class)).principal);
                    } else {
                        this.host.log(Level.SEVERE, "Operation failed: %s", new Object[]{Utils.toString(th4)});
                    }
                    this.host.completeIteration();
                }));
                this.host.testWait();
                Assert.assertNotNull("Peer principal", atomicReference.get());
                Assert.assertEquals("Peer principal", "CN=agent-461b1767-ea89-4452-9408-283d0752fe40", atomicReference.get());
                create.stop();
            } finally {
            }
        } catch (Throwable th5) {
            if (resourceAsStream != null) {
                if (th2 != null) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th6) {
                        th2.addSuppressed(th6);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
            throw th5;
        }
    }

    private static File getCanonicalFileForResource(String str) throws IOException, URISyntaxException {
        return new File(new URI(Netty2WaySslAuthTest.class.getResource(str).toString())).getCanonicalFile();
    }
}
