package com.yahoo.vespa.model.application.validation;

import com.yahoo.config.model.NullConfigModelRegistry;
import com.yahoo.config.model.api.ApplicationClusterEndpoint;
import com.yahoo.config.model.api.ContainerEndpoint;
import com.yahoo.config.model.deploy.DeployState;
import com.yahoo.config.model.deploy.TestProperties;
import com.yahoo.config.model.test.MockApplicationPackage;
import com.yahoo.vespa.model.VespaModel;
import java.util.List;
import java.util.Set;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:com/yahoo/vespa/model/application/validation/CloudHttpConnectorValidatorTest.class */
class CloudHttpConnectorValidatorTest {
    private static final String CUSTOM_SSL_ON_8080 = "<server port='8080' id='default'>\n    <ssl>\n      <private-key-file>/foo/key</private-key-file>\n      <certificate-file>/foo/cert</certificate-file>\n    </ssl>\n</server>\n";
    private static final String DEFAULT_SSL_ON_8080 = "<server port='8080' id='default'/>\n";
    private static final String ADDITIONAL_CONNECTOR = "<server port='8080' id='default'/>\n<server port='1234' id='custom'/>\n";

    CloudHttpConnectorValidatorTest() {
    }

    @Test
    void fails_on_custom_ssl_for_cloud_application() {
        Assertions.assertEquals("Adding additional or modifying existing HTTPS connectors is not allowed for Vespa Cloud applications. Violating connectors: [default@8080]. See https://cloud.vespa.ai/en/security/whitepaper, https://cloud.vespa.ai/en/security/guide#data-plane.", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            runValidatorOnApp(true, "", CUSTOM_SSL_ON_8080);
        })).getMessage());
    }

    @Test
    void allows_custom_ssl_for_infra() {
        Assertions.assertDoesNotThrow(() -> {
            runValidatorOnApp(true, " application-type='hosted-infrastructure'", CUSTOM_SSL_ON_8080);
        });
    }

    @Test
    void allows_custom_ssl_for_self_hosted() {
        Assertions.assertDoesNotThrow(() -> {
            runValidatorOnApp(false, "", CUSTOM_SSL_ON_8080);
        });
    }

    @Test
    void fails_on_additional_connectors_for_cloud_application() {
        Assertions.assertEquals("Illegal port 1234 in http server 'custom': Port must be set to 8080", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            runValidatorOnApp(true, "", ADDITIONAL_CONNECTOR);
        })).getMessage());
    }

    @Test
    void allows_additional_connectors_for_self_hosted() {
        Assertions.assertDoesNotThrow(() -> {
            runValidatorOnApp(false, "", ADDITIONAL_CONNECTOR);
        });
    }

    @Test
    void allows_default_ssl_for_cloud_application() {
        Assertions.assertDoesNotThrow(() -> {
            runValidatorOnApp(true, "", DEFAULT_SSL_ON_8080);
        });
    }

    @Test
    void allows_default_ssl_for_self_hosted() {
        Assertions.assertDoesNotThrow(() -> {
            runValidatorOnApp(false, "", DEFAULT_SSL_ON_8080);
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void runValidatorOnApp(boolean z, String str, String str2) throws Exception {
        DeployState build = new DeployState.Builder().applicationPackage(new MockApplicationPackage.Builder().withServices("        <services version='1.0'%s>\n          <container version='1.0'>\n            <http>\n              %s\n            </http>\n          </container>\n        </services>\n".formatted(str, str2)).build()).properties(new TestProperties().setHostedVespa(z)).endpoints(Set.of(new ContainerEndpoint("container", ApplicationClusterEndpoint.Scope.zone, List.of("c.example.com")))).build();
        new CloudHttpConnectorValidator().validate(new VespaModel(new NullConfigModelRegistry(), build), build);
    }
}
