package com.yahoo.vespa.model.container.xml;

import com.yahoo.config.model.api.EndpointCertificateSecrets;
import com.yahoo.config.model.builder.xml.test.DomBuilderTest;
import com.yahoo.config.model.deploy.DeployState;
import com.yahoo.config.model.deploy.TestProperties;
import com.yahoo.config.model.provision.InMemoryProvisioner;
import com.yahoo.config.model.test.MockRoot;
import com.yahoo.container.ComponentsConfig;
import com.yahoo.container.jdisc.FilterBindingsProvider;
import com.yahoo.jdisc.http.ConnectorConfig;
import com.yahoo.jdisc.http.server.jetty.JettyHttpServer;
import com.yahoo.jdisc.http.server.jetty.JettyHttpServerContext;
import com.yahoo.vespa.model.container.ApplicationContainer;
import com.yahoo.vespa.model.container.ApplicationContainerCluster;
import com.yahoo.vespa.model.container.ContainerCluster;
import com.yahoo.vespa.model.container.component.SimpleComponent;
import com.yahoo.vespa.model.container.http.ConnectorFactory;
import com.yahoo.vespa.model.container.http.ssl.ConfiguredFilebasedSslProvider;
import java.util.List;
import java.util.Optional;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.w3c.dom.Element;

/* loaded from: input_file:com/yahoo/vespa/model/container/xml/JettyContainerModelBuilderTest.class */
public class JettyContainerModelBuilderTest extends ContainerModelBuilderTestBase {
    @Test
    void verify_that_overriding_connector_options_works() {
        createModel(this.root, DomBuilderTest.parse("<container id='default' version='1.0'>\n  <http>\n    <server id='bananarama' port='4321'>\n      <config name='jdisc.http.connector'>\n        <requestHeaderSize>300000</requestHeaderSize>\n        <headerCacheSize>300000</headerCacheSize>\n      </config>\n    </server>\n  </http>\n  <nodes>    <node hostalias='mockhost' />  </nodes></container>\n"));
        ConnectorConfig config = this.root.getConfig(ConnectorConfig.class, "default/http/jdisc-jetty/bananarama");
        Assertions.assertEquals(300000, config.requestHeaderSize());
        Assertions.assertEquals(300000, config.headerCacheSize());
    }

    @Test
    void verify_that_enabling_jetty_works() {
        createModel(this.root, DomBuilderTest.parse("<container id='default' version='1.0'>  <nodes>    <node hostalias='mockhost' />  </nodes></container>"));
        assertJettyServerInConfig();
    }

    @Test
    void verify_that_enabling_jetty_works_for_custom_http_servers() {
        createModel(this.root, DomBuilderTest.parse("<container id='default' version='1.0'>", "  <http>", "    <server port='9000' id='foo' />", "  </http>", ContainerModelBuilderTestBase.nodesXml, "</container>"));
        assertJettyServerInConfig();
    }

    @Test
    void verifyThatJettyHttpServerContextHasFilterBindingsProvider() {
        createModel(this.root, DomBuilderTest.parse("<container id='default' version='1.0'>", ContainerModelBuilderTestBase.nodesXml, "</container>"));
        Assertions.assertNotNull(extractComponentByClassName(containerComponentsConfig(), JettyHttpServer.class.getName()));
        ComponentsConfig.Components extractComponentByClassName = extractComponentByClassName(containerComponentsConfig(), JettyHttpServerContext.class.getName());
        Assertions.assertNotNull(extractComponentByClassName);
        ComponentsConfig.Components extractComponentByClassName2 = extractComponentByClassName(containerComponentsConfig(), FilterBindingsProvider.class.getName());
        Assertions.assertNotNull(extractComponentByClassName2);
        Assertions.assertNotNull(extractInjectionById(extractComponentByClassName, extractComponentByClassName2.id()));
    }

    @Test
    void verifyThatJettyHttpServerHasFilterBindingsProviderForCustomHttpServers() {
        createModel(this.root, DomBuilderTest.parse("<container id='default' version='1.0'>", "  <http>", "    <server port='9000' id='foo' />", "  </http>", ContainerModelBuilderTestBase.nodesXml, "</container>"));
        Assertions.assertNotNull(extractComponentByClassName(clusterComponentsConfig(), JettyHttpServer.class.getName()));
        ComponentsConfig.Components extractComponentByClassName = extractComponentByClassName(clusterComponentsConfig(), JettyHttpServerContext.class.getName());
        Assertions.assertNotNull(extractComponentByClassName);
        ComponentsConfig.Components extractComponentByClassName2 = extractComponentByClassName(clusterComponentsConfig(), FilterBindingsProvider.class.getName());
        Assertions.assertNotNull(extractComponentByClassName2);
        Assertions.assertNotNull(extractInjectionById(extractComponentByClassName, extractComponentByClassName2.id()));
    }

    @Test
    void ssl_element_generates_connector_config_and_injects_provider_component() {
        createModel(this.root, DomBuilderTest.parse("<container id='default' version='1.0'>", "    <http>", "        <server port='9000' id='minimal'>", "            <ssl>", "                <private-key-file>/foo/key</private-key-file>", "                <certificate-file>/foo/cert</certificate-file>", "            </ssl>", "        </server>", "        <server port='9001' id='with-cacerts'>", "            <ssl>", "                <private-key-file>/foo/key</private-key-file>", "                <certificate-file>/foo/cert</certificate-file>", "                <ca-certificates-file>/foo/cacerts</ca-certificates-file>", "            </ssl>", "        </server>", "        <server port='9002' id='need-client-auth'>", "            <ssl>", "                <private-key-file>/foo/key</private-key-file>", "                <certificate-file>/foo/cert</certificate-file>", "                <client-authentication>need</client-authentication>", "            </ssl>", "        </server>", "        <server port='9003' id='with-ciphers-and-protocols'>", "            <ssl>", "                <private-key-file>/foo/key</private-key-file>", "                <certificate-file>/foo/cert</certificate-file>", "                <cipher-suites>TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384</cipher-suites>", "                <protocols>TLSv1.3</protocols>", "            </ssl>", "        </server>", "    </http>", ContainerModelBuilderTestBase.nodesXml, "", "</container>"));
        ConnectorConfig config = this.root.getConfig(ConnectorConfig.class, "default/http/jdisc-jetty/minimal/configured-ssl-provider@minimal");
        Assertions.assertTrue(config.ssl().enabled());
        Assertions.assertEquals("/foo/key", config.ssl().privateKeyFile());
        Assertions.assertEquals("/foo/cert", config.ssl().certificateFile());
        Assertions.assertTrue(config.ssl().caCertificateFile().isEmpty());
        Assertions.assertEquals(ConnectorConfig.Ssl.ClientAuth.Enum.DISABLED, config.ssl().clientAuth());
        ConnectorConfig config2 = this.root.getConfig(ConnectorConfig.class, "default/http/jdisc-jetty/with-cacerts/configured-ssl-provider@with-cacerts");
        Assertions.assertTrue(config2.ssl().enabled());
        Assertions.assertEquals("/foo/key", config2.ssl().privateKeyFile());
        Assertions.assertEquals("/foo/cert", config2.ssl().certificateFile());
        Assertions.assertEquals("/foo/cacerts", config2.ssl().caCertificateFile());
        Assertions.assertEquals(ConnectorConfig.Ssl.ClientAuth.Enum.DISABLED, config2.ssl().clientAuth());
        ConnectorConfig config3 = this.root.getConfig(ConnectorConfig.class, "default/http/jdisc-jetty/need-client-auth/configured-ssl-provider@need-client-auth");
        Assertions.assertTrue(config3.ssl().enabled());
        Assertions.assertEquals("/foo/key", config3.ssl().privateKeyFile());
        Assertions.assertEquals("/foo/cert", config3.ssl().certificateFile());
        Assertions.assertTrue(config3.ssl().caCertificateFile().isEmpty());
        Assertions.assertEquals(ConnectorConfig.Ssl.ClientAuth.Enum.NEED_AUTH, config3.ssl().clientAuth());
        ConnectorConfig config4 = this.root.getConfig(ConnectorConfig.class, "default/http/jdisc-jetty/with-ciphers-and-protocols/configured-ssl-provider@with-ciphers-and-protocols");
        Assertions.assertTrue(config4.ssl().enabled());
        Assertions.assertEquals("/foo/key", config4.ssl().privateKeyFile());
        Assertions.assertEquals("/foo/cert", config4.ssl().certificateFile());
        Assertions.assertEquals(List.of("TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384"), config4.ssl().enabledCipherSuites());
        Assertions.assertEquals(List.of("TLSv1.3"), config4.ssl().enabledProtocols());
        ((ContainerCluster) this.root.getChildren().get("default")).getChildrenByTypeRecursive(ConnectorFactory.class).forEach(connectorFactory -> {
            assertChildComponentExists(connectorFactory, ConfiguredFilebasedSslProvider.COMPONENT_CLASS);
        });
    }

    @Test
    void verify_tht_ssl_provider_configuration_configures_correct_config() {
        createModel(this.root, DomBuilderTest.parse("<container id='default' version='1.0'>", "    <http>", "        <server port='9000' id='ssl'>", "            <ssl-provider class='com.yahoo.CustomSslProvider' bundle='mybundle'/>", "        </server>", "    </http>", ContainerModelBuilderTestBase.nodesXml, "", "</container>"));
        Assertions.assertTrue(this.root.getConfig(ConnectorConfig.class, "default/http/jdisc-jetty/ssl/ssl-provider@ssl").ssl().enabled());
        assertChildComponentExists((ConnectorFactory) ((ContainerCluster) this.root.getChildren().get("default")).getChildrenByTypeRecursive(ConnectorFactory.class).get(0), "com.yahoo.CustomSslProvider");
    }

    @Test
    void verify_that_container_factory_sees_same_config() {
        createModel(this.root, DomBuilderTest.parse("<container id='default' version='1.0'>", "    <http>", "        <server port='9000' id='ssl'>", "            <ssl>", "                <private-key-file>/foo/key</private-key-file>", "                <certificate-file>/foo/cert</certificate-file>", "            </ssl>", "        </server>", "    </http>", ContainerModelBuilderTestBase.nodesXml, "", "</container>"));
        Assertions.assertTrue(this.root.getConfig(ConnectorConfig.class, "default/http/jdisc-jetty/ssl").ssl().enabled());
    }

    @Test
    void verify_that_container_setup_additional_tls4443() {
        Element parse = DomBuilderTest.parse("<container id='default' version='1.0'>", "    <http>", "        <server port='8080' id='default'>", "        </server>", "    </http>", " <nodes count='1' />", "", "</container>");
        DeployState build = new DeployState.Builder().properties(new TestProperties().setHostedVespa(true).setEndpointCertificateSecrets(Optional.of(new EndpointCertificateSecrets("CERT", "KEY")))).modelHostProvisioner(new InMemoryProvisioner(1, true)).build();
        MockRoot mockRoot = new MockRoot("root", build);
        createModel(mockRoot, build, null, parse);
        ConnectorConfig config = mockRoot.getConfig(ConnectorConfig.class, "default/http/jdisc-jetty/default");
        Assertions.assertFalse(config.ssl().enabled());
        Assertions.assertEquals("", config.ssl().certificate());
        Assertions.assertEquals("", config.ssl().privateKey());
        ConnectorConfig config2 = mockRoot.getConfig(ConnectorConfig.class, "default/http/jdisc-jetty/tls4443");
        Assertions.assertTrue(config2.ssl().enabled());
        Assertions.assertEquals("CERT", config2.ssl().certificate());
        Assertions.assertEquals("KEY", config2.ssl().privateKey());
        Assertions.assertEquals(4443, config2.listenPort());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void assertChildComponentExists(ConnectorFactory connectorFactory, String str) {
        Assertions.assertTrue(connectorFactory.getChildren().values().stream().map(anyConfigProducer -> {
            return (SimpleComponent) anyConfigProducer;
        }).filter(simpleComponent -> {
            return simpleComponent.getClassId().stringValue().equals(str);
        }).findFirst().isPresent());
    }

    private void assertJettyServerInConfig() {
        List childrenByTypeRecursive = ((ContainerCluster) this.root.getChildren().get("default")).getChildrenByTypeRecursive(com.yahoo.vespa.model.container.http.JettyHttpServer.class);
        Assertions.assertEquals(1, childrenByTypeRecursive.size());
        com.yahoo.vespa.model.container.http.JettyHttpServer jettyHttpServer = (com.yahoo.vespa.model.container.http.JettyHttpServer) childrenByTypeRecursive.get(0);
        Assertions.assertEquals(JettyHttpServer.class.getName(), jettyHttpServer.model.bundleInstantiationSpec.classId.toString());
        Assertions.assertEquals(JettyHttpServer.class.getName(), jettyHttpServer.model.bundleInstantiationSpec.bundle.toString());
        Assertions.assertEquals(1, jettyHttpServer.getConnectorFactories().size());
        Assertions.assertNotNull(extractComponentByClassName(containerComponentsConfig(), JettyHttpServer.class.getName()));
    }

    private static ComponentsConfig.Components extractComponentByClassName(ComponentsConfig componentsConfig, String str) {
        for (ComponentsConfig.Components components : componentsConfig.components()) {
            if (str.equals(components.classId())) {
                return components;
            }
        }
        return null;
    }

    private static ComponentsConfig.Components.Inject extractInjectionById(ComponentsConfig.Components components, String str) {
        for (ComponentsConfig.Components.Inject inject : components.inject()) {
            if (str.equals(inject.id())) {
                return inject;
            }
        }
        return null;
    }

    private ComponentsConfig containerComponentsConfig() {
        return this.root.getConfig(ComponentsConfig.class, ((ApplicationContainer) ((ApplicationContainerCluster) this.root.getChildren().get("default")).getContainers().get(0)).getConfigId());
    }

    private ComponentsConfig clusterComponentsConfig() {
        return componentsConfig();
    }
}
