package org.apache.pulsar.client.api;

import com.google.common.collect.Sets;
import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.util.PublicSuffixMatcher;
import org.apache.pulsar.broker.authentication.AuthenticationProviderBasic;
import org.apache.pulsar.broker.authentication.AuthenticationProviderTls;
import org.apache.pulsar.broker.namespace.OwnerShipForCurrentServerTestBase;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.impl.auth.AuthenticationTls;
import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.Marker;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/pulsar/client/api/AuthenticationTlsHostnameVerificationTest.class */
public class AuthenticationTlsHostnameVerificationTest extends ProducerConsumerBase {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AuthenticationTlsHostnameVerificationTest.class);
    private final String TLS_MIM_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/hn-verification/cacert.pem";
    private final String TLS_MIM_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/hn-verification/broker-cert.pem";
    private final String TLS_MIM_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/hn-verification/broker-key.pem";
    private final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem";
    private final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/broker-cert.pem";
    private final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/broker-key.pem";
    private final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem";
    private final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem";
    private final String BASIC_CONF_FILE_PATH = "./src/test/resources/authentication/basic/.htpasswd";
    private boolean hostnameVerificationEnabled = true;

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    protected void setup() throws Exception {
        if (this.methodName.equals("testAnonymousSyncProducerAndConsumer")) {
            this.conf.setAnonymousUserRole("anonymousUser");
        }
        this.conf.setAuthenticationEnabled(true);
        this.conf.setAuthorizationEnabled(true);
        this.conf.setTlsAllowInsecureConnection(true);
        HashSet hashSet = new HashSet();
        hashSet.add("localhost");
        hashSet.add("superUser");
        hashSet.add("superUser2");
        this.conf.setSuperUserRoles(hashSet);
        this.conf.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
        this.conf.setBrokerClientAuthenticationParameters("tlsCertFile:./src/test/resources/authentication/tls/client-cert.pem,tlsKeyFile:./src/test/resources/authentication/tls/broker-key.pem");
        HashSet hashSet2 = new HashSet();
        hashSet2.add(AuthenticationProviderTls.class.getName());
        hashSet2.add(AuthenticationProviderBasic.class.getName());
        System.setProperty("pulsar.auth.basic.conf", "./src/test/resources/authentication/basic/.htpasswd");
        this.conf.setAuthenticationProviders(hashSet2);
        this.conf.setClusterName(OwnerShipForCurrentServerTestBase.CLUSTER_NAME);
        this.conf.setNumExecutorThreadPoolSize(5);
        super.init();
        setupClient();
    }

    protected void setupClient() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("tlsCertFile", "./src/test/resources/authentication/tls/client-cert.pem");
        hashMap.put("tlsKeyFile", "./src/test/resources/authentication/tls/client-key.pem");
        Authentication authenticationTls = new AuthenticationTls();
        authenticationTls.configure(hashMap);
        this.admin = (PulsarAdmin) Mockito.spy(PulsarAdmin.builder().serviceHttpUrl(this.brokerUrlTls.toString()).tlsTrustCertsFilePath("./src/test/resources/authentication/tls/hn-verification/cacert.pem").allowTlsInsecureConnection(true).authentication(authenticationTls).build());
        this.pulsarClient = PulsarClient.builder().serviceUrl(this.pulsar.getBrokerServiceUrlTls()).statsInterval(0L, TimeUnit.SECONDS).tlsTrustCertsFilePath("./src/test/resources/authentication/tls/hn-verification/cacert.pem").allowTlsInsecureConnection(true).authentication(authenticationTls).enableTls(true).enableTlsHostnameVerification(this.hostnameVerificationEnabled).build();
        this.admin.clusters().createCluster(OwnerShipForCurrentServerTestBase.CLUSTER_NAME, new ClusterData(this.brokerUrl.toString()));
        this.admin.tenants().createTenant("my-property", new TenantInfo(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet(OwnerShipForCurrentServerTestBase.CLUSTER_NAME)));
        this.admin.namespaces().createNamespace("my-property/my-ns", Sets.newHashSet(OwnerShipForCurrentServerTestBase.CLUSTER_NAME));
    }

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @AfterMethod
    protected void cleanup() throws Exception {
        if (this.methodName.equals("testDefaultHostVerifier")) {
            return;
        }
        super.internalCleanup();
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(name = "hostnameVerification")
    public Object[][] codecProvider() {
        return new Object[]{new Object[]{Boolean.TRUE}, new Object[]{Boolean.FALSE}};
    }

    @Test(dataProvider = "hostnameVerification")
    public void testTlsSyncProducerAndConsumerWithInvalidBrokerHost(boolean z) throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        this.hostnameVerificationEnabled = z;
        this.conf.setBrokerServicePortTls(Optional.of(0));
        this.conf.setWebServicePortTls(Optional.of(0));
        this.conf.setTlsTrustCertsFilePath("./src/test/resources/authentication/tls/hn-verification/cacert.pem");
        this.conf.setTlsCertificateFilePath("./src/test/resources/authentication/tls/hn-verification/broker-cert.pem");
        this.conf.setTlsKeyFilePath("./src/test/resources/authentication/tls/hn-verification/broker-key.pem");
        this.conf.setBrokerClientAuthenticationParameters("tlsCertFile:./src/test/resources/authentication/tls/client-cert.pem,tlsKeyFile:./src/test/resources/authentication/tls/hn-verification/broker-key.pem");
        setup();
        try {
            this.pulsarClient.newConsumer().topic("persistent://my-property/my-ns/my-topic").subscriptionName("my-subscriber-name").subscribe();
            if (z) {
                Assert.fail("Connection should be failed due to hostnameVerification enabled");
            }
        } catch (PulsarClientException e) {
            if (!z) {
                Assert.fail("Consumer should be created because hostnameverification is disabled");
            }
        }
        log.info("-- Exiting {} test --", this.methodName);
    }

    @Test
    public void testTlsSyncProducerAndConsumerCorrectBrokerHost() throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        this.conf.setBrokerServicePortTls(Optional.of(0));
        this.conf.setWebServicePortTls(Optional.of(0));
        this.conf.setTlsTrustCertsFilePath("./src/test/resources/authentication/tls/cacert.pem");
        this.conf.setTlsCertificateFilePath("./src/test/resources/authentication/tls/broker-cert.pem");
        this.conf.setTlsKeyFilePath("./src/test/resources/authentication/tls/broker-key.pem");
        setup();
        Consumer<byte[]> subscribe = this.pulsarClient.newConsumer().topic("persistent://my-property/my-ns/my-topic").subscriptionName("my-subscriber-name").subscribe();
        Producer<byte[]> create = this.pulsarClient.newProducer().topic("persistent://my-property/my-ns/my-topic").create();
        for (int i = 0; i < 10; i++) {
            create.send(("my-message-" + i).getBytes());
        }
        Message<byte[]> message = null;
        HashSet newHashSet = Sets.newHashSet();
        for (int i2 = 0; i2 < 10; i2++) {
            message = subscribe.receive(5, TimeUnit.SECONDS);
            String str = new String(message.getData());
            log.debug("Received message: [{}]", str);
            testMessageOrderAndDuplicates(newHashSet, str, "my-message-" + i2);
        }
        subscribe.acknowledgeCumulative((Message<?>) message);
        subscribe.close();
        log.info("-- Exiting {} test --", this.methodName);
    }

    @Test
    public void testDefaultHostVerifier() throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        Method declaredMethod = DefaultHostnameVerifier.class.getDeclaredMethod("matchIdentityStrict", String.class, String.class, PublicSuffixMatcher.class);
        declaredMethod.setAccessible(true);
        Assert.assertTrue(((Boolean) declaredMethod.invoke(null, "pulsar", "pulsar", null)).booleanValue());
        Assert.assertFalse(((Boolean) declaredMethod.invoke(null, "pulsar.com", "pulsar", null)).booleanValue());
        Assert.assertTrue(((Boolean) declaredMethod.invoke(null, "pulsar-broker1.com", "pulsar*.com", null)).booleanValue());
        Assert.assertFalse(((Boolean) declaredMethod.invoke(null, "pulsar-broker1.com", "pulsar*com", null)).booleanValue());
        Assert.assertFalse(((Boolean) declaredMethod.invoke(null, "pulsar.com", Marker.ANY_MARKER, null)).booleanValue());
        log.info("-- Exiting {} test --", this.methodName);
    }
}
