package org.apache.pulsar.client.api;

import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import org.apache.pulsar.broker.authentication.AuthenticationProviderBasic;
import org.apache.pulsar.broker.authentication.AuthenticationProviderTls;
import org.apache.pulsar.client.impl.auth.AuthenticationTls;
import org.apache.pulsar.common.tls.PublicSuffixMatcher;
import org.apache.pulsar.common.tls.TlsHostnameVerifier;
import org.apache.pulsar.socks5.auth.DefaultPasswordAuthImpl;
import org.assertj.core.util.Sets;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

@Test(groups = {"broker-api"})
/* loaded from: input_file:org/apache/pulsar/client/api/AuthenticationTlsHostnameVerificationTest.class */
public class AuthenticationTlsHostnameVerificationTest extends ProducerConsumerBase {
    private static final Logger log = LoggerFactory.getLogger(AuthenticationTlsHostnameVerificationTest.class);
    private final String TLS_MIM_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/hn-verification/cacert.pem";
    private final String TLS_MIM_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/hn-verification/broker-cert.pem";
    private final String TLS_MIM_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/hn-verification/broker-key.pem";
    private final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem";
    private final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/broker-cert.pem";
    private final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/broker-key.pem";
    private final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem";
    private final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem";
    private final String BASIC_CONF_FILE_PATH = "./src/test/resources/authentication/basic/.htpasswd";
    private boolean hostnameVerificationEnabled = true;
    private String clientTrustCertFilePath = "./src/test/resources/authentication/tls/cacert.pem";

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    protected void setup() throws Exception {
        super.internalSetup();
        super.producerBaseSetup();
        super.stopBroker();
        if (this.methodName.equals("testAnonymousSyncProducerAndConsumer")) {
            this.conf.setAnonymousUserRole("anonymousUser");
        }
        this.conf.setAuthenticationEnabled(true);
        this.conf.setAuthorizationEnabled(true);
        this.conf.setTlsAllowInsecureConnection(false);
        HashSet hashSet = new HashSet();
        hashSet.add("localhost");
        hashSet.add("superUser");
        hashSet.add("superUser2");
        hashSet.add("admin");
        this.conf.setSuperUserRoles(hashSet);
        this.conf.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
        this.conf.setBrokerClientAuthenticationParameters("tlsCertFile:./src/test/resources/authentication/tls/client-cert.pem,tlsKeyFile:./src/test/resources/authentication/tls/broker-key.pem");
        HashSet hashSet2 = new HashSet();
        hashSet2.add(AuthenticationProviderTls.class.getName());
        hashSet2.add(AuthenticationProviderBasic.class.getName());
        System.setProperty("pulsar.auth.basic.conf", "./src/test/resources/authentication/basic/.htpasswd");
        this.conf.setAuthenticationProviders(hashSet2);
        this.conf.setClusterName("test");
        this.conf.setNumExecutorThreadPoolSize(5);
        startBroker();
        setupClient();
    }

    protected void setupClient() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("tlsCertFile", "./src/test/resources/authentication/tls/client-cert.pem");
        hashMap.put("tlsKeyFile", "./src/test/resources/authentication/tls/client-key.pem");
        AuthenticationTls authenticationTls = new AuthenticationTls();
        authenticationTls.configure(hashMap);
        replacePulsarClient(PulsarClient.builder().serviceUrl(this.pulsar.getBrokerServiceUrlTls()).statsInterval(0L, TimeUnit.SECONDS).tlsTrustCertsFilePath(this.clientTrustCertFilePath).authentication(authenticationTls).enableTls(true).enableTlsHostnameVerification(this.hostnameVerificationEnabled));
    }

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @AfterMethod(alwaysRun = true)
    protected void cleanup() throws Exception {
        if (this.methodName.equals("testDefaultHostVerifier")) {
            return;
        }
        super.internalCleanup();
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(name = "hostnameVerification")
    public Object[][] codecProvider() {
        return new Object[]{new Object[]{Boolean.TRUE}, new Object[]{Boolean.FALSE}};
    }

    @Test(dataProvider = "hostnameVerification")
    public void testTlsSyncProducerAndConsumerWithInvalidBrokerHost(boolean z) throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        cleanup();
        this.hostnameVerificationEnabled = z;
        this.clientTrustCertFilePath = "./src/test/resources/authentication/tls/hn-verification/cacert.pem";
        this.conf.setBrokerServicePortTls(Optional.of(0));
        this.conf.setTopicLevelPoliciesEnabled(false);
        this.conf.setWebServicePortTls(Optional.of(0));
        this.conf.setAuthenticationProviders(Sets.newTreeSet(new String[]{AuthenticationProviderTls.class.getName()}));
        this.conf.setTlsTrustCertsFilePath("./src/test/resources/authentication/tls/cacert.pem");
        this.conf.setTlsCertificateFilePath("./src/test/resources/authentication/tls/hn-verification/broker-cert.pem");
        this.conf.setTlsKeyFilePath("./src/test/resources/authentication/tls/hn-verification/broker-key.pem");
        this.conf.setBrokerClientAuthenticationParameters("tlsCertFile:./src/test/resources/authentication/tls/client-cert.pem,tlsKeyFile:./src/test/resources/authentication/tls/hn-verification/broker-key.pem");
        setup();
        try {
            this.pulsarClient.newConsumer().topic(new String[]{"persistent://my-property/my-ns/my-topic"}).subscriptionName("my-subscriber-name").subscribe();
            if (z) {
                Assert.fail("Connection should be failed due to hostnameVerification enabled");
            }
        } catch (PulsarClientException e) {
            if (!z) {
                Assert.fail("Consumer should be created because hostnameverification is disabled");
            }
        }
        log.info("-- Exiting {} test --", this.methodName);
    }

    @Test
    public void testTlsSyncProducerAndConsumerCorrectBrokerHost() throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        cleanup();
        this.conf.setBrokerServicePortTls(Optional.of(0));
        this.conf.setWebServicePortTls(Optional.of(0));
        this.conf.setAuthenticationProviders(Sets.newTreeSet(new String[]{AuthenticationProviderTls.class.getName()}));
        this.conf.setTlsTrustCertsFilePath("./src/test/resources/authentication/tls/cacert.pem");
        this.conf.setTlsCertificateFilePath("./src/test/resources/authentication/tls/broker-cert.pem");
        this.conf.setTlsKeyFilePath("./src/test/resources/authentication/tls/broker-key.pem");
        this.conf.setTopicLevelPoliciesEnabled(false);
        setup();
        Consumer subscribe = this.pulsarClient.newConsumer().topic(new String[]{"persistent://my-property/my-ns/my-topic"}).subscriptionName("my-subscriber-name").subscribe();
        Producer create = this.pulsarClient.newProducer().topic("persistent://my-property/my-ns/my-topic").create();
        for (int i = 0; i < 10; i++) {
            create.send(("my-message-" + i).getBytes());
        }
        Message message = null;
        HashSet hashSet = new HashSet();
        for (int i2 = 0; i2 < 10; i2++) {
            message = subscribe.receive(5, TimeUnit.SECONDS);
            String str = new String(message.getData());
            log.debug("Received message: [{}]", str);
            testMessageOrderAndDuplicates(hashSet, str, "my-message-" + i2);
        }
        subscribe.acknowledgeCumulative(message);
        subscribe.close();
        log.info("-- Exiting {} test --", this.methodName);
    }

    @Test
    public void testDefaultHostVerifier() throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        Method declaredMethod = TlsHostnameVerifier.class.getDeclaredMethod("matchIdentityStrict", String.class, String.class, PublicSuffixMatcher.class);
        declaredMethod.setAccessible(true);
        Assert.assertTrue(((Boolean) declaredMethod.invoke(null, DefaultPasswordAuthImpl.DEFAULT_PASSWORD, DefaultPasswordAuthImpl.DEFAULT_PASSWORD, null)).booleanValue());
        Assert.assertFalse(((Boolean) declaredMethod.invoke(null, "pulsar.com", DefaultPasswordAuthImpl.DEFAULT_PASSWORD, null)).booleanValue());
        Assert.assertTrue(((Boolean) declaredMethod.invoke(null, "pulsar-broker1.com", "pulsar*.com", null)).booleanValue());
        Assert.assertFalse(((Boolean) declaredMethod.invoke(null, "pulsar-broker1.com", "pulsar*com", null)).booleanValue());
        Assert.assertFalse(((Boolean) declaredMethod.invoke(null, "pulsar.com", "*", null)).booleanValue());
        log.info("-- Exiting {} test --", this.methodName);
    }
}
