package io.undertow.server.security;

import io.undertow.connector.PooledByteBuffer;
import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.SecurityNotification;
import io.undertow.security.impl.ClientCertAuthenticationMechanism;
import io.undertow.testutils.DefaultServer;
import io.undertow.testutils.HttpClientUtils;
import io.undertow.testutils.ProxyIgnore;
import io.undertow.testutils.TestHttpClient;
import java.util.Collections;
import java.util.List;
import javax.net.ssl.SSLContext;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.entity.StringEntity;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.xnio.OptionMap;
import org.xnio.Options;
import org.xnio.SslClientAuthMode;

@RunWith(DefaultServer.class)
@ProxyIgnore
/* loaded from: input_file:io/undertow/server/security/ClientCertRenegotiationTestCase.class */
public class ClientCertRenegotiationTestCase extends AuthenticationTestBase {
    private static SSLContext clientSSLContext;

    @Override // io.undertow.server.security.AuthenticationTestBase
    protected List<AuthenticationMechanism> getTestMechanisms() {
        return Collections.singletonList(new ClientCertAuthenticationMechanism());
    }

    @BeforeClass
    public static void startSSL() throws Exception {
        DefaultServer.startSSLServer(OptionMap.create(Options.SSL_CLIENT_AUTH_MODE, SslClientAuthMode.NOT_REQUESTED));
        clientSSLContext = DefaultServer.getClientSSLContext();
    }

    @AfterClass
    public static void stopSSL() throws Exception {
        clientSSLContext = null;
        DefaultServer.stopSSLServer();
    }

    @Test
    public void testClientCertSuccess() throws Exception {
        TestHttpClient testHttpClient = new TestHttpClient();
        testHttpClient.setSSLContext(clientSSLContext);
        CloseableHttpResponse execute = testHttpClient.execute((HttpUriRequest) new HttpGet(DefaultServer.getDefaultServerSSLAddress()));
        Assert.assertEquals(200L, execute.getStatusLine().getStatusCode());
        Header[] headers = execute.getHeaders("ProcessedBy");
        Assert.assertEquals("ProcessedBy Headers", 1L, headers.length);
        Assert.assertEquals("ResponseHandler", headers[0].getValue());
        Header[] headers2 = execute.getHeaders("AuthenticatedUser");
        Assert.assertEquals("AuthenticatedUser Headers", 1L, headers2.length);
        Assert.assertEquals("CN=Test Client,OU=OU,O=Org,L=City,ST=State,C=GB", headers2[0].getValue());
        HttpClientUtils.readResponse((HttpResponse) execute);
        assertSingleNotificationType(SecurityNotification.EventType.AUTHENTICATED);
    }

    @Test
    public void testClientCertSuccessWithPostBody() throws Exception {
        TestHttpClient testHttpClient = new TestHttpClient();
        try {
            testHttpClient.setSSLContext(clientSSLContext);
            HttpPost httpPost = new HttpPost(DefaultServer.getDefaultServerSSLAddress());
            httpPost.setEntity(new StringEntity("hi"));
            CloseableHttpResponse execute = testHttpClient.execute((HttpUriRequest) httpPost);
            Assert.assertEquals(200L, execute.getStatusLine().getStatusCode());
            Header[] headers = execute.getHeaders("ProcessedBy");
            Assert.assertEquals("ProcessedBy Headers", 1L, headers.length);
            Assert.assertEquals("ResponseHandler", headers[0].getValue());
            Header[] headers2 = execute.getHeaders("AuthenticatedUser");
            Assert.assertEquals("AuthenticatedUser Headers", 1L, headers2.length);
            Assert.assertEquals("CN=Test Client,OU=OU,O=Org,L=City,ST=State,C=GB", headers2[0].getValue());
            HttpClientUtils.readResponse((HttpResponse) execute);
            assertSingleNotificationType(SecurityNotification.EventType.AUTHENTICATED);
            testHttpClient.getConnectionManager().shutdown();
        } catch (Throwable th) {
            testHttpClient.getConnectionManager().shutdown();
            throw th;
        }
    }

    @Test
    public void testClientCertSuccessWithLargePostBody() throws Exception {
        PooledByteBuffer allocate = DefaultServer.getBufferPool().allocate();
        int limit = allocate.getBuffer().limit() - 1;
        allocate.close();
        StringBuilder sb = new StringBuilder(limit);
        for (int i = 0; i < limit; i++) {
            sb.append("*");
        }
        TestHttpClient testHttpClient = new TestHttpClient();
        testHttpClient.setSSLContext(clientSSLContext);
        HttpPost httpPost = new HttpPost(DefaultServer.getDefaultServerSSLAddress());
        httpPost.setEntity(new StringEntity(sb.toString()));
        CloseableHttpResponse execute = testHttpClient.execute((HttpUriRequest) httpPost);
        Assert.assertEquals(200L, execute.getStatusLine().getStatusCode());
        Header[] headers = execute.getHeaders("ProcessedBy");
        Assert.assertEquals("ProcessedBy Headers", 1L, headers.length);
        Assert.assertEquals("ResponseHandler", headers[0].getValue());
        Header[] headers2 = execute.getHeaders("AuthenticatedUser");
        Assert.assertEquals("AuthenticatedUser Headers", 1L, headers2.length);
        Assert.assertEquals("CN=Test Client,OU=OU,O=Org,L=City,ST=State,C=GB", headers2[0].getValue());
        HttpClientUtils.readResponse((HttpResponse) execute);
        assertSingleNotificationType(SecurityNotification.EventType.AUTHENTICATED);
    }
}
