package io.vertx.amqpbridge;

import io.vertx.core.Vertx;
import io.vertx.core.http.ClientAuth;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import io.vertx.core.net.PfxOptions;
import io.vertx.ext.unit.Async;
import io.vertx.ext.unit.TestContext;
import io.vertx.ext.unit.junit.VertxUnitRunner;
import io.vertx.proton.ProtonConnection;
import io.vertx.proton.ProtonServerOptions;
import java.util.concurrent.ExecutionException;
import org.apache.qpid.proton.amqp.messaging.Source;
import org.apache.qpid.proton.amqp.messaging.Target;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;

@RunWith(VertxUnitRunner.class)
/* loaded from: input_file:io/vertx/amqpbridge/AmqpBridgeSslTest.class */
public class AmqpBridgeSslTest {
    private static Logger LOG = LoggerFactory.getLogger(AmqpBridgeSslTest.class);
    private static final String PASSWORD = "password";
    private static final String KEYSTORE = "src/test/resources/broker-pkcs12.keystore";
    private static final String WRONG_HOST_KEYSTORE = "src/test/resources/broker-wrong-host-pkcs12.keystore";
    private static final String TRUSTSTORE = "src/test/resources/client-pkcs12.truststore";
    private static final String KEYSTORE_CLIENT = "src/test/resources/client-pkcs12.keystore";
    private static final String OTHER_CA_TRUSTSTORE = "src/test/resources/other-ca-pkcs12.truststore";
    private static final String VERIFY_HTTPS = "HTTPS";
    private static final String NO_VERIFY = "";
    private Vertx vertx;
    private MockServer mockServer;

    @Before
    public void setup() {
        this.vertx = Vertx.vertx();
    }

    @After
    public void tearDown() {
        try {
            if (this.mockServer != null) {
                this.mockServer.close();
            }
        } finally {
            this.vertx.close();
        }
    }

    @Test(timeout = 20000)
    public void testConnectWithSslSucceeds(TestContext testContext) throws Exception {
        Async async = testContext.async();
        ProtonServerOptions protonServerOptions = new ProtonServerOptions();
        protonServerOptions.setSsl(true);
        protonServerOptions.setPfxKeyCertOptions(new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD));
        this.mockServer = new MockServer(this.vertx, protonConnection -> {
            handleBridgeStartupProcess(protonConnection, testContext);
        }, protonServerOptions);
        AmqpBridgeOptions amqpBridgeOptions = new AmqpBridgeOptions();
        amqpBridgeOptions.setSsl(true);
        amqpBridgeOptions.setPfxTrustOptions(new PfxOptions().setPath(TRUSTSTORE).setPassword(PASSWORD));
        AmqpBridge.create(this.vertx, amqpBridgeOptions).start("localhost", this.mockServer.actualPort(), asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded(), "expected start to suceed");
            async.complete();
        });
        async.awaitSuccess();
    }

    @Test(timeout = 20000)
    public void testConnectWithSslToNonSslServerFails(TestContext testContext) throws Exception {
        Async async = testContext.async();
        ProtonServerOptions protonServerOptions = new ProtonServerOptions();
        protonServerOptions.setSsl(false);
        this.mockServer = new MockServer(this.vertx, protonConnection -> {
            handleBridgeStartupProcess(protonConnection, testContext);
        }, protonServerOptions);
        AmqpBridgeOptions amqpBridgeOptions = new AmqpBridgeOptions();
        amqpBridgeOptions.setSsl(true);
        amqpBridgeOptions.setPfxTrustOptions(new PfxOptions().setPath(TRUSTSTORE).setPassword(PASSWORD));
        AmqpBridge.create(this.vertx, amqpBridgeOptions).start("localhost", this.mockServer.actualPort(), asyncResult -> {
            testContext.assertFalse(asyncResult.succeeded(), "expected start to fail due to server not using secure transport");
            async.complete();
        });
        async.awaitSuccess();
    }

    @Test(timeout = 20000)
    public void testConnectWithSslToServerWithUntrustedKeyFails(TestContext testContext) throws Exception {
        Async async = testContext.async();
        ProtonServerOptions protonServerOptions = new ProtonServerOptions();
        protonServerOptions.setSsl(true);
        protonServerOptions.setPfxKeyCertOptions(new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD));
        this.mockServer = new MockServer(this.vertx, protonConnection -> {
            handleBridgeStartupProcess(protonConnection, testContext);
        }, protonServerOptions);
        AmqpBridgeOptions amqpBridgeOptions = new AmqpBridgeOptions();
        amqpBridgeOptions.setSsl(true);
        amqpBridgeOptions.setPfxTrustOptions(new PfxOptions().setPath(OTHER_CA_TRUSTSTORE).setPassword(PASSWORD));
        AmqpBridge.create(this.vertx, amqpBridgeOptions).start("localhost", this.mockServer.actualPort(), asyncResult -> {
            testContext.assertFalse(asyncResult.succeeded(), "expected start to fail due to untrusted server");
            async.complete();
        });
        async.awaitSuccess();
    }

    @Test(timeout = 20000)
    public void testConnectWithSslToServerWhileUsingTrustAll(TestContext testContext) throws Exception {
        Async async = testContext.async();
        ProtonServerOptions protonServerOptions = new ProtonServerOptions();
        protonServerOptions.setSsl(true);
        protonServerOptions.setPfxKeyCertOptions(new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD));
        this.mockServer = new MockServer(this.vertx, protonConnection -> {
            handleBridgeStartupProcess(protonConnection, testContext);
        }, protonServerOptions);
        AmqpBridgeOptions amqpBridgeOptions = new AmqpBridgeOptions();
        amqpBridgeOptions.setSsl(true);
        amqpBridgeOptions.setTrustAll(true);
        AmqpBridge.create(this.vertx, amqpBridgeOptions).start("localhost", this.mockServer.actualPort(), asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded(), "expected start to suceed due to trusting all certs");
            async.complete();
        });
        async.awaitSuccess();
    }

    @Test(timeout = 20000)
    public void testConnectWithSslWithoutRequiredClientKeyFails(TestContext testContext) throws Exception {
        doClientCertificateTestImpl(testContext, false);
    }

    @Test(timeout = 20000)
    public void testConnectWithSslWithRequiredClientKeySucceeds(TestContext testContext) throws Exception {
        doClientCertificateTestImpl(testContext, true);
    }

    private void doClientCertificateTestImpl(TestContext testContext, boolean z) throws InterruptedException, ExecutionException {
        Async async = testContext.async();
        ProtonServerOptions protonServerOptions = new ProtonServerOptions();
        protonServerOptions.setSsl(true);
        protonServerOptions.setClientAuth(ClientAuth.REQUIRED);
        protonServerOptions.setPfxKeyCertOptions(new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD));
        PfxOptions password = new PfxOptions().setPath(TRUSTSTORE).setPassword(PASSWORD);
        protonServerOptions.setPfxTrustOptions(password);
        this.mockServer = new MockServer(this.vertx, protonConnection -> {
            handleBridgeStartupProcess(protonConnection, testContext);
        }, protonServerOptions);
        AmqpBridgeOptions amqpBridgeOptions = new AmqpBridgeOptions();
        amqpBridgeOptions.setSsl(true);
        amqpBridgeOptions.setPfxTrustOptions(password);
        if (z) {
            amqpBridgeOptions.setPfxKeyCertOptions(new PfxOptions().setPath(KEYSTORE_CLIENT).setPassword(PASSWORD));
        }
        AmqpBridge.create(this.vertx, amqpBridgeOptions).start("localhost", this.mockServer.actualPort(), asyncResult -> {
            if (z) {
                testContext.assertTrue(asyncResult.succeeded(), "expected start to suceed due to supplying client certs");
            } else {
                testContext.assertFalse(asyncResult.succeeded(), "expected start to fail due to withholding client cert");
            }
            async.complete();
        });
        async.awaitSuccess();
    }

    @Test(timeout = 20000)
    public void testConnectWithHostnameVerification(TestContext testContext) throws Exception {
        doHostnameVerificationTestImpl(testContext, true);
    }

    @Test(timeout = 20000)
    public void testConnectWithoutHostnameVerification(TestContext testContext) throws Exception {
        doHostnameVerificationTestImpl(testContext, false);
    }

    private void doHostnameVerificationTestImpl(TestContext testContext, boolean z) throws Exception {
        Async async = testContext.async();
        ProtonServerOptions protonServerOptions = new ProtonServerOptions();
        protonServerOptions.setSsl(true);
        protonServerOptions.setPfxKeyCertOptions(new PfxOptions().setPath(WRONG_HOST_KEYSTORE).setPassword(PASSWORD));
        this.mockServer = new MockServer(this.vertx, protonConnection -> {
            handleBridgeStartupProcess(protonConnection, testContext);
        }, protonServerOptions);
        AmqpBridgeOptions amqpBridgeOptions = new AmqpBridgeOptions();
        amqpBridgeOptions.setSsl(true);
        amqpBridgeOptions.setPfxTrustOptions(new PfxOptions().setPath(TRUSTSTORE).setPassword(PASSWORD));
        testContext.assertEquals(VERIFY_HTTPS, amqpBridgeOptions.getHostnameVerificationAlgorithm(), "expected host verification to be on by default");
        if (!z) {
            amqpBridgeOptions.setHostnameVerificationAlgorithm(NO_VERIFY);
        }
        AmqpBridge.create(this.vertx, amqpBridgeOptions).start("localhost", this.mockServer.actualPort(), asyncResult -> {
            if (z) {
                testContext.assertFalse(asyncResult.succeeded(), "expected start to fail due to server cert not matching hostname");
            } else {
                testContext.assertTrue(asyncResult.succeeded(), "expected start to suceed due to not verifying server hostname");
            }
            async.complete();
        });
        async.awaitSuccess();
    }

    private void handleBridgeStartupProcess(ProtonConnection protonConnection, TestContext testContext) {
        protonConnection.openHandler(asyncResult -> {
            LOG.trace("Server connection open");
            protonConnection.open();
        });
        protonConnection.sessionOpenHandler(protonSession -> {
            LOG.trace("Server session open");
            protonSession.open();
        });
        protonConnection.receiverOpenHandler(protonReceiver -> {
            LOG.trace("Server receiver open");
            Target remoteTarget = protonReceiver.getRemoteTarget();
            testContext.assertNotNull(remoteTarget, "target should not be null");
            testContext.assertFalse(remoteTarget.getDynamic(), "target should not be dynamic");
            testContext.assertNull(remoteTarget.getAddress(), "expected null address");
            protonReceiver.setTarget(remoteTarget);
            protonReceiver.open();
        });
        protonConnection.senderOpenHandler(protonSender -> {
            LOG.trace("Server sender open");
            Source remoteSource = protonSender.getRemoteSource();
            testContext.assertNotNull(remoteSource, "source should not be null");
            testContext.assertTrue(remoteSource.getDynamic(), "source should be dynamic");
            testContext.assertNull(remoteSource.getAddress(), "expected null address");
            Source copy = remoteSource.copy();
            copy.setAddress("should-be-random-generated-address");
            protonSender.setSource(copy);
            protonSender.open();
        });
    }
}
