package org.graylog2.shared.bindings.providers;

import com.github.joschi.jadconfig.util.Duration;
import java.io.IOException;
import java.net.StandardSocketOptions;
import java.net.URI;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLHandshakeException;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.mockwebserver.MockResponse;
import okhttp3.mockwebserver.MockWebServer;
import okhttp3.tls.HandshakeCertificates;
import okhttp3.tls.HeldCertificate;
import org.assertj.core.api.Assertions;
import org.graylog2.security.TrustManagerAndSocketFactoryProvider;
import org.graylog2.utilities.ProxyHostsPattern;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;

@Disabled("This test is flaky. Maybe a race within MockWebServer")
/* loaded from: input_file:org/graylog2/shared/bindings/providers/ParameterizedHttpClientProviderTest.class */
public class ParameterizedHttpClientProviderTest {
    private final MockWebServer server = new MockWebServer();
    private HandshakeCertificates serverCertificates;
    private HandshakeCertificates clientCertificates;

    @BeforeEach
    void setUp() throws IOException {
        HeldCertificate build = new HeldCertificate.Builder().addSubjectAlternativeName("localhost").addSubjectAlternativeName("localhost.localdomain").addSubjectAlternativeName("127.0.0.1").build();
        this.serverCertificates = new HandshakeCertificates.Builder().heldCertificate(build, new X509Certificate[0]).build();
        this.clientCertificates = new HandshakeCertificates.Builder().addTrustedCertificate(build.certificate()).build();
        this.server.useHttps(this.serverCertificates.sslSocketFactory(), false);
        this.server.start();
        this.server.enqueue(successfulMockResponse());
    }

    @AfterEach
    void tearDown() throws IOException {
        this.server.shutdown();
    }

    @Test
    public void tesTlsVerifyAndKeepAlive() throws IOException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        OkHttpClient okHttpClient = new ParameterizedHttpClientProvider(client(null)).get(true, false);
        Assertions.assertThat((Boolean) okHttpClient.sslSocketFactory().createSocket().getOption(StandardSocketOptions.SO_KEEPALIVE)).isTrue();
        org.junit.jupiter.api.Assertions.assertThrows(SSLHandshakeException.class, () -> {
            okHttpClient.newCall(new Request.Builder().url(this.server.url("/")).get().build()).execute();
        }, "should not have succeeded");
    }

    @Test
    public void testWithSkipTlsVerifyAndKeepAlive() throws IOException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        OkHttpClient okHttpClient = new ParameterizedHttpClientProvider(client(null)).get(true, true);
        Assertions.assertThat((Boolean) okHttpClient.sslSocketFactory().createSocket().getOption(StandardSocketOptions.SO_KEEPALIVE)).isTrue();
        Response execute = okHttpClient.newCall(new Request.Builder().url(this.server.url("/")).get().build()).execute();
        try {
            Assertions.assertThat(execute.isSuccessful()).isTrue();
            if (execute != null) {
                execute.close();
            }
        } catch (Throwable th) {
            if (execute != null) {
                try {
                    execute.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testWithTlsVerifyNoKeepAlive() throws IOException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        OkHttpClient okHttpClient = new ParameterizedHttpClientProvider(client(null), this.clientCertificates.sslSocketFactory(), this.clientCertificates.trustManager()).get(false, false);
        Assertions.assertThat((Boolean) okHttpClient.sslSocketFactory().createSocket().getOption(StandardSocketOptions.SO_KEEPALIVE)).isFalse();
        Response execute = okHttpClient.newCall(new Request.Builder().url(this.server.url("/")).get().build()).execute();
        try {
            Assertions.assertThat(execute.isSuccessful()).isTrue();
            if (execute != null) {
                execute.close();
            }
        } catch (Throwable th) {
            if (execute != null) {
                try {
                    execute.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testWithSkipTlsVerifyNoKeepAlive() throws IOException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        OkHttpClient okHttpClient = new ParameterizedHttpClientProvider(client(null)).get(false, true);
        Assertions.assertThat((Boolean) okHttpClient.sslSocketFactory().createSocket().getOption(StandardSocketOptions.SO_KEEPALIVE)).isFalse();
        Response execute = okHttpClient.newCall(new Request.Builder().url(this.server.url("/")).get().build()).execute();
        try {
            Assertions.assertThat(execute.isSuccessful()).isTrue();
            if (execute != null) {
                execute.close();
            }
        } catch (Throwable th) {
            if (execute != null) {
                try {
                    execute.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Disabled("Not enabled by default")
    @Test
    public void testWithSystemDefaultTruststore() throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
        Response execute = new ParameterizedHttpClientProvider(client(null)).get(false, false).newCall(new Request.Builder().url("https://google.com").get().build()).execute();
        try {
            Assertions.assertThat(execute.isSuccessful()).isTrue();
            if (execute != null) {
                execute.close();
            }
        } catch (Throwable th) {
            if (execute != null) {
                try {
                    execute.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Disabled("Not enabled by default")
    @Test
    public void testWithSystemDefaultTruststoreBadHostname() throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
        Response execute = new ParameterizedHttpClientProvider(client(null)).get(true, true).newCall(new Request.Builder().url("https://wrong.host.badssl.com").get().build()).execute();
        try {
            Assertions.assertThat(execute.isSuccessful()).isTrue();
            if (execute != null) {
                execute.close();
            }
        } catch (Throwable th) {
            if (execute != null) {
                try {
                    execute.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private OkHttpClientProvider client(URI uri) {
        return new OkHttpClientProvider(Duration.milliseconds(500L), Duration.milliseconds(500L), Duration.milliseconds(500L), uri, (ProxyHostsPattern) null, (TrustManagerAndSocketFactoryProvider) null);
    }

    private MockResponse successfulMockResponse() {
        return new MockResponse().setResponseCode(200).setBody("Test");
    }
}
