package org.projectnessie.client.http;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.io.BaseEncoding;
import com.sun.net.httpserver.HttpServer;
import com.sun.net.httpserver.HttpsConfigurator;
import com.sun.net.httpserver.HttpsParameters;
import com.sun.net.httpserver.HttpsServer;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.time.ZonedDateTime;
import java.util.Date;
import java.util.Objects;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.parallel.Execution;
import org.junit.jupiter.api.parallel.ExecutionMode;
import org.projectnessie.client.util.TestServer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Execution(ExecutionMode.CONCURRENT)
/* loaded from: input_file:org/projectnessie/client/http/TestHttpsClient.class */
class TestHttpsClient {
    private static final Logger LOGGER = LoggerFactory.getLogger(TestHttpsClient.class);
    private static final ObjectMapper MAPPER = new ObjectMapper();

    TestHttpsClient() {
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v2, types: [javax.net.ssl.TrustManager[], javax.net.ssl.TrustManager[][]] */
    @Test
    void testHttps() throws Exception {
        ?? r0 = new TrustManager[1];
        TestServer testServer = new TestServer("/", httpExchange -> {
            Assertions.assertEquals("GET", httpExchange.getRequestMethod());
            httpExchange.sendResponseHeaders(200, "hello".getBytes().length);
            OutputStream responseBody = httpExchange.getResponseBody();
            responseBody.write("hello".getBytes());
            responseBody.close();
        }, httpsServer -> {
            try {
                r0[0] = ssl(httpsServer);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        });
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, r0[0], new SecureRandom());
            HttpClient.builder().setBaseUri(URI.create("https://localhost:" + testServer.getAddress().getPort())).setObjectMapper(MAPPER).setSslContext(sSLContext).build().newRequest().get();
            HttpRequest newRequest = HttpClient.builder().setBaseUri(URI.create("https://localhost:" + testServer.getAddress().getPort())).setObjectMapper(MAPPER).build().newRequest();
            Objects.requireNonNull(newRequest);
            Assertions.assertThrows(HttpClientException.class, newRequest::get);
            testServer.close();
        } catch (Throwable th) {
            try {
                testServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static KeyPair generateKeyPair(SecureRandom secureRandom) throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048, secureRandom);
        return keyPairGenerator.generateKeyPair();
    }

    private static X509CertificateHolder generateCertHolder(SecureRandom secureRandom, ZonedDateTime zonedDateTime, KeyPair keyPair) throws Exception {
        X500NameBuilder addRDN = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.CN, "localhost").addRDN(BCStyle.OU, "Dremio Corp. (auto-generated)").addRDN(BCStyle.O, "Dremio Corp. (auto-generated)").addRDN(BCStyle.L, "Mountain View").addRDN(BCStyle.ST, "California").addRDN(BCStyle.C, "US");
        try {
            return new JcaX509v3CertificateBuilder(addRDN.build(), new BigInteger(128, secureRandom), Date.from(zonedDateTime.minusDays(1L).toInstant()), Date.from(zonedDateTime.plusYears(1L).toInstant()), addRDN.build(), keyPair.getPublic()).addExtension(Extension.subjectAlternativeName, false, new DERSequence(new GeneralName[]{new GeneralName(2, "localhost")})).build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate()));
        } catch (OperatorCreationException e) {
            throw new GeneralSecurityException((Throwable) e);
        }
    }

    private static X509Certificate generateCert(ZonedDateTime zonedDateTime, X509CertificateHolder x509CertificateHolder) throws Exception {
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(x509CertificateHolder);
        certificate.checkValidity(Date.from(zonedDateTime.toInstant()));
        certificate.verify(certificate.getPublicKey());
        LOGGER.info("Certificate created (SHA-256 fingerprint: {})", BaseEncoding.base16().withSeparator(":", 2).encode(MessageDigest.getInstance("SHA-256").digest(certificate.getEncoded())));
        return certificate;
    }

    private static TrustManager[] ssl(HttpServer httpServer) throws Exception {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        String defaultType = KeyStore.getDefaultType();
        KeyStore keyStore = KeyStore.getInstance(defaultType);
        KeyStore keyStore2 = KeyStore.getInstance(defaultType);
        keyStore.load(null, null);
        keyStore2.load(null, null);
        ZonedDateTime now = ZonedDateTime.now();
        SecureRandom secureRandom = new SecureRandom();
        KeyPair generateKeyPair = generateKeyPair(secureRandom);
        X509Certificate generateCert = generateCert(now, generateCertHolder(secureRandom, now, generateKeyPair));
        keyStore.setKeyEntry("AutoGeneratedPrivateKey", generateKeyPair.getPrivate(), "password".toCharArray(), new Certificate[]{generateCert});
        keyStore2.setEntry("AutoGeneratedCert", new KeyStore.TrustedCertificateEntry(generateCert), null);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, "password".toCharArray());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
        trustManagerFactory.init(keyStore);
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
        ((HttpsServer) httpServer).setHttpsConfigurator(new HttpsConfigurator(sSLContext) { // from class: org.projectnessie.client.http.TestHttpsClient.1
            public void configure(HttpsParameters httpsParameters) {
                try {
                    SSLContext sSLContext2 = SSLContext.getDefault();
                    SSLEngine createSSLEngine = sSLContext2.createSSLEngine();
                    httpsParameters.setNeedClientAuth(false);
                    httpsParameters.setCipherSuites(createSSLEngine.getEnabledCipherSuites());
                    httpsParameters.setProtocols(createSSLEngine.getEnabledProtocols());
                    httpsParameters.setSSLParameters(sSLContext2.getDefaultSSLParameters());
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
        });
        return trustManagerFactory.getTrustManagers();
    }
}
