package com.github.tomakehurst.wiremock;

import com.github.tomakehurst.wiremock.client.WireMock;
import com.github.tomakehurst.wiremock.common.Exceptions;
import com.github.tomakehurst.wiremock.core.WireMockConfiguration;
import com.github.tomakehurst.wiremock.junit5.WireMockExtension;
import com.github.tomakehurst.wiremock.testsupport.TestFiles;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.attribute.FileAttribute;
import javax.net.ssl.SSLContext;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
import org.apache.hc.client5.http.ssl.TrustSelfSignedStrategy;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.hc.core5.ssl.SSLContexts;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

/* loaded from: input_file:com/github/tomakehurst/wiremock/HttpsBrowserProxyClientAuthAcceptanceTest.class */
public class HttpsBrowserProxyClientAuthAcceptanceTest {
    private static final String NO_PREEXISTING_KEYSTORE_PATH = tempNonExistingPath("wiremock-keystores", "ca-keystore.jks");

    @RegisterExtension
    public static WireMockExtension target = WireMockExtension.newInstance().options(WireMockConfiguration.options().httpDisabled(true).dynamicHttpsPort().needClientAuth(true).trustStorePath(TestFiles.TRUST_STORE_PATH).trustStorePassword(TestFiles.TRUST_STORE_PASSWORD)).build();

    @RegisterExtension
    public WireMockExtension proxy = WireMockExtension.newInstance().options(WireMockConfiguration.options().dynamicPort().enableBrowserProxying(true).caKeystorePath(NO_PREEXISTING_KEYSTORE_PATH).trustedProxyTargets(new String[]{"localhost"}).needClientAuth(true).trustStorePath(TestFiles.TRUST_STORE_PATH).trustStorePassword(TestFiles.TRUST_STORE_PASSWORD)).build();

    @Test
    public void canDoClientAuthEndToEndWhenProxying() throws Exception {
        target.stubFor(WireMock.get("/whatever").willReturn(WireMock.aResponse().withBody("Success")));
        CloseableHttpResponse execute = buildHttpClient().execute(new HttpGet(target.url("/whatever")));
        MatcherAssert.assertThat(Integer.valueOf(execute.getCode()), Matchers.is(200));
        MatcherAssert.assertThat(EntityUtils.toString(execute.getEntity()), Matchers.is("Success"));
    }

    private static String tempNonExistingPath(String str, String str2) {
        try {
            return Files.createTempDirectory(str, new FileAttribute[0]).resolve(str2).toFile().getAbsolutePath();
        } catch (IOException e) {
            return (String) Exceptions.throwUnchecked(e, (Class) null);
        }
    }

    private CloseableHttpClient buildHttpClient() throws Exception {
        SSLContext build = SSLContexts.custom().loadTrustMaterial(new TrustSelfSignedStrategy()).loadKeyMaterial(HttpsAcceptanceTest.readKeyStore(TestFiles.TRUST_STORE_PATH, TestFiles.TRUST_STORE_PASSWORD), TestFiles.TRUST_STORE_PASSWORD.toCharArray()).build();
        return HttpClientBuilder.create().disableAuthCaching().disableAutomaticRetries().disableCookieManagement().disableRedirectHandling().setConnectionManager(PoolingHttpClientConnectionManagerBuilder.create().setSSLSocketFactory(SSLConnectionSocketFactoryBuilder.create().setSslContext(build).setHostnameVerifier(new NoopHostnameVerifier()).build()).build()).setProxy(new HttpHost("localhost", this.proxy.getPort())).build();
    }
}
