package org.mule.service.http.netty.impl.server;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.IdentityCipherSuiteFilter;
import io.netty.handler.ssl.JdkSslContext;
import io.netty.handler.ssl.SslContext;
import io.qameta.allure.Issue;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.CertificateException;
import java.util.Collections;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.mule.runtime.api.lifecycle.CreateException;
import org.mule.runtime.api.tls.TlsContextFactory;
import org.mule.runtime.http.api.server.HttpServer;
import org.mule.runtime.http.api.server.RequestHandlerManager;
import org.mule.service.http.netty.impl.server.util.HttpListenerRegistry;
import org.mule.service.http.netty.utils.TestHttp2RequestHandler;
import org.mule.service.http.netty.utils.client.TestSSLNettyClientWithBouncyCastle;
import org.mule.tck.junit4.AbstractMuleTestCase;
import org.mule.tck.junit4.rule.DynamicPort;

/* loaded from: input_file:org/mule/service/http/netty/impl/server/NettyHttpServerWithBouncyCastleTestCase.class */
public class NettyHttpServerWithBouncyCastleTestCase extends AbstractMuleTestCase {

    @Rule
    public DynamicPort serverPort = new DynamicPort("serverPort");

    @Rule
    public TestSSLNettyClientWithBouncyCastle testClient = new TestSSLNettyClientWithBouncyCastle(HttpServerConnectionManagerTestCase.TEST_HOST, this.serverPort.getNumber());
    private HttpServer serverWithSSLContext;
    private RequestHandlerManager requestHandlerManager;
    private HttpListenerRegistry listenerRegistry;

    @Before
    public void setup() throws IOException, CertificateException, NoSuchAlgorithmException, CreateException, KeyManagementException {
        Security.addProvider(new BouncyCastleProvider());
        this.listenerRegistry = new HttpListenerRegistry();
    }

    @After
    public void tearDown() {
        Security.removeProvider("BC");
        if (this.serverWithSSLContext != null) {
            this.serverWithSSLContext.stop().dispose();
        }
    }

    private void initiateServerWithSslContext(String str, String str2, String str3, String str4, String str5) throws NoSuchAlgorithmException, CreateException, KeyManagementException, IOException {
        SslContext createSslContext = createSslContext(str, str2, str3, str4, str5);
        this.serverWithSSLContext = NettyHttpServer.builder().withServerAddress(new InetSocketAddress(this.serverPort.getNumber())).withHttpListenerRegistry(this.listenerRegistry).withSslContext(createSslContext).withClientChannelHandler(new AcceptedConnectionChannelInitializer(this.listenerRegistry, true, 30000, createSslContext, 300, 300)).build();
        this.serverWithSSLContext.start();
        this.requestHandlerManager = this.serverWithSSLContext.addRequestHandler("/path", new TestHttp2RequestHandler());
        this.serverWithSSLContext.addRequestHandler(Collections.singleton("GET"), "/only-get", new TestHttp2RequestHandler());
    }

    private SslContext createSslContext(String str, String str2, String str3, String str4, String str5) throws NoSuchAlgorithmException, KeyManagementException, CreateException {
        return new JdkSslContext(TlsContextFactory.builder().keyStorePath(str).keyStorePassword(str2).keyAlias(str3).keyPassword(str2).trustStorePath(str4).trustStorePassword(str5).insecureTrustStore(true).build().createSslContext(), false, (Iterable) null, IdentityCipherSuiteFilter.INSTANCE, new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, new String[]{"h2", "http/1.1"}), ClientAuth.NONE, (String[]) null, false);
    }

    @Test
    @Issue("W-15631497")
    public void testSSLConnection() throws Exception {
        initiateServerWithSslContext("serverKeystore", "mulepassword", "muleserver", "trustStore", "mulepassword");
        MatcherAssert.assertThat("Expected response status code to be 200", Integer.valueOf(this.testClient.sendGet("/path").getStatusCode()), Matchers.is(200));
    }

    @Test
    @Issue("W-15631497")
    public void testSSLRehandshake() throws Exception {
        initiateServerWithSslContext("serverKeystore", "mulepassword", "muleserver", "trustStore", "mulepassword");
        MatcherAssert.assertThat(Integer.valueOf(this.testClient.sendGet("/path").getStatusCode()), Matchers.is(200));
        this.testClient.reHandshake();
        MatcherAssert.assertThat(Integer.valueOf(this.testClient.sendGet("/path").getStatusCode()), Matchers.is(200));
    }

    @Test
    @Issue("W-15631497")
    public void testSSLHandshakeFailureWhenKeystorePasswordIsIncorrect() {
        try {
            initiateServerWithSslContext("serverKeystore", "wrongpassword", "muleserver", "trustStore", "mulepassword");
            this.testClient.sendGet("/path");
        } catch (Exception e) {
            MatcherAssert.assertThat("Unable to initialise TLS configuration", Matchers.is(e.getMessage()));
        }
    }

    @Test
    @Issue("W-15631497")
    public void testSSLHandshakeFailureWhenTrustStorePasswordIsIncorrect() {
        try {
            initiateServerWithSslContext("serverKeystore", "mulepassword", "muleserver", "trustStore", "wrongpassword");
            this.testClient.sendGet("/path");
        } catch (Exception e) {
            MatcherAssert.assertThat("Unable to initialise TLS configuration", Matchers.is(e.getMessage()));
        }
    }
}
