package org.mule.service.http.netty.impl.server;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.IdentityCipherSuiteFilter;
import io.netty.handler.ssl.JdkSslContext;
import io.netty.handler.ssl.SslContext;
import io.qameta.allure.Issue;
import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.concurrent.ExecutionException;
import org.apache.commons.io.IOUtils;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.mule.runtime.api.lifecycle.CreateException;
import org.mule.runtime.api.tls.TlsContextFactory;
import org.mule.runtime.api.util.MultiMap;
import org.mule.runtime.http.api.HttpConstants;
import org.mule.runtime.http.api.domain.message.response.HttpResponse;
import org.mule.runtime.http.api.server.HttpServer;
import org.mule.runtime.http.api.server.RequestHandlerManager;
import org.mule.service.http.netty.impl.message.HttpResponseCreator;
import org.mule.service.http.netty.impl.server.util.HttpListenerRegistry;
import org.mule.service.http.netty.utils.TestHttp2RequestHandler;
import org.mule.service.http.netty.utils.client.TestSSLNettyClient;
import org.mule.tck.junit4.rule.DynamicPort;

/* loaded from: input_file:org/mule/service/http/netty/impl/server/NettyHttpServerHeaderLimitTestCase.class */
public class NettyHttpServerHeaderLimitTestCase {
    private HttpServer server;
    private HttpListenerRegistry listenerRegistry;
    private RequestHandlerManager requestHandlerManager;
    private static final int MAX_NUM_HEADERS_DEFAULT = 100;
    private static final String MAX_SERVER_REQUEST_HEADERS_KEY = "mule.http.MAX_SERVER_REQUEST_HEADERS";
    private static final String MAX_SERVER_RESPONSE_HEADERS_KEY = "mule.http.MAX_SERVER_RESPONSE_HEADERS";

    @Rule
    public DynamicPort serverPort = new DynamicPort("serverPort");

    @Rule
    public TestSSLNettyClient testClient = new TestSSLNettyClient(HttpServerConnectionManagerTestCase.TEST_HOST, this.serverPort.getNumber());

    @Before
    public void setUp() throws Exception {
        this.listenerRegistry = new HttpListenerRegistry();
        SslContext createServerSslContext = createServerSslContext();
        this.server = NettyHttpServer.builder().withServerAddress(new InetSocketAddress(this.serverPort.getNumber())).withHttpListenerRegistry(this.listenerRegistry).withSslContext(createServerSslContext).withClientChannelHandler(new AcceptedConnectionChannelInitializer(this.listenerRegistry, true, 30000, createServerSslContext)).build();
        this.server.start();
        this.requestHandlerManager = this.server.addRequestHandler("/path", new TestHttp2RequestHandler());
        this.server.addRequestHandler(Collections.singleton("GET"), "/only-get", new TestHttp2RequestHandler());
    }

    @After
    public void tearDown() {
        this.server.stop().dispose();
    }

    @Test
    @Issue("W-15642768")
    public void testMaxServerRequestHeaders() throws Exception {
        MatcherAssert.assertThat(Integer.valueOf(HttpListenerRegistry.getMaxServerRequestHeaders()), Matchers.equalTo(Integer.valueOf(MAX_NUM_HEADERS_DEFAULT)));
        System.setProperty(MAX_SERVER_REQUEST_HEADERS_KEY, "5");
        HttpListenerRegistry.refreshMaxServerRequestHeaders();
        MultiMap<String, String> stringMultiMap = new MultiMap.StringMultiMap<>();
        stringMultiMap.put("testheader1", "testvalue1");
        stringMultiMap.put("testheader2", "testvalue2");
        stringMultiMap.put("testheader3", "testvalue3");
        stringMultiMap.put("testheader4", "testvalue4");
        stringMultiMap.put("testheader5", "testvalue5");
        stringMultiMap.put("testheader6", "testvalue6");
        HttpResponse sendGet = this.testClient.sendGet("/path", stringMultiMap);
        String iOUtils = IOUtils.toString(sendGet.getEntity().getContent(), StandardCharsets.UTF_8);
        MatcherAssert.assertThat(Integer.valueOf(HttpListenerRegistry.getMaxServerRequestHeaders()), Matchers.equalTo(5));
        MatcherAssert.assertThat(Integer.valueOf(sendGet.getStatusCode()), Matchers.is(Integer.valueOf(HttpConstants.HttpStatus.REQUEST_TOO_LONG.getStatusCode())));
        MatcherAssert.assertThat(iOUtils, Matchers.containsString("Request entity too large"));
        System.clearProperty(MAX_SERVER_REQUEST_HEADERS_KEY);
        HttpListenerRegistry.refreshMaxServerRequestHeaders();
    }

    @Test
    @Issue("W-15642768")
    public void testMaxServerResponseHeaders() throws Exception {
        MatcherAssert.assertThat(Integer.valueOf(HttpResponseCreator.getMaxServerResponseHeaders()), Matchers.equalTo(Integer.valueOf(MAX_NUM_HEADERS_DEFAULT)));
        System.setProperty(MAX_SERVER_RESPONSE_HEADERS_KEY, "1");
        HttpResponseCreator.refreshMaxServerResponseHeaders();
        MatcherAssert.assertThat(Integer.valueOf(HttpResponseCreator.getMaxServerResponseHeaders()), Matchers.equalTo(1));
        try {
            this.testClient.sendGet("/path");
        } catch (ExecutionException e) {
            Assert.assertTrue(e.getCause() instanceof IllegalArgumentException);
            MatcherAssert.assertThat(e.getCause().getMessage(), Matchers.containsString("Exceeded max server response headers limit"));
        }
        System.clearProperty(MAX_SERVER_RESPONSE_HEADERS_KEY);
        HttpResponseCreator.refreshMaxServerResponseHeaders();
    }

    private SslContext createServerSslContext() throws NoSuchAlgorithmException, KeyManagementException, CreateException {
        return new JdkSslContext(TlsContextFactory.builder().enabledCipherSuites("TLS_SOMETHING").enabledProtocols("TLSv1.1").keyStorePath("serverKeystore").keyStorePassword("mulepassword").keyAlias("muleserver").keyPassword("mulepassword").keyStoreAlgorithm("PKIX").trustStorePath("trustStore").trustStorePassword("mulepassword").trustStoreType("jceks").insecureTrustStore(true).build().createSslContext(), false, (Iterable) null, IdentityCipherSuiteFilter.INSTANCE, new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, new String[]{"h2", "http/1.1"}), ClientAuth.NONE, (String[]) null, false);
    }
}
