package io.confluent.rest;

import java.io.File;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Configurable;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.test.TestSslUtils;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:io/confluent/rest/ApiHeadersTest.class */
public class ApiHeadersTest {
    private static final String httpUri = "http://localhost:8080";
    private static final String httpsUri = "https://localhost:8081";
    private static final String SSL_PASSWORD = "test1234";
    private static String clientKeystoreLocation;
    private static TestApplication app;

    /* loaded from: input_file:io/confluent/rest/ApiHeadersTest$TestApplication.class */
    private static class TestApplication extends Application<TestRestConfig> {
        public TestApplication(TestRestConfig testRestConfig) {
            super(testRestConfig);
        }

        public void setupResources(Configurable<?> configurable, TestRestConfig testRestConfig) {
            configurable.register(new TestResource());
        }

        public /* bridge */ /* synthetic */ void setupResources(Configurable configurable, RestConfig restConfig) {
            setupResources((Configurable<?>) configurable, (TestRestConfig) restConfig);
        }
    }

    @Produces({"application/json"})
    @Path("/test/")
    /* loaded from: input_file:io/confluent/rest/ApiHeadersTest$TestResource.class */
    public static class TestResource {
        @GET
        @Path("/endpoint")
        public boolean test() {
            return true;
        }
    }

    @BeforeClass
    public static void setUp() throws Exception {
        File createTempFile = File.createTempFile("ApiHeadersTest-truststore", ".jks");
        File createTempFile2 = File.createTempFile("ApiHeadersTest-client-keystore", ".jks");
        File createTempFile3 = File.createTempFile("ApiHeadersTest-server-keystore", ".jks");
        clientKeystoreLocation = createTempFile2.getAbsolutePath();
        HashMap hashMap = new HashMap();
        createKeystoreWithCert(createTempFile2, "client", hashMap);
        createKeystoreWithCert(createTempFile3, "server", hashMap);
        TestSslUtils.createTrustStore(createTempFile.getAbsolutePath(), new Password("test1234"), hashMap);
        Properties properties = new Properties();
        properties.put("listeners", "http://localhost:8080,https://localhost:8081");
        properties.put("ssl.keystore.location", createTempFile3.getAbsolutePath());
        properties.put("ssl.keystore.password", "test1234");
        properties.put("ssl.key.password", "test1234");
        app = new TestApplication(TestRestConfig.maprCompatible(properties));
        app.start();
    }

    @AfterClass
    public static void teardown() throws Exception {
        if (app != null) {
            app.stop();
        }
    }

    @Test
    public void testHttpDoesNotReturnJettyServerVersionHeader() throws Exception {
        HttpGet httpGet = new HttpGet("http://localhost:8080/test/endpoint");
        CloseableHttpClient createDefault = HttpClients.createDefault();
        try {
            CloseableHttpResponse execute = createDefault.execute(httpGet);
            try {
                MatcherAssert.assertThat(Integer.valueOf(execute.getStatusLine().getStatusCode()), CoreMatchers.is(200));
                MatcherAssert.assertThat(execute.getFirstHeader("Server"), CoreMatchers.is(CoreMatchers.nullValue()));
                if (execute != null) {
                    execute.close();
                }
                if (createDefault != null) {
                    createDefault.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (createDefault != null) {
                try {
                    createDefault.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testHttpsDoesNotReturnJettyServerVersionHeader() throws Exception {
        HttpGet httpGet = new HttpGet("https://localhost:8081/test/endpoint");
        CloseableHttpClient build = HttpClients.custom().setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContexts.custom().loadTrustMaterial(new TrustSelfSignedStrategy()).loadKeyMaterial(new File(clientKeystoreLocation), "test1234".toCharArray(), "test1234".toCharArray()).build(), new String[]{"TLSv1.2"}, (String[]) null, SSLConnectionSocketFactory.getDefaultHostnameVerifier())).build();
        try {
            CloseableHttpResponse execute = build.execute(httpGet);
            try {
                MatcherAssert.assertThat(Integer.valueOf(execute.getStatusLine().getStatusCode()), CoreMatchers.is(200));
                MatcherAssert.assertThat(execute.getFirstHeader("Server"), CoreMatchers.is(CoreMatchers.nullValue()));
                if (execute != null) {
                    execute.close();
                }
                if (build != null) {
                    build.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static void createKeystoreWithCert(File file, String str, Map<String, X509Certificate> map) throws Exception {
        KeyPair generateKeyPair = TestSslUtils.generateKeyPair("RSA");
        X509Certificate generate = new TestSslUtils.CertificateBuilder(30, "SHA1withRSA").sanDnsName("localhost").generate("CN=mymachine.local, O=A client", generateKeyPair);
        TestSslUtils.createKeyStore(file.getPath(), new Password("test1234"), str, generateKeyPair.getPrivate(), generate);
        map.put(str, generate);
    }
}
