package io.confluent.rest;

import com.fasterxml.jackson.annotation.JsonProperty;
import io.confluent.rest.annotations.PerformanceMetric;
import java.io.File;
import java.io.IOException;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ExecutionException;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Configurable;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.metrics.KafkaMetric;
import org.apache.kafka.test.TestSslUtils;
import org.eclipse.jetty.client.HttpClient;
import org.eclipse.jetty.http2.client.HTTP2Client;
import org.eclipse.jetty.http2.client.http.HttpClientTransportOverHTTP2;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/rest/Http2Test.class */
public class Http2Test {
    private static final Logger log = LoggerFactory.getLogger(Http2Test.class);
    private File trustStore;
    private File clientKeystore;
    private File serverKeystore;
    private static final String HTTP_URI = "http://localhost:8080";
    private static final String HTTPS_URI = "https://localhost:8081";
    private static final String SSL_PASSWORD = "test1234";
    private static final String EXPECTED_200_MSG = "Response status must be 200.";

    @Produces({"application/test.v1+json"})
    @Path("/test%2Fambiguous%2Fsegment")
    /* loaded from: input_file:io/confluent/rest/Http2Test$Http2TestAmbiguousSegmentResource.class */
    public static class Http2TestAmbiguousSegmentResource {

        /* loaded from: input_file:io/confluent/rest/Http2Test$Http2TestAmbiguousSegmentResource$Http2TestAmbiguousSegmentResponse.class */
        public static class Http2TestAmbiguousSegmentResponse {
            @JsonProperty
            public String getMessage() {
                return "foo";
            }
        }

        @GET
        public Http2TestAmbiguousSegmentResponse hello() {
            return new Http2TestAmbiguousSegmentResponse();
        }
    }

    /* loaded from: input_file:io/confluent/rest/Http2Test$Http2TestApplication.class */
    private static class Http2TestApplication extends Application<TestRestConfig> {
        public Http2TestApplication(TestRestConfig testRestConfig) {
            super(testRestConfig);
        }

        public void setupResources(Configurable<?> configurable, TestRestConfig testRestConfig) {
            configurable.register(new Http2TestResource());
            configurable.register(new Http2TestAmbiguousSegmentResource());
        }

        public Map<String, String> getMetricsTags() {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put("instance-id", "1");
            return linkedHashMap;
        }

        public /* bridge */ /* synthetic */ void setupResources(Configurable configurable, RestConfig restConfig) {
            setupResources((Configurable<?>) configurable, (TestRestConfig) restConfig);
        }
    }

    @Produces({"application/test.v1+json"})
    @Path("/test")
    /* loaded from: input_file:io/confluent/rest/Http2Test$Http2TestResource.class */
    public static class Http2TestResource {

        /* loaded from: input_file:io/confluent/rest/Http2Test$Http2TestResource$Http2TestResponse.class */
        public static class Http2TestResponse {
            @JsonProperty
            public String getMessage() {
                return "foo";
            }
        }

        @GET
        @PerformanceMetric("test")
        public Http2TestResponse hello() {
            return new Http2TestResponse();
        }
    }

    @BeforeEach
    public void setUp() throws Exception {
        try {
            this.trustStore = File.createTempFile("Http2Test-truststore", ".jks");
            this.clientKeystore = File.createTempFile("Http2Test-client-keystore", ".jks");
            this.serverKeystore = File.createTempFile("Http2Test-server-keystore", ".jks");
            HashMap hashMap = new HashMap();
            createKeystoreWithCert(this.clientKeystore, "client", hashMap);
            createKeystoreWithCert(this.serverKeystore, "server", hashMap);
            TestSslUtils.createTrustStore(this.trustStore.getAbsolutePath(), new Password("test1234"), hashMap);
            TestMetricsReporter.reset();
        } catch (IOException e) {
            throw new RuntimeException("Unable to create temporary files for trust stores and keystores.");
        }
    }

    private void createKeystoreWithCert(File file, String str, Map<String, X509Certificate> map) throws Exception {
        KeyPair generateKeyPair = TestSslUtils.generateKeyPair("RSA");
        X509Certificate generate = new TestSslUtils.CertificateBuilder(30, "SHA1withRSA").sanDnsNames(new String[]{SniHandlerIntegrationTest.KAFKA_REST_HOST}).generate("CN=mymachine.local, O=A client", generateKeyPair);
        TestSslUtils.createKeyStore(file.getPath(), new Password("test1234"), new Password("test1234"), str, generateKeyPair.getPrivate(), generate);
        map.put(str, generate);
    }

    private void configServerKeystore(Properties properties) {
        properties.put("ssl.keystore.location", this.serverKeystore.getAbsolutePath());
        properties.put("ssl.keystore.password", "test1234");
        properties.put("ssl.key.password", "test1234");
    }

    private TestRestConfig buildTestConfig(boolean z) {
        return buildTestConfig(z, null, null);
    }

    private TestRestConfig buildTestConfig(boolean z, String str, String str2) {
        Properties properties = new Properties();
        properties.put("listeners", "http://localhost:8080,https://localhost:8081");
        properties.put("metric.reporters", "io.confluent.rest.TestMetricsReporter");
        if (!z) {
            properties.put("http2.enabled", false);
        }
        if (str != null) {
            properties.put("ssl.protocol", str);
        }
        if (str2 != null) {
            properties.put("ssl.provider", str2);
        }
        configServerKeystore(properties);
        return TestRestConfig.maprCompatible(properties);
    }

    @Test
    public void testHttp2() throws Exception {
        Http2TestApplication http2TestApplication = new Http2TestApplication(buildTestConfig(true));
        try {
            http2TestApplication.start();
            if (ApplicationServer.isJava11Compatible()) {
                Assertions.assertEquals(200, makeGetRequestHttp2("http://localhost:8080/test"), "Response status must be 200.");
                Assertions.assertEquals(200, makeGetRequestHttp2("https://localhost:8081/test", this.clientKeystore.getAbsolutePath(), "test1234", "test1234"), "Response status must be 200.");
            }
            Assertions.assertEquals(200, makeGetRequestHttp("http://localhost:8080/test"), "Response status must be 200.");
            Assertions.assertEquals(200, makeGetRequestHttp("https://localhost:8081/test", this.clientKeystore.getAbsolutePath(), "test1234", "test1234"), "Response status must be 200.");
            assertMetricsCollected();
            http2TestApplication.stop();
        } catch (Throwable th) {
            http2TestApplication.stop();
            throw th;
        }
    }

    @Test
    public void testHttp2WithConscrypt() throws Exception {
        TestRestConfig buildTestConfig = buildTestConfig(true, "TLSv1.3", "Conscrypt");
        Http2TestApplication http2TestApplication = new Http2TestApplication(buildTestConfig);
        try {
            http2TestApplication.start();
            Assertions.assertTrue(ApplicationServer.isHttp2Compatible(buildTestConfig.getBaseSslConfig()));
            Assertions.assertEquals(200, makeGetRequestHttp2("http://localhost:8080/test"), "Response status must be 200.");
            Assertions.assertEquals(200, makeGetRequestHttp2("https://localhost:8081/test", this.clientKeystore.getAbsolutePath(), "test1234", "test1234"), "Response status must be 200.");
            Assertions.assertEquals(200, makeGetRequestHttp("http://localhost:8080/test"), "Response status must be 200.");
            Assertions.assertEquals(200, makeGetRequestHttp("https://localhost:8081/test", this.clientKeystore.getAbsolutePath(), "test1234", "test1234"), "Response status must be 200.");
            assertMetricsCollected();
            http2TestApplication.stop();
        } catch (Throwable th) {
            http2TestApplication.stop();
            throw th;
        }
    }

    @Test
    public void testHttp2AmbiguousSegment() throws Exception {
        Http2TestApplication http2TestApplication = new Http2TestApplication(buildTestConfig(true));
        try {
            http2TestApplication.start();
            if (ApplicationServer.isJava11Compatible()) {
                Assertions.assertEquals(200, makeGetRequestHttp2("http://localhost:8080/test%2fambiguous%2fsegment"), "Response status must be 200.");
                Assertions.assertEquals(200, makeGetRequestHttp2("https://localhost:8081/test%2fambiguous%2fsegment", this.clientKeystore.getAbsolutePath(), "test1234", "test1234"), "Response status must be 200.");
            }
            Assertions.assertEquals(200, makeGetRequestHttp("http://localhost:8080/test%2fambiguous%2fsegment"), "Response status must be 200.");
            Assertions.assertEquals(200, makeGetRequestHttp("https://localhost:8081/test%2fambiguous%2fsegment", this.clientKeystore.getAbsolutePath(), "test1234", "test1234"), "Response status must be 200.");
            assertMetricsCollected();
            http2TestApplication.stop();
        } catch (Throwable th) {
            http2TestApplication.stop();
            throw th;
        }
    }

    @Test
    public void testHttp2CNotEnabled() throws Exception {
        Http2TestApplication http2TestApplication = new Http2TestApplication(buildTestConfig(false));
        try {
            http2TestApplication.start();
            try {
                makeGetRequestHttp2("http://localhost:8080/test");
                Assertions.fail("HTTP/2 Cleartext should not be enabled");
            } catch (ExecutionException e) {
                Assertions.assertEquals(200, makeGetRequestHttp("http://localhost:8080/test"), "Response status must be 200.");
            }
            assertMetricsCollected();
            http2TestApplication.stop();
        } catch (Throwable th) {
            http2TestApplication.stop();
            throw th;
        }
    }

    @Test
    public void testHttp2NotEnabled() throws Exception {
        Http2TestApplication http2TestApplication = new Http2TestApplication(buildTestConfig(false));
        try {
            http2TestApplication.start();
            try {
                makeGetRequestHttp2("https://localhost:8081/test", this.clientKeystore.getAbsolutePath(), "test1234", "test1234");
                Assertions.fail("HTTP/2 Cleartext should not be enabled");
            } catch (ExecutionException e) {
                Assertions.assertEquals(200, makeGetRequestHttp("https://localhost:8081/test", this.clientKeystore.getAbsolutePath(), "test1234", "test1234"), "Response status must be 200.");
            }
            assertMetricsCollected();
            http2TestApplication.stop();
        } catch (Throwable th) {
            http2TestApplication.stop();
            throw th;
        }
    }

    private void assertMetricsCollected() {
        Assertions.assertNotEquals(0, TestMetricsReporter.getMetricTimeseries().size(), "Expected to have metrics.");
        for (KafkaMetric kafkaMetric : TestMetricsReporter.getMetricTimeseries()) {
            if (kafkaMetric.metricName().name().equals("request-latency-max")) {
                Object metricValue = kafkaMetric.metricValue();
                Assertions.assertTrue(metricValue instanceof Double, "Request latency metrics should be measurable");
                Assertions.assertNotEquals(0.0d, ((Double) metricValue).doubleValue(), "Metrics should be collected (max latency shouldn't be 0)");
            }
        }
    }

    private SslContextFactory buildSslContextFactory(String str, String str2, String str3) throws Exception {
        SslContextFactory.Client client = new SslContextFactory.Client();
        SSLContextBuilder loadTrustMaterial = SSLContexts.custom().loadTrustMaterial(new TrustSelfSignedStrategy());
        if (str != null) {
            loadTrustMaterial.loadKeyMaterial(new File(str), str2.toCharArray(), str3.toCharArray());
        }
        client.setSslContext(loadTrustMaterial.build());
        return client;
    }

    private int makeGetRequestHttp(String str) throws Exception {
        log.debug("Making GET using HTTP " + str);
        HttpClient httpClient = new HttpClient();
        httpClient.start();
        int status = httpClient.GET(str).getStatus();
        httpClient.stop();
        return status;
    }

    private int makeGetRequestHttp(String str, String str2, String str3, String str4) throws Exception {
        log.debug("Making GET using HTTPS " + str);
        HttpClient httpClient = new HttpClient(buildSslContextFactory(str2, str3, str4));
        httpClient.start();
        int status = httpClient.GET(str).getStatus();
        httpClient.stop();
        return status;
    }

    private int makeGetRequestHttp2(String str) throws Exception {
        log.debug("Making GET using HTTP over HTTP/2 Cleartext " + str);
        HttpClient httpClient = new HttpClient(new HttpClientTransportOverHTTP2(new HTTP2Client()));
        httpClient.start();
        int status = httpClient.GET(str).getStatus();
        httpClient.stop();
        return status;
    }

    private int makeGetRequestHttp2(String str, String str2, String str3, String str4) throws Exception {
        log.debug("Making GET using HTTP/2 " + str);
        HttpClient httpClient = new HttpClient(new HttpClientTransportOverHTTP2(new HTTP2Client()), buildSslContextFactory(str2, str3, str4));
        httpClient.start();
        int status = httpClient.GET(str).getStatus();
        httpClient.stop();
        return status;
    }
}
