package io.confluent.rest;

import io.confluent.rest.ApplicationServerTest;
import java.io.File;
import java.io.IOException;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Configurable;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.test.TestSslUtils;
import org.eclipse.jetty.http.HttpStatus;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.ProxyConnectionFactory;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:io/confluent/rest/ProxyProtocolTest.class */
public class ProxyProtocolTest {
    private static TestRestConfig testConfig;
    private Properties props;
    private ApplicationServer<TestRestConfig> server;
    private File clientKeystore;
    public static final String SSL_PASSWORD = "test1234";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/confluent/rest/ProxyProtocolTest$ProxyTestApp.class */
    public static class ProxyTestApp extends Application<TestRestConfig> implements AutoCloseable {
        private static final AtomicBoolean SHUTDOWN_CALLED = new AtomicBoolean(true);

        ProxyTestApp(String str) {
            this(ProxyProtocolTest.testConfig, str);
        }

        ProxyTestApp(TestRestConfig testRestConfig, String str) {
            super(testRestConfig, str);
        }

        public void setupResources(Configurable<?> configurable, TestRestConfig testRestConfig) {
            configurable.register(ApplicationServerTest.RestResource.class);
        }

        @Override // java.lang.AutoCloseable
        public void close() throws Exception {
            stop();
        }

        public void onShutdown() {
            SHUTDOWN_CALLED.set(true);
        }

        public /* bridge */ /* synthetic */ void setupResources(Configurable configurable, RestConfig restConfig) {
            setupResources((Configurable<?>) configurable, (TestRestConfig) restConfig);
        }
    }

    @Produces({"text/plain"})
    @Path("/")
    /* loaded from: input_file:io/confluent/rest/ProxyProtocolTest$RestResource.class */
    public static class RestResource {
        @GET
        @Path("/resource")
        public String get() {
            return "Hello";
        }
    }

    @BeforeEach
    public void setup() throws Exception {
        this.props = new Properties();
        this.props.setProperty("proxy.protocol.enabled", "true");
    }

    private void createKeystoreWithCert(File file, String str, Map<String, X509Certificate> map) throws Exception {
        KeyPair generateKeyPair = TestSslUtils.generateKeyPair("RSA");
        X509Certificate generate = new TestSslUtils.CertificateBuilder(30, "SHA1withRSA").sanDnsNames(new String[]{SniHandlerIntegrationTest.KAFKA_REST_HOST}).generate("CN=mymachine.local, O=A client", generateKeyPair);
        TestSslUtils.createKeyStore(file.getPath(), new Password("test1234"), new Password("test1234"), str, generateKeyPair.getPrivate(), generate);
        map.put(str, generate);
    }

    private void configServerKeystore(Properties properties, File file) {
        properties.put("ssl.keystore.location", file.getAbsolutePath());
        properties.put("ssl.keystore.password", "test1234");
        properties.put("ssl.key.password", "test1234");
    }

    private void configServerTruststore(Properties properties, File file) {
        properties.put("ssl.truststore.location", file.getAbsolutePath());
        properties.put("ssl.truststore.password", "test1234");
    }

    @AfterEach
    public void tearDown() throws Exception {
        this.server.stop();
    }

    @Test
    public void testConnectionFactoriesHttp() throws Exception {
        testConnectionFactories("http", false);
    }

    @Test
    public void testConnectionFactoriesHttpWithHttp2() throws Exception {
        testConnectionFactories("http", true);
    }

    @Test
    public void testConnectionFactoriesHttps() throws Exception {
        testConnectionFactories("https", false);
    }

    @Test
    public void testConnectionFactoriesHttpsWithHttp2() throws Exception {
        testConnectionFactories("https", true);
    }

    private void testConnectionFactories(String str, boolean z) throws Exception {
        String str2 = str + "://localhost:9000";
        this.props.setProperty("listeners", str2);
        this.props.setProperty("http2.enabled", Boolean.toString(z));
        if (str.equals("https")) {
            try {
                File createTempFile = File.createTempFile("SslTest-truststore", ".jks");
                this.clientKeystore = File.createTempFile("SslTest-client-keystore", ".jks");
                File createTempFile2 = File.createTempFile("SslTest-server-keystore", ".jks");
                HashMap hashMap = new HashMap();
                createKeystoreWithCert(this.clientKeystore, "client", hashMap);
                createKeystoreWithCert(createTempFile2, "server", hashMap);
                TestSslUtils.createTrustStore(createTempFile.getAbsolutePath(), new Password("test1234"), hashMap);
                configServerKeystore(this.props, createTempFile2);
                configServerTruststore(this.props, createTempFile);
            } catch (IOException e) {
                throw new RuntimeException("Unable to create temporary files for trust stores and keystores.");
            }
        }
        testConfig = TestRestConfig.maprCompatible(this.props);
        this.server = new ApplicationServer<>(testConfig);
        this.server.registerApplication(new ProxyTestApp("/app"));
        this.server.start();
        boolean z2 = false;
        Iterator it = this.server.getConnectors()[0].getConnectionFactories().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (((ConnectionFactory) it.next()) instanceof ProxyConnectionFactory) {
                z2 = true;
                break;
            }
        }
        MatcherAssert.assertThat("ProxyConnectionFactory was not found in server's connection factories", z2);
        MatcherAssert.assertThat(Integer.valueOf(makeGetRequest(str2 + "/app/resource")), CoreMatchers.is(Integer.valueOf(HttpStatus.Code.OK.getCode())));
    }

    private int makeGetRequest(String str) throws Exception {
        CloseableHttpClient build;
        HttpGet httpGet = new HttpGet(str);
        if (str.startsWith("http://")) {
            build = HttpClients.createDefault();
        } else {
            SSLContextBuilder loadTrustMaterial = SSLContexts.custom().loadTrustMaterial(new TrustSelfSignedStrategy());
            loadTrustMaterial.loadKeyMaterial(new File(this.clientKeystore.getAbsolutePath()), "test1234".toCharArray(), "test1234".toCharArray());
            build = HttpClients.custom().setSSLSocketFactory(new SSLConnectionSocketFactory(loadTrustMaterial.build(), new String[]{"TLSv1.2"}, (String[]) null, SSLConnectionSocketFactory.getDefaultHostnameVerifier())).build();
        }
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            closeableHttpResponse = build.execute(httpGet);
            int statusCode = closeableHttpResponse.getStatusLine().getStatusCode();
            if (closeableHttpResponse != null) {
                closeableHttpResponse.close();
            }
            build.close();
            return statusCode;
        } catch (Throwable th) {
            if (closeableHttpResponse != null) {
                closeableHttpResponse.close();
            }
            build.close();
            throw th;
        }
    }
}
