package org.apache.zookeeper.common;

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.Security;
import java.util.Collection;
import java.util.concurrent.Callable;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import org.apache.zookeeper.PortAssignment;
import org.apache.zookeeper.common.X509Exception;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/zookeeper/common/X509UtilTest.class */
public class X509UtilTest extends BaseX509ParameterizedTestCase {
    private X509Util x509Util;
    private static final String[] customCipherSuites = {"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"};

    @Parameterized.Parameters
    public static Collection<Object[]> params() {
        return BaseX509ParameterizedTestCase.defaultParams();
    }

    public X509UtilTest(X509KeyType x509KeyType, X509KeyType x509KeyType2, String str, Integer num) {
        super(num, () -> {
            try {
                return X509TestContext.newBuilder().setTempDir(tempDir).setKeyStorePassword(str).setKeyStoreKeyType(x509KeyType2).setTrustStorePassword(str).setTrustStoreKeyType(x509KeyType).build();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        });
    }

    @Before
    public void setUp() throws Exception {
        X509Util clientX509Util = new ClientX509Util();
        try {
            this.x509TestContext.setSystemProperties(clientX509Util, KeyStoreFileType.JKS, KeyStoreFileType.JKS);
            clientX509Util.close();
            System.setProperty("zookeeper.serverCnxnFactory", "org.apache.zookeeper.server.NettyServerCnxnFactory");
            System.setProperty("zookeeper.clientCnxnSocket", "org.apache.zookeeper.ClientCnxnSocketNetty");
            this.x509Util = new ClientX509Util();
        } catch (Throwable th) {
            try {
                clientX509Util.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @After
    public void cleanUp() {
        this.x509TestContext.clearSystemProperties(this.x509Util);
        System.clearProperty(this.x509Util.getSslOcspEnabledProperty());
        System.clearProperty(this.x509Util.getSslCrlEnabledProperty());
        System.clearProperty(this.x509Util.getCipherSuitesProperty());
        System.clearProperty(this.x509Util.getSslProtocolProperty());
        System.clearProperty(this.x509Util.getSslHandshakeDetectionTimeoutMillisProperty());
        System.clearProperty("com.sun.net.ssl.checkRevocation");
        System.clearProperty("com.sun.security.enableCRLDP");
        Security.setProperty("ocsp.enable", Boolean.FALSE.toString());
        Security.setProperty("com.sun.security.enableCRLDP", Boolean.FALSE.toString());
        System.clearProperty("zookeeper.serverCnxnFactory");
        System.clearProperty("zookeeper.clientCnxnSocket");
        this.x509Util.close();
    }

    @Test(timeout = 5000)
    public void testCreateSSLContextWithoutCustomProtocol() throws Exception {
        Assert.assertEquals("TLSv1.2", this.x509Util.getDefaultSSLContext().getProtocol());
    }

    @Test(timeout = 5000)
    public void testCreateSSLContextWithCustomProtocol() throws Exception {
        System.setProperty(this.x509Util.getSslProtocolProperty(), "TLSv1.1");
        Assert.assertEquals("TLSv1.1", this.x509Util.getDefaultSSLContext().getProtocol());
    }

    @Test(timeout = 5000)
    public void testCreateSSLContextWithoutKeyStoreLocation() throws Exception {
        System.clearProperty(this.x509Util.getSslKeystoreLocationProperty());
        this.x509Util.getDefaultSSLContext();
    }

    @Test(timeout = 5000, expected = X509Exception.SSLContextException.class)
    public void testCreateSSLContextWithoutKeyStorePassword() throws Exception {
        if (!this.x509TestContext.isKeyStoreEncrypted()) {
            throw new X509Exception.SSLContextException("");
        }
        System.clearProperty(this.x509Util.getSslKeystorePasswdProperty());
        this.x509Util.getDefaultSSLContext();
    }

    @Test(timeout = 5000)
    public void testCreateSSLContextWithCustomCipherSuites() throws Exception {
        setCustomCipherSuites();
        Assert.assertArrayEquals(customCipherSuites, this.x509Util.createSSLSocket().getEnabledCipherSuites());
    }

    @Test(timeout = 5000)
    public void testCRLEnabled() throws Exception {
        System.setProperty(this.x509Util.getSslCrlEnabledProperty(), "true");
        this.x509Util.getDefaultSSLContext();
        Assert.assertTrue(Boolean.valueOf(System.getProperty("com.sun.net.ssl.checkRevocation")).booleanValue());
        Assert.assertTrue(Boolean.valueOf(System.getProperty("com.sun.security.enableCRLDP")).booleanValue());
        Assert.assertFalse(Boolean.valueOf(Security.getProperty("ocsp.enable")).booleanValue());
    }

    @Test(timeout = 5000)
    public void testCRLDisabled() throws Exception {
        this.x509Util.getDefaultSSLContext();
        Assert.assertFalse(Boolean.valueOf(System.getProperty("com.sun.net.ssl.checkRevocation")).booleanValue());
        Assert.assertFalse(Boolean.valueOf(System.getProperty("com.sun.security.enableCRLDP")).booleanValue());
        Assert.assertFalse(Boolean.valueOf(Security.getProperty("ocsp.enable")).booleanValue());
    }

    @Test(timeout = 5000)
    public void testOCSPEnabled() throws Exception {
        System.setProperty(this.x509Util.getSslOcspEnabledProperty(), "true");
        this.x509Util.getDefaultSSLContext();
        Assert.assertTrue(Boolean.valueOf(System.getProperty("com.sun.net.ssl.checkRevocation")).booleanValue());
        Assert.assertTrue(Boolean.valueOf(System.getProperty("com.sun.security.enableCRLDP")).booleanValue());
        Assert.assertTrue(Boolean.valueOf(Security.getProperty("ocsp.enable")).booleanValue());
    }

    @Test(timeout = 5000)
    public void testCreateSSLSocket() throws Exception {
        setCustomCipherSuites();
        Assert.assertArrayEquals(customCipherSuites, this.x509Util.createSSLSocket().getEnabledCipherSuites());
    }

    @Test(timeout = 5000)
    public void testCreateSSLServerSocketWithoutPort() throws Exception {
        setCustomCipherSuites();
        SSLServerSocket createSSLServerSocket = this.x509Util.createSSLServerSocket();
        Assert.assertArrayEquals(customCipherSuites, createSSLServerSocket.getEnabledCipherSuites());
        Assert.assertTrue(createSSLServerSocket.getNeedClientAuth());
    }

    @Test(timeout = 5000)
    public void testCreateSSLServerSocketWithPort() throws Exception {
        setCustomCipherSuites();
        int unique = PortAssignment.unique();
        SSLServerSocket createSSLServerSocket = this.x509Util.createSSLServerSocket(unique);
        Assert.assertEquals(createSSLServerSocket.getLocalPort(), unique);
        Assert.assertArrayEquals(customCipherSuites, createSSLServerSocket.getEnabledCipherSuites());
        Assert.assertTrue(createSSLServerSocket.getNeedClientAuth());
    }

    @Test
    public void testLoadPEMKeyStore() throws Exception {
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath(), this.x509TestContext.getKeyStorePassword(), KeyStoreFileType.PEM.getPropertyValue());
    }

    @Test
    public void testLoadPEMKeyStoreNullPassword() throws Exception {
        if (this.x509TestContext.getKeyStorePassword().isEmpty()) {
            X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath(), (String) null, KeyStoreFileType.PEM.getPropertyValue());
        }
    }

    @Test
    public void testLoadPEMKeyStoreAutodetectStoreFileType() throws Exception {
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath(), this.x509TestContext.getKeyStorePassword(), (String) null);
    }

    @Test(expected = X509Exception.KeyManagerException.class)
    public void testLoadPEMKeyStoreWithWrongPassword() throws Exception {
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath(), "wrong password", KeyStoreFileType.PEM.getPropertyValue());
    }

    @Test
    public void testLoadPEMTrustStore() throws Exception {
        X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.PEM).getAbsolutePath(), this.x509TestContext.getTrustStorePassword(), KeyStoreFileType.PEM.getPropertyValue(), false, false, true, true);
    }

    @Test
    public void testLoadPEMTrustStoreNullPassword() throws Exception {
        if (this.x509TestContext.getTrustStorePassword().isEmpty()) {
            X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.PEM).getAbsolutePath(), (String) null, KeyStoreFileType.PEM.getPropertyValue(), false, false, true, true);
        }
    }

    @Test
    public void testLoadPEMTrustStoreAutodetectStoreFileType() throws Exception {
        X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.PEM).getAbsolutePath(), this.x509TestContext.getTrustStorePassword(), (String) null, false, false, true, true);
    }

    @Test
    public void testLoadJKSKeyStore() throws Exception {
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), this.x509TestContext.getKeyStorePassword(), KeyStoreFileType.JKS.getPropertyValue());
    }

    @Test
    public void testLoadJKSKeyStoreNullPassword() throws Exception {
        if (this.x509TestContext.getKeyStorePassword().isEmpty()) {
            X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), (String) null, KeyStoreFileType.JKS.getPropertyValue());
        }
    }

    @Test
    public void testLoadJKSKeyStoreAutodetectStoreFileType() throws Exception {
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), this.x509TestContext.getKeyStorePassword(), (String) null);
    }

    @Test(expected = X509Exception.KeyManagerException.class)
    public void testLoadJKSKeyStoreWithWrongPassword() throws Exception {
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), "wrong password", KeyStoreFileType.JKS.getPropertyValue());
    }

    @Test
    public void testLoadJKSTrustStore() throws Exception {
        X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), this.x509TestContext.getTrustStorePassword(), KeyStoreFileType.JKS.getPropertyValue(), true, true, true, true);
    }

    @Test
    public void testLoadJKSTrustStoreNullPassword() throws Exception {
        if (this.x509TestContext.getTrustStorePassword().isEmpty()) {
            X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), (String) null, KeyStoreFileType.JKS.getPropertyValue(), false, false, true, true);
        }
    }

    @Test
    public void testLoadJKSTrustStoreAutodetectStoreFileType() throws Exception {
        X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), this.x509TestContext.getTrustStorePassword(), (String) null, true, true, true, true);
    }

    @Test(expected = X509Exception.TrustManagerException.class)
    public void testLoadJKSTrustStoreWithWrongPassword() throws Exception {
        X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), "wrong password", KeyStoreFileType.JKS.getPropertyValue(), true, true, true, true);
    }

    @Test
    public void testLoadPKCS12KeyStore() throws Exception {
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), this.x509TestContext.getKeyStorePassword(), KeyStoreFileType.PKCS12.getPropertyValue());
    }

    @Test
    public void testLoadPKCS12KeyStoreNullPassword() throws Exception {
        if (this.x509TestContext.getKeyStorePassword().isEmpty()) {
            X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), (String) null, KeyStoreFileType.PKCS12.getPropertyValue());
        }
    }

    @Test
    public void testLoadPKCS12KeyStoreAutodetectStoreFileType() throws Exception {
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), this.x509TestContext.getKeyStorePassword(), (String) null);
    }

    @Test(expected = X509Exception.KeyManagerException.class)
    public void testLoadPKCS12KeyStoreWithWrongPassword() throws Exception {
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), "wrong password", KeyStoreFileType.PKCS12.getPropertyValue());
    }

    @Test
    public void testLoadPKCS12TrustStore() throws Exception {
        X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), this.x509TestContext.getTrustStorePassword(), KeyStoreFileType.PKCS12.getPropertyValue(), true, true, true, true);
    }

    @Test
    public void testLoadPKCS12TrustStoreNullPassword() throws Exception {
        if (this.x509TestContext.getTrustStorePassword().isEmpty()) {
            X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), (String) null, KeyStoreFileType.PKCS12.getPropertyValue(), false, false, true, true);
        }
    }

    @Test
    public void testLoadPKCS12TrustStoreAutodetectStoreFileType() throws Exception {
        X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), this.x509TestContext.getTrustStorePassword(), (String) null, true, true, true, true);
    }

    @Test(expected = X509Exception.TrustManagerException.class)
    public void testLoadPKCS12TrustStoreWithWrongPassword() throws Exception {
        X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), "wrong password", KeyStoreFileType.PKCS12.getPropertyValue(), true, true, true, true);
    }

    @Test
    public void testGetSslHandshakeDetectionTimeoutMillisProperty() {
        Assert.assertEquals(5000L, this.x509Util.getSslHandshakeTimeoutMillis());
        System.setProperty(this.x509Util.getSslHandshakeDetectionTimeoutMillisProperty(), Integer.toString(5001));
        ClientX509Util clientX509Util = new ClientX509Util();
        try {
            Assert.assertEquals(5001L, clientX509Util.getSslHandshakeTimeoutMillis());
            clientX509Util.close();
            System.setProperty(this.x509Util.getSslHandshakeDetectionTimeoutMillisProperty(), "0");
            clientX509Util = new ClientX509Util();
            try {
                Assert.assertEquals(5000L, clientX509Util.getSslHandshakeTimeoutMillis());
                clientX509Util.close();
                System.setProperty(this.x509Util.getSslHandshakeDetectionTimeoutMillisProperty(), "-1");
                ClientX509Util clientX509Util2 = new ClientX509Util();
                try {
                    Assert.assertEquals(5000L, clientX509Util2.getSslHandshakeTimeoutMillis());
                    clientX509Util2.close();
                } finally {
                    try {
                        clientX509Util2.close();
                    } catch (Throwable th) {
                        th.addSuppressed(th);
                    }
                }
            } finally {
            }
        } finally {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void forceClose(Socket socket) {
        if (socket == null || socket.isClosed()) {
            return;
        }
        try {
            socket.close();
        } catch (IOException e) {
        }
    }

    private static void forceClose(ServerSocket serverSocket) {
        if (serverSocket == null || serverSocket.isClosed()) {
            return;
        }
        try {
            serverSocket.close();
        } catch (IOException e) {
        }
    }

    @Test(expected = SSLHandshakeException.class)
    public void testClientRenegotiationFails() throws Throwable {
        int unique = PortAssignment.unique();
        ExecutorService newCachedThreadPool = Executors.newCachedThreadPool();
        final SSLServerSocket createSSLServerSocket = this.x509Util.createSSLServerSocket();
        SSLSocket sSLSocket = null;
        SSLSocket sSLSocket2 = null;
        final AtomicInteger atomicInteger = new AtomicInteger(0);
        final CountDownLatch countDownLatch = new CountDownLatch(1);
        try {
            InetSocketAddress inetSocketAddress = new InetSocketAddress(InetAddress.getLoopbackAddress(), unique);
            createSSLServerSocket.bind(inetSocketAddress);
            Future submit = newCachedThreadPool.submit(new Callable<SSLSocket>() { // from class: org.apache.zookeeper.common.X509UtilTest.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public SSLSocket call() throws Exception {
                    SSLSocket sSLSocket3 = (SSLSocket) createSSLServerSocket.accept();
                    sSLSocket3.addHandshakeCompletedListener(new HandshakeCompletedListener() { // from class: org.apache.zookeeper.common.X509UtilTest.1.1
                        @Override // javax.net.ssl.HandshakeCompletedListener
                        public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
                            atomicInteger.getAndIncrement();
                            countDownLatch.countDown();
                        }
                    });
                    Assert.assertEquals(1L, sSLSocket3.getInputStream().read());
                    try {
                        sSLSocket3.getInputStream().read();
                        return sSLSocket3;
                    } catch (Exception e) {
                        X509UtilTest.forceClose(sSLSocket3);
                        throw e;
                    }
                }
            });
            sSLSocket = this.x509Util.createSSLSocket();
            sSLSocket.connect(inetSocketAddress);
            sSLSocket.getOutputStream().write(1);
            sSLSocket.startHandshake();
            sSLSocket.getOutputStream().write(1);
            try {
                sSLSocket2 = (SSLSocket) submit.get();
                forceClose(sSLSocket2);
                forceClose(sSLSocket);
                forceClose(createSSLServerSocket);
                newCachedThreadPool.shutdown();
                countDownLatch.await(5L, TimeUnit.SECONDS);
                Assert.assertEquals(1L, atomicInteger.get());
            } catch (ExecutionException e) {
                throw e.getCause();
            }
        } catch (Throwable th) {
            forceClose(sSLSocket2);
            forceClose(sSLSocket);
            forceClose(createSSLServerSocket);
            newCachedThreadPool.shutdown();
            countDownLatch.await(5L, TimeUnit.SECONDS);
            Assert.assertEquals(1L, atomicInteger.get());
            throw th;
        }
    }

    @Test
    public void testGetDefaultCipherSuitesJava8() {
        Assert.assertTrue(X509Util.getDefaultCipherSuitesForJavaVersion("1.8")[0].contains("CBC"));
    }

    @Test
    public void testGetDefaultCipherSuitesJava9() {
        Assert.assertTrue(X509Util.getDefaultCipherSuitesForJavaVersion("9")[0].contains("GCM"));
    }

    @Test
    public void testGetDefaultCipherSuitesJava10() {
        Assert.assertTrue(X509Util.getDefaultCipherSuitesForJavaVersion("10")[0].contains("GCM"));
    }

    @Test
    public void testGetDefaultCipherSuitesJava11() {
        Assert.assertTrue(X509Util.getDefaultCipherSuitesForJavaVersion("11")[0].contains("GCM"));
    }

    @Test
    public void testGetDefaultCipherSuitesUnknownVersion() {
        Assert.assertTrue(X509Util.getDefaultCipherSuitesForJavaVersion("notaversion")[0].contains("CBC"));
    }

    @Test(expected = NullPointerException.class)
    public void testGetDefaultCipherSuitesNullVersion() {
        X509Util.getDefaultCipherSuitesForJavaVersion((String) null);
    }

    private void setCustomCipherSuites() {
        System.setProperty(this.x509Util.getCipherSuitesProperty(), customCipherSuites[0] + "," + customCipherSuites[1]);
        this.x509Util.close();
        this.x509Util = new ClientX509Util();
    }
}
