package com.cloudera.oryx.lambda.serving;

import com.cloudera.oryx.common.settings.ConfigUtils;
import com.google.common.io.Resources;
import com.typesafe.config.Config;
import java.io.IOException;
import java.io.InputStream;
import java.net.Authenticator;
import java.net.PasswordAuthentication;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.nio.file.attribute.FileAttribute;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.junit.Test;

/* loaded from: input_file:com/cloudera/oryx/lambda/serving/SecureAPIConfigIT.class */
public final class SecureAPIConfigIT extends AbstractServingIT {
    private static final TrustManager ACCEPT_ALL_TM = new X509TrustManager() { // from class: com.cloudera.oryx.lambda.serving.SecureAPIConfigIT.2
        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }
    };

    @Test
    public void testHTTPS() throws Exception {
        Config buildHTTPSConfig = buildHTTPSConfig();
        startServer(buildHTTPSConfig);
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(null, new TrustManager[]{ACCEPT_ALL_TM}, null);
        SSLSocketFactory defaultSSLSocketFactory = HttpsURLConnection.getDefaultSSLSocketFactory();
        HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        try {
            assertEquals("Hello, World", Resources.toString(new URL("https://localhost:" + getHTTPSPort() + "/helloWorld"), StandardCharsets.UTF_8));
            HttpsURLConnection.setDefaultSSLSocketFactory(defaultSSLSocketFactory);
            Files.delete(Paths.get(buildHTTPSConfig.getString("oryx.serving.api.keystore-file"), new String[0]));
        } catch (Throwable th) {
            HttpsURLConnection.setDefaultSSLSocketFactory(defaultSSLSocketFactory);
            Files.delete(Paths.get(buildHTTPSConfig.getString("oryx.serving.api.keystore-file"), new String[0]));
            throw th;
        }
    }

    @Test(expected = IOException.class)
    public void testBadHTTPS() throws Exception {
        Config buildHTTPSConfig = buildHTTPSConfig();
        startServer(buildHTTPSConfig);
        try {
            Resources.toString(new URL("https://localhost:" + getHTTPSPort() + "/helloWorld"), StandardCharsets.UTF_8);
            Files.delete(Paths.get(buildHTTPSConfig.getString("oryx.serving.api.keystore-file"), new String[0]));
        } catch (Throwable th) {
            Files.delete(Paths.get(buildHTTPSConfig.getString("oryx.serving.api.keystore-file"), new String[0]));
            throw th;
        }
    }

    private Config buildHTTPSConfig() throws IOException {
        Path buildKeystoreFile = buildKeystoreFile();
        HashMap hashMap = new HashMap();
        hashMap.put("oryx.serving.api.keystore-file", "\"" + buildKeystoreFile + "\"");
        hashMap.put("oryx.serving.api.keystore-password", "oryxpass");
        hashMap.put("oryx.serving.api.key-alias", "oryxtest");
        hashMap.put("oryx.serving.application-resources", HelloWorld.class.getPackage().getName());
        hashMap.put("oryx.serving.no-init-topics", true);
        return ConfigUtils.overlayOn(hashMap, getConfig());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Path buildKeystoreFile() throws IOException {
        Path createTempFile = Files.createTempFile("oryxtest", ".jks", new FileAttribute[0]);
        InputStream resourceAsStream = SecureAPIConfigIT.class.getResourceAsStream("/oryxtest.jks");
        Throwable th = null;
        try {
            Files.copy(resourceAsStream, createTempFile, StandardCopyOption.REPLACE_EXISTING);
            if (resourceAsStream != null) {
                if (0 != 0) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
            return createTempFile;
        } catch (Throwable th3) {
            if (resourceAsStream != null) {
                if (0 != 0) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testUserPassword() throws Exception {
        startServer(buildUserPasswordConfig());
        Authenticator.setDefault(new Authenticator() { // from class: com.cloudera.oryx.lambda.serving.SecureAPIConfigIT.1
            @Override // java.net.Authenticator
            protected PasswordAuthentication getPasswordAuthentication() {
                return new PasswordAuthentication("oryx", "pass".toCharArray());
            }
        });
        try {
            assertEquals("Hello, World", Resources.toString(new URL("http://localhost:" + getHTTPPort() + "/helloWorld"), StandardCharsets.UTF_8));
            Authenticator.setDefault(null);
        } catch (Throwable th) {
            Authenticator.setDefault(null);
            throw th;
        }
    }

    @Test(expected = IOException.class)
    public void testNoUserPassword() throws Exception {
        startServer(buildUserPasswordConfig());
        Resources.toString(new URL("http://localhost:" + getHTTPPort() + "/helloWorld"), StandardCharsets.UTF_8);
    }

    private Config buildUserPasswordConfig() throws IOException {
        HashMap hashMap = new HashMap();
        hashMap.put("oryx.serving.api.user-name", "oryx");
        hashMap.put("oryx.serving.api.password", "pass");
        hashMap.put("oryx.serving.application-resources", HelloWorld.class.getPackage().getName());
        hashMap.put("oryx.serving.no-init-topics", true);
        return ConfigUtils.overlayOn(hashMap, getConfig());
    }
}
