package org.apache.zookeeper.common;

import java.math.BigInteger;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.Random;
import javax.net.ssl.X509ExtendedTrustManager;
import org.apache.zookeeper.ZKTestCase;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.mockito.Mockito;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;

/* loaded from: input_file:org/apache/zookeeper/common/ZKTrustManagerTest.class */
public class ZKTrustManagerTest extends ZKTestCase {
    private static KeyPair keyPair;
    private X509ExtendedTrustManager mockX509ExtendedTrustManager;
    private static final String IP_ADDRESS = "127.0.0.1";
    private static final String HOSTNAME = "localhost";
    private InetAddress mockInetAddress;
    private Socket mockSocket;

    @BeforeClass
    public static void createKeyPair() throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(4096);
        keyPair = keyPairGenerator.genKeyPair();
    }

    @AfterClass
    public static void removeBouncyCastleProvider() throws Exception {
        Security.removeProvider("BC");
    }

    @Before
    public void setup() throws Exception {
        this.mockX509ExtendedTrustManager = (X509ExtendedTrustManager) Mockito.mock(X509ExtendedTrustManager.class);
        this.mockInetAddress = (InetAddress) Mockito.mock(InetAddress.class);
        Mockito.when(this.mockInetAddress.getHostAddress()).thenAnswer(new Answer() { // from class: org.apache.zookeeper.common.ZKTrustManagerTest.1
            public Object answer(InvocationOnMock invocationOnMock) throws Throwable {
                return ZKTrustManagerTest.IP_ADDRESS;
            }
        });
        Mockito.when(this.mockInetAddress.getHostName()).thenAnswer(new Answer() { // from class: org.apache.zookeeper.common.ZKTrustManagerTest.2
            public Object answer(InvocationOnMock invocationOnMock) throws Throwable {
                return ZKTrustManagerTest.HOSTNAME;
            }
        });
        this.mockSocket = (Socket) Mockito.mock(Socket.class);
        Mockito.when(this.mockSocket.getInetAddress()).thenAnswer(new Answer() { // from class: org.apache.zookeeper.common.ZKTrustManagerTest.3
            public Object answer(InvocationOnMock invocationOnMock) throws Throwable {
                return ZKTrustManagerTest.this.mockInetAddress;
            }
        });
    }

    private X509Certificate[] createSelfSignedCertifcateChain(String str, String str2) throws Exception {
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.CN, "NOT_LOCALHOST");
        Date date = new Date();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(1, 1);
        X509v3CertificateBuilder addExtension = new JcaX509v3CertificateBuilder(x500NameBuilder.build(), new BigInteger(128, new Random()), date, calendar.getTime(), x500NameBuilder.build(), keyPair.getPublic()).addExtension(Extension.basicConstraints, true, new BasicConstraints(0)).addExtension(Extension.keyUsage, true, new KeyUsage(134));
        ArrayList arrayList = new ArrayList();
        if (str != null) {
            arrayList.add(new GeneralName(7, str));
        }
        if (str2 != null) {
            arrayList.add(new GeneralName(2, str2));
        }
        if (!arrayList.isEmpty()) {
            addExtension.addExtension(Extension.subjectAlternativeName, true, new GeneralNames((GeneralName[]) arrayList.toArray(new GeneralName[0])));
        }
        return new X509Certificate[]{new JcaX509CertificateConverter().getCertificate(addExtension.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate())))};
    }

    @Test
    public void testServerHostnameVerificationWithHostnameVerificationDisabled() throws Exception {
        ZKTrustManager zKTrustManager = new ZKTrustManager(this.mockX509ExtendedTrustManager, false, false);
        X509Certificate[] createSelfSignedCertifcateChain = createSelfSignedCertifcateChain(IP_ADDRESS, HOSTNAME);
        zKTrustManager.checkServerTrusted(createSelfSignedCertifcateChain, (String) null, this.mockSocket);
        ((InetAddress) Mockito.verify(this.mockInetAddress, Mockito.times(0))).getHostAddress();
        ((InetAddress) Mockito.verify(this.mockInetAddress, Mockito.times(0))).getHostName();
        ((X509ExtendedTrustManager) Mockito.verify(this.mockX509ExtendedTrustManager, Mockito.times(1))).checkServerTrusted(createSelfSignedCertifcateChain, (String) null, this.mockSocket);
    }

    @Test
    public void testServerHostnameVerificationWithHostnameVerificationDisabledAndClientHostnameVerificationEnabled() throws Exception {
        ZKTrustManager zKTrustManager = new ZKTrustManager(this.mockX509ExtendedTrustManager, false, true);
        X509Certificate[] createSelfSignedCertifcateChain = createSelfSignedCertifcateChain(IP_ADDRESS, HOSTNAME);
        zKTrustManager.checkServerTrusted(createSelfSignedCertifcateChain, (String) null, this.mockSocket);
        ((InetAddress) Mockito.verify(this.mockInetAddress, Mockito.times(0))).getHostAddress();
        ((InetAddress) Mockito.verify(this.mockInetAddress, Mockito.times(0))).getHostName();
        ((X509ExtendedTrustManager) Mockito.verify(this.mockX509ExtendedTrustManager, Mockito.times(1))).checkServerTrusted(createSelfSignedCertifcateChain, (String) null, this.mockSocket);
    }

    @Test
    public void testServerHostnameVerificationWithIPAddress() throws Exception {
        ZKTrustManager zKTrustManager = new ZKTrustManager(this.mockX509ExtendedTrustManager, true, false);
        X509Certificate[] createSelfSignedCertifcateChain = createSelfSignedCertifcateChain(IP_ADDRESS, null);
        zKTrustManager.checkServerTrusted(createSelfSignedCertifcateChain, (String) null, this.mockSocket);
        ((InetAddress) Mockito.verify(this.mockInetAddress, Mockito.times(1))).getHostAddress();
        ((InetAddress) Mockito.verify(this.mockInetAddress, Mockito.times(0))).getHostName();
        ((X509ExtendedTrustManager) Mockito.verify(this.mockX509ExtendedTrustManager, Mockito.times(1))).checkServerTrusted(createSelfSignedCertifcateChain, (String) null, this.mockSocket);
    }

    @Test
    public void testServerHostnameVerificationWithHostname() throws Exception {
        ZKTrustManager zKTrustManager = new ZKTrustManager(this.mockX509ExtendedTrustManager, true, false);
        X509Certificate[] createSelfSignedCertifcateChain = createSelfSignedCertifcateChain(null, HOSTNAME);
        zKTrustManager.checkServerTrusted(createSelfSignedCertifcateChain, (String) null, this.mockSocket);
        ((InetAddress) Mockito.verify(this.mockInetAddress, Mockito.times(1))).getHostAddress();
        ((InetAddress) Mockito.verify(this.mockInetAddress, Mockito.times(1))).getHostName();
        ((X509ExtendedTrustManager) Mockito.verify(this.mockX509ExtendedTrustManager, Mockito.times(1))).checkServerTrusted(createSelfSignedCertifcateChain, (String) null, this.mockSocket);
    }

    @Test
    public void testClientHostnameVerificationWithHostnameVerificationDisabled() throws Exception {
        ZKTrustManager zKTrustManager = new ZKTrustManager(this.mockX509ExtendedTrustManager, false, true);
        X509Certificate[] createSelfSignedCertifcateChain = createSelfSignedCertifcateChain(null, HOSTNAME);
        zKTrustManager.checkClientTrusted(createSelfSignedCertifcateChain, (String) null, this.mockSocket);
        ((InetAddress) Mockito.verify(this.mockInetAddress, Mockito.times(1))).getHostAddress();
        ((InetAddress) Mockito.verify(this.mockInetAddress, Mockito.times(1))).getHostName();
        ((X509ExtendedTrustManager) Mockito.verify(this.mockX509ExtendedTrustManager, Mockito.times(1))).checkClientTrusted(createSelfSignedCertifcateChain, (String) null, this.mockSocket);
    }

    @Test
    public void testClientHostnameVerificationWithClientHostnameVerificationDisabled() throws Exception {
        ZKTrustManager zKTrustManager = new ZKTrustManager(this.mockX509ExtendedTrustManager, true, false);
        X509Certificate[] createSelfSignedCertifcateChain = createSelfSignedCertifcateChain(null, HOSTNAME);
        zKTrustManager.checkClientTrusted(createSelfSignedCertifcateChain, (String) null, this.mockSocket);
        ((InetAddress) Mockito.verify(this.mockInetAddress, Mockito.times(0))).getHostAddress();
        ((InetAddress) Mockito.verify(this.mockInetAddress, Mockito.times(0))).getHostName();
        ((X509ExtendedTrustManager) Mockito.verify(this.mockX509ExtendedTrustManager, Mockito.times(1))).checkClientTrusted(createSelfSignedCertifcateChain, (String) null, this.mockSocket);
    }

    @Test
    public void testClientHostnameVerificationWithIPAddress() throws Exception {
        ZKTrustManager zKTrustManager = new ZKTrustManager(this.mockX509ExtendedTrustManager, true, true);
        X509Certificate[] createSelfSignedCertifcateChain = createSelfSignedCertifcateChain(IP_ADDRESS, null);
        zKTrustManager.checkClientTrusted(createSelfSignedCertifcateChain, (String) null, this.mockSocket);
        ((InetAddress) Mockito.verify(this.mockInetAddress, Mockito.times(1))).getHostAddress();
        ((InetAddress) Mockito.verify(this.mockInetAddress, Mockito.times(0))).getHostName();
        ((X509ExtendedTrustManager) Mockito.verify(this.mockX509ExtendedTrustManager, Mockito.times(1))).checkClientTrusted(createSelfSignedCertifcateChain, (String) null, this.mockSocket);
    }

    @Test
    public void testClientHostnameVerificationWithHostname() throws Exception {
        ZKTrustManager zKTrustManager = new ZKTrustManager(this.mockX509ExtendedTrustManager, true, true);
        X509Certificate[] createSelfSignedCertifcateChain = createSelfSignedCertifcateChain(null, HOSTNAME);
        zKTrustManager.checkClientTrusted(createSelfSignedCertifcateChain, (String) null, this.mockSocket);
        ((InetAddress) Mockito.verify(this.mockInetAddress, Mockito.times(1))).getHostAddress();
        ((InetAddress) Mockito.verify(this.mockInetAddress, Mockito.times(1))).getHostName();
        ((X509ExtendedTrustManager) Mockito.verify(this.mockX509ExtendedTrustManager, Mockito.times(1))).checkClientTrusted(createSelfSignedCertifcateChain, (String) null, this.mockSocket);
    }
}
