package org.eclipse.microprofile.rest.client.tck.ssl;

import javax.inject.Inject;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.ws.rs.ProcessingException;
import org.eclipse.microprofile.rest.client.RestClientBuilder;
import org.eclipse.microprofile.rest.client.inject.RestClient;
import org.eclipse.microprofile.rest.client.tck.interfaces.JsonPClient;
import org.eclipse.microprofile.rest.client.tck.interfaces.ssl.ConfigurableHostnameVerifier;
import org.eclipse.microprofile.rest.client.tck.utils.ConfigUtil;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.ClassLoaderAsset;
import org.jboss.shrinkwrap.api.asset.EmptyAsset;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:org/eclipse/microprofile/rest/client/tck/ssl/SslHostnameVerifierTest.class */
public class SslHostnameVerifierTest extends AbstractSslTest {

    @Inject
    @RestClient
    private JsonPClient clientWithHostnameVerifier;

    @Deployment
    public static WebArchive createDeployment() {
        WebArchive addAsWebInfResource = ShrinkWrap.create(WebArchive.class, SslHostnameVerifierTest.class.getSimpleName() + ".war").addClasses(new Class[]{JsonPClient.class, HttpsServer.class, AbstractSslTest.class, ConfigurableHostnameVerifier.class}).addAsWebInfResource(new StringAsset(ConfigUtil.configLine(JsonPClient.class, "uri", BASE_URI_STRING) + ConfigUtil.configLine(JsonPClient.class, "hostnameVerifier", ConfigurableHostnameVerifier.class.getCanonicalName()) + ConfigUtil.configLine(JsonPClient.class, "trustStore", "classpath:/META-INF/" + clientWrongHostnameTruststoreFromClasspath) + ConfigUtil.configLine(JsonPClient.class, "trustStoreType", "pkcs12") + ConfigUtil.configLine(JsonPClient.class, "trustStorePassword", "password")), "classes/META-INF/microprofile-config.properties").addAsWebInfResource(new ClassLoaderAsset("ssl/" + clientWrongHostnameTruststoreFromClasspath), "classes/META-INF/" + clientWrongHostnameTruststoreFromClasspath).addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml");
        initializeTest(addAsWebInfResource, httpsServer -> {
            httpsServer.keyStore(serverWrongHostnameKeystore.getAbsolutePath(), "password");
        });
        return addAsWebInfResource;
    }

    @Test(expectedExceptions = {ProcessingException.class})
    public void shouldFailWithoutHostnameAndNoVerifier() throws Exception {
        ((JsonPClient) RestClientBuilder.newBuilder().baseUri(BASE_URI).trustStore(getKeyStore(clientWrongHostnameTruststore)).build(JsonPClient.class)).get("1");
    }

    @Test(expectedExceptions = {ProcessingException.class})
    public void shouldFailWithRejectingHostnameVerifier() throws Exception {
        ((JsonPClient) RestClientBuilder.newBuilder().baseUri(BASE_URI).trustStore(getKeyStore(clientWrongHostnameTruststore)).hostnameVerifier((str, sSLSession) -> {
            return false;
        }).build(JsonPClient.class)).get("1");
    }

    @Test
    public void shouldSucceedWithAcceptingHostnameVerifier() throws Exception {
        Assert.assertEquals("bar", ((JsonPClient) RestClientBuilder.newBuilder().baseUri(BASE_URI).trustStore(getKeyStore(clientWrongHostnameTruststore)).hostnameVerifier((str, sSLSession) -> {
            return true;
        }).build(JsonPClient.class)).get("1").getString("foo"));
    }

    @Test
    public void shouldPassSslSessionAndHostnameToHostnameVerifier() throws Exception {
        Assert.assertEquals("bar", ((JsonPClient) RestClientBuilder.newBuilder().baseUri(BASE_URI).trustStore(getKeyStore(clientWrongHostnameTruststore)).hostnameVerifier(this::verifySslSessionAndHostname).build(JsonPClient.class)).get("1").getString("foo"));
    }

    @Test(expectedExceptions = {ProcessingException.class})
    public void shouldFailWithRejectingHostnameVerifierCDI() {
        ConfigurableHostnameVerifier.setAccepting(false);
        this.clientWithHostnameVerifier.get("1");
    }

    @Test
    public void shouldSucceedWithAcceptingHostnameVerifierCDI() {
        ConfigurableHostnameVerifier.setAccepting(true);
        Assert.assertEquals("bar", this.clientWithHostnameVerifier.get("1").getString("foo"));
    }

    @Test
    public void shouldPassSslSessionAndHostnameToHostnameVerifierCDI() {
        ConfigurableHostnameVerifier.setAccepting(true);
        Assert.assertEquals("bar", this.clientWithHostnameVerifier.get("1").getString("foo"));
        verifySslSessionAndHostname(ConfigurableHostnameVerifier.getHostname(), ConfigurableHostnameVerifier.getSslSession());
    }

    private boolean verifySslSessionAndHostname(String str, SSLSession sSLSession) {
        try {
            Assert.assertEquals("localhost", str);
            Assert.assertNotNull(sSLSession);
            Assert.assertNotNull(sSLSession.getCipherSuite());
            Assert.assertNotNull(sSLSession.getPeerCertificates());
            return true;
        } catch (SSLPeerUnverifiedException e) {
            throw new RuntimeException("failed to verify ssl session and hostname", e);
        }
    }
}
