package org.jenkinsci.remoting.engine;

import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.remoting.Channel;
import hudson.remoting.TestCallable;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.ByteBuffer;
import java.nio.channels.ServerSocketChannel;
import java.nio.channels.SocketChannel;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.function.Consumer;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nonnull;
import javax.net.ssl.SSLContext;
import org.apache.commons.io.IOUtils;
import org.hamcrest.Matchers;
import org.jenkinsci.remoting.nio.NioChannelHub;
import org.jenkinsci.remoting.protocol.IOHub;
import org.jenkinsci.remoting.protocol.cert.RSAKeyPairRule;
import org.jenkinsci.remoting.protocol.cert.SSLContextRule;
import org.jenkinsci.remoting.protocol.cert.X509CertificateRule;
import org.jenkinsci.remoting.protocol.impl.ConnectionHeadersFilterLayer;
import org.jenkinsci.remoting.protocol.impl.ConnectionRefusalException;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.experimental.theories.DataPoints;
import org.junit.experimental.theories.Theories;
import org.junit.experimental.theories.Theory;
import org.junit.rules.RuleChain;
import org.junit.runner.RunWith;

@RunWith(Theories.class)
/* loaded from: input_file:org/jenkinsci/remoting/engine/JnlpProtocolHandlerTest.class */
public class JnlpProtocolHandlerTest {
    private static final String SECRET_KEY = "SecretKey-1234";
    private static ExecutorService executorService;
    private IOHub selector;
    private NioChannelHub hub;
    private ServerSocketChannel baseServerSocket;
    private SocketChannel clientSocketChannel;
    private SocketChannel serverSocketChannel;
    private Channel serverRemotingChannel;
    private Channel clientRemotingChannel;
    private static final Consumer<JnlpConnectionState> APPROVING_STATE_CONSUMER = (v0) -> {
        v0.approve();
    };
    private static final Consumer<JnlpConnectionState> REJECTING_STATE_CONSUMER = jnlpConnectionState -> {
        jnlpConnectionState.reject(new ConnectionRefusalException("I don't like you"));
    };
    private static final Consumer<JnlpConnectionState> IGNORING_STATE_CONSUMER = jnlpConnectionState -> {
    };
    private static RSAKeyPairRule clientKey = new RSAKeyPairRule();
    private static RSAKeyPairRule serverKey = new RSAKeyPairRule();
    private static RSAKeyPairRule caRootKey = new RSAKeyPairRule();
    private static X509CertificateRule caRootCert = X509CertificateRule.create("caRoot", caRootKey, caRootKey);
    private static X509CertificateRule clientCert = X509CertificateRule.create("client", clientKey, caRootKey);
    private static X509CertificateRule serverCert = X509CertificateRule.create("server", serverKey, caRootKey);
    private static X509CertificateRule expiredClientCert = X509CertificateRule.create("expiredClient", clientKey, caRootKey, -10, -5, TimeUnit.DAYS);
    private static X509CertificateRule notYetValidServerCert = X509CertificateRule.create("notYetValidServer", serverKey, caRootKey, 5, 10, TimeUnit.DAYS);
    private static SSLContextRule clientCtx = new SSLContextRule("client").as(clientKey, clientCert, caRootCert).trusting(caRootCert).trusting(serverCert);
    private static SSLContextRule serverCtx = new SSLContextRule("server").as(serverKey, serverCert, caRootCert).trusting(caRootCert).trusting(clientCert);
    private static SSLContextRule expiredClientCtx = new SSLContextRule("expiredClient").as(clientKey, expiredClientCert, caRootCert).trusting(caRootCert).trusting(serverCert);
    private static SSLContextRule notYetValidServerCtx = new SSLContextRule("notYetValidServer").as(serverKey, notYetValidServerCert, caRootCert).trusting(caRootCert).trusting(clientCert);
    private static SSLContextRule untrustingClientCtx = new SSLContextRule("untrustingClient").as(clientKey, clientCert).trusting(caRootCert);
    private static SSLContextRule untrustingServerCtx = new SSLContextRule("untrustingServer").as(serverKey, serverCert).trusting(caRootCert);

    @ClassRule
    public static RuleChain staticCtx = RuleChain.outerRule(caRootKey).around(clientKey).around(serverKey).around(caRootCert).around(clientCert).around(serverCert).around(expiredClientCert).around(notYetValidServerCert).around(clientCtx).around(serverCtx).around(expiredClientCtx).around(notYetValidServerCtx).around(untrustingClientCtx).around(untrustingServerCtx);

    /* loaded from: input_file:org/jenkinsci/remoting/engine/JnlpProtocolHandlerTest$Factory.class */
    public interface Factory {
        JnlpProtocolHandler<? extends JnlpConnectionState> create(JnlpClientDatabase jnlpClientDatabase, ExecutorService executorService, IOHub iOHub, NioChannelHub nioChannelHub, SSLContext sSLContext, boolean z);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jenkinsci/remoting/engine/JnlpProtocolHandlerTest$StateListener.class */
    public class StateListener extends JnlpConnectionStateListener {
        private Channel.Mode mode;
        private Consumer<JnlpConnectionState> afterPropertiesConsumer;

        StateListener(Consumer<JnlpConnectionState> consumer, Channel.Mode mode) {
            this.mode = mode;
            this.afterPropertiesConsumer = consumer;
        }

        public void afterProperties(@NonNull JnlpConnectionState jnlpConnectionState) {
            this.afterPropertiesConsumer.accept(jnlpConnectionState);
        }

        public void beforeChannel(@NonNull JnlpConnectionState jnlpConnectionState) {
            jnlpConnectionState.getChannelBuilder().withMode(this.mode);
        }

        public void afterChannel(@NonNull JnlpConnectionState jnlpConnectionState) {
        }
    }

    @BeforeClass
    public static void setUpClass() {
        Logger.getLogger(ConnectionHeadersFilterLayer.class.getName()).setLevel(Level.WARNING);
        executorService = Executors.newCachedThreadPool();
    }

    @AfterClass
    public static void tearDownClass() {
        executorService.shutdownNow();
    }

    @Before
    public void setUp() throws Exception {
        this.selector = IOHub.create(executorService);
        this.hub = new NioChannelHub(executorService);
        executorService.submit((Runnable) this.hub);
        this.baseServerSocket = ServerSocketChannel.open();
        this.baseServerSocket.socket().bind(new InetSocketAddress(0));
        this.clientSocketChannel = SocketChannel.open();
        this.clientSocketChannel.connect(this.baseServerSocket.getLocalAddress());
        this.serverSocketChannel = this.baseServerSocket.accept();
    }

    @After
    public void tearDown() {
        IOUtils.closeQuietly(this.serverRemotingChannel);
        IOUtils.closeQuietly(this.clientRemotingChannel);
        IOUtils.closeQuietly(this.clientSocketChannel);
        IOUtils.closeQuietly(this.serverSocketChannel);
        IOUtils.closeQuietly(this.baseServerSocket);
        IOUtils.closeQuietly(this.hub);
        IOUtils.closeQuietly(this.selector);
    }

    @Theory
    public void happyPath(Factory factory, boolean z, boolean z2) throws Exception {
        JnlpProtocolHandler<? extends JnlpConnectionState> createServerProtocolHandler = createServerProtocolHandler(factory, z, SECRET_KEY, true);
        Future<Channel> createChannelConnector = createChannelConnector(this.clientSocketChannel, createClientProtocolHandler(factory, z2), createClientProperties(factory, SECRET_KEY), APPROVING_STATE_CONSUMER);
        readAndCheckProtocol(factory);
        this.serverRemotingChannel = createChannelHandler(this.serverSocketChannel, createServerProtocolHandler, new HashMap<>(), APPROVING_STATE_CONSUMER).get(10L, TimeUnit.SECONDS);
        Assert.assertThat(this.serverRemotingChannel, Matchers.notNullValue());
        this.serverRemotingChannel.call(new TestCallable());
        this.clientRemotingChannel = createChannelConnector.get(10L, TimeUnit.SECONDS);
        Assert.assertThat(this.clientRemotingChannel, Matchers.notNullValue());
    }

    @Theory
    public void serverRejects(Factory factory, boolean z, boolean z2) throws Exception {
        JnlpProtocolHandler<? extends JnlpConnectionState> createServerProtocolHandler = createServerProtocolHandler(factory, z, SECRET_KEY, true);
        Future<Channel> createChannelConnector = createChannelConnector(this.clientSocketChannel, createClientProtocolHandler(factory, z2), createClientProperties(factory, SECRET_KEY), APPROVING_STATE_CONSUMER);
        readAndCheckProtocol(factory);
        assertChannelFails(createChannelConnector, createChannelHandler(this.serverSocketChannel, createServerProtocolHandler, new HashMap<>(), REJECTING_STATE_CONSUMER), ConnectionRefusalException.class);
    }

    @Theory
    public void serverIgnores(Factory factory, boolean z, boolean z2) throws Exception {
        JnlpProtocolHandler<? extends JnlpConnectionState> createServerProtocolHandler = createServerProtocolHandler(factory, z, SECRET_KEY, true);
        Future<Channel> createChannelConnector = createChannelConnector(this.clientSocketChannel, createClientProtocolHandler(factory, z2), createClientProperties(factory, SECRET_KEY), IGNORING_STATE_CONSUMER);
        readAndCheckProtocol(factory);
        assertChannelFails(createChannelConnector, createChannelHandler(this.serverSocketChannel, createServerProtocolHandler, new HashMap<>(), APPROVING_STATE_CONSUMER), IOException.class);
    }

    @Theory
    public void clientRejects(Factory factory, boolean z, boolean z2) throws Exception {
        JnlpProtocolHandler<? extends JnlpConnectionState> createServerProtocolHandler = createServerProtocolHandler(factory, z, SECRET_KEY, true);
        Future<Channel> createChannelConnector = createChannelConnector(this.clientSocketChannel, createClientProtocolHandler(factory, z2), createClientProperties(factory, SECRET_KEY), APPROVING_STATE_CONSUMER);
        readAndCheckProtocol(factory);
        assertChannelFails(createChannelConnector, createChannelHandler(this.serverSocketChannel, createServerProtocolHandler, new HashMap<>(), REJECTING_STATE_CONSUMER), IOException.class);
    }

    @Theory
    public void clientIgnores(Factory factory, boolean z, boolean z2) throws Exception {
        JnlpProtocolHandler<? extends JnlpConnectionState> createServerProtocolHandler = createServerProtocolHandler(factory, z, SECRET_KEY, true);
        Future<Channel> createChannelConnector = createChannelConnector(this.clientSocketChannel, createClientProtocolHandler(factory, z2), createClientProperties(factory, SECRET_KEY), APPROVING_STATE_CONSUMER);
        readAndCheckProtocol(factory);
        assertChannelFails(createChannelConnector, createChannelHandler(this.serverSocketChannel, createServerProtocolHandler, new HashMap<>(), IGNORING_STATE_CONSUMER), ConnectionRefusalException.class);
    }

    @Theory
    public void doesNotExist(Factory factory, boolean z, boolean z2) throws Exception {
        JnlpProtocolHandler<? extends JnlpConnectionState> createServerProtocolHandler = createServerProtocolHandler(factory, z, SECRET_KEY, false);
        Future<Channel> createChannelConnector = createChannelConnector(this.clientSocketChannel, createClientProtocolHandler(factory, z2), createClientProperties(factory, SECRET_KEY), APPROVING_STATE_CONSUMER);
        readAndCheckProtocol(factory);
        assertChannelFails(createChannelConnector, createChannelHandler(this.serverSocketChannel, createServerProtocolHandler, new HashMap<>(), APPROVING_STATE_CONSUMER), ConnectionRefusalException.class);
    }

    @Theory
    public void wrongSecret(Factory factory, boolean z, boolean z2) throws Exception {
        Logger.getLogger(JnlpProtocol4PlainHandler.class.getName()).setLevel(Level.SEVERE);
        Logger.getLogger(JnlpProtocol4Handler.class.getName()).setLevel(Level.SEVERE);
        JnlpProtocolHandler<? extends JnlpConnectionState> createServerProtocolHandler = createServerProtocolHandler(factory, z, SECRET_KEY, true);
        Future<Channel> createChannelConnector = createChannelConnector(this.clientSocketChannel, createClientProtocolHandler(factory, z2), createClientProperties(factory, "WrongSecret"), APPROVING_STATE_CONSUMER);
        readAndCheckProtocol(factory);
        assertChannelFails(createChannelConnector, createChannelHandler(this.serverSocketChannel, createServerProtocolHandler, new HashMap<>(), APPROVING_STATE_CONSUMER), ConnectionRefusalException.class);
    }

    private Future<Channel> createChannelConnector(SocketChannel socketChannel, JnlpProtocolHandler<? extends JnlpConnectionState> jnlpProtocolHandler, HashMap<String, String> hashMap, Consumer<JnlpConnectionState> consumer) throws IOException {
        return jnlpProtocolHandler.connect(socketChannel.socket(), hashMap, new JnlpConnectionStateListener[]{new StateListener(consumer, Channel.Mode.BINARY)});
    }

    private Future<Channel> createChannelHandler(SocketChannel socketChannel, JnlpProtocolHandler<? extends JnlpConnectionState> jnlpProtocolHandler, HashMap<String, String> hashMap, Consumer<JnlpConnectionState> consumer) throws IOException {
        return jnlpProtocolHandler.handle(socketChannel.socket(), hashMap, new JnlpConnectionStateListener[]{new StateListener(consumer, Channel.Mode.NEGOTIATE)});
    }

    private HashMap<String, String> createClientProperties(Factory factory, String str) {
        HashMap<String, String> hashMap = new HashMap<>();
        hashMap.put("Node-Name", "client-" + factory);
        hashMap.put("Secret-Key", str);
        return hashMap;
    }

    private JnlpProtocolHandler<? extends JnlpConnectionState> createClientProtocolHandler(Factory factory, boolean z) {
        return factory.create(null, executorService, this.selector, z ? this.hub : null, clientCtx.context(), z);
    }

    private JnlpProtocolHandler<? extends JnlpConnectionState> createServerProtocolHandler(Factory factory, boolean z, final String str, final boolean z2) {
        return factory.create(new JnlpClientDatabase() { // from class: org.jenkinsci.remoting.engine.JnlpProtocolHandlerTest.1
            public boolean exists(String str2) {
                return z2;
            }

            public String getSecretOf(@Nonnull String str2) {
                return str;
            }
        }, executorService, this.selector, this.hub, serverCtx.context(), z);
    }

    private void readAndCheckProtocol(Factory factory) throws IOException {
        ByteBuffer wrap = ByteBuffer.wrap(new byte[2]);
        while (wrap.hasRemaining()) {
            this.serverSocketChannel.read(wrap);
        }
        byte[] bArr = new byte[((wrap.get(0) << 8) & 65280) + (wrap.get(1) & 255)];
        ByteBuffer wrap2 = ByteBuffer.wrap(bArr);
        while (wrap2.hasRemaining()) {
            this.serverSocketChannel.read(wrap2);
        }
        Assert.assertThat(new String(bArr, StandardCharsets.UTF_8), Matchers.is("Protocol:" + factory.toString()));
    }

    private void assertChannelFails(Future<Channel> future, Future<Channel> future2, Class<? extends Exception> cls) throws InterruptedException, TimeoutException {
        try {
            this.serverRemotingChannel = future2.get(10L, TimeUnit.SECONDS);
            Assert.fail();
        } catch (ExecutionException e) {
            Assert.assertThat(e.getCause(), Matchers.instanceOf(cls));
        }
        try {
            this.clientRemotingChannel = future.get(10L, TimeUnit.SECONDS);
            Assert.fail();
        } catch (ExecutionException e2) {
            Assert.assertThat(e2.getCause(), Matchers.instanceOf(IOException.class));
        }
    }

    @DataPoints
    public static boolean[] useNioHub() {
        return new boolean[]{true, false};
    }

    @DataPoints
    public static Factory[] protocols() {
        return new Factory[]{new Factory() { // from class: org.jenkinsci.remoting.engine.JnlpProtocolHandlerTest.2
            @Override // org.jenkinsci.remoting.engine.JnlpProtocolHandlerTest.Factory
            public JnlpProtocolHandler<? extends JnlpConnectionState> create(JnlpClientDatabase jnlpClientDatabase, ExecutorService executorService2, IOHub iOHub, NioChannelHub nioChannelHub, SSLContext sSLContext, boolean z) {
                return new JnlpProtocol4Handler(jnlpClientDatabase, executorService2, iOHub, sSLContext, false, z);
            }

            public String toString() {
                return "JNLP4-connect";
            }
        }, new Factory() { // from class: org.jenkinsci.remoting.engine.JnlpProtocolHandlerTest.3
            @Override // org.jenkinsci.remoting.engine.JnlpProtocolHandlerTest.Factory
            public JnlpProtocolHandler<? extends JnlpConnectionState> create(JnlpClientDatabase jnlpClientDatabase, ExecutorService executorService2, IOHub iOHub, NioChannelHub nioChannelHub, SSLContext sSLContext, boolean z) {
                return new JnlpProtocol4PlainHandler(jnlpClientDatabase, executorService2, iOHub, z);
            }

            public String toString() {
                return "JNLP4-plaintext";
            }
        }};
    }
}
