package org.opensaml.security.httpclient.impl;

import java.io.IOException;
import java.io.InputStream;
import java.net.InetSocketAddress;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.apache.http.HttpHost;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
import org.apache.http.conn.ssl.StrictHostnameVerifier;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.protocol.HttpContext;
import org.opensaml.security.credential.impl.StaticCredentialResolver;
import org.opensaml.security.trust.impl.ExplicitKeyTrustEngine;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.security.x509.X509Support;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/opensaml/security/httpclient/impl/SecurityEnhancedTLSSocketFactoryTest.class */
public class SecurityEnhancedTLSSocketFactoryTest {
    private static final String DATA_PATH = "/org/opensaml/security/x509/impl/";
    private SecurityEnhancedTLSSocketFactory securityEnhancedSocketFactory;
    private HttpContext httpContext;
    private String hostname = "foo.example.org";

    @BeforeMethod
    public void buildHttpContext() {
        this.httpContext = new HttpClientContext();
    }

    @Test
    public void testNonSSL() throws IOException {
        this.securityEnhancedSocketFactory = new SecurityEnhancedTLSSocketFactory(buildInnerSSLFactory(null, this.hostname), (X509HostnameVerifier) null);
        this.securityEnhancedSocketFactory.connectSocket(0, this.securityEnhancedSocketFactory.createSocket(this.httpContext), new HttpHost(this.hostname, 80, "http"), (InetSocketAddress) null, (InetSocketAddress) null, this.httpContext);
        Assert.assertNull(this.httpContext.getAttribute("opensaml.ServerTLSCredentialTrusted"));
    }

    @Test
    public void testSuccessNoTrustEngine() throws IOException {
        this.securityEnhancedSocketFactory = new SecurityEnhancedTLSSocketFactory(buildInnerSSLFactory(Collections.singletonList(getCredential("foo-1A1-good.crt", new String[0]).getEntityCertificate()), this.hostname), (X509HostnameVerifier) null);
        this.securityEnhancedSocketFactory.connectSocket(0, this.securityEnhancedSocketFactory.createSocket(this.httpContext), new HttpHost(this.hostname, 443, "https"), (InetSocketAddress) null, (InetSocketAddress) null, this.httpContext);
        Assert.assertNull(this.httpContext.getAttribute("opensaml.ServerTLSCredentialTrusted"));
    }

    @Test
    public void testSuccessWithEngine() throws IOException {
        BasicX509Credential credential = getCredential("foo-1A1-good.crt", new String[0]);
        this.httpContext.setAttribute("opensaml.TrustEngine", new ExplicitKeyTrustEngine(new StaticCredentialResolver(credential)));
        this.securityEnhancedSocketFactory = new SecurityEnhancedTLSSocketFactory(buildInnerSSLFactory(Collections.singletonList(credential.getEntityCertificate()), this.hostname), (X509HostnameVerifier) null);
        this.securityEnhancedSocketFactory.connectSocket(0, this.securityEnhancedSocketFactory.createSocket(this.httpContext), new HttpHost(this.hostname, 443, "https"), (InetSocketAddress) null, (InetSocketAddress) null, this.httpContext);
        Assert.assertEquals(this.httpContext.getAttribute("opensaml.ServerTLSCredentialTrusted"), Boolean.TRUE);
    }

    @Test
    public void testSuccessWithEngineAndVerifier() throws IOException {
        BasicX509Credential credential = getCredential("foo-1A1-good.crt", new String[0]);
        this.httpContext.setAttribute("opensaml.TrustEngine", new ExplicitKeyTrustEngine(new StaticCredentialResolver(credential)));
        this.securityEnhancedSocketFactory = new SecurityEnhancedTLSSocketFactory(buildInnerSSLFactory(Collections.singletonList(credential.getEntityCertificate()), this.hostname), new StrictHostnameVerifier());
        this.securityEnhancedSocketFactory.connectSocket(0, this.securityEnhancedSocketFactory.createSocket(this.httpContext), new HttpHost(this.hostname, 443, "https"), (InetSocketAddress) null, (InetSocketAddress) null, this.httpContext);
        Assert.assertEquals(this.httpContext.getAttribute("opensaml.ServerTLSCredentialTrusted"), Boolean.TRUE);
    }

    @Test(expectedExceptions = {SSLPeerUnverifiedException.class})
    public void testFailUntrustedCert() throws IOException {
        BasicX509Credential credential = getCredential("foo-1A1-good.crt", new String[0]);
        this.httpContext.setAttribute("opensaml.TrustEngine", new ExplicitKeyTrustEngine(new StaticCredentialResolver(new ArrayList())));
        this.securityEnhancedSocketFactory = new SecurityEnhancedTLSSocketFactory(buildInnerSSLFactory(Collections.singletonList(credential.getEntityCertificate()), this.hostname), new StrictHostnameVerifier());
        try {
            this.securityEnhancedSocketFactory.connectSocket(0, this.securityEnhancedSocketFactory.createSocket(this.httpContext), new HttpHost(this.hostname, 443, "https"), (InetSocketAddress) null, (InetSocketAddress) null, this.httpContext);
        } catch (Exception e) {
            Assert.assertEquals(this.httpContext.getAttribute("opensaml.ServerTLSCredentialTrusted"), Boolean.FALSE);
            throw e;
        }
    }

    @Test(expectedExceptions = {SSLException.class})
    public void testFailBadHostname() throws IOException {
        BasicX509Credential credential = getCredential("foo-1A1-good.crt", new String[0]);
        this.httpContext.setAttribute("opensaml.TrustEngine", new ExplicitKeyTrustEngine(new StaticCredentialResolver(credential)));
        this.securityEnhancedSocketFactory = new SecurityEnhancedTLSSocketFactory(buildInnerSSLFactory(Collections.singletonList(credential.getEntityCertificate()), "bogus.example.com"), new StrictHostnameVerifier());
        try {
            this.securityEnhancedSocketFactory.connectSocket(0, this.securityEnhancedSocketFactory.createSocket(this.httpContext), new HttpHost("bogus.example.com", 443, "https"), (InetSocketAddress) null, (InetSocketAddress) null, this.httpContext);
        } catch (Exception e) {
            Assert.assertEquals(this.httpContext.getAttribute("opensaml.ServerTLSCredentialTrusted"), Boolean.TRUE);
            throw e;
        }
    }

    @Test(expectedExceptions = {SSLPeerUnverifiedException.class})
    public void testFailNoCertsInSession() throws IOException {
        this.httpContext.setAttribute("opensaml.TrustEngine", new ExplicitKeyTrustEngine(new StaticCredentialResolver(getCredential("foo-1A1-good.crt", new String[0]))));
        this.securityEnhancedSocketFactory = new SecurityEnhancedTLSSocketFactory(buildInnerSSLFactory(new ArrayList(), this.hostname), new StrictHostnameVerifier());
        this.securityEnhancedSocketFactory.connectSocket(0, this.securityEnhancedSocketFactory.createSocket(this.httpContext), new HttpHost(this.hostname, 443, "https"), (InetSocketAddress) null, (InetSocketAddress) null, this.httpContext);
    }

    private LayeredConnectionSocketFactory buildInnerSSLFactory(List<Certificate> list, String str) {
        return list == null ? new MockTLSSocketFactory() : new MockTLSSocketFactory(list, str);
    }

    private BasicX509Credential getCredential(String str, String... strArr) {
        X509Certificate certificate = getCertificate(str);
        BasicX509Credential basicX509Credential = new BasicX509Credential(certificate);
        HashSet hashSet = new HashSet();
        hashSet.add(certificate);
        for (String str2 : strArr) {
            hashSet.add(getCertificate(str2));
        }
        basicX509Credential.setEntityCertificateChain(hashSet);
        return basicX509Credential;
    }

    private X509Certificate getCertificate(String str) {
        try {
            InputStream inputStream = getInputStream(str);
            byte[] bArr = new byte[inputStream.available()];
            inputStream.read(bArr);
            return (X509Certificate) X509Support.decodeCertificates(bArr).iterator().next();
        } catch (Exception e) {
            Assert.fail("Could not create certificate from file: " + str + ": " + e.getMessage());
            return null;
        }
    }

    private InputStream getInputStream(String str) {
        return getClass().getResourceAsStream(DATA_PATH + str);
    }
}
