package com.mulesoft.anypoint.test.client;

import com.mulesoft.anypoint.tests.infrastructure.ArtifactProvider;
import com.mulesoft.anypoint.tests.infrastructure.installation.FakeGatewayInstallation;
import com.mulesoft.anypoint.tita.environment.api.artifact.Artifact;
import com.mulesoft.mule.runtime.gw.api.config.GatewayConfiguration;
import com.mulesoft.mule.runtime.gw.client.httpclient.GatewayHttpClient;
import com.mulesoft.mule.runtime.gw.client.httpclient.GatewayHttpClientBuilder;
import com.mulesoft.mule.runtime.gw.client.httpclient.connection.RestartableConnectionManager;
import com.mulesoft.mule.runtime.gw.reflection.Inspector;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import javax.net.ssl.SSLHandshakeException;
import org.apache.commons.io.IOUtils;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.HttpClientConnectionManager;
import org.apache.maven.model.Dependency;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.junit.rules.RuleChain;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.mule.tck.junit4.AbstractMuleTestCase;
import org.mule.tck.junit4.rule.DynamicPort;
import org.mule.tck.junit4.rule.SystemProperty;

@RunWith(Parameterized.class)
/* loaded from: input_file:com/mulesoft/anypoint/test/client/SSLValidationTestCase.class */
public class SSLValidationTestCase extends AbstractMuleTestCase {
    private static final boolean SSL_VALIDATION_ENABLED = true;

    @Rule
    public ExpectedException exception;
    private GatewayHttpClient httpClient;
    private boolean enableSslValidation;
    private HttpGet request = new HttpGet("https://localhost:" + port.getNumber() + "/https");
    private static String KEY_STORE = SSLValidationTestCase.class.getResource("/tls/ssltest-keystore.jks").getPath();
    private static String TRUST_STORE = SSLValidationTestCase.class.getResource("/tls/ssltest-cacerts.jks").getPath();
    private static String KEY_STORE_PASSWORD = "changeit";
    private static DynamicPort port = new DynamicPort("port");
    private static SystemProperty implKeyStorePath = new SystemProperty("implKeystorePath", KEY_STORE);
    private static SystemProperty implKeyStoreKeyPassword = new SystemProperty("implKeystoreKeyPassword", KEY_STORE_PASSWORD);
    private static SystemProperty implKeyStorePassword = new SystemProperty("implKeystorePassword", KEY_STORE_PASSWORD);
    private static final String SSL_TRUSTSTORE = "javax.net.ssl.trustStore";
    private static SystemProperty trustore = new SystemProperty(SSL_TRUSTSTORE, TRUST_STORE);
    private static final boolean SSL_VALIDATION_DISABLED = false;
    private static FakeGatewayInstallation gatewayInstallation = FakeGatewayInstallation.builder().withApplications(new Artifact[]{ArtifactProvider.buildTestApplication("app", "simple-app.xml", new Dependency[SSL_VALIDATION_DISABLED])}).gateKeeperDisabled().offline().build();

    @ClassRule
    public static RuleChain chain = RuleChain.outerRule(port).around(trustore).around(implKeyStoreKeyPassword).around(implKeyStorePassword).around(implKeyStorePath).around(verboseExceptions()).around(gatewayInstallation);

    public SSLValidationTestCase(String str, boolean z, String str2, boolean z2) {
        this.exception = ExpectedException.none();
        this.enableSslValidation = z;
        if (str2 != null) {
            System.setProperty(SSL_TRUSTSTORE, str2);
        } else {
            System.clearProperty(SSL_TRUSTSTORE);
        }
        if (!z2) {
            this.exception = ExpectedException.none();
        } else {
            this.exception.expect(SSLHandshakeException.class);
            this.exception.expectMessage(Matchers.containsString("unable to find valid certification path to requested target"));
        }
    }

    private static SystemProperty verboseExceptions() {
        return new SystemProperty("mule.verbose.exceptions", "true");
    }

    @Parameterized.Parameters(name = "{0}")
    public static Collection<Object[]> data() {
        return Arrays.asList(new Object[]{"Invalid Truststore, validation enabled", true, null, true}, new Object[]{"Invalid Truststore, validation disabled", false, null, false}, new Object[]{"Valid Truststore, validation enabled", true, TRUST_STORE, false}, new Object[]{"Valid Truststore, validation disabled", false, TRUST_STORE, false});
    }

    @After
    public void cleanUp() {
        System.clearProperty(SSL_TRUSTSTORE);
    }

    @Before
    public void setUp() {
        this.httpClient = new GatewayHttpClientBuilder().withClientConfiguration(new GatewayConfiguration().platformClient()).withSslValidationEnabled(this.enableSslValidation).build();
    }

    @Test
    public void simpleRequest() throws IOException {
        HttpResponse execute = this.httpClient.execute(this.request);
        MatcherAssert.assertThat(Integer.valueOf(execute.getStatusLine().getStatusCode()), Matchers.is(200));
        MatcherAssert.assertThat(IOUtils.toString(execute.getEntity().getContent()), Matchers.is("Congratulations! You've reached me"));
        assertConnectionManagerHandlesExceptions();
    }

    private void assertConnectionManagerHandlesExceptions() {
        MatcherAssert.assertThat((HttpClientConnectionManager) new Inspector(this.httpClient).read("httpClient.connManager"), Matchers.instanceOf(RestartableConnectionManager.class));
    }
}
