package org.mule.test.http.functional;

import java.io.File;
import java.io.PrintWriter;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.mule.runtime.api.tls.TlsContextFactory;
import org.mule.runtime.core.api.util.ClassUtils;
import org.mule.tck.junit4.rule.DynamicPort;

/* loaded from: input_file:org/mule/test/http/functional/AbstractServerTlsRestrictedProtocolsAndCiphersTestCase.class */
public abstract class AbstractServerTlsRestrictedProtocolsAndCiphersTestCase extends AbstractTlsRestrictedProtocolsAndCiphersTestCase {

    @Rule
    public DynamicPort httpsPort = new DynamicPort("port");
    private static final String SERVER_CIPHER_SUITE_ENABLED = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
    private static final String SERVER_CIPHER_SUITE_DISABLED = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
    private static final String SERVER_PROTOCOL_ENABLED = "TLSv1.2";
    private static final String SERVER_PROTOCOL_DISABLED = "TLSv1";

    @BeforeClass
    public static void createTlsPropertiesFile() throws Exception {
        PrintWriter printWriter = new PrintWriter(getTlsPropertiesFile(), "UTF-8");
        printWriter.println("enabledCipherSuites=TLS_DHE_DSS_WITH_AES_128_CBC_SHA256");
        printWriter.println("enabledProtocols=TLSv1.2");
        printWriter.close();
    }

    @AfterClass
    public static void removeTlsPropertiesFile() {
        getTlsPropertiesFile().delete();
    }

    private static File getTlsPropertiesFile() {
        return new File(ClassUtils.getClassPathRoot(AbstractServerTlsRestrictedProtocolsAndCiphersTestCase.class).getPath(), String.format("tls-%s.conf", "default"));
    }

    @Test
    public void handshakeSuccessWhenUsingEnabledCipherSpec() throws Exception {
        CountDownLatch countDownLatch = new CountDownLatch(1);
        SSLSocket createSocket = createSocket(new String[]{SERVER_CIPHER_SUITE_ENABLED, SERVER_CIPHER_SUITE_DISABLED}, new String[]{SERVER_PROTOCOL_ENABLED, SERVER_PROTOCOL_DISABLED});
        createSocket.addHandshakeCompletedListener(handshakeCompletedEvent -> {
            countDownLatch.countDown();
        });
        createSocket.startHandshake();
        Assert.assertTrue(countDownLatch.await(30000L, TimeUnit.MILLISECONDS));
        Assert.assertEquals(SERVER_CIPHER_SUITE_ENABLED, createSocket.getSession().getCipherSuite());
        Assert.assertEquals(SERVER_PROTOCOL_ENABLED, createSocket.getSession().getProtocol());
        createSocket.close();
    }

    @Test(expected = SSLException.class)
    public void handshakeFailureWithDisabledCipherSuite() throws Exception {
        createSocket(new String[]{SERVER_CIPHER_SUITE_DISABLED}, new String[]{SERVER_PROTOCOL_ENABLED}).startHandshake();
    }

    @Test(expected = SSLException.class)
    public void handshakeFailureWithDisabledProtocol() throws Exception {
        createSocket(new String[]{SERVER_CIPHER_SUITE_ENABLED}, new String[]{SERVER_PROTOCOL_DISABLED}).startHandshake();
    }

    private SSLSocket createSocket(String[] strArr, String[] strArr2) throws Exception {
        SSLSocket sSLSocket = (SSLSocket) TlsContextFactory.builder().setTrustStorePath("tls/trustStore").setTrustStorePassword("mulepassword").build().createSslContext().getSocketFactory().createSocket("localhost", this.httpsPort.getNumber());
        sSLSocket.setEnabledCipherSuites(strArr);
        sSLSocket.setEnabledProtocols(strArr2);
        return sSLSocket;
    }
}
