package org.mule.test.http.functional.requester;

import io.qameta.allure.Feature;
import io.qameta.allure.Story;
import io.qameta.allure.junit4.DisplayName;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.mule.extension.http.api.error.HttpRequestFailedException;
import org.mule.functional.api.exception.ExpectedError;
import org.mule.runtime.api.tls.TlsContextFactory;
import org.mule.runtime.api.tls.TlsContextFactoryBuilder;
import org.mule.runtime.core.api.util.IOUtils;
import org.mule.runtime.http.api.HttpConstants;
import org.mule.runtime.http.api.HttpService;
import org.mule.runtime.http.api.client.HttpClient;
import org.mule.runtime.http.api.client.HttpClientConfiguration;
import org.mule.runtime.http.api.client.auth.HttpAuthentication;
import org.mule.runtime.http.api.domain.entity.ByteArrayHttpEntity;
import org.mule.runtime.http.api.domain.message.request.HttpRequest;
import org.mule.tck.junit4.rule.DynamicPort;
import org.mule.tck.junit4.rule.SystemProperty;
import org.mule.test.http.AllureConstants;
import org.mule.test.http.functional.AbstractHttpTestCase;

@Story(AllureConstants.HttpFeature.HttpStory.HTTPS)
@Feature(AllureConstants.HttpFeature.HTTP_EXTENSION)
@DisplayName("HTTPS Restricted Ciphers and Protocols")
/* loaded from: input_file:org/mule/test/http/functional/requester/HttpRestrictedCiphersAndProtocolsTestCase.class */
public class HttpRestrictedCiphersAndProtocolsTestCase extends AbstractHttpTestCase {
    public HttpClient httpClientWithCertificate;
    private TlsContextFactory tlsContextFactory;

    @Rule
    public DynamicPort port1 = new DynamicPort("port1");

    @Rule
    public DynamicPort port2 = new DynamicPort("port2");

    @Rule
    public DynamicPort port3 = new DynamicPort("port3");

    @Rule
    public SystemProperty cipherSuites = new SystemProperty("cipherSuites", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA");

    @Rule
    public SystemProperty protocol = new SystemProperty("protocol", AllureConstants.HttpFeature.HttpStory.HTTPS);

    @Rule
    public ExpectedError expectedError = ExpectedError.none();
    private TlsContextFactoryBuilder tlsContextFactoryBuilder = TlsContextFactory.builder();

    protected String getConfigFile() {
        return "http-restricted-ciphers-and-protocols-config.xml";
    }

    @Before
    public void setUp() {
        this.tlsContextFactoryBuilder.trustStorePath("tls/trustStore");
        this.tlsContextFactoryBuilder.trustStorePassword("mulepassword");
    }

    @After
    public void after() {
        if (this.httpClientWithCertificate != null) {
            this.httpClientWithCertificate.stop();
        }
    }

    @Test
    public void worksWithProtocolAndCipherSuiteMatch() throws Exception {
        Assert.assertThat(flowRunner("12Client12Server").withPayload("test").run().getMessage().getPayload().getValue(), Matchers.is("test"));
    }

    @Test
    public void worksWithProtocolMatch() throws Exception {
        this.tlsContextFactory = this.tlsContextFactoryBuilder.build();
        createHttpClient();
        Assert.assertThat(IOUtils.toString(this.httpClientWithCertificate.send(HttpRequest.builder().uri(String.format("https://localhost:%s", this.port1.getValue())).method(HttpConstants.Method.POST).entity(new ByteArrayHttpEntity("test".getBytes())).build(), 5000, false, (HttpAuthentication) null).getEntity().getContent()), Matchers.is("test"));
    }

    @Test
    public void worksWithCipherSuiteMatch() throws Exception {
        this.tlsContextFactoryBuilder.enabledCipherSuites(this.cipherSuites.getValue());
        this.tlsContextFactory = this.tlsContextFactoryBuilder.build();
        createHttpClient();
        Assert.assertThat(IOUtils.toString(this.httpClientWithCertificate.send(HttpRequest.builder().uri(String.format("https://localhost:%s", this.port3.getValue())).method(HttpConstants.Method.POST).entity(new ByteArrayHttpEntity("test".getBytes())).build(), 5000, false, (HttpAuthentication) null).getEntity().getContent()), Matchers.is("test"));
    }

    public void createHttpClient() {
        this.httpClientWithCertificate = getService(HttpService.class).getClientFactory().create(new HttpClientConfiguration.Builder().setName(getClass().getSimpleName()).setTlsContextFactory(this.tlsContextFactory).build());
        this.httpClientWithCertificate.start();
    }

    @Test
    public void failsWithProtocolMismatch() throws Exception {
        this.expectedError.expectCause(Matchers.instanceOf(HttpRequestFailedException.class));
        this.expectedError.expectMessage(Matchers.containsString("Remotely closed"));
        flowRunner("12Client1Server").withPayload("test").run();
    }

    @Test
    public void failsWithCipherSuiteMismatch() throws Exception {
        this.expectedError.expectCause(Matchers.instanceOf(HttpRequestFailedException.class));
        this.expectedError.expectMessage(Matchers.containsString("Remotely closed"));
        flowRunner("12CipherClient1CipherServer").withPayload("test").run();
    }
}
