package org.mule.api;

import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Test;
import org.mule.api.lifecycle.CreateException;
import org.mule.api.security.tls.TlsConfiguration;
import org.mule.tck.junit4.AbstractMuleTestCase;
import org.mule.util.ClassUtils;
import org.mule.util.FileUtils;
import org.mule.util.SecurityUtils;

/* loaded from: input_file:org/mule/api/TlsConfigurationTestCase.class */
public class TlsConfigurationTestCase extends AbstractMuleTestCase {
    private static final String SUPPORTED_CIPHER_SUITE = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
    private static final String SUPPORTED_PROTOCOL = "TLSv1";
    private static final String TEST_SECURITY_MODEL = "test";

    @Test
    public void testEmptyConfiguration() throws Exception {
        TlsConfiguration tlsConfiguration = new TlsConfiguration(".keystore");
        try {
            tlsConfiguration.initialise(false, "javax.net");
            Assert.fail("no key password");
        } catch (IllegalArgumentException e) {
            Assert.assertNotNull("expected", e);
        }
        tlsConfiguration.setKeyPassword("mulepassword");
        try {
            tlsConfiguration.initialise(false, "javax.net");
            Assert.fail("no store password");
        } catch (IllegalArgumentException e2) {
            Assert.assertNotNull("expected", e2);
        }
        tlsConfiguration.setKeyStorePassword("mulepassword");
        tlsConfiguration.setKeyStore("");
        try {
            tlsConfiguration.initialise(false, "javax.net");
            Assert.fail("no keystore");
        } catch (Exception e3) {
            Assert.assertNotNull("expected", e3);
        }
    }

    @Test
    public void testSimpleSocket() throws Exception {
        TlsConfiguration tlsConfiguration = new TlsConfiguration(".keystore");
        tlsConfiguration.setKeyPassword("mulepassword");
        tlsConfiguration.setKeyStorePassword("mulepassword");
        tlsConfiguration.setKeyStore("clientKeystore");
        tlsConfiguration.initialise(false, "javax.net");
        Assert.assertTrue("socket is useless", tlsConfiguration.getSocketFactory().getSupportedCipherSuites().length > 0);
    }

    @Test
    public void testExceptionOnInvalidKeyAlias() throws Exception {
        TlsConfiguration tlsConfiguration = new TlsConfiguration(new File(getClass().getClassLoader().getResource("serverKeystore").toURI()).getAbsolutePath());
        tlsConfiguration.setKeyStorePassword("mulepassword");
        tlsConfiguration.setKeyPassword("mulepassword");
        tlsConfiguration.setKeyAlias("this_key_does_not_exist_in_the_keystore");
        try {
            tlsConfiguration.initialise(false, "javax.net");
        } catch (CreateException e) {
            Assert.assertTrue(e.getCause() instanceof IllegalStateException);
        }
    }

    @Test
    public void testCipherSuitesFromConfigFile() throws Exception {
        File createDefaultConfigFile = createDefaultConfigFile();
        try {
            TlsConfiguration tlsConfiguration = new TlsConfiguration(".keystore");
            tlsConfiguration.initialise(true, "javax.net");
            SSLSocket sSLSocket = (SSLSocket) tlsConfiguration.getSocketFactory().createSocket();
            SSLServerSocket sSLServerSocket = (SSLServerSocket) tlsConfiguration.getServerSocketFactory().createServerSocket();
            Assert.assertArrayEquals(new String[]{SUPPORTED_CIPHER_SUITE}, sSLSocket.getEnabledCipherSuites());
            Assert.assertArrayEquals(new String[]{SUPPORTED_CIPHER_SUITE}, sSLServerSocket.getEnabledCipherSuites());
            createDefaultConfigFile.delete();
        } catch (Throwable th) {
            createDefaultConfigFile.delete();
            throw th;
        }
    }

    @Test
    public void testProtocolsFromConfigFile() throws Exception {
        File createDefaultConfigFile = createDefaultConfigFile();
        try {
            TlsConfiguration tlsConfiguration = new TlsConfiguration(".keystore");
            tlsConfiguration.initialise(true, "javax.net");
            SSLSocket sSLSocket = (SSLSocket) tlsConfiguration.getSocketFactory().createSocket();
            SSLServerSocket sSLServerSocket = (SSLServerSocket) tlsConfiguration.getServerSocketFactory().createServerSocket();
            Assert.assertArrayEquals(new String[]{SUPPORTED_PROTOCOL}, sSLSocket.getEnabledProtocols());
            Assert.assertArrayEquals(new String[]{SUPPORTED_PROTOCOL}, sSLServerSocket.getEnabledProtocols());
            createDefaultConfigFile.delete();
        } catch (Throwable th) {
            createDefaultConfigFile.delete();
            throw th;
        }
    }

    @Test
    public void testSecurityModelProperty() throws Exception {
        String securityModel = SecurityUtils.getSecurityModel();
        System.setProperty("mule.security.model", "test");
        File createConfigFile = createConfigFile("test", "enabledCipherSuites=TEST");
        try {
            TlsConfiguration tlsConfiguration = new TlsConfiguration(".keystore");
            tlsConfiguration.initialise(true, "javax.net");
            Assert.assertArrayEquals(new String[]{"TEST"}, tlsConfiguration.getEnabledCipherSuites());
            System.setProperty("mule.security.model", securityModel);
            createConfigFile.delete();
        } catch (Throwable th) {
            System.setProperty("mule.security.model", securityModel);
            createConfigFile.delete();
            throw th;
        }
    }

    @Test
    public void testTlsConfigurationDoesNotLeakKeyStoreFile() throws Exception {
        TlsConfiguration tlsConfiguration = new TlsConfiguration(".keystore");
        tlsConfiguration.setKeyPassword("mulepassword");
        tlsConfiguration.setKeyStorePassword("mulepassword");
        tlsConfiguration.setKeyStore("clientKeystore");
        tlsConfiguration.initialise(false, "javax.net");
        Assert.assertThat(Boolean.valueOf(FileUtils.isFileOpen(FileUtils.newFile(getClass().getClassLoader().getResource("clientKeystore").toURI()))), Matchers.is(false));
    }

    @Test
    public void testTlsConfigurationDoesNotLeakTrustStoreFile() throws Exception {
        TlsConfiguration tlsConfiguration = new TlsConfiguration(".keystore");
        tlsConfiguration.setKeyPassword("mulepassword");
        tlsConfiguration.setKeyStorePassword("mulepassword");
        tlsConfiguration.setKeyStore("clientKeystore");
        tlsConfiguration.setTrustStorePassword("mulepassword");
        tlsConfiguration.setTrustStore("trustStore");
        tlsConfiguration.initialise(false, "javax.net");
        Assert.assertThat(Boolean.valueOf(FileUtils.isFileOpen(FileUtils.newFile(getClass().getClassLoader().getResource("trustStore").toURI()))), Matchers.is(false));
    }

    private File createDefaultConfigFile() throws IOException {
        return createConfigFile("default", String.format("enabledCipherSuites=UNSUPPORTED,%s\nenabledProtocols=UNSUPPORTED,%s", SUPPORTED_CIPHER_SUITE, SUPPORTED_PROTOCOL));
    }

    private File createConfigFile(String str, String str2) throws IOException {
        File file = new File(ClassUtils.getClassPathRoot(getClass()).getPath(), String.format("tls-%s.conf", str));
        PrintWriter printWriter = new PrintWriter(file, "UTF-8");
        printWriter.println(str2);
        printWriter.close();
        return file;
    }
}
