package org.mule.transport.ssl;

import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import org.hamcrest.Matchers;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mule.api.lifecycle.InitialisationException;
import org.mule.tck.junit4.AbstractMuleTestCase;
import org.mule.util.ClassUtils;
import org.mule.util.StringUtils;

/* loaded from: input_file:org/mule/transport/ssl/DefaultTlsContextFactoryTestCase.class */
public class DefaultTlsContextFactoryTestCase extends AbstractMuleTestCase {

    @Rule
    public ExpectedException expectedException = ExpectedException.none();

    @BeforeClass
    public static void createTlsPropertiesFile() throws Exception {
        PrintWriter printWriter = new PrintWriter(getTlsPropertiesFile(), "UTF-8");
        printWriter.println("enabledCipherSuites=" + getFileEnabledCipherSuites());
        printWriter.println("enabledProtocols=" + getFileEnabledProtocols());
        printWriter.close();
    }

    @AfterClass
    public static void removeTlsPropertiesFile() {
        getTlsPropertiesFile().delete();
    }

    private static File getTlsPropertiesFile() {
        return new File(ClassUtils.getClassPathRoot(DefaultTlsContextFactoryTestCase.class).getPath(), String.format("tls-%s.conf", "default"));
    }

    public static String getFileEnabledProtocols() {
        return "TLSv1.1, TLSv1.2";
    }

    public static String getFileEnabledCipherSuites() {
        return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
    }

    @Test
    public void failIfTrustStoreIsNonexistent() throws Exception {
        DefaultTlsContextFactory defaultTlsContextFactory = new DefaultTlsContextFactory();
        this.expectedException.expect(IOException.class);
        this.expectedException.expectMessage(Matchers.containsString("Resource non-existent-trust-store could not be found"));
        defaultTlsContextFactory.setTrustStorePath("non-existent-trust-store");
    }

    @Test
    public void useConfigFileIfDefaultProtocolsAndCipherSuites() throws Exception {
        DefaultTlsContextFactory defaultTlsContextFactory = new DefaultTlsContextFactory();
        defaultTlsContextFactory.setEnabledCipherSuites("DEFAULT");
        defaultTlsContextFactory.setEnabledProtocols("default");
        defaultTlsContextFactory.initialise();
        Assert.assertThat(defaultTlsContextFactory.getEnabledCipherSuites(), Matchers.is(StringUtils.splitAndTrim(getFileEnabledCipherSuites(), ",")));
        Assert.assertThat(defaultTlsContextFactory.getEnabledProtocols(), Matchers.is(StringUtils.splitAndTrim(getFileEnabledProtocols(), ",")));
    }

    @Test
    public void overrideConfigFile() throws Exception {
        DefaultTlsContextFactory defaultTlsContextFactory = new DefaultTlsContextFactory();
        defaultTlsContextFactory.setEnabledCipherSuites("TLS_DHE_DSS_WITH_AES_128_CBC_SHA");
        defaultTlsContextFactory.setEnabledProtocols("TLSv1.1");
        defaultTlsContextFactory.initialise();
        String[] enabledCipherSuites = defaultTlsContextFactory.getEnabledCipherSuites();
        Assert.assertThat(Integer.valueOf(enabledCipherSuites.length), Matchers.is(1));
        Assert.assertThat(enabledCipherSuites, Matchers.is(Matchers.arrayContaining(new String[]{"TLS_DHE_DSS_WITH_AES_128_CBC_SHA"})));
        String[] enabledProtocols = defaultTlsContextFactory.getEnabledProtocols();
        Assert.assertThat(Integer.valueOf(enabledProtocols.length), Matchers.is(1));
        Assert.assertThat(enabledProtocols, Matchers.is(Matchers.arrayContaining(new String[]{"TLSv1.1"})));
    }

    @Test
    public void failIfProtocolsDoNotMatchConfigFile() throws Exception {
        DefaultTlsContextFactory defaultTlsContextFactory = new DefaultTlsContextFactory();
        defaultTlsContextFactory.setEnabledProtocols("TLSv1,SSLv3");
        this.expectedException.expect(InitialisationException.class);
        this.expectedException.expectMessage(Matchers.containsString("protocols are invalid"));
        defaultTlsContextFactory.initialise();
    }

    @Test
    public void failIfCipherSuitesDoNotMatchConfigFile() throws Exception {
        DefaultTlsContextFactory defaultTlsContextFactory = new DefaultTlsContextFactory();
        defaultTlsContextFactory.setEnabledCipherSuites("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA");
        this.expectedException.expect(InitialisationException.class);
        this.expectedException.expectMessage(Matchers.containsString("cipher suites are invalid"));
        defaultTlsContextFactory.initialise();
    }

    @Test
    public void defaultIncludesTls12Ciphers() throws Exception {
        DefaultTlsContextFactory defaultTlsContextFactory = new DefaultTlsContextFactory();
        defaultTlsContextFactory.initialise();
        SSLSocketFactory socketFactory = defaultTlsContextFactory.createSslContext().getSocketFactory();
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(null, null, null);
        Assert.assertThat(socketFactory.getDefaultCipherSuites(), Matchers.arrayContainingInAnyOrder(sSLContext.getSocketFactory().getDefaultCipherSuites()));
    }
}
