package org.apereo.cas.authentication;

import java.io.IOException;
import java.security.KeyStore;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apereo.cas.util.http.SimpleHttpClientFactoryBean;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.FileSystemResource;
import org.springframework.core.io.Resource;

/* loaded from: input_file:org/apereo/cas/authentication/FileTrustStoreSslSocketFactoryTests.class */
public class FileTrustStoreSslSocketFactoryTests {
    private static final ClassPathResource RESOURCE = new ClassPathResource("truststore.jks");

    @Rule
    public ExpectedException thrown = ExpectedException.none();

    private static SSLConnectionSocketFactory sslFactory(Resource resource, String str) {
        return new SSLConnectionSocketFactory(new DefaultCasSslContext(resource, str, KeyStore.getDefaultType()).getSslContext());
    }

    private static SSLConnectionSocketFactory sslFactory() {
        return sslFactory(RESOURCE, "changeit");
    }

    @Test
    public void verifyTrustStoreLoadingSuccessfullyWithCertAvailable() {
        SimpleHttpClientFactoryBean simpleHttpClientFactoryBean = new SimpleHttpClientFactoryBean();
        simpleHttpClientFactoryBean.setSslSocketFactory(sslFactory());
        Assert.assertTrue(simpleHttpClientFactoryBean.getObject().isValidEndPoint("https://self-signed.badssl.com"));
    }

    @Test
    public void verifyTrustStoreLoadingSuccessfullyWithCertAvailable2() {
        SimpleHttpClientFactoryBean simpleHttpClientFactoryBean = new SimpleHttpClientFactoryBean();
        simpleHttpClientFactoryBean.setSslSocketFactory(sslFactory());
        Assert.assertTrue(simpleHttpClientFactoryBean.getObject().isValidEndPoint("https://untrusted-root.badssl.com"));
    }

    @Test
    public void verifyTrustStoreNotFound() {
        this.thrown.expect(IOException.class);
        sslFactory(new FileSystemResource("test.jks"), "changeit");
    }

    @Test
    public void verifyTrustStoreBadPassword() {
        this.thrown.expect(IOException.class);
        sslFactory(RESOURCE, "invalid");
    }

    @Test
    public void verifyTrustStoreLoadingSuccessfullyForValidEndpointWithNoCert() {
        SimpleHttpClientFactoryBean simpleHttpClientFactoryBean = new SimpleHttpClientFactoryBean();
        simpleHttpClientFactoryBean.setSslSocketFactory(sslFactory());
        Assert.assertTrue(simpleHttpClientFactoryBean.getObject().isValidEndPoint("https://www.google.com"));
    }

    @Test
    public void verifyTrustStoreLoadingSuccessfullyWihInsecureEndpoint() {
        SimpleHttpClientFactoryBean simpleHttpClientFactoryBean = new SimpleHttpClientFactoryBean();
        simpleHttpClientFactoryBean.setSslSocketFactory(sslFactory());
        Assert.assertTrue(simpleHttpClientFactoryBean.getObject().isValidEndPoint("http://wikipedia.org"));
    }
}
