package org.eclipse.hono.service.http;

import io.opentracing.Span;
import io.opentracing.SpanContext;
import io.opentracing.tag.Tags;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.MultiMap;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.http.HttpServerRequest;
import io.vertx.ext.web.RoutingContext;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.time.Period;
import java.time.temporal.TemporalAmount;
import java.util.Base64;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.auth.x500.X500Principal;
import org.eclipse.hono.client.HonoConnection;
import org.eclipse.hono.client.TenantClient;
import org.eclipse.hono.client.TenantClientFactory;
import org.eclipse.hono.config.ProtocolAdapterProperties;
import org.eclipse.hono.util.TenantObject;
import org.eclipse.hono.util.TenantTracingConfig;
import org.eclipse.hono.util.TracingSamplingMode;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/eclipse/hono/service/http/TenantTraceSamplingHandlerTest.class */
public class TenantTraceSamplingHandlerTest {
    private static final String PARAM_TENANT = "tenant";
    private static final String PARAM_DEVICE_ID = "device_id";
    private TenantClient tenantClient;
    private ProtocolAdapterProperties config;
    private Span span;
    private RoutingContext ctx;
    private Map<String, Object> ctxMap;
    private TenantTraceSamplingHandler tenantTraceSamplingHandler;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/hono/service/http/TenantTraceSamplingHandlerTest$EmptyCertificate.class */
    public static class EmptyCertificate extends X509Certificate {
        private final X500Principal subject;
        private final X500Principal issuer;

        EmptyCertificate(String str, String str2) {
            this.subject = new X500Principal(str);
            this.issuer = new X500Principal(str2);
        }

        @Override // java.security.cert.X509Extension
        public boolean hasUnsupportedCriticalExtension() {
            return false;
        }

        @Override // java.security.cert.X509Extension
        public Set<String> getCriticalExtensionOIDs() {
            return null;
        }

        @Override // java.security.cert.X509Extension
        public Set<String> getNonCriticalExtensionOIDs() {
            return null;
        }

        @Override // java.security.cert.X509Extension
        public byte[] getExtensionValue(String str) {
            return null;
        }

        @Override // java.security.cert.X509Certificate
        public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
        }

        @Override // java.security.cert.X509Certificate
        public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
        }

        @Override // java.security.cert.X509Certificate
        public int getVersion() {
            return 0;
        }

        @Override // java.security.cert.X509Certificate
        public BigInteger getSerialNumber() {
            return null;
        }

        @Override // java.security.cert.X509Certificate
        public Principal getIssuerDN() {
            return this.issuer;
        }

        @Override // java.security.cert.X509Certificate
        public X500Principal getIssuerX500Principal() {
            return this.issuer;
        }

        @Override // java.security.cert.X509Certificate
        public Principal getSubjectDN() {
            return this.subject;
        }

        @Override // java.security.cert.X509Certificate
        public X500Principal getSubjectX500Principal() {
            return this.subject;
        }

        @Override // java.security.cert.X509Certificate
        public Date getNotBefore() {
            return Date.from(Instant.now().minus((TemporalAmount) Period.ofDays(1)));
        }

        @Override // java.security.cert.X509Certificate
        public Date getNotAfter() {
            return Date.from(Instant.now().plus((TemporalAmount) Period.ofDays(1)));
        }

        @Override // java.security.cert.X509Certificate
        public byte[] getTBSCertificate() throws CertificateEncodingException {
            return null;
        }

        @Override // java.security.cert.X509Certificate
        public byte[] getSignature() {
            return null;
        }

        @Override // java.security.cert.X509Certificate
        public String getSigAlgName() {
            return null;
        }

        @Override // java.security.cert.X509Certificate
        public String getSigAlgOID() {
            return null;
        }

        @Override // java.security.cert.X509Certificate
        public byte[] getSigAlgParams() {
            return null;
        }

        @Override // java.security.cert.X509Certificate
        public boolean[] getIssuerUniqueID() {
            return null;
        }

        @Override // java.security.cert.X509Certificate
        public boolean[] getSubjectUniqueID() {
            return null;
        }

        @Override // java.security.cert.X509Certificate
        public boolean[] getKeyUsage() {
            return null;
        }

        @Override // java.security.cert.X509Certificate
        public int getBasicConstraints() {
            return 0;
        }

        @Override // java.security.cert.Certificate
        public byte[] getEncoded() throws CertificateEncodingException {
            return null;
        }

        @Override // java.security.cert.Certificate
        public void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        }

        @Override // java.security.cert.Certificate
        public void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        }

        @Override // java.security.cert.Certificate
        public String toString() {
            return null;
        }

        @Override // java.security.cert.Certificate
        public PublicKey getPublicKey() {
            return null;
        }
    }

    @BeforeEach
    public void setUp() {
        this.tenantClient = (TenantClient) Mockito.mock(TenantClient.class);
        ((TenantClient) Mockito.doAnswer(invocationOnMock -> {
            return Future.succeededFuture(TenantObject.from((String) invocationOnMock.getArgument(0), true));
        }).when(this.tenantClient)).get(ArgumentMatchers.anyString(), (SpanContext) ArgumentMatchers.any(SpanContext.class));
        TenantClientFactory tenantClientFactory = (TenantClientFactory) Mockito.mock(TenantClientFactory.class);
        Mockito.when(tenantClientFactory.connect()).thenReturn(Future.succeededFuture((HonoConnection) Mockito.mock(HonoConnection.class)));
        ((TenantClientFactory) Mockito.doAnswer(invocationOnMock2 -> {
            ((Handler) invocationOnMock2.getArgument(0)).handle(Future.succeededFuture());
            return null;
        }).when(tenantClientFactory)).disconnect((Handler) ArgumentMatchers.any(Handler.class));
        Mockito.when(tenantClientFactory.getOrCreateTenantClient()).thenReturn(Future.succeededFuture(this.tenantClient));
        this.config = new ProtocolAdapterProperties();
        this.config.setSingleTenant(false);
        this.span = (Span) Mockito.mock(Span.class);
        Mockito.when(this.span.context()).thenReturn((SpanContext) Mockito.mock(SpanContext.class));
        this.ctxMap = new HashMap();
        this.ctxMap.put(TracingHandler.CURRENT_SPAN, this.span);
        this.ctx = (RoutingContext) Mockito.mock(RoutingContext.class);
        Mockito.when(this.ctx.get(ArgumentMatchers.anyString())).thenAnswer(invocationOnMock3 -> {
            return this.ctxMap.get(invocationOnMock3.getArgument(0));
        });
        this.tenantTraceSamplingHandler = new TenantTraceSamplingHandler(new HttpContextTenantAndAuthIdProvider(this.config, tenantClientFactory, PARAM_TENANT, PARAM_DEVICE_ID));
    }

    @Test
    public void testHandleSetsSamplingPriorityForMatchingTenant() {
        Mockito.when(this.tenantClient.get((String) ArgumentMatchers.eq("testTenant"), (SpanContext) ArgumentMatchers.any(SpanContext.class))).thenReturn(Future.succeededFuture(TenantObject.from("testTenant", true).setTracingConfig(new TenantTracingConfig().setSamplingMode(TracingSamplingMode.ALL))));
        setupBasicAuthHttpServerRequest("testTenant", "testAuthId");
        this.tenantTraceSamplingHandler.handle(this.ctx);
        ((Span) Mockito.verify(this.span)).setTag((String) ArgumentMatchers.eq(Tags.SAMPLING_PRIORITY.getKey()), Integer.valueOf(ArgumentMatchers.eq(1)));
        ((RoutingContext) Mockito.verify(this.ctx)).next();
    }

    @Test
    public void testHandleSetsSamplingPriorityForMatchingAuthId() {
        Mockito.when(this.tenantClient.get((String) ArgumentMatchers.eq("testTenant"), (SpanContext) ArgumentMatchers.any(SpanContext.class))).thenReturn(Future.succeededFuture(TenantObject.from("testTenant", true).setTracingConfig(new TenantTracingConfig().setSamplingModePerAuthId(Map.of("testAuthId", TracingSamplingMode.ALL)))));
        setupBasicAuthHttpServerRequest("testTenant", "testAuthId");
        this.tenantTraceSamplingHandler.handle(this.ctx);
        ((Span) Mockito.verify(this.span)).setTag((String) ArgumentMatchers.eq(Tags.SAMPLING_PRIORITY.getKey()), Integer.valueOf(ArgumentMatchers.eq(1)));
        ((RoutingContext) Mockito.verify(this.ctx)).next();
    }

    @Test
    public void testHandleSetsSamplingPriorityForMatchingAuthIdInSingleTenantMode() {
        Mockito.when(this.tenantClient.get((String) ArgumentMatchers.eq("DEFAULT_TENANT"), (SpanContext) ArgumentMatchers.any(SpanContext.class))).thenReturn(Future.succeededFuture(TenantObject.from("DEFAULT_TENANT", true).setTracingConfig(new TenantTracingConfig().setSamplingModePerAuthId(Map.of("testAuthId", TracingSamplingMode.ALL)))));
        this.config.setSingleTenant(true);
        setupBasicAuthHttpServerRequest("testAuthId");
        this.tenantTraceSamplingHandler.handle(this.ctx);
        ((Span) Mockito.verify(this.span)).setTag((String) ArgumentMatchers.eq(Tags.SAMPLING_PRIORITY.getKey()), Integer.valueOf(ArgumentMatchers.eq(1)));
        ((RoutingContext) Mockito.verify(this.ctx)).next();
    }

    @Test
    public void testHandleRespectsOverrideForAuthId() {
        Mockito.when(this.tenantClient.get((String) ArgumentMatchers.eq("testTenant"), (SpanContext) ArgumentMatchers.any(SpanContext.class))).thenReturn(Future.succeededFuture(TenantObject.from("testTenant", true).setTracingConfig(new TenantTracingConfig().setSamplingMode(TracingSamplingMode.ALL).setSamplingModePerAuthId(Map.of("testAuthId", TracingSamplingMode.DEFAULT)))));
        setupBasicAuthHttpServerRequest("testTenant", "testAuthId");
        this.tenantTraceSamplingHandler.handle(this.ctx);
        ((Span) Mockito.verify(this.span, Mockito.never())).setTag((String) ArgumentMatchers.eq(Tags.SAMPLING_PRIORITY.getKey()), Integer.valueOf(ArgumentMatchers.anyInt()));
        ((RoutingContext) Mockito.verify(this.ctx)).next();
    }

    private void setupBasicAuthHttpServerRequest(String str, String str2) {
        setupBasicAuthHttpServerRequest(str2 + "@" + str);
    }

    private void setupBasicAuthHttpServerRequest(String str) {
        String str2 = "BASIC " + Base64.getEncoder().encodeToString((str + ":password").getBytes(StandardCharsets.UTF_8));
        MultiMap multiMap = (MultiMap) Mockito.mock(MultiMap.class);
        Mockito.when(multiMap.get((CharSequence) ArgumentMatchers.eq(HttpHeaders.AUTHORIZATION))).thenReturn(str2);
        HttpServerRequest httpServerRequest = (HttpServerRequest) Mockito.mock(HttpServerRequest.class);
        Mockito.when(httpServerRequest.headers()).thenReturn(multiMap);
        Mockito.when(this.ctx.request()).thenReturn(httpServerRequest);
    }

    @Test
    public void testHandleSetsSamplingPriorityForGivenTenantParam() {
        this.ctxMap.put(PARAM_TENANT, "testTenant");
        this.ctxMap.put(PARAM_DEVICE_ID, "testAuthId");
        Mockito.when(this.tenantClient.get((String) ArgumentMatchers.eq("testTenant"), (SpanContext) ArgumentMatchers.any(SpanContext.class))).thenReturn(Future.succeededFuture(TenantObject.from("testTenant", true).setTracingConfig(new TenantTracingConfig().setSamplingMode(TracingSamplingMode.ALL))));
        this.config.setAuthenticationRequired(false);
        setupNonSslHttpRequest();
        this.tenantTraceSamplingHandler.handle(this.ctx);
        ((Span) Mockito.verify(this.span)).setTag((String) ArgumentMatchers.eq(Tags.SAMPLING_PRIORITY.getKey()), Integer.valueOf(ArgumentMatchers.eq(1)));
        ((RoutingContext) Mockito.verify(this.ctx)).next();
    }

    @Test
    public void testHandleSetsSamplingPriorityForGivenDeviceParam() {
        this.ctxMap.put(PARAM_TENANT, "testTenant");
        this.ctxMap.put(PARAM_DEVICE_ID, "testAuthId");
        Mockito.when(this.tenantClient.get((String) ArgumentMatchers.eq("testTenant"), (SpanContext) ArgumentMatchers.any(SpanContext.class))).thenReturn(Future.succeededFuture(TenantObject.from("testTenant", true).setTracingConfig(new TenantTracingConfig().setSamplingModePerAuthId(Map.of("testAuthId", TracingSamplingMode.ALL)))));
        this.config.setAuthenticationRequired(false);
        setupNonSslHttpRequest();
        this.tenantTraceSamplingHandler.handle(this.ctx);
        ((Span) Mockito.verify(this.span)).setTag((String) ArgumentMatchers.eq(Tags.SAMPLING_PRIORITY.getKey()), Integer.valueOf(ArgumentMatchers.eq(1)));
        ((RoutingContext) Mockito.verify(this.ctx)).next();
    }

    private void setupNonSslHttpRequest() {
        HttpServerRequest httpServerRequest = (HttpServerRequest) Mockito.mock(HttpServerRequest.class);
        Mockito.when(Boolean.valueOf(httpServerRequest.isSSL())).thenReturn(false);
        Mockito.when(this.ctx.request()).thenReturn(httpServerRequest);
    }

    @Test
    public void testHandleSetsSamplingPriorityForGivenCert() throws SSLPeerUnverifiedException {
        TenantObject tracingConfig = TenantObject.from("testTenant", true).setTracingConfig(new TenantTracingConfig().setSamplingMode(TracingSamplingMode.ALL));
        ((TenantClient) Mockito.doAnswer(invocationOnMock -> {
            return !invocationOnMock.getArgument(0).toString().equals("CN=testTenant") ? Future.failedFuture("tenant not found") : Future.succeededFuture(tracingConfig);
        }).when(this.tenantClient)).get((X500Principal) ArgumentMatchers.any(X500Principal.class), (SpanContext) ArgumentMatchers.any(SpanContext.class));
        setupClientCertHttpRequest("testTenant", "CN=device");
        this.tenantTraceSamplingHandler.handle(this.ctx);
        ((Span) Mockito.verify(this.span)).setTag((String) ArgumentMatchers.eq(Tags.SAMPLING_PRIORITY.getKey()), Integer.valueOf(ArgumentMatchers.eq(1)));
        ((RoutingContext) Mockito.verify(this.ctx)).next();
    }

    @Test
    public void testHandleSetsSamplingPriorityForGivenCertUsingSubjectDn() throws SSLPeerUnverifiedException {
        TenantObject tracingConfig = TenantObject.from("testTenant", true).setTracingConfig(new TenantTracingConfig().setSamplingModePerAuthId(Map.of("CN=Device 4711,OU=Hono,O=Eclipse IoT,L=Ottawa,C=CA", TracingSamplingMode.ALL)));
        ((TenantClient) Mockito.doAnswer(invocationOnMock -> {
            return !invocationOnMock.getArgument(0).toString().equals("CN=testTenant") ? Future.failedFuture("tenant not found") : Future.succeededFuture(tracingConfig);
        }).when(this.tenantClient)).get((X500Principal) ArgumentMatchers.any(X500Principal.class), (SpanContext) ArgumentMatchers.any(SpanContext.class));
        setupClientCertHttpRequest("testTenant", "CN=Device 4711,OU=Hono,O=Eclipse IoT,L=Ottawa,C=CA");
        this.tenantTraceSamplingHandler.handle(this.ctx);
        ((Span) Mockito.verify(this.span)).setTag((String) ArgumentMatchers.eq(Tags.SAMPLING_PRIORITY.getKey()), Integer.valueOf(ArgumentMatchers.eq(1)));
        ((RoutingContext) Mockito.verify(this.ctx)).next();
    }

    private void setupClientCertHttpRequest(String str, String str2) throws SSLPeerUnverifiedException {
        EmptyCertificate emptyCertificate = new EmptyCertificate(str2, "CN=" + str);
        SSLSession sSLSession = (SSLSession) Mockito.mock(SSLSession.class);
        Mockito.when(sSLSession.getPeerCertificates()).thenReturn(new X509Certificate[]{emptyCertificate});
        HttpServerRequest httpServerRequest = (HttpServerRequest) Mockito.mock(HttpServerRequest.class);
        Mockito.when(Boolean.valueOf(httpServerRequest.isSSL())).thenReturn(true);
        Mockito.when(httpServerRequest.sslSession()).thenReturn(sSLSession);
        Mockito.when(this.ctx.request()).thenReturn(httpServerRequest);
    }
}
