package com.github.tomakehurst.wiremock.http;

import com.github.tomakehurst.wiremock.client.WireMock;
import com.github.tomakehurst.wiremock.common.NetworkAddressRules;
import com.github.tomakehurst.wiremock.common.ProxySettings;
import com.github.tomakehurst.wiremock.common.ssl.KeyStoreSettings;
import com.github.tomakehurst.wiremock.core.WireMockConfiguration;
import com.github.tomakehurst.wiremock.crypto.InMemoryKeyStore;
import com.github.tomakehurst.wiremock.crypto.Secret;
import com.github.tomakehurst.wiremock.crypto.X509CertificateSpecification;
import com.github.tomakehurst.wiremock.crypto.X509CertificateVersion;
import com.github.tomakehurst.wiremock.http.client.ApacheBackedHttpClient;
import com.github.tomakehurst.wiremock.junit5.WireMockExtension;
import com.github.tomakehurst.wiremock.matching.MockRequest;
import com.github.tomakehurst.wiremock.store.InMemorySettingsStore;
import com.github.tomakehurst.wiremock.stubbing.ServeEvent;
import com.github.tomakehurst.wiremock.stubbing.ServeEventFactory;
import com.github.tomakehurst.wiremock.verification.LoggedRequest;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.Field;
import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.Date;
import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.core5.http.ClassicHttpRequest;
import org.apache.hc.core5.http.io.HttpClientResponseHandler;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.hamcrest.core.StringContains;
import org.hamcrest.core.StringStartsWith;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.condition.DisabledForJreRange;
import org.junit.jupiter.api.condition.JRE;
import org.junit.jupiter.api.extension.RegisterExtension;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

@DisabledForJreRange(min = JRE.JAVA_17, disabledReason = "does not support generating certificates at runtime")
/* loaded from: input_file:com/github/tomakehurst/wiremock/http/ProxyResponseRendererTest.class */
public class ProxyResponseRendererTest {
    private static final int PROXY_TIMEOUT = 200000;
    CloseableHttpClient reverseProxyApacheClient;
    CloseableHttpClient forwardProxyApacheClient;

    @RegisterExtension
    public WireMockExtension origin = WireMockExtension.newInstance().options(WireMockConfiguration.options().httpDisabled(true).dynamicHttpsPort().keystorePath(generateKeystore().getAbsolutePath())).build();
    private final ProxyResponseRenderer proxyResponseRenderer = buildProxyResponseRenderer(false);

    @Test
    public void acceptsAnyCertificateForStandardProxying() {
        this.origin.stubFor(WireMock.get("/proxied").willReturn(WireMock.aResponse().withBody("Result")));
        Assertions.assertEquals(this.proxyResponseRenderer.render(reverseProxyServeEvent("/proxied")).getBodyAsString(), "Result");
    }

    @Test
    public void rejectsSelfSignedCertificateForForwardProxyingByDefault() {
        this.origin.stubFor(WireMock.get("/proxied").willReturn(WireMock.aResponse().withBody("Result")));
        Response render = this.proxyResponseRenderer.render(forwardProxyServeEvent("/proxied"));
        Assertions.assertEquals(500, render.getStatus());
        MatcherAssert.assertThat(render.getBodyAsString(), StringStartsWith.startsWith("SSL failure trying to make a proxied request from WireMock to " + this.origin.url("/proxied")));
        MatcherAssert.assertThat(render.getBodyAsString(), StringContains.containsString("unable to find valid certification path to requested target"));
    }

    @Test
    public void acceptsSelfSignedCertificateForForwardProxyingIfTrustAllProxyTargets() {
        ProxyResponseRenderer buildProxyResponseRenderer = buildProxyResponseRenderer(true);
        this.origin.stubFor(WireMock.get("/proxied").willReturn(WireMock.aResponse().withBody("Result")));
        Assertions.assertEquals(buildProxyResponseRenderer.render(forwardProxyServeEvent("/proxied")).getBodyAsString(), "Result");
    }

    @Test
    void passesThroughCorsResponseHeadersWhenStubCorsDisabled() {
        ProxyResponseRenderer buildProxyResponseRenderer = buildProxyResponseRenderer(true, false);
        this.origin.stubFor(WireMock.get("/proxied").willReturn(WireMock.ok("Result").withHeader("Access-Control-Allow-Headers", new String[]{"X-Blah"})));
        HttpHeader header = buildProxyResponseRenderer.render(forwardProxyServeEvent("/proxied")).getHeaders().getHeader("Access-Control-Allow-Headers");
        MatcherAssert.assertThat("CORS response header sent from the origin is not present in the response", Boolean.valueOf(header.isPresent()), Matchers.is(true));
        MatcherAssert.assertThat(header.firstValue(), Matchers.is("X-Blah"));
    }

    @Test
    void doesNotPassThroughCorsResponseHeadersWhenStubCorsEnabled() {
        ProxyResponseRenderer buildProxyResponseRenderer = buildProxyResponseRenderer(true, true);
        this.origin.stubFor(WireMock.get("/proxied").willReturn(WireMock.ok("Result").withHeader("Access-Control-Allow-Headers", new String[]{"X-Blah"})));
        MatcherAssert.assertThat("CORS response header sent from the origin is present in the response", Boolean.valueOf(buildProxyResponseRenderer.render(forwardProxyServeEvent("/proxied")).getHeaders().getHeader("Access-Control-Allow-Headers").isPresent()), Matchers.is(false));
    }

    @Test
    void doesNotAddEntityIfEmptyBodyReverseProxy() throws IOException {
        this.proxyResponseRenderer.render(reverseProxyServeEvent("/proxied"));
        ((CloseableHttpClient) Mockito.verify(this.reverseProxyApacheClient)).execute((ClassicHttpRequest) ArgumentMatchers.argThat(classicHttpRequest -> {
            return classicHttpRequest.getEntity() == null;
        }), (HttpClientResponseHandler) ArgumentMatchers.any(HttpClientResponseHandler.class));
    }

    @Test
    void doesNotAddEntityIfEmptyBodyForwardProxy() throws IOException {
        this.proxyResponseRenderer.render(forwardProxyServeEvent("/proxied"));
        ((CloseableHttpClient) Mockito.verify(this.forwardProxyApacheClient)).execute((ClassicHttpRequest) ArgumentMatchers.argThat(classicHttpRequest -> {
            return classicHttpRequest.getEntity() == null;
        }), (HttpClientResponseHandler) ArgumentMatchers.any(HttpClientResponseHandler.class));
    }

    @Test
    void addsEntityIfNotEmptyBodyReverseProxy() throws IOException {
        this.proxyResponseRenderer.render(serveEvent("/proxied", false, "Text body".getBytes(StandardCharsets.UTF_8)));
        ((CloseableHttpClient) Mockito.verify(this.reverseProxyApacheClient)).execute((ClassicHttpRequest) ArgumentMatchers.argThat(classicHttpRequest -> {
            return classicHttpRequest.getEntity() != null;
        }), (HttpClientResponseHandler) ArgumentMatchers.any(HttpClientResponseHandler.class));
    }

    @Test
    void addsEntityIfNotEmptyBodyForwardProxy() throws IOException {
        this.proxyResponseRenderer.render(serveEvent("/proxied", true, "Text body".getBytes(StandardCharsets.UTF_8)));
        ((CloseableHttpClient) Mockito.verify(this.forwardProxyApacheClient)).execute((ClassicHttpRequest) ArgumentMatchers.argThat(classicHttpRequest -> {
            return classicHttpRequest.getEntity() != null;
        }), (HttpClientResponseHandler) ArgumentMatchers.any(HttpClientResponseHandler.class));
    }

    @Test
    void addsEmptyEntityIfEmptyBodyForwardProxyPOST() throws IOException {
        ProxyResponseRenderer buildProxyResponseRenderer = buildProxyResponseRenderer(true);
        this.origin.stubFor(WireMock.post("/proxied/empty-post").willReturn(WireMock.aResponse().withBody("Result")));
        buildProxyResponseRenderer.render(serveEvent("/proxied/empty-post", true, new byte[0], RequestMethod.POST, new HttpHeaders(new HttpHeader[]{new HttpHeader("Content-Length", new String[]{"0"})})));
        ((CloseableHttpClient) Mockito.verify(this.forwardProxyApacheClient)).execute((ClassicHttpRequest) ArgumentMatchers.argThat(classicHttpRequest -> {
            return classicHttpRequest.getEntity() != null;
        }), (HttpClientResponseHandler) ArgumentMatchers.any(HttpClientResponseHandler.class));
        org.assertj.core.api.Assertions.assertThat(this.origin.findAll(WireMock.postRequestedFor(WireMock.urlPathMatching("/proxied/empty-post")))).hasSizeGreaterThan(0).allMatch(loggedRequest -> {
            return "0".equals(loggedRequest.getHeader("Content-Length"));
        }).noneMatch(loggedRequest2 -> {
            return loggedRequest2.containsHeader("Content-Type");
        });
    }

    @Test
    void addsEmptyEntityIfEmptyBodyForwardProxyGET() throws IOException {
        ProxyResponseRenderer buildProxyResponseRenderer = buildProxyResponseRenderer(true);
        this.origin.stubFor(WireMock.get("/proxied/empty-get").willReturn(WireMock.aResponse().withBody("Result")));
        buildProxyResponseRenderer.render(serveEvent("/proxied/empty-get", true, new byte[0], RequestMethod.GET, new HttpHeaders(new HttpHeader[]{new HttpHeader("Content-Length", new String[]{"0"})})));
        ((CloseableHttpClient) Mockito.verify(this.forwardProxyApacheClient)).execute((ClassicHttpRequest) ArgumentMatchers.argThat(classicHttpRequest -> {
            return classicHttpRequest.getEntity() != null;
        }), (HttpClientResponseHandler) ArgumentMatchers.any(HttpClientResponseHandler.class));
        org.assertj.core.api.Assertions.assertThat(this.origin.findAll(WireMock.getRequestedFor(WireMock.urlPathMatching("/proxied/empty-get")))).hasSizeGreaterThan(0).allMatch(loggedRequest -> {
            return "0".equals(loggedRequest.getHeader("Content-Length"));
        }).noneMatch(loggedRequest2 -> {
            return loggedRequest2.containsHeader("Content-Type");
        });
    }

    @Test
    void usesCorrectProxyRequestTimeout() {
        RequestConfig requestConfig = (RequestConfig) reflectiveSpyField(RequestConfig.class, "defaultConfig", this.forwardProxyApacheClient);
        RequestConfig requestConfig2 = (RequestConfig) reflectiveSpyField(RequestConfig.class, "defaultConfig", this.reverseProxyApacheClient);
        MatcherAssert.assertThat(Long.valueOf(requestConfig.getResponseTimeout().toMilliseconds()), Matchers.is(200000L));
        MatcherAssert.assertThat(Long.valueOf(requestConfig2.getResponseTimeout().toMilliseconds()), Matchers.is(200000L));
    }

    private static <T> T reflectiveInnerSpyField(Class<T> cls, String str, String str2, Object obj) {
        try {
            Field declaredField = obj.getClass().getDeclaredField(str);
            declaredField.setAccessible(true);
            Object obj2 = declaredField.get(obj);
            Field declaredField2 = obj2.getClass().getDeclaredField(str2);
            declaredField2.setAccessible(true);
            T t = (T) Mockito.spy(cls.cast(declaredField2.get(obj2)));
            declaredField2.set(obj2, t);
            return t;
        } catch (IllegalAccessException | NoSuchFieldException e) {
            throw new RuntimeException(e);
        }
    }

    private static <T> T reflectiveSpyField(Class<T> cls, String str, Object obj) {
        try {
            Field declaredField = obj.getClass().getDeclaredField(str);
            declaredField.setAccessible(true);
            T t = (T) Mockito.spy(cls.cast(declaredField.get(obj)));
            declaredField.set(obj, t);
            return t;
        } catch (IllegalAccessException | NoSuchFieldException e) {
            throw new RuntimeException(e);
        }
    }

    private static <T> T spyField(T t) {
        return (T) Mockito.spy(t);
    }

    private ServeEvent reverseProxyServeEvent(String str) {
        return serveEvent(str, false, new byte[0]);
    }

    private ServeEvent forwardProxyServeEvent(String str) {
        return serveEvent(str, true, new byte[0]);
    }

    private ServeEvent serveEvent(String str, boolean z, byte[] bArr) {
        return serveEvent(str, z, bArr, RequestMethod.GET, new HttpHeaders());
    }

    private ServeEvent serveEvent(String str, boolean z, byte[] bArr, RequestMethod requestMethod, HttpHeaders httpHeaders) {
        LoggedRequest createFrom = LoggedRequest.createFrom(MockRequest.mockRequest().url(str).absoluteUrl(this.origin.url(str)).method(requestMethod).headers(httpHeaders).isBrowserProxyRequest(z).body(bArr).protocol("HTTP/1.1"));
        ResponseDefinition build = WireMock.aResponse().proxiedFrom(this.origin.baseUrl()).build();
        build.setOriginalRequest(createFrom);
        return ServeEventFactory.newPostMatchServeEvent((Request) createFrom, build);
    }

    private File generateKeystore() throws Exception {
        InMemoryKeyStore inMemoryKeyStore = new InMemoryKeyStore(InMemoryKeyStore.KeyStoreType.JKS, new Secret("password"));
        X509CertificateSpecification x509CertificateSpecification = new X509CertificateSpecification(X509CertificateVersion.V3, "CN=localhost", "CN=wiremock.org", new Date(), new Date(System.currentTimeMillis() + 31536000000L));
        KeyPair generateKeyPair = generateKeyPair();
        inMemoryKeyStore.addPrivateKey("wiremock", generateKeyPair, x509CertificateSpecification.certificateFor(generateKeyPair));
        File createTempFile = File.createTempFile("wiremock-test", "keystore");
        inMemoryKeyStore.saveAs(createTempFile);
        return createTempFile;
    }

    private KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024);
        return keyPairGenerator.generateKeyPair();
    }

    private ProxyResponseRenderer buildProxyResponseRenderer(boolean z) {
        return buildProxyResponseRenderer(z, false);
    }

    private ProxyResponseRenderer buildProxyResponseRenderer(boolean z, boolean z2) {
        this.reverseProxyApacheClient = (CloseableHttpClient) Mockito.spy(HttpClientFactory.createClient(1000, PROXY_TIMEOUT, ProxySettings.NO_PROXY, KeyStoreSettings.NO_STORE, true, Collections.emptyList(), true, NetworkAddressRules.ALLOW_ALL));
        ApacheBackedHttpClient apacheBackedHttpClient = new ApacheBackedHttpClient(this.reverseProxyApacheClient);
        this.forwardProxyApacheClient = (CloseableHttpClient) Mockito.spy(HttpClientFactory.createClient(1000, PROXY_TIMEOUT, ProxySettings.NO_PROXY, KeyStoreSettings.NO_STORE, z, Collections.emptyList(), false, NetworkAddressRules.ALLOW_ALL));
        return new ProxyResponseRenderer(false, (String) null, new InMemorySettingsStore(), z2, apacheBackedHttpClient, new ApacheBackedHttpClient(this.forwardProxyApacheClient));
    }
}
