package com.github.tomakehurst.wiremock;

import com.github.tomakehurst.wiremock.client.WireMock;
import com.github.tomakehurst.wiremock.common.FatalStartupException;
import com.github.tomakehurst.wiremock.common.ResourceUtil;
import com.github.tomakehurst.wiremock.core.WireMockConfiguration;
import com.github.tomakehurst.wiremock.http.Fault;
import com.github.tomakehurst.wiremock.http.HttpClientFactory;
import com.github.tomakehurst.wiremock.stubbing.ServeEvent;
import com.github.tomakehurst.wiremock.testsupport.TestFiles;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.SocketException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import org.apache.hc.client5.http.HttpHostConnectException;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
import org.apache.hc.client5.http.ssl.TrustSelfSignedStrategy;
import org.apache.hc.core5.http.MalformedChunkCodingException;
import org.apache.hc.core5.http.NoHttpResponseException;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.hc.core5.ssl.SSLContexts;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.condition.DisabledOnOs;
import org.junit.jupiter.api.condition.OS;

/* loaded from: input_file:com/github/tomakehurst/wiremock/HttpsAcceptanceTest.class */
class HttpsAcceptanceTest {
    private WireMockServer wireMockServer;
    private WireMockServer proxy;
    private CloseableHttpClient httpClient;

    HttpsAcceptanceTest() {
    }

    @AfterEach
    public void serverShutdown() {
        if (this.wireMockServer != null) {
            this.wireMockServer.stop();
        }
        if (this.proxy != null) {
            this.proxy.shutdown();
        }
    }

    @Test
    void shouldReturnStubOnSpecifiedPort() throws Exception {
        startServerWithDefaultKeystore();
        WireMock.stubFor(WireMock.get(WireMock.urlEqualTo("/https-test")).willReturn(WireMock.aResponse().withStatus(200).withBody("HTTPS content")));
        MatcherAssert.assertThat(contentFor(url("/https-test")), Matchers.is("HTTPS content"));
    }

    @Test
    void shouldReturnOnlyOnHttpsWhenHttpDisabled() throws Exception {
        Assertions.assertTrue(Assertions.assertThrows(IllegalStateException.class, () -> {
            this.wireMockServer = new WireMockServer(WireMockConfiguration.wireMockConfig().httpDisabled(true).dynamicHttpsPort());
            this.wireMockServer.start();
            WireMock.configureFor("https", "localhost", this.wireMockServer.httpsPort());
            this.httpClient = HttpClientFactory.createClient();
            WireMock.stubFor(WireMock.get(WireMock.urlEqualTo("/https-test")).willReturn(WireMock.aResponse().withStatus(200).withBody("HTTPS content")));
            this.wireMockServer.port();
            MatcherAssert.assertThat(contentFor(url("/https-test")), Matchers.is("HTTPS content"));
        }).getMessage().contains("Not listening on HTTP port. Either HTTP is not enabled or the WireMock server is stopped."));
    }

    @Test
    @DisabledOnOs(value = {OS.WINDOWS}, disabledReason = "This feature does not work on Windows because of differing native socket behaviour")
    void connectionResetByPeerFault() throws IOException {
        startServerWithDefaultKeystore();
        WireMock.stubFor(WireMock.get(WireMock.urlEqualTo("/connection/reset")).willReturn(WireMock.aResponse().withFault(Fault.CONNECTION_RESET_BY_PEER)));
        try {
            this.httpClient.execute(new HttpGet(url("/connection/reset"))).getEntity();
            Assertions.fail("Expected a SocketException or SSLException to be thrown");
        } catch (Exception e) {
            MatcherAssert.assertThat(e.getClass().getName(), Matchers.anyOf(Matchers.is(SocketException.class.getName()), Matchers.is(SSLException.class.getName())));
        }
    }

    @Test
    void emptyResponseFault() {
        startServerWithDefaultKeystore();
        WireMock.stubFor(WireMock.get(WireMock.urlEqualTo("/empty/response")).willReturn(WireMock.aResponse().withFault(Fault.EMPTY_RESPONSE)));
        getAndAssertUnderlyingExceptionInstanceClass(url("/empty/response"), NoHttpResponseException.class);
    }

    @Test
    void malformedResponseChunkFault() {
        startServerWithDefaultKeystore();
        WireMock.stubFor(WireMock.get(WireMock.urlEqualTo("/malformed/response")).willReturn(WireMock.aResponse().withFault(Fault.MALFORMED_RESPONSE_CHUNK)));
        getAndAssertUnderlyingExceptionInstanceClass(url("/malformed/response"), MalformedChunkCodingException.class);
    }

    @Test
    void randomDataOnSocketFault() {
        startServerWithDefaultKeystore();
        WireMock.stubFor(WireMock.get(WireMock.urlEqualTo("/random/data")).willReturn(WireMock.aResponse().withFault(Fault.RANDOM_DATA_THEN_CLOSE)));
        getAndAssertUnderlyingExceptionInstanceClass(url("/random/data"), NoHttpResponseException.class);
    }

    @Test
    void throwsExceptionWhenBadAlternativeKeystore() {
        Assertions.assertThrows(Exception.class, () -> {
            startServerWithKeystore(ResourceUtil.getResource(HttpsAcceptanceTest.class, "bad-keystore").toString());
        });
    }

    @Test
    void acceptsAlternativeKeystore() throws Exception {
        startServerWithKeystore(ResourceUtil.getResource(HttpsAcceptanceTest.class, "test-keystore").toString());
        WireMock.stubFor(WireMock.get(WireMock.urlEqualTo("/https-test")).willReturn(WireMock.aResponse().withStatus(200).withBody("HTTPS content")));
        MatcherAssert.assertThat(contentFor(url("/https-test")), Matchers.is("HTTPS content"));
    }

    @Test
    void acceptsAlternativeKeystoreWithNonDefaultPassword() throws Exception {
        startServerWithKeystore(ResourceUtil.getResource(HttpsAcceptanceTest.class, "test-keystore-pwd").toString(), "nondefaultpass", "password");
        WireMock.stubFor(WireMock.get(WireMock.urlEqualTo("/https-test")).willReturn(WireMock.aResponse().withStatus(200).withBody("HTTPS content")));
        MatcherAssert.assertThat(contentFor(url("/https-test")), Matchers.is("HTTPS content"));
    }

    @Test
    void acceptsAlternativeKeystoreWithNonDefaultKeyManagerPassword() throws Exception {
        startServerWithKeystore(ResourceUtil.getResource(HttpsAcceptanceTest.class, "test-keystore-key-man-pwd").toString(), "password", "anotherpassword");
        WireMock.stubFor(WireMock.get(WireMock.urlEqualTo("/alt-password-https")).willReturn(WireMock.aResponse().withStatus(200).withBody("HTTPS content")));
        MatcherAssert.assertThat(contentFor(url("/alt-password-https")), Matchers.is("HTTPS content"));
    }

    @Test
    void failsToStartWithAlternativeKeystoreWithWrongKeyManagerPassword() {
        try {
            startServerWithKeystore(ResourceUtil.getResource(HttpsAcceptanceTest.class, "test-keystore-key-man-pwd").toString(), "password", "wrongpassword");
            Assertions.fail("Expected a SocketException or SSLHandshakeException to be thrown");
        } catch (Exception e) {
            MatcherAssert.assertThat(e.getClass().getName(), Matchers.is(FatalStartupException.class.getName()));
        }
    }

    @Test
    void rejectsWithoutClientCertificate() {
        startServerEnforcingClientCert(TestFiles.KEY_STORE_PATH, TestFiles.TRUST_STORE_PATH, TestFiles.TRUST_STORE_PASSWORD);
        this.wireMockServer.stubFor(WireMock.get(WireMock.urlEqualTo("/https-test")).willReturn(WireMock.aResponse().withStatus(200).withBody("HTTPS content")));
        try {
            contentFor(url("/https-test"));
            Assertions.fail("Expected a SocketException, SSLHandshakeException or SSLException to be thrown");
        } catch (Exception e) {
            MatcherAssert.assertThat(e.getClass().getName(), Matchers.anyOf(Matchers.is(HttpHostConnectException.class.getName()), Matchers.is(SSLHandshakeException.class.getName()), Matchers.is(SSLException.class.getName()), Matchers.is(SocketException.class.getName())));
        }
    }

    @Test
    void acceptWithClientCertificate() throws Exception {
        String str = TestFiles.TRUST_STORE_PATH;
        String str2 = TestFiles.TRUST_STORE_PATH;
        startServerEnforcingClientCert(TestFiles.KEY_STORE_PATH, str, TestFiles.TRUST_STORE_PASSWORD);
        this.wireMockServer.stubFor(WireMock.get(WireMock.urlEqualTo("/https-test")).willReturn(WireMock.aResponse().withStatus(200).withBody("HTTPS content")));
        MatcherAssert.assertThat(secureContentFor(url("/https-test"), str2, TestFiles.TRUST_STORE_PASSWORD), Matchers.is("HTTPS content"));
    }

    @Test
    void supportsProxyingWhenTargetRequiresClientCert() throws Exception {
        startServerEnforcingClientCert(TestFiles.KEY_STORE_PATH, TestFiles.TRUST_STORE_PATH, TestFiles.TRUST_STORE_PASSWORD);
        this.wireMockServer.stubFor(WireMock.get(WireMock.urlEqualTo("/client-cert-proxy")).willReturn(WireMock.aResponse().withStatus(200)));
        this.proxy = new WireMockServer(WireMockConfiguration.wireMockConfig().port(0).trustStorePath(TestFiles.TRUST_STORE_PATH).trustStorePassword(TestFiles.TRUST_STORE_PASSWORD));
        this.proxy.start();
        this.proxy.stubFor(WireMock.get(WireMock.urlEqualTo("/client-cert-proxy")).willReturn(WireMock.aResponse().proxiedFrom("https://localhost:" + this.wireMockServer.httpsPort())));
        MatcherAssert.assertThat(Integer.valueOf(this.httpClient.execute(new HttpGet("http://localhost:" + this.proxy.port() + "/client-cert-proxy")).getCode()), Matchers.is(200));
    }

    @Test
    void proxyingFailsWhenTargetServiceRequiresClientCertificatesAndProxyDoesNotSend() throws Exception {
        startServerEnforcingClientCert(TestFiles.KEY_STORE_PATH, TestFiles.TRUST_STORE_PATH, TestFiles.TRUST_STORE_PASSWORD);
        this.wireMockServer.stubFor(WireMock.get(WireMock.urlEqualTo("/client-cert-proxy-fail")).willReturn(WireMock.aResponse().withStatus(200)));
        this.proxy = new WireMockServer(WireMockConfiguration.wireMockConfig().port(0));
        this.proxy.start();
        this.proxy.stubFor(WireMock.get(WireMock.urlEqualTo("/client-cert-proxy-fail")).willReturn(WireMock.aResponse().proxiedFrom("https://localhost:" + this.wireMockServer.httpsPort())));
        MatcherAssert.assertThat(Integer.valueOf(this.httpClient.execute(new HttpGet("http://localhost:" + this.proxy.port() + "/client-cert-proxy-fail")).getCode()), Matchers.is(500));
    }

    @Test
    void doesNotTreatPlainHttpsRequestAsBrowserProxyRequest() throws Exception {
        this.proxy = new WireMockServer(WireMockConfiguration.wireMockConfig().dynamicPort().dynamicHttpsPort().enableBrowserProxying(true));
        this.proxy.start();
        this.proxy.stubFor(WireMock.get("/no-proxying-thanks").willReturn(WireMock.ok("proxyless")));
        this.httpClient = HttpClientFactory.createClient();
        MatcherAssert.assertThat(Integer.valueOf(((Integer) this.httpClient.execute(new HttpGet("https://localhost:" + this.proxy.httpsPort() + "/no-proxying-thanks"), (v0) -> {
            return v0.getCode();
        })).intValue()), Matchers.is(200));
        MatcherAssert.assertThat(Boolean.valueOf(((ServeEvent) this.proxy.getAllServeEvents().stream().filter(serveEvent -> {
            return serveEvent.getRequest().getUrl().equals("/no-proxying-thanks");
        }).findFirst().get()).getRequest().isBrowserProxyRequest()), Matchers.is(false));
    }

    private String url(String str) {
        return String.format("https://localhost:%d%s", Integer.valueOf(this.wireMockServer.httpsPort()), str);
    }

    private void getAndAssertUnderlyingExceptionInstanceClass(String str, Class<?> cls) {
        boolean z = false;
        try {
            contentFor(str);
        } catch (Exception e) {
            Throwable cause = e.getCause();
            e.printStackTrace();
            if (cause != null) {
                MatcherAssert.assertThat(e.getCause(), Matchers.instanceOf(cls));
            } else {
                MatcherAssert.assertThat(e, Matchers.instanceOf(cls));
            }
            z = true;
        }
        Assertions.assertTrue(z, "No exception was thrown");
    }

    private String contentFor(String str) throws Exception {
        return EntityUtils.toString(this.httpClient.execute(new HttpGet(str)).getEntity());
    }

    private void startServerEnforcingClientCert(String str, String str2, String str3) {
        WireMockConfiguration dynamicHttpsPort = WireMockConfiguration.wireMockConfig().dynamicPort().dynamicHttpsPort();
        if (str != null) {
            dynamicHttpsPort.keystorePath(str);
        }
        if (str2 != null) {
            dynamicHttpsPort.trustStorePath(str2);
            dynamicHttpsPort.trustStorePassword(str3);
            dynamicHttpsPort.needClientAuth(true);
        }
        dynamicHttpsPort.bindAddress("localhost");
        this.wireMockServer = new WireMockServer(dynamicHttpsPort);
        this.wireMockServer.start();
        WireMock.configureFor("https", "localhost", this.wireMockServer.httpsPort());
        this.httpClient = HttpClientFactory.createClient();
    }

    private void startServerWithKeystore(String str, String str2, String str3) {
        WireMockConfiguration dynamicHttpsPort = WireMockConfiguration.wireMockConfig().dynamicPort().dynamicHttpsPort();
        if (str != null) {
            dynamicHttpsPort.keystorePath(str).keystorePassword(str2).keyManagerPassword(str3);
        }
        this.wireMockServer = new WireMockServer(dynamicHttpsPort);
        this.wireMockServer.start();
        WireMock.configureFor(this.wireMockServer.port());
        this.httpClient = HttpClientFactory.createClient();
    }

    private void startServerWithKeystore(String str) {
        startServerWithKeystore(str, "password", "password");
    }

    private void startServerWithDefaultKeystore() {
        startServerWithKeystore(null);
    }

    static String secureContentFor(String str, String str2, String str3) throws Exception {
        return EntityUtils.toString(HttpClients.custom().setConnectionManager(PoolingHttpClientConnectionManagerBuilder.create().setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContexts.custom().loadTrustMaterial((KeyStore) null, new TrustSelfSignedStrategy()).loadKeyMaterial(readKeyStore(str2, str3), str3.toCharArray()).setKeyStoreType("pkcs12").setProtocol("TLS").build(), (String[]) null, (String[]) null, NoopHostnameVerifier.INSTANCE)).build()).build().execute(new HttpGet(str)).getEntity());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore readKeyStore(String str, String str2) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            keyStore.load(fileInputStream, str2.toCharArray());
            fileInputStream.close();
            return keyStore;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
