package tigase.tests.server;

import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.function.Consumer;
import javax.net.ssl.KeyManagerFactory;
import org.junit.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
import tigase.TestLogger;
import tigase.cert.CertificateEntry;
import tigase.cert.CertificateUtil;
import tigase.jaxmpp.core.client.AsyncCallback;
import tigase.jaxmpp.core.client.Connector;
import tigase.jaxmpp.core.client.XMPPException;
import tigase.jaxmpp.core.client.exceptions.JaxmppException;
import tigase.jaxmpp.core.client.xmpp.modules.registration.InBandRegistrationModule;
import tigase.jaxmpp.core.client.xmpp.stanzas.Stanza;
import tigase.jaxmpp.j2se.Jaxmpp;
import tigase.tests.AbstractTest;
import tigase.tests.Mutex;
import tigase.tests.utils.Account;
import tigase.tests.utils.AccountBuilder;

/* loaded from: input_file:tigase/tests/server/TestTwoWayTLS.class */
public class TestTwoWayTLS extends AbstractTest {
    private AccountBuilder accountBuilder;

    @BeforeClass
    public void createRequiredVHost() throws JaxmppException, InterruptedException {
        String property = props.getProperty("server.client_auth.domain");
        createVHost(property).setClientCertCA(new File(getServerConfigBaseDir(), props.getProperty("server.client_auth.ca_cert")).getAbsolutePath()).setClientCertRequired(true).updateIfExists(true).build();
    }

    @BeforeMethod
    public void setUp() throws JaxmppException, InterruptedException {
        this.accountBuilder = createAccount().setLogPrefix("two-way-tsl-user").setDomain(props.getProperty("server.client_auth.domain")).setRegister(false);
    }

    @Test(groups = {"TLS - Client Cert"}, description = "Two-way TLS with client certificate")
    public void testConnectionWithCertificate() throws Exception {
        TestLogger.log("== test connection with OK certificate");
        KeyManagerFactory keyManagerFactory = getKeyManagerFactory(getCertificateEntry("/client.pem"));
        try {
            Assert.assertTrue(registerAccount(this.accountBuilder.setLogPrefix("two-way-tsl-user-OK").build(), jaxmpp -> {
                jaxmpp.getSessionObject().setProperty("KEY_MANAGERS_KEY", keyManagerFactory.getKeyManagers());
            }));
        } catch (Exception e) {
            fail(e);
        }
    }

    @Test(groups = {"TLS - Client Cert"}, description = "Two-way TLS without client certificate")
    public void testConnectionWithoutCertificate() throws Exception {
        TestLogger.log("== testing connection WITHOUT certificate");
        Assert.assertFalse(registerAccount(this.accountBuilder.setLogPrefix("two-way-tsl-user-WITHOUT").build(), jaxmpp -> {
        }));
    }

    @Test(groups = {"TLS - Client Cert"}, description = "Two-way TLS with wrong client certificate")
    public void testConnectionWithWrongCertificate() throws Exception {
        TestLogger.log("== testing connection with WRONG certificate");
        KeyManagerFactory keyManagerFactory = getKeyManagerFactory(getSelfSignedCertificateEntry());
        Assert.assertFalse(registerAccount(this.accountBuilder.setLogPrefix("two-way-tsl-user-WRONG").build(), jaxmpp -> {
            jaxmpp.getSessionObject().setProperty("KEY_MANAGERS_KEY", keyManagerFactory.getKeyManagers());
        }));
    }

    public boolean registerAccount(Account account, Consumer<Jaxmpp> consumer) throws JaxmppException, InterruptedException {
        String instanceHostname = getInstanceHostname();
        Jaxmpp build = account.createJaxmpp().setConnected(false).setHost(getInstanceHostname()).setConfigurator(jaxmpp -> {
            jaxmpp.getProperties().setUserProperty("BOSH#SEE_OTHER_HOST_KEY", Boolean.FALSE);
            jaxmpp.getProperties().setUserProperty("HOSTNAME_VERIFIER_DISABLED_KEY", Boolean.TRUE);
            jaxmpp.getProperties().setUserProperty("TLS_DISABLED", Boolean.FALSE);
            return jaxmpp;
        }).build();
        consumer.accept(build);
        build.getEventBus().addListener(event -> {
            TestLogger.log(event != null ? event.toString() : "null event!");
        });
        if (instanceHostname != null) {
            build.getConnectionConfiguration().setServer(instanceHostname);
        }
        Mutex mutex = new Mutex();
        build.getProperties().setUserProperty("BOSH#SEE_OTHER_HOST_KEY", Boolean.FALSE);
        build.getConnectionConfiguration().setDomain(account.getJid().getDomain());
        build.getSessionObject().setProperty("IN_BAND_REGISTRATION_MODE_KEY", Boolean.TRUE);
        build.getEventBus().addHandler(Connector.DisconnectedHandler.DisconnectedEvent.class, sessionObject -> {
            TestLogger.log("Disconnected during registration!");
            mutex.notify("registration");
        });
        build.getEventBus().addHandler(InBandRegistrationModule.ReceivedRequestedFieldsHandler.ReceivedRequestedFieldsEvent.class, (sessionObject2, iq, unifiedRegistrationForm) -> {
            try {
                String localpart = account.getJid().getLocalpart();
                build.getModule(InBandRegistrationModule.class).register(localpart, account.getPassword(), getEmailAccountForUser(localpart).email, new AsyncCallback() { // from class: tigase.tests.server.TestTwoWayTLS.1
                    public void onError(Stanza stanza, XMPPException.ErrorCondition errorCondition) {
                        mutex.notify("registration");
                        TestLogger.log("Account registration error: " + errorCondition);
                        org.testng.Assert.fail("Account registration error: " + errorCondition);
                    }

                    public void onSuccess(Stanza stanza) {
                        mutex.notify("registrationSuccess");
                        mutex.notify("registration");
                    }

                    public void onTimeout() {
                        mutex.notify("registration");
                        TestLogger.log("Account registration failed.");
                        org.testng.Assert.fail("Account registration failed.");
                    }
                });
            } catch (JaxmppException e) {
                AbstractTest.fail(e);
            }
        });
        build.login(true);
        mutex.waitFor(30000L, "registration");
        boolean isItemNotified = mutex.isItemNotified("registrationSuccess");
        if (build.isConnected()) {
            build.disconnect(true);
        }
        if (isItemNotified) {
            this.accountManager.add(account);
        }
        return isItemNotified;
    }

    private CertificateEntry getSelfSignedCertificateEntry() throws NoSuchAlgorithmException, CertificateException, SignatureException, NoSuchProviderException, InvalidKeyException, IOException {
        CertificateUtil.createKeyPair(1024, "");
        CertificateEntry createSelfSignedCertificate = CertificateUtil.createSelfSignedCertificate("alice@coffeebean.local", "domain", "org", "org", "tr", "kp", "PL", () -> {
            return CertificateUtil.createKeyPair(1024, "secret");
        });
        TestLogger.log(createSelfSignedCertificate.toString(true));
        return createSelfSignedCertificate;
    }

    private CertificateEntry getCertificateEntry(String str) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException {
        InputStreamReader inputStreamReader = new InputStreamReader(getClass().getResourceAsStream(str));
        CertificateEntry parseCertificate = CertificateUtil.parseCertificate(inputStreamReader);
        inputStreamReader.close();
        TestLogger.log(parseCertificate.toString());
        return parseCertificate;
    }

    private KeyManagerFactory getKeyManagerFactory(CertificateEntry certificateEntry) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, "".toCharArray());
        keyStore.setKeyEntry("client", certificateEntry.getPrivateKey(), "".toCharArray(), certificateEntry.getCertChain());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, "".toCharArray());
        return keyManagerFactory;
    }
}
