package org.apache.http.conn.ssl;

import java.io.IOException;
import java.io.InputStream;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.apache.http.HttpHost;
import org.apache.http.localserver.LocalServerTestBase;
import org.apache.http.localserver.LocalTestServer;
import org.apache.http.protocol.BasicHttpContext;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/http/conn/ssl/TestSSLSocketFactory.class */
public class TestSSLSocketFactory extends LocalServerTestBase {
    private KeyStore keystore;

    /* loaded from: input_file:org/apache/http/conn/ssl/TestSSLSocketFactory$TestX509HostnameVerifier.class */
    static class TestX509HostnameVerifier implements X509HostnameVerifier {
        private boolean fired = false;

        TestX509HostnameVerifier() {
        }

        @Override // org.apache.http.conn.ssl.X509HostnameVerifier, javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }

        @Override // org.apache.http.conn.ssl.X509HostnameVerifier
        public void verify(String str, SSLSocket sSLSocket) throws IOException {
            this.fired = true;
        }

        @Override // org.apache.http.conn.ssl.X509HostnameVerifier
        public void verify(String str, String[] strArr, String[] strArr2) throws SSLException {
        }

        @Override // org.apache.http.conn.ssl.X509HostnameVerifier
        public void verify(String str, X509Certificate x509Certificate) throws SSLException {
        }

        public boolean isFired() {
            return this.fired;
        }
    }

    @Before
    public void setUp() throws Exception {
        this.keystore = KeyStore.getInstance("jks");
        InputStream openStream = getClass().getClassLoader().getResource("hc-test.keystore").openStream();
        try {
            this.keystore.load(openStream, "nopassword".toCharArray());
            openStream.close();
        } catch (Throwable th) {
            openStream.close();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.http.localserver.LocalServerTestBase
    public HttpHost getServerHttp() {
        InetSocketAddress serviceAddress = this.localServer.getServiceAddress();
        return new HttpHost(serviceAddress.getHostName(), serviceAddress.getPort(), "https");
    }

    @Test
    public void testBasicSSL() throws Exception {
        SSLContext build = SSLContexts.custom().useProtocol("TLS").loadTrustMaterial(this.keystore).loadKeyMaterial(this.keystore, "nopassword".toCharArray()).build();
        SSLContext build2 = SSLContexts.custom().useProtocol("TLS").loadTrustMaterial(this.keystore).build();
        this.localServer = new LocalTestServer(build);
        this.localServer.registerDefaultHandlers();
        this.localServer.start();
        HttpHost httpHost = new HttpHost("localhost", 443, "https");
        BasicHttpContext basicHttpContext = new BasicHttpContext();
        TestX509HostnameVerifier testX509HostnameVerifier = new TestX509HostnameVerifier();
        SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(build2, testX509HostnameVerifier);
        Assert.assertNotNull(((SSLSocket) sSLConnectionSocketFactory.connectSocket(0, sSLConnectionSocketFactory.createSocket(basicHttpContext), httpHost, this.localServer.getServiceAddress(), (InetSocketAddress) null, basicHttpContext)).getSession());
        Assert.assertTrue(testX509HostnameVerifier.isFired());
    }

    @Test
    public void testClientAuthSSL() throws Exception {
        SSLContext build = SSLContexts.custom().useProtocol("TLS").loadTrustMaterial(this.keystore).loadKeyMaterial(this.keystore, "nopassword".toCharArray()).build();
        SSLContext build2 = SSLContexts.custom().useProtocol("TLS").loadTrustMaterial(this.keystore).loadKeyMaterial(this.keystore, "nopassword".toCharArray()).build();
        this.localServer = new LocalTestServer(build, true);
        this.localServer.registerDefaultHandlers();
        this.localServer.start();
        HttpHost httpHost = new HttpHost("localhost", 443, "https");
        BasicHttpContext basicHttpContext = new BasicHttpContext();
        TestX509HostnameVerifier testX509HostnameVerifier = new TestX509HostnameVerifier();
        SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(build2, testX509HostnameVerifier);
        Assert.assertNotNull(((SSLSocket) sSLConnectionSocketFactory.connectSocket(0, sSLConnectionSocketFactory.createSocket(basicHttpContext), httpHost, this.localServer.getServiceAddress(), (InetSocketAddress) null, basicHttpContext)).getSession());
        Assert.assertTrue(testX509HostnameVerifier.isFired());
    }

    @Test(expected = IOException.class)
    public void testClientAuthSSLFailure() throws Exception {
        SSLContext build = SSLContexts.custom().useProtocol("TLS").loadTrustMaterial(this.keystore).loadKeyMaterial(this.keystore, "nopassword".toCharArray()).build();
        SSLContext build2 = SSLContexts.custom().useProtocol("TLS").loadTrustMaterial(this.keystore).build();
        this.localServer = new LocalTestServer(build, true);
        this.localServer.registerDefaultHandlers();
        this.localServer.start();
        HttpHost httpHost = new HttpHost("localhost", 443, "https");
        BasicHttpContext basicHttpContext = new BasicHttpContext();
        TestX509HostnameVerifier testX509HostnameVerifier = new TestX509HostnameVerifier();
        SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(build2, testX509HostnameVerifier);
        Assert.assertNotNull(((SSLSocket) sSLConnectionSocketFactory.connectSocket(0, sSLConnectionSocketFactory.createSocket(basicHttpContext), httpHost, this.localServer.getServiceAddress(), (InetSocketAddress) null, basicHttpContext)).getSession());
        Assert.assertTrue(testX509HostnameVerifier.isFired());
    }

    @Test
    public void testTLSOnly() throws Exception {
        SSLContext build = SSLContexts.custom().useProtocol("TLS").loadTrustMaterial(this.keystore).loadKeyMaterial(this.keystore, "nopassword".toCharArray()).build();
        SSLContext build2 = SSLContexts.custom().useProtocol("TLS").loadTrustMaterial(this.keystore).build();
        this.localServer = new LocalTestServer(build, false, new String[]{"TLSv1"});
        this.localServer.registerDefaultHandlers();
        this.localServer.start();
        HttpHost httpHost = new HttpHost("localhost", 443, "https");
        BasicHttpContext basicHttpContext = new BasicHttpContext();
        TestX509HostnameVerifier testX509HostnameVerifier = new TestX509HostnameVerifier();
        SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(build2, testX509HostnameVerifier);
        Assert.assertNotNull(((SSLSocket) sSLConnectionSocketFactory.connectSocket(0, sSLConnectionSocketFactory.createSocket(basicHttpContext), httpHost, this.localServer.getServiceAddress(), (InetSocketAddress) null, basicHttpContext)).getSession());
        Assert.assertTrue(testX509HostnameVerifier.isFired());
    }

    @Test(expected = IOException.class)
    public void testSSLDisabledByDefault() throws Exception {
        SSLContext build = SSLContexts.custom().useProtocol("TLS").loadTrustMaterial(this.keystore).loadKeyMaterial(this.keystore, "nopassword".toCharArray()).build();
        SSLContext build2 = SSLContexts.custom().useProtocol("TLS").loadTrustMaterial(this.keystore).build();
        this.localServer = new LocalTestServer(build, false, new String[]{"SSLv3"});
        this.localServer.registerDefaultHandlers();
        this.localServer.start();
        HttpHost httpHost = new HttpHost("localhost", 443, "https");
        BasicHttpContext basicHttpContext = new BasicHttpContext();
        SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(build2, new TestX509HostnameVerifier());
        sSLConnectionSocketFactory.connectSocket(0, sSLConnectionSocketFactory.createSocket(basicHttpContext), httpHost, this.localServer.getServiceAddress(), (InetSocketAddress) null, basicHttpContext);
    }

    @Test
    public void testClientAuthSSLAliasChoice() throws Exception {
        PrivateKeyStrategy privateKeyStrategy = new PrivateKeyStrategy() { // from class: org.apache.http.conn.ssl.TestSSLSocketFactory.1
            public String chooseAlias(Map<String, PrivateKeyDetails> map, Socket socket) {
                Assert.assertEquals(2L, map.size());
                Assert.assertTrue(map.containsKey("hc-test-key-1"));
                Assert.assertTrue(map.containsKey("hc-test-key-2"));
                return "hc-test-key-2";
            }
        };
        SSLContext build = SSLContexts.custom().useProtocol("TLS").loadTrustMaterial(this.keystore).loadKeyMaterial(this.keystore, "nopassword".toCharArray()).build();
        SSLContext build2 = SSLContexts.custom().useProtocol("TLS").loadTrustMaterial(this.keystore).loadKeyMaterial(this.keystore, "nopassword".toCharArray(), privateKeyStrategy).build();
        this.localServer = new LocalTestServer(build, true);
        this.localServer.registerDefaultHandlers();
        this.localServer.start();
        HttpHost httpHost = new HttpHost("localhost", 443, "https");
        BasicHttpContext basicHttpContext = new BasicHttpContext();
        TestX509HostnameVerifier testX509HostnameVerifier = new TestX509HostnameVerifier();
        SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(build2, testX509HostnameVerifier);
        Assert.assertNotNull(((SSLSocket) sSLConnectionSocketFactory.connectSocket(0, sSLConnectionSocketFactory.createSocket(basicHttpContext), httpHost, this.localServer.getServiceAddress(), (InetSocketAddress) null, basicHttpContext)).getSession());
        Assert.assertTrue(testX509HostnameVerifier.isFired());
    }

    @Test(expected = SSLHandshakeException.class)
    public void testSSLTrustVerification() throws Exception {
        this.localServer = new LocalTestServer(SSLContexts.custom().useProtocol("TLS").loadTrustMaterial(this.keystore).loadKeyMaterial(this.keystore, "nopassword".toCharArray()).build());
        this.localServer.registerDefaultHandlers();
        this.localServer.start();
        HttpHost httpHost = new HttpHost("localhost", 443, "https");
        BasicHttpContext basicHttpContext = new BasicHttpContext();
        SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(SSLContexts.createDefault(), SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        sSLConnectionSocketFactory.connectSocket(0, sSLConnectionSocketFactory.createSocket(basicHttpContext), httpHost, this.localServer.getServiceAddress(), (InetSocketAddress) null, basicHttpContext);
    }

    @Test
    public void testSSLTrustVerificationOverride() throws Exception {
        this.localServer = new LocalTestServer(SSLContexts.custom().useProtocol("TLS").loadTrustMaterial(this.keystore).loadKeyMaterial(this.keystore, "nopassword".toCharArray()).build());
        this.localServer.registerDefaultHandlers();
        this.localServer.start();
        HttpHost httpHost = new HttpHost("localhost", 443, "https");
        BasicHttpContext basicHttpContext = new BasicHttpContext();
        SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(SSLContexts.custom().loadTrustMaterial((KeyStore) null, new TrustStrategy() { // from class: org.apache.http.conn.ssl.TestSSLSocketFactory.2
            public boolean isTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                return x509CertificateArr.length == 1;
            }
        }).build(), SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        sSLConnectionSocketFactory.connectSocket(0, sSLConnectionSocketFactory.createSocket(basicHttpContext), httpHost, this.localServer.getServiceAddress(), (InetSocketAddress) null, basicHttpContext);
    }

    @Test
    public void testDefaultHostnameVerifier() throws Exception {
        Assert.assertNotNull(new SSLConnectionSocketFactory(SSLContexts.createDefault(), (X509HostnameVerifier) null).getHostnameVerifier());
    }
}
