package io.fusionauth.http;

import io.fusionauth.http.log.AccumulatingLogger;
import io.fusionauth.http.log.AccumulatingLoggerFactory;
import io.fusionauth.http.log.Level;
import io.fusionauth.http.security.SecurityTools;
import io.fusionauth.http.server.ExpectValidator;
import io.fusionauth.http.server.HTTPHandler;
import io.fusionauth.http.server.HTTPListenerConfiguration;
import io.fusionauth.http.server.HTTPServer;
import io.fusionauth.http.server.Instrumenter;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.CookieHandler;
import java.net.Socket;
import java.net.URI;
import java.net.http.HttpClient;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.util.Arrays;
import java.util.Date;
import java.util.UUID;
import org.testng.Assert;
import org.testng.ITestListener;
import org.testng.ITestResult;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.DataProvider;
import sun.security.util.KnownOIDs;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;
import sun.security.x509.BasicConstraintsExtension;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateExtensions;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.DNSName;
import sun.security.x509.GeneralName;
import sun.security.x509.GeneralNames;
import sun.security.x509.SubjectAlternativeNameExtension;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;

/* loaded from: input_file:io/fusionauth/http/BaseTest.class */
public abstract class BaseTest {
    public static final Duration ClientTimeout = Duration.ofSeconds(2);
    public static final Duration ServerTimeout = Duration.ofSeconds(2);
    public static AccumulatingLogger logger = AccumulatingLoggerFactory.FACTORY.getLogger(BaseTest.class);
    public Certificate certificate;
    public Certificate intermediateCertificate;
    public KeyPair intermediateKeyPair;
    public KeyPair keyPair;
    public Certificate rootCertificate;
    public KeyPair rootKeyPair;

    /* loaded from: input_file:io/fusionauth/http/BaseTest$TestListener.class */
    public static class TestListener implements ITestListener {
        public void onTestFailure(ITestResult iTestResult) {
            iTestResult.getThrowable().printStackTrace(System.out);
            System.out.flush();
            System.out.println("Trace");
            System.out.flush();
            System.out.println(BaseTest.logger.toString());
            System.out.flush();
        }

        public void onTestStart(ITestResult iTestResult) {
            String str = "Running " + iTestResult.getTestClass().getName() + "#" + iTestResult.getName();
            if (iTestResult.getParameters() != null && iTestResult.getParameters().length == 1) {
                String obj = iTestResult.getParameters()[0].toString();
                if (obj.length() < 10) {
                    str = str + "(" + obj + ")";
                }
            }
            System.out.println(str);
        }
    }

    public HttpClient makeClient(String str, CookieHandler cookieHandler) throws GeneralSecurityException, IOException {
        HttpClient.Builder newBuilder = HttpClient.newBuilder();
        if (str.equals("https")) {
            newBuilder.sslContext(SecurityTools.clientContext(this.rootCertificate));
        }
        if (cookieHandler != null) {
            newBuilder.cookieHandler(cookieHandler);
        }
        return newBuilder.connectTimeout(ClientTimeout).build();
    }

    public HTTPServer makeServer(String str, HTTPHandler hTTPHandler, Instrumenter instrumenter) {
        return makeServer(str, hTTPHandler, instrumenter, null);
    }

    public HTTPServer makeServer(String str, HTTPHandler hTTPHandler) {
        return makeServer(str, hTTPHandler, null);
    }

    public HTTPServer makeServer(String str, HTTPHandler hTTPHandler, Instrumenter instrumenter, ExpectValidator expectValidator) {
        HTTPListenerConfiguration hTTPListenerConfiguration;
        if (str.equals("https")) {
            setupCertificates();
            hTTPListenerConfiguration = new HTTPListenerConfiguration(4242, new Certificate[]{this.certificate, this.intermediateCertificate}, this.keyPair.getPrivate());
        } else {
            hTTPListenerConfiguration = new HTTPListenerConfiguration(4242);
        }
        return new HTTPServer().withHandler(hTTPHandler).withClientTimeout(ServerTimeout).withExpectValidator(expectValidator).withInstrumenter(instrumenter).withLoggerFactory(AccumulatingLoggerFactory.FACTORY).withNumberOfWorkerThreads(1).withListener(hTTPListenerConfiguration);
    }

    public URI makeURI(String str, String str2) {
        return str.equals("https") ? URI.create("https://local.fusionauth.io:4242/api/system/version" + str2) : URI.create("http://localhost:4242/api/system/version" + str2);
    }

    @BeforeMethod
    public void resetLogger() {
        logger.reset();
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public Object[][] schemes() {
        return new Object[]{new Object[]{"http"}, new Object[]{"https"}};
    }

    public void sendBadRequest(String str) {
        try {
            Socket socket = new Socket("127.0.0.1", 4242);
            try {
                OutputStream outputStream = socket.getOutputStream();
                try {
                    InputStream inputStream = socket.getInputStream();
                    try {
                        outputStream.write(str.getBytes());
                        outputStream.flush();
                        Assert.assertEquals(inputStream.readAllBytes().length, 0);
                        if (inputStream != null) {
                            inputStream.close();
                        }
                        if (outputStream != null) {
                            outputStream.close();
                        }
                        socket.close();
                    } catch (Throwable th) {
                        if (inputStream != null) {
                            try {
                                inputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    if (outputStream != null) {
                        try {
                            outputStream.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    }
                    throw th3;
                }
            } finally {
            }
        } catch (Exception e) {
            Assert.fail(e.getMessage());
        }
    }

    protected X509CertInfo generateCertInfo(PublicKey publicKey, String str) {
        try {
            X509CertInfo x509CertInfo = new X509CertInfo();
            x509CertInfo.set("key", new CertificateX509Key(publicKey));
            x509CertInfo.set("version", new CertificateVersion(2));
            x509CertInfo.set("algorithmID", new CertificateAlgorithmId(new AlgorithmId(ObjectIdentifier.of(KnownOIDs.SHA256withRSA))));
            x509CertInfo.set("subject", new X500Name("CN=" + str));
            x509CertInfo.set("validity", new CertificateValidity(Date.from(Instant.now().minusSeconds(30L)), Date.from(Instant.now().plusSeconds(10000L))));
            x509CertInfo.set("serialNumber", new CertificateSerialNumber(new BigInteger(UUID.randomUUID().toString().replace("-", ""), 16)));
            return x509CertInfo;
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    protected KeyPair generateNewRSAKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(4096);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    protected Certificate generateRootCA(PublicKey publicKey, PrivateKey privateKey) throws IllegalArgumentException {
        try {
            X509CertInfo generateCertInfo = generateCertInfo(publicKey, "root-ca.fusionauth.io");
            generateCertInfo.set("issuer", new X500Name("CN=root-ca.fusionauth.io"));
            return signCertificate(new X509CertImpl(generateCertInfo), privateKey, generateCertInfo, true);
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setupCertificates() {
        this.rootKeyPair = generateNewRSAKeyPair();
        this.intermediateKeyPair = generateNewRSAKeyPair();
        this.keyPair = generateNewRSAKeyPair();
        this.rootCertificate = generateRootCA(this.rootKeyPair.getPublic(), this.rootKeyPair.getPrivate());
        this.intermediateCertificate = signCertificate((X509Certificate) this.rootCertificate, this.rootKeyPair.getPrivate(), generateCertInfo(this.intermediateKeyPair.getPublic(), "intermediate.fusionauth.io"), true);
        this.certificate = signCertificate((X509Certificate) this.intermediateCertificate, this.intermediateKeyPair.getPrivate(), generateCertInfo(this.keyPair.getPublic(), "local.fusionauth.io"), false);
    }

    protected X509Certificate signCertificate(X509Certificate x509Certificate, PrivateKey privateKey, X509CertInfo x509CertInfo, boolean z) throws IllegalArgumentException {
        try {
            x509CertInfo.set("issuer", new X509CertInfo(x509Certificate.getTBSCertificate()).get("subject"));
            CertificateExtensions certificateExtensions = new CertificateExtensions();
            if (z) {
                certificateExtensions.set("BasicConstraints", new BasicConstraintsExtension(true, true, 1));
            }
            String commonName = ((X500Name) x509CertInfo.get("subject")).getCommonName();
            GeneralNames generalNames = new GeneralNames();
            generalNames.add(new GeneralName(new DNSName(commonName)));
            certificateExtensions.set("SubjectAlternativeName", new SubjectAlternativeNameExtension(false, generalNames));
            x509CertInfo.set("extensions", certificateExtensions);
            X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
            x509CertImpl.sign(privateKey, "SHA256withRSA");
            return x509CertImpl;
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateCertPath(Certificate certificate, Certificate[] certificateArr) throws CertPathValidatorException, InvalidAlgorithmParameterException {
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(certificateArr));
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null);
            keyStore.setCertificateEntry("root-ca", certificate);
            PKIXParameters pKIXParameters = new PKIXParameters(keyStore);
            pKIXParameters.setRevocationEnabled(false);
            CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    static {
        logger.setLevel(Level.Trace);
    }
}
