package org.lockss.protocol;

import java.io.File;
import java.io.IOException;
import java.security.KeyStore;
import java.util.List;
import java.util.Properties;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import junit.framework.Test;
import org.lockss.crawler.TestBaseCrawler;
import org.lockss.daemon.LockssKeyStoreManager;
import org.lockss.plugin.simulated.SimulatedContentGenerator;
import org.lockss.protocol.TestBlockingStreamComm;
import org.lockss.test.ConfigurationUtil;
import org.lockss.test.LockssTestCase;
import org.lockss.test.MiscTestUtil;
import org.lockss.test.MockLockssDaemon;
import org.lockss.test.SimpleQueue;
import org.lockss.util.KeyStoreUtil;
import org.lockss.util.ListUtil;
import org.lockss.util.PropUtil;
import org.lockss.util.time.TimeBase;

/* loaded from: input_file:org/lockss/protocol/TestBlockingSslStreamComm1.class */
public class TestBlockingSslStreamComm1 extends TestBlockingStreamComm {
    LockssKeyStoreManager keystoreMgr;
    File keyStoreDir;
    String keyStorePassword;
    String keyPassword;
    String keyStoreFileName;
    static final String PARAM_USE_V3_OVER_SSL = "org.lockss.scomm.v3OverSsl";
    static final String PARAM_USE_SSL_CLIENT_AUTH = "org.lockss.scomm.sslClientAuth";
    static final String PARAM_SSL_KEYSTORE_NAME = "org.lockss.scomm.sslKeystoreName";
    static final String PARAM_SSL_PRIVATE_KEYSTORE_NAME = "org.lockss.scomm.sslPrivateKeystoreName";
    static final String PARAM_SSL_PUBLIC_KEYSTORE_NAME = "org.lockss.scomm.sslPublicKeystoreName";
    public static Class[] testedClasses = {BlockingStreamComm.class, BlockingPeerChannel.class};
    static String KS_NAME = "ks1";

    /* loaded from: input_file:org/lockss/protocol/TestBlockingSslStreamComm1$SslStreams.class */
    public static class SslStreams extends TestBlockingSslStreamComm1 {
        public SslStreams(String str) {
            super(str);
        }
    }

    TestBlockingSslStreamComm1(String str) {
        super(str);
        this.keyStorePassword = "Bad Password";
        this.keyPassword = "No Donut!";
        this.keyStoreFileName = null;
    }

    @Override // org.lockss.protocol.TestBlockingStreamComm
    protected boolean isSsl() {
        return true;
    }

    @Override // org.lockss.protocol.TestBlockingStreamComm, org.lockss.test.LockssTestCase
    public void setUp() throws Exception {
        this.keyStoreDir = getTempDir("TestBlockingSslStreamComm1");
        this.keyStoreFileName = new File(this.keyStoreDir, "test.keystore").toString();
        super.setUp();
        this.shutdownOutputSupported = false;
        setupKeyStore();
        MockLockssDaemon mockLockssDaemon = getMockLockssDaemon();
        LockssTestCase.TestingRandomManager testingRandomManager = new LockssTestCase.TestingRandomManager();
        testingRandomManager.initService(mockLockssDaemon);
        mockLockssDaemon.setRandomManager(testingRandomManager);
        this.keystoreMgr = mockLockssDaemon.getKeystoreManager();
        this.keystoreMgr.startService();
    }

    @Override // org.lockss.protocol.TestBlockingStreamComm
    public void addSuiteProps(Properties properties) {
        super.addSuiteProps(properties);
        properties.setProperty(PARAM_USE_V3_OVER_SSL, "true");
        properties.setProperty(PARAM_SSL_KEYSTORE_NAME, KS_NAME);
        properties.setProperty(PARAM_USE_SSL_CLIENT_AUTH, "true");
        properties.setProperty("org.lockss.scomm.enabled", "true");
        setKeyStoreProps(properties, "id1", KS_NAME, this.keyStoreFileName, this.keyStorePassword, this.keyPassword, null);
    }

    void setKeyStoreProps(Properties properties, String str, String str2, String str3, String str4, String str5, String str6) {
        String str7 = "org.lockss.keyMgr.keystore." + str + ".";
        properties.put(str7 + "name", str2);
        properties.put(str7 + SimulatedContentGenerator.FILE_PREFIX, str3);
        properties.put(str7 + "type", "JCEKS");
        properties.put(str7 + "password", str4);
        if (str5 != null) {
            properties.put(str7 + "keyPassword", str5);
        }
        if (str6 != null) {
            properties.put(str7 + "keyPasswordFile", str6);
        }
    }

    private KeyStore setupKeyStore() throws Exception {
        Properties properties = new Properties();
        properties.put("File", this.keyStoreFileName);
        properties.put("Password", this.keyStorePassword);
        properties.put("KeyPassword", this.keyPassword);
        return KeyStoreUtil.createKeyStore(properties);
    }

    public void testReadTimeoutDuringAccept() throws IOException {
        TimeBase.setSimulated(1000L);
        ConfigurationUtil.addFromArgs("org.lockss.scomm.channelIdleTime", "10h", "org.lockss.scomm.timeout.data", "100");
        setupComm1();
        setupComm2();
        this.comm1.setAssocQueue(this.assocQ);
        this.comm2.setAcceptSem(this.sem2);
        this.comm1.sendTo(this.msg1, this.pid2);
        PeerMessage peerMessage = (PeerMessage) this.rcvdMsgs2.get(TIMEOUT_SHOULDNT);
        if (peerMessage != null) {
            assertEqualsMessageFrom(this.msg1, this.pid1, peerMessage);
        }
        List list = (List) this.assocQ.get(TIMEOUT_SHOULDNT);
        assertNotNull("Channel didn't close automatically after timeout", list);
        assertEquals("Channel didn't close automatically after timeout", "dissoc", list.get(0));
        assertEquals(0, getChannels(this.comm1).size());
        assertEquals(0, getRcvChannels(this.comm1).size());
    }

    void createKeystores(File file, List list) throws Exception {
        KeyStoreUtil.createPLNKeyStores((File) null, file, list, MiscTestUtil.getSecureRandom());
    }

    void createKeystoresSharedPublic(File file, List list, File file2) throws Exception {
        KeyStoreUtil.createSharedPLNKeyStores(file, list, file2, "pubpass", MiscTestUtil.getSecureRandom());
    }

    public void testClientAuth(Properties properties, Properties properties2, boolean z) throws Exception {
        createKeystores(this.keyStoreDir, ListUtil.list(new String[]{"host1", "host2"}));
        createKeystores(this.keyStoreDir, ListUtil.list(new String[]{"bad1", "bad2"}));
        setKeyStoreProps(this.cprops, "ii11", "cks1", new File(this.keyStoreDir, "host1.jceks").toString(), "host1", null, new File(this.keyStoreDir, "host1.pass").toString());
        setKeyStoreProps(this.cprops, "ii22", "cks2", new File(this.keyStoreDir, "host2.jceks").toString(), "host2", null, new File(this.keyStoreDir, "host2.pass").toString());
        setKeyStoreProps(this.cprops, "ii33", "cks3", new File(this.keyStoreDir, "bad1.jceks").toString(), "bad1", null, new File(this.keyStoreDir, "bad1.pass").toString());
        this.cprops.setProperty("org.lockss.scomm.minFileMessageSize", "5000");
        ConfigurationUtil.addFromProps(this.cprops);
        testClientAuth0(properties, properties2, z);
    }

    public void testClientAuthShared(Properties properties, Properties properties2, boolean z) throws Exception {
        File file = new File(this.keyStoreDir, "pubkeys.ks");
        File file2 = new File(this.keyStoreDir, "badpubkeys.ks");
        createKeystoresSharedPublic(this.keyStoreDir, ListUtil.list(new String[]{"host1", "host2"}), file);
        createKeystoresSharedPublic(this.keyStoreDir, ListUtil.list(new String[]{"bad1"}), file2);
        setKeyStoreProps(this.cprops, "ii11", "cks1", new File(this.keyStoreDir, "host1.jceks").toString(), "host1", null, new File(this.keyStoreDir, "host1.pass").toString());
        setKeyStoreProps(this.cprops, "ii22", "cks2", new File(this.keyStoreDir, "host2.jceks").toString(), "host2", null, new File(this.keyStoreDir, "host2.pass").toString());
        setKeyStoreProps(this.cprops, "ii33", "cks3", new File(this.keyStoreDir, "bad1.jceks").toString(), "bad1", null, new File(this.keyStoreDir, "bad1.pass").toString());
        setKeyStoreProps(this.cprops, "ii44", "pubks1", file.toString(), "pubpass", "pubpass", null);
        setKeyStoreProps(this.cprops, "ii55", "pubks2", file2.toString(), "pubpass", "pubpass", null);
        this.cprops.setProperty("org.lockss.scomm.minFileMessageSize", "5000");
        ConfigurationUtil.addFromProps(this.cprops);
        testClientAuth0(properties, properties2, z);
    }

    public void testClientAuth0(Properties properties, Properties properties2, boolean z) throws Exception {
        this.comm1 = new TestBlockingStreamComm.MyBlockingStreamComm(setupPid(1));
        this.comm2 = new TestBlockingStreamComm.MyBlockingStreamComm(setupPid(2));
        SimpleQueue.Fifo fifo = new SimpleQueue.Fifo();
        SimpleQueue.Fifo fifo2 = new SimpleQueue.Fifo();
        this.comm1.setHandShakeQueue(fifo);
        this.comm2.setHandShakeQueue(fifo2);
        this.comm1.setInstanceConfig(properties);
        this.comm2.setInstanceConfig(properties2);
        setupComm(1, this.comm1);
        setupComm(2, this.comm2);
        this.msg2 = makePeerMessage(1, "1234567890123456789012345678901234567890", 10);
        this.comm1.sendTo(this.msg1, this.pid2);
        if (this.comm1.isSsl()) {
            if (this.comm1.isClientAuth()) {
                Object obj = fifo.get(TIMEOUT_SHOULDNT);
                assertNotNull("Expected handShake event didn't occur", obj);
                if (z) {
                    assertTrue("hs is " + obj.getClass(), obj instanceof SSLSocket);
                } else {
                    assertTrue("hs is " + obj.getClass(), obj instanceof SSLPeerUnverifiedException);
                }
            } else {
                assertEquals((Object) null, fifo.get(TIMEOUT_SHOULD));
            }
            if (z) {
                PeerMessage peerMessage = (PeerMessage) this.rcvdMsgs2.get(TIMEOUT_SHOULDNT);
                assertEqualsMessageFrom(this.msg1, this.pid1, peerMessage);
                assertTrue(peerMessage.toString(), peerMessage instanceof MemoryPeerMessage);
            } else {
                assertEquals((Object) null, (PeerMessage) this.rcvdMsgs2.get(TIMEOUT_SHOULD));
            }
        } else {
            assertEquals((Object) null, fifo.get(TIMEOUT_SHOULD));
            if (z) {
                PeerMessage peerMessage2 = (PeerMessage) this.rcvdMsgs2.get(TIMEOUT_SHOULDNT);
                assertEqualsMessageFrom(this.msg1, this.pid1, peerMessage2);
                assertTrue(peerMessage2.toString(), peerMessage2 instanceof MemoryPeerMessage);
            } else {
                assertEquals((Object) null, (PeerMessage) this.rcvdMsgs2.get(TIMEOUT_SHOULD));
            }
        }
        if (!this.comm2.isSsl()) {
            assertEquals((Object) null, fifo2.get(TIMEOUT_SHOULD));
            return;
        }
        if (!this.comm2.isClientAuth()) {
            assertEquals((Object) null, fifo2.get(TIMEOUT_SHOULD));
            return;
        }
        Object obj2 = fifo2.get(TIMEOUT_SHOULDNT);
        assertNotNull("Expected handShake event didn't occur", obj2);
        if (z) {
            assertTrue(obj2 instanceof SSLSocket);
        } else {
            assertTrue(obj2 instanceof SSLPeerUnverifiedException);
        }
    }

    public void testClientAuthOk() throws Exception {
        testClientAuth(PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "true", PARAM_USE_SSL_CLIENT_AUTH, "true", PARAM_SSL_KEYSTORE_NAME, "cks1"), PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "true", PARAM_USE_SSL_CLIENT_AUTH, "true", PARAM_SSL_KEYSTORE_NAME, "cks2"), true);
    }

    public void testClientAuthOkShared() throws Exception {
        Properties fromArgs = PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "true", PARAM_USE_SSL_CLIENT_AUTH, "true", PARAM_SSL_PRIVATE_KEYSTORE_NAME, "cks1", PARAM_SSL_PUBLIC_KEYSTORE_NAME, "pubks1");
        fromArgs.put(PARAM_SSL_KEYSTORE_NAME, TestBaseCrawler.EMPTY_PAGE);
        testClientAuthShared(fromArgs, PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "true", PARAM_USE_SSL_CLIENT_AUTH, "true", PARAM_SSL_PRIVATE_KEYSTORE_NAME, "cks2", PARAM_SSL_PUBLIC_KEYSTORE_NAME, "pubks1"), true);
    }

    public void testClientAuthFailCert() throws Exception {
        testClientAuth(PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "true", PARAM_USE_SSL_CLIENT_AUTH, "true", PARAM_SSL_KEYSTORE_NAME, "cks1"), PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "true", PARAM_USE_SSL_CLIENT_AUTH, "true", PARAM_SSL_KEYSTORE_NAME, "cks3"), false);
    }

    public void testClientAuthFailSharedBadPub() throws Exception {
        testClientAuthShared(PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "true", PARAM_USE_SSL_CLIENT_AUTH, "true", PARAM_SSL_PRIVATE_KEYSTORE_NAME, "cks1", PARAM_SSL_PUBLIC_KEYSTORE_NAME, "pubks1"), PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "true", PARAM_USE_SSL_CLIENT_AUTH, "true", PARAM_SSL_PRIVATE_KEYSTORE_NAME, "cks2", PARAM_SSL_PUBLIC_KEYSTORE_NAME, "pubks2"), false);
    }

    public void testClientAuthFailSharedBadClient() throws Exception {
        testClientAuthShared(PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "true", PARAM_USE_SSL_CLIENT_AUTH, "true", PARAM_SSL_PRIVATE_KEYSTORE_NAME, "cks1", PARAM_SSL_PUBLIC_KEYSTORE_NAME, "pubks1"), PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "true", PARAM_USE_SSL_CLIENT_AUTH, "true", PARAM_SSL_PRIVATE_KEYSTORE_NAME, "cks3", PARAM_SSL_PUBLIC_KEYSTORE_NAME, "pubks1"), false);
    }

    public void testClientAuthSenderOnly() throws Exception {
        testClientAuth(PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "true", PARAM_USE_SSL_CLIENT_AUTH, "true", PARAM_SSL_KEYSTORE_NAME, "cks1"), PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "true", PARAM_USE_SSL_CLIENT_AUTH, "false", PARAM_SSL_KEYSTORE_NAME, "cks2"), true);
    }

    public void testClientAuthSenderOnlyFail() throws Exception {
        testClientAuth(PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "true", PARAM_USE_SSL_CLIENT_AUTH, "true", PARAM_SSL_KEYSTORE_NAME, "cks1"), PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "true", PARAM_USE_SSL_CLIENT_AUTH, "false", PARAM_SSL_KEYSTORE_NAME, "cks3"), false);
    }

    public void testClientAuthReceiverOnly() throws Exception {
        testClientAuth(PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "true", PARAM_USE_SSL_CLIENT_AUTH, "false", PARAM_SSL_KEYSTORE_NAME, "cks1"), PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "true", PARAM_USE_SSL_CLIENT_AUTH, "true", PARAM_SSL_KEYSTORE_NAME, "cks2"), true);
    }

    public void testClientAuthReceiverOnlyFail() throws Exception {
        testClientAuth(PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "true", PARAM_USE_SSL_CLIENT_AUTH, "false", PARAM_SSL_KEYSTORE_NAME, "cks1"), PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "true", PARAM_USE_SSL_CLIENT_AUTH, "true", PARAM_SSL_KEYSTORE_NAME, "cks3"), false);
    }

    public void testClientAuthSenderOnlySsl() throws Exception {
        Properties fromArgs = PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "true", PARAM_USE_SSL_CLIENT_AUTH, "false", PARAM_SSL_KEYSTORE_NAME, "cks1");
        Properties fromArgs2 = PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "false", PARAM_USE_SSL_CLIENT_AUTH, "false", PARAM_SSL_KEYSTORE_NAME, "cks2");
        this.isCheckSocketType = false;
        testClientAuth(fromArgs, fromArgs2, false);
    }

    public void testClientAuthReceiverOnlySsl() throws Exception {
        Properties fromArgs = PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "false", PARAM_USE_SSL_CLIENT_AUTH, "false", PARAM_SSL_KEYSTORE_NAME, "cks1");
        Properties fromArgs2 = PropUtil.fromArgs(PARAM_USE_V3_OVER_SSL, "true", PARAM_USE_SSL_CLIENT_AUTH, "false", PARAM_SSL_KEYSTORE_NAME, "cks2");
        this.isCheckSocketType = false;
        testClientAuth(fromArgs, fromArgs2, false);
    }

    public static Test suite() {
        return variantSuites(new Class[]{SslStreams.class});
    }
}
