package com.floragunn.signals.watch.common;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.codova.validation.ValidationErrors;
import com.floragunn.searchsupport.junit.ThrowableAssert;
import com.floragunn.signals.truststore.rest.TruststoreLoader;
import com.floragunn.signals.truststore.service.TrustManagerRegistry;
import java.util.Optional;
import javax.net.ssl.X509ExtendedTrustManager;
import org.hamcrest.Matcher;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:com/floragunn/signals/watch/common/TlsConfigTest.class */
public class TlsConfigTest {
    public static final String TRUSTSTORE_ID_1 = "truststore_id_00001";
    public static final String TRUSTSTORE_ID_2 = "truststore_id_00002";
    public static final String TRUSTSTORE_ID_3 = "truststore_id_00003";
    public static final int HALF_HOUR_SECOND = 1800;
    public static final int HOUR_SECOND = 3600;

    @Mock
    private TrustManagerRegistry trustManagerRegistry;

    @Mock
    private X509ExtendedTrustManager x509TrustManager;
    private TlsConfig tlsConfig;

    @Before
    public void before() {
        this.tlsConfig = new TlsConfig(this.trustManagerRegistry, ValidationLevel.STRICT);
    }

    @Test
    public void shouldUseTrustManagerWithProvidedId() throws ConfigValidationException {
        Mockito.when(this.trustManagerRegistry.findTrustManager(TRUSTSTORE_ID_1)).thenReturn(Optional.of(this.x509TrustManager));
        this.tlsConfig.setTruststoreId(TRUSTSTORE_ID_1);
        this.tlsConfig.init();
        ((TrustManagerRegistry) Mockito.verify(this.trustManagerRegistry)).findTrustManager(TRUSTSTORE_ID_1);
    }

    @Test
    public void shouldUseOtherTrustManager() throws ConfigValidationException {
        Mockito.when(this.trustManagerRegistry.findTrustManager(TRUSTSTORE_ID_2)).thenReturn(Optional.of(this.x509TrustManager));
        this.tlsConfig.setTruststoreId(TRUSTSTORE_ID_2);
        this.tlsConfig.init();
        ((TrustManagerRegistry) Mockito.verify(this.trustManagerRegistry)).findTrustManager(TRUSTSTORE_ID_2);
    }

    @Test
    public void shouldReportErrorWhenTruststoreWithGivenIdDoesNotExist() {
        Mockito.when(this.trustManagerRegistry.findTrustManager(TRUSTSTORE_ID_3)).thenReturn(Optional.empty());
        this.tlsConfig.setTruststoreId(TRUSTSTORE_ID_3);
        MatcherAssert.assertThat(ThrowableAssert.assertThatThrown(() -> {
            this.tlsConfig.init();
        }, new Matcher[]{Matchers.instanceOf(ConfigValidationException.class)}).getMessage(), Matchers.equalTo("Trust store truststore_id_00003 not found."));
    }

    @Test
    public void shouldNotReportErrorWhenTruststoreWithGivenIdDoesNotExistAndStrictValidationIsDisabled() throws ConfigValidationException {
        this.tlsConfig = new TlsConfig(this.trustManagerRegistry, ValidationLevel.LENIENT);
        Mockito.lenient().when(this.trustManagerRegistry.findTrustManager(TRUSTSTORE_ID_3)).thenReturn(Optional.empty());
        this.tlsConfig.setTruststoreId(TRUSTSTORE_ID_3);
        this.tlsConfig.init();
    }

    @Test
    public void shouldReadTruststoreIdFromJson() throws ConfigValidationException {
        Mockito.when(this.trustManagerRegistry.findTrustManager(TRUSTSTORE_ID_3)).thenReturn(Optional.of(this.x509TrustManager));
        this.tlsConfig.init(DocNode.of("truststore_id", TRUSTSTORE_ID_3));
        ((TrustManagerRegistry) Mockito.verify(this.trustManagerRegistry)).findTrustManager(TRUSTSTORE_ID_3);
    }

    @Test
    public void shouldReportValidationErrorWhenTruststoreIsPointedByTwoParameters() {
        String loadCertificates = TruststoreLoader.loadCertificates(TruststoreLoader.PEM_TWO_CERTIFICATES);
        Mockito.when(this.trustManagerRegistry.findTrustManager(TRUSTSTORE_ID_1)).thenReturn(Optional.of(this.x509TrustManager));
        DocNode of = DocNode.of("truststore_id", TRUSTSTORE_ID_1, "trusted_certs", loadCertificates);
        ThrowableAssert.assertThatThrown(() -> {
            this.tlsConfig.init(of);
        }, new Matcher[]{Matchers.instanceOf(ConfigValidationException.class)});
    }

    @Test
    public void shouldSetTlsSessionClientTimeout() throws ConfigValidationException {
        Mockito.when(this.trustManagerRegistry.findTrustManager(TRUSTSTORE_ID_1)).thenReturn(Optional.of(this.x509TrustManager));
        this.tlsConfig.init(DocNode.of("truststore_id", TRUSTSTORE_ID_1, "client_session_timeout", Integer.valueOf(HALF_HOUR_SECOND)));
        ValidationErrors validationErrors = new ValidationErrors();
        MatcherAssert.assertThat(Integer.valueOf(this.tlsConfig.buildSSLContext(validationErrors).getClientSessionContext().getSessionTimeout()), Matchers.equalTo(Integer.valueOf(HALF_HOUR_SECOND)));
        MatcherAssert.assertThat(Boolean.valueOf(validationErrors.hasErrors()), Matchers.equalTo(false));
    }

    @Test
    public void shouldSetAnotherTlsSessionClientTimeout() throws ConfigValidationException {
        Mockito.when(this.trustManagerRegistry.findTrustManager(TRUSTSTORE_ID_1)).thenReturn(Optional.of(this.x509TrustManager));
        this.tlsConfig.init(DocNode.of("truststore_id", TRUSTSTORE_ID_1, "client_session_timeout", Integer.valueOf(HOUR_SECOND)));
        ValidationErrors validationErrors = new ValidationErrors();
        MatcherAssert.assertThat(Integer.valueOf(this.tlsConfig.buildSSLContext(validationErrors).getClientSessionContext().getSessionTimeout()), Matchers.equalTo(Integer.valueOf(HOUR_SECOND)));
        MatcherAssert.assertThat(Boolean.valueOf(validationErrors.hasErrors()), Matchers.equalTo(false));
    }
}
