package com.floragunn.signals;

import com.floragunn.searchguard.test.GenericRestClient;
import com.floragunn.searchguard.test.TestSgConfig;
import com.floragunn.searchguard.test.helper.certificate.utils.CertificateAndPrivateKeyWriter;
import com.floragunn.searchguard.test.helper.cluster.FileHelper;
import com.floragunn.searchguard.test.helper.cluster.LocalCluster;
import com.floragunn.searchguard.test.helper.network.SocketUtils;
import com.floragunn.signals.truststore.rest.TruststoreLoader;
import com.google.common.base.Charsets;
import com.google.common.io.CharStreams;
import java.io.Closeable;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.Socket;
import java.nio.charset.CharsetDecoder;
import java.nio.charset.CharsetEncoder;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicInteger;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.Header;
import org.apache.http.HttpConnectionFactory;
import org.apache.http.HttpEntityEnclosingRequest;
import org.apache.http.HttpException;
import org.apache.http.HttpInetConnection;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.config.ConnectionConfig;
import org.apache.http.config.MessageConstraints;
import org.apache.http.entity.ByteArrayEntity;
import org.apache.http.entity.ContentLengthStrategy;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.ConnSupport;
import org.apache.http.impl.DefaultBHttpServerConnection;
import org.apache.http.impl.bootstrap.HttpServer;
import org.apache.http.impl.bootstrap.SSLServerSetupHandler;
import org.apache.http.impl.bootstrap.ServerBootstrap;
import org.apache.http.io.HttpMessageParserFactory;
import org.apache.http.io.HttpMessageWriterFactory;
import org.apache.http.protocol.HttpContext;
import org.apache.http.protocol.HttpRequestHandler;
import org.bouncycastle.cert.X509CertificateHolder;

/* loaded from: input_file:com/floragunn/signals/MockWebserviceProvider.class */
public class MockWebserviceProvider implements Closeable {
    private HttpServer httpServer;
    private final int port;
    private final String uri;
    private final boolean ssl;
    private int responseStatusCode;
    private byte[] responseBody;
    private String responseContentType;
    private String lastRequestBody;
    private List<Header> lastRequestHeaders;
    private InetAddress lastRequestClientAddress;
    private final AtomicInteger requestCount;
    private long responseDelayMs;
    private Header requiredHttpHeader;
    private KeyStore trustStore;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/floragunn/signals/MockWebserviceProvider$SSLTestHttpServerConnection.class */
    public static class SSLTestHttpServerConnection extends DefaultBHttpServerConnection {
        public SSLTestHttpServerConnection(int i, int i2, CharsetDecoder charsetDecoder, CharsetEncoder charsetEncoder, MessageConstraints messageConstraints, ContentLengthStrategy contentLengthStrategy, ContentLengthStrategy contentLengthStrategy2, HttpMessageParserFactory<HttpRequest> httpMessageParserFactory, HttpMessageWriterFactory<HttpResponse> httpMessageWriterFactory) {
            super(i, i2, charsetDecoder, charsetEncoder, messageConstraints, contentLengthStrategy, contentLengthStrategy2, httpMessageParserFactory, httpMessageWriterFactory);
        }

        public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
            return ((SSLSocket) getSocket()).getSession().getPeerCertificates();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MockWebserviceProvider(String str) throws IOException {
        this(str, SocketUtils.findAvailableTcpPort());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MockWebserviceProvider(String str, byte[] bArr, String str2) throws IOException {
        this(str, SocketUtils.findAvailableTcpPort());
        this.responseContentType = str2;
        this.responseBody = bArr;
    }

    MockWebserviceProvider(String str, boolean z) throws IOException {
        this(str, SocketUtils.findAvailableTcpPort(), z, z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MockWebserviceProvider(String str, boolean z, boolean z2) throws IOException {
        this(str, SocketUtils.findAvailableTcpPort(), z, z2);
    }

    MockWebserviceProvider(String str, int i) throws IOException {
        this(str, i, false, false);
    }

    MockWebserviceProvider(String str, int i, boolean z, final boolean z2) throws IOException {
        this.responseStatusCode = 200;
        this.responseBody = "Mockery".getBytes();
        this.responseContentType = "text/plain";
        this.requestCount = new AtomicInteger();
        this.responseDelayMs = 0L;
        this.port = i;
        this.uri = buildUri(str, z, i);
        this.ssl = z;
        ServerBootstrap registerHandler = ServerBootstrap.bootstrap().setListenerPort(i).registerHandler(str, new HttpRequestHandler() { // from class: com.floragunn.signals.MockWebserviceProvider.1
            @Override // org.apache.http.protocol.HttpRequestHandler
            public void handle(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) throws HttpException, IOException {
                MockWebserviceProvider.this.handleRequest(httpRequest, httpResponse, httpContext);
            }
        });
        this.httpServer = (z ? registerHandler.setSslContext(createSSLContext()).setSslSetupHandler(new SSLServerSetupHandler() { // from class: com.floragunn.signals.MockWebserviceProvider.3
            public void initialize(SSLServerSocket sSLServerSocket) throws SSLException {
                sSLServerSocket.setNeedClientAuth(z2);
            }
        }).setConnectionFactory(new HttpConnectionFactory<DefaultBHttpServerConnection>() { // from class: com.floragunn.signals.MockWebserviceProvider.2
            private ConnectionConfig cconfig = ConnectionConfig.DEFAULT;

            /* renamed from: createConnection, reason: merged with bridge method [inline-methods] */
            public DefaultBHttpServerConnection m2createConnection(Socket socket) throws IOException {
                SSLTestHttpServerConnection sSLTestHttpServerConnection = new SSLTestHttpServerConnection(this.cconfig.getBufferSize(), this.cconfig.getFragmentSizeHint(), ConnSupport.createDecoder(this.cconfig), ConnSupport.createEncoder(this.cconfig), this.cconfig.getMessageConstraints(), null, null, null, null);
                sSLTestHttpServerConnection.bind(socket);
                return sSLTestHttpServerConnection;
            }
        }) : registerHandler).create();
        this.httpServer.start();
    }

    public MockWebserviceProvider acceptOnlyRequestsWithHeader(Header header) {
        this.requiredHttpHeader = header;
        return this;
    }

    public void start() throws IOException {
        this.httpServer.start();
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        this.httpServer.stop();
    }

    public HttpServer getHttpServer() {
        return this.httpServer;
    }

    public String getUri() {
        return this.uri;
    }

    public int getPort() {
        return this.port;
    }

    public String trustedCertificatePem(String str) {
        try {
            return CertificateAndPrivateKeyWriter.writeCertificate(new X509CertificateHolder(this.trustStore.getCertificate(str).getEncoded()));
        } catch (IOException | KeyStoreException | CertificateEncodingException e) {
            throw new RuntimeException("Cannot write certificate as pem", e);
        }
    }

    private static String buildUri(String str, boolean z, int i) {
        StringBuilder sb = new StringBuilder(z ? "https" : "http");
        sb.append("://localhost:").append(i);
        if (str != null) {
            String str2 = str;
            if (str2.endsWith("*")) {
                str2 = str.substring(0, str.length() - 1);
            }
            if (!str2.startsWith("/")) {
                sb.append("/");
            }
            sb.append(str2);
        }
        return sb.toString();
    }

    protected void handleRequest(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) throws HttpException, IOException {
        if (checkClientAddress(httpRequest, httpResponse, httpContext)) {
            if (this.responseDelayMs > 0) {
                try {
                    Thread.sleep(this.responseDelayMs);
                } catch (InterruptedException e) {
                }
            }
            httpResponse.setStatusCode(this.responseStatusCode);
            httpResponse.setHeader("Content-Type", this.responseContentType);
            httpResponse.setEntity(new ByteArrayEntity(this.responseBody));
            if (httpRequest instanceof HttpEntityEnclosingRequest) {
                this.lastRequestBody = CharStreams.toString(new InputStreamReader(((HttpEntityEnclosingRequest) httpRequest).getEntity().getContent(), Charsets.UTF_8));
            } else {
                this.lastRequestBody = null;
            }
            this.lastRequestHeaders = Arrays.asList(httpRequest.getAllHeaders());
            this.requestCount.incrementAndGet();
        }
    }

    private SSLContext createSSLContext() {
        if (!this.ssl) {
            return null;
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            this.trustStore = KeyStore.getInstance("JKS");
            this.trustStore.load(new FileInputStream(FileHelper.getAbsoluteFilePathFromClassPath("tls/truststore.jks").toFile()), "secret".toCharArray());
            trustManagerFactory.init(this.trustStore);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(FileHelper.getAbsoluteFilePathFromClassPath("tls/node1-keystore.jks").toFile()), "secret".toCharArray());
            keyManagerFactory.init(keyStore, "secret".toCharArray());
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
            return sSLContext;
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    private boolean checkClientAddress(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) throws UnsupportedEncodingException {
        this.lastRequestClientAddress = ((HttpInetConnection) httpContext.getAttribute("http.connection")).getRemoteAddress();
        if (this.requiredHttpHeader == null || Arrays.asList(httpRequest.getHeaders(this.requiredHttpHeader.getName())).stream().anyMatch(header -> {
            return this.requiredHttpHeader.getValue().equals(header.getValue());
        })) {
            return true;
        }
        httpResponse.setStatusCode(451);
        httpResponse.setEntity(new StringEntity("We are only accepting requests with the '" + this.requiredHttpHeader.getName() + "' header set to '" + this.requiredHttpHeader.getValue() + "'"));
        return false;
    }

    public int getResponseStatusCode() {
        return this.responseStatusCode;
    }

    public void setResponseStatusCode(int i) {
        this.responseStatusCode = i;
    }

    public byte[] getResponseBody() {
        return this.responseBody;
    }

    public void setResponseBody(String str) {
        this.responseBody = str.getBytes();
    }

    public void setResponseBody(byte[] bArr) {
        this.responseBody = bArr;
    }

    public String getLastRequestBody() {
        return this.lastRequestBody;
    }

    public void setLastRequestBody(String str) {
        this.lastRequestBody = str;
    }

    public List<Header> getLastRequestHeaders() {
        return this.lastRequestHeaders;
    }

    public void setLastRequestHeaders(List<Header> list) {
        this.lastRequestHeaders = list;
    }

    public Header getLastRequestHeader(String str) {
        return (Header) ((List) Optional.ofNullable(this.lastRequestHeaders).orElse(new ArrayList())).stream().filter(header -> {
            return header.getName().equals(str);
        }).findFirst().orElse(null);
    }

    public String getResponseContentType() {
        return this.responseContentType;
    }

    public void setResponseContentType(String str) {
        this.responseContentType = str;
    }

    public int getRequestCount() {
        return this.requestCount.get();
    }

    public long getResponseDelayMs() {
        return this.responseDelayMs;
    }

    public void setResponseDelayMs(long j) {
        this.responseDelayMs = j;
    }

    public InetAddress getLastRequestClientAddress() {
        return this.lastRequestClientAddress;
    }

    public void uploadMockServerCertificateAsTruststore(LocalCluster localCluster, TestSgConfig.User user, String str) throws Exception {
        String trustedCertificatePem = trustedCertificatePem("root-ca");
        GenericRestClient restClient = localCluster.getRestClient(user, new Header[0]);
        try {
            TruststoreLoader.storeTruststoreInPemFormat(restClient, str, "name", trustedCertificatePem);
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
