package com.floragunn.dlic.auth.http.jwt.keybyoidc;

import com.floragunn.dlic.auth.http.jwt.keybyoidc.MockIpdServer;
import com.floragunn.dlic.auth.http.jwt.keybyoidc.TestJwk;
import com.floragunn.dlic.util.SettingsBasedSSLConfigurator;
import com.floragunn.searchguard.test.helper.file.FileHelper;
import com.floragunn.searchguard.test.helper.network.SocketUtils;
import com.google.common.hash.Hashing;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.Socket;
import java.security.KeyStore;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import org.apache.http.HttpException;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.protocol.HttpContext;
import org.apache.http.protocol.HttpCoreContext;
import org.apache.http.ssl.PrivateKeyDetails;
import org.apache.http.ssl.PrivateKeyStrategy;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/dlic/auth/http/jwt/keybyoidc/KeySetRetrieverTest.class */
public class KeySetRetrieverTest {
    protected static MockIpdServer mockIdpServer;

    @BeforeClass
    public static void setUp() throws Exception {
        mockIdpServer = MockIpdServer.start(TestJwk.Jwks.ALL);
    }

    @AfterClass
    public static void tearDown() {
        if (mockIdpServer != null) {
            try {
                mockIdpServer.close();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    @Test
    public void cacheTest() {
        KeySetRetriever keySetRetriever = new KeySetRetriever(mockIdpServer.getDiscoverUri(), (SettingsBasedSSLConfigurator.SSLConfig) null, true);
        keySetRetriever.get();
        Assert.assertEquals(1L, keySetRetriever.getOidcCacheMisses());
        Assert.assertEquals(0L, keySetRetriever.getOidcCacheHits());
        keySetRetriever.get();
        Assert.assertEquals(1L, keySetRetriever.getOidcCacheMisses());
        Assert.assertEquals(1L, keySetRetriever.getOidcCacheHits());
    }

    @Test
    public void clientCertTest() throws Exception {
        MockIpdServer mockIpdServer = new MockIpdServer(TestJwk.Jwks.ALL, SocketUtils.findAvailableTcpPort(), true) { // from class: com.floragunn.dlic.auth.http.jwt.keybyoidc.KeySetRetrieverTest.1
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // com.floragunn.dlic.auth.http.jwt.keybyoidc.MockIpdServer
            public void handleDiscoverRequest(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) throws HttpException, IOException {
                try {
                    Assert.assertEquals("04b2b8baea7a0a893f0223d95b72081e9a1e154a0f9b1b4e75998085972b1b68", Hashing.sha256().hashBytes(((X509Certificate) ((MockIpdServer.SSLTestHttpServerConnection) ((HttpCoreContext) httpContext).getConnection()).getPeerCertificates()[0]).getEncoded()).toString());
                    super.handleDiscoverRequest(httpRequest, httpResponse, httpContext);
                } catch (CertificateEncodingException e) {
                    throw new RuntimeException(e);
                }
            }
        };
        try {
            SSLContextBuilder custom = SSLContexts.custom();
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(FileHelper.getAbsoluteFilePathFromClassPath("jwt/truststore.jks").toFile()), "changeit".toCharArray());
            KeyStore keyStore2 = KeyStore.getInstance("JKS");
            keyStore2.load(new FileInputStream(FileHelper.getAbsoluteFilePathFromClassPath("jwt/spock-keystore.jks").toFile()), "changeit".toCharArray());
            custom.loadTrustMaterial(keyStore, (TrustStrategy) null);
            custom.loadKeyMaterial(keyStore2, "changeit".toCharArray(), new PrivateKeyStrategy() { // from class: com.floragunn.dlic.auth.http.jwt.keybyoidc.KeySetRetrieverTest.2
                public String chooseAlias(Map<String, PrivateKeyDetails> map, Socket socket) {
                    return "spock";
                }
            });
            new KeySetRetriever(mockIpdServer.getDiscoverUri(), new SettingsBasedSSLConfigurator.SSLConfig(custom.build(), new String[]{"TLSv1.2", "TLSv1.1"}, (String[]) null, (HostnameVerifier) null, false, false, false, keyStore, (List) null, keyStore2, (char[]) null, (String) null), false).get();
            mockIpdServer.close();
        } catch (Throwable th) {
            try {
                mockIpdServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
