package org.apache.pulsar.broker.web;

import com.google.common.collect.Sets;
import com.google.common.io.CharStreams;
import com.google.common.io.Closeables;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import javassist.compiler.TokenId;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.math3.optimization.direct.CMAESOptimizer;
import org.apache.pulsar.broker.MockedBookKeeperClientFactory;
import org.apache.pulsar.broker.PulsarService;
import org.apache.pulsar.broker.ServiceConfiguration;
import org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.admin.PulsarAdminBuilder;
import org.apache.pulsar.client.admin.PulsarAdminException;
import org.apache.pulsar.client.impl.auth.AuthenticationTls;
import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.ClusterDataImpl;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.apache.pulsar.common.sasl.SaslConstants;
import org.apache.pulsar.common.util.ObjectMapperFactory;
import org.apache.pulsar.common.util.SecurityUtility;
import org.apache.pulsar.common.util.keystoretls.KeyStoreSSLContext;
import org.apache.pulsar.metadata.impl.ZKMetadataStore;
import org.apache.pulsar.zookeeper.ZooKeeperClientFactory;
import org.apache.zookeeper.CreateMode;
import org.apache.zookeeper.MockZooKeeper;
import org.apache.zookeeper.ZooKeeper;
import org.asynchttpclient.BoundRequestBuilder;
import org.asynchttpclient.DefaultAsyncHttpClient;
import org.asynchttpclient.Response;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.Test;

@Test(groups = {SaslConstants.SASL_BROKER_PROTOCOL})
/* loaded from: input_file:org/apache/pulsar/broker/web/WebServiceTest.class */
public class WebServiceTest {
    private PulsarService pulsar;
    private String BROKER_LOOKUP_URL;
    private String BROKER_LOOKUP_URL_TLS;
    private static final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/certificate/server.crt";
    private static final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/certificate/server.key";
    private static final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/certificate/client.crt";
    private static final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/certificate/client.key";
    private static final Logger log = LoggerFactory.getLogger((Class<?>) WebServiceTest.class);

    @Test
    public void testDefaultClientVersion() throws Exception {
        setupEnv(true, "1.0", true, false, false, false, -1.0d, false);
        try {
            makeHttpRequest(false, false);
        } catch (Exception e) {
            Assert.fail("HTTP request to lookup a namespace shouldn't fail ", e);
        }
    }

    @Test
    public void testTlsEnabled() throws Exception {
        setupEnv(false, "1.0", false, true, false, false, -1.0d, false);
        try {
            makeHttpRequest(false, false);
        } catch (Exception e) {
            Assert.fail("HTTP request shouldn't fail ", e);
        }
        try {
            makeHttpRequest(true, false);
        } catch (Exception e2) {
            Assert.fail("HTTPS request shouldn't fail ", e2);
        }
    }

    @Test
    public void testTlsDisabled() throws Exception {
        setupEnv(false, "1.0", false, false, false, false, -1.0d, false);
        try {
            makeHttpRequest(false, false);
        } catch (Exception e) {
            Assert.fail("HTTP request shouldn't fail ", e);
        }
        try {
            makeHttpRequest(true, false);
            Assert.fail("HTTPS request should fail ");
        } catch (Exception e2) {
        }
    }

    @Test
    public void testTlsAuthAllowInsecure() throws Exception {
        setupEnv(false, "1.0", false, true, true, true, -1.0d, false);
        try {
            makeHttpRequest(true, false);
            Assert.fail("Request without client certficate should fail");
        } catch (Exception e) {
            Assert.assertTrue(e.getMessage().contains("HTTP response code: 401"));
        }
        try {
            makeHttpRequest(true, true);
        } catch (Exception e2) {
            Assert.fail("Request with client certificate shouldn't fail", e2);
        }
    }

    @Test
    public void testTlsAuthDisallowInsecure() throws Exception {
        setupEnv(false, "1.0", false, true, true, false, -1.0d, false);
        try {
            makeHttpRequest(true, false);
            Assert.fail("Request without client certficate should fail");
        } catch (Exception e) {
            Assert.assertTrue(e.getMessage().contains("HTTP response code: 401"));
        }
        try {
            makeHttpRequest(true, true);
        } catch (Exception e2) {
            Assert.fail("Request with client certificate shouldn't fail", e2);
        }
    }

    @Test
    public void testRateLimiting() throws Exception {
        setupEnv(false, "1.0", false, false, false, false, 10.0d, false);
        for (int i = 0; i < 5; i++) {
            makeHttpRequest(false, false);
            Thread.sleep(200L);
        }
        for (int i2 = 0; i2 < 500; i2++) {
            try {
                makeHttpRequest(false, false);
            } catch (IOException e) {
                Assert.assertTrue(e.getMessage().contains("429"));
                return;
            }
        }
        Assert.fail("Some request should have failed");
    }

    @Test
    public void testSplitPath() {
        Assert.assertEquals(PulsarWebResource.splitPath("prop/cluster/ns/topic1", 4), "topic1");
    }

    @Test
    public void testDisableHttpTraceAndTrackMethods() throws Exception {
        setupEnv(true, "1.0", true, false, false, false, -1.0d, true);
        String str = this.pulsar.getWebServiceAddress() + "/admin/v2/tenants/my-tenant" + System.currentTimeMillis();
        DefaultAsyncHttpClient defaultAsyncHttpClient = new DefaultAsyncHttpClient();
        try {
            Assert.assertEquals(defaultAsyncHttpClient.prepare("TRACE", str).execute().get().getStatusCode(), TokenId.DoubleConstant);
            Assert.assertEquals(defaultAsyncHttpClient.prepare("TRACK", str).execute().get().getStatusCode(), TokenId.DoubleConstant);
            if (Collections.singletonList(defaultAsyncHttpClient).get(0) != null) {
                defaultAsyncHttpClient.close();
            }
        } catch (Throwable th) {
            if (Collections.singletonList(defaultAsyncHttpClient).get(0) != null) {
                defaultAsyncHttpClient.close();
            }
            throw th;
        }
    }

    @Test
    public void testMaxRequestSize() throws Exception {
        setupEnv(true, "1.0", true, false, false, false, -1.0d, false);
        String str = this.pulsar.getWebServiceAddress() + "/admin/v2/tenants/my-tenant" + System.currentTimeMillis();
        DefaultAsyncHttpClient defaultAsyncHttpClient = new DefaultAsyncHttpClient();
        try {
            BoundRequestBuilder header = defaultAsyncHttpClient.preparePut(str).setHeader((CharSequence) "Accept", "application/json").setHeader((CharSequence) "Content-Type", "application/json");
            header.setBody(ObjectMapperFactory.getThreadLocal().writeValueAsBytes(TenantInfo.builder().adminRoles(Collections.singleton(StringUtils.repeat("*", 20480))).build()));
            Assert.assertEquals(header.execute().get().getStatusCode(), TokenId.Identifier);
            this.pulsar.getPulsarResources().getClusterResources().create(PulsarWebResource.path(new String[]{"clusters", "test"}), ClusterDataImpl.builder().build());
            header.setBody(ObjectMapperFactory.getThreadLocal().writeValueAsBytes(TenantInfo.builder().adminRoles(Collections.singleton(StringUtils.repeat("*", 1024))).allowedClusters(Sets.newHashSet("test")).build()));
            Assert.assertEquals(header.execute().get().getStatusCode(), 204);
            Assert.assertEquals(defaultAsyncHttpClient.prepareGet(str).setHeader((CharSequence) "Accept", "application/json").setHeader((CharSequence) "Content-Type", "application/json").execute().get().getStatusCode(), 200);
            if (Collections.singletonList(defaultAsyncHttpClient).get(0) != null) {
                defaultAsyncHttpClient.close();
            }
        } catch (Throwable th) {
            if (Collections.singletonList(defaultAsyncHttpClient).get(0) != null) {
                defaultAsyncHttpClient.close();
            }
            throw th;
        }
    }

    @Test
    public void testBrokerReady() throws Exception {
        setupEnv(true, "1.0", true, false, false, false, -1.0d, false);
        String str = this.pulsar.getWebServiceAddress() + "/admin/v2/brokers/ready";
        DefaultAsyncHttpClient defaultAsyncHttpClient = new DefaultAsyncHttpClient();
        try {
            Response response = defaultAsyncHttpClient.prepareGet(str).execute().get();
            Assert.assertEquals(response.getStatusCode(), 200);
            Assert.assertEquals(response.getResponseBody(), "ok");
            if (Collections.singletonList(defaultAsyncHttpClient).get(0) != null) {
                defaultAsyncHttpClient.close();
            }
        } catch (Throwable th) {
            if (Collections.singletonList(defaultAsyncHttpClient).get(0) != null) {
                defaultAsyncHttpClient.close();
            }
            throw th;
        }
    }

    private String makeHttpRequest(boolean z, boolean z2) throws Exception {
        InputStream inputStream = null;
        try {
            if (z) {
                KeyManager[] keyManagerArr = null;
                if (z2) {
                    X509Certificate[] loadCertificatesFromPemFile = SecurityUtility.loadCertificatesFromPemFile(TLS_CLIENT_CERT_FILE_PATH);
                    PrivateKey loadPrivateKeyFromPemFile = SecurityUtility.loadPrivateKeyFromPemFile(TLS_CLIENT_KEY_FILE_PATH);
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(null, null);
                    keyStore.setKeyEntry("private", loadPrivateKeyFromPemFile, "".toCharArray(), loadCertificatesFromPemFile);
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore, "".toCharArray());
                    keyManagerArr = keyManagerFactory.getKeyManagers();
                }
                TrustManager[] trustManagers = InsecureTrustManagerFactory.INSTANCE.getTrustManagers();
                SSLContext sSLContext = SSLContext.getInstance(KeyStoreSSLContext.DEFAULT_SSL_PROTOCOL);
                sSLContext.init(keyManagerArr, trustManagers, new SecureRandom());
                HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
                inputStream = new URL(this.BROKER_LOOKUP_URL_TLS).openStream();
            } else {
                inputStream = new URL(this.BROKER_LOOKUP_URL).openStream();
            }
            String charStreams = CharStreams.toString(new InputStreamReader(inputStream));
            log.info("Response: {}", charStreams);
            Closeables.close(inputStream, false);
            return charStreams;
        } catch (Throwable th) {
            Closeables.close(inputStream, false);
            throw th;
        }
    }

    private void setupEnv(boolean z, String str, boolean z2, boolean z3, boolean z4, boolean z5, double d, boolean z6) throws Exception {
        if (this.pulsar != null) {
            throw new Exception("broker already started");
        }
        HashSet hashSet = new HashSet();
        hashSet.add("org.apache.pulsar.broker.authentication.AuthenticationProviderTls");
        HashSet hashSet2 = new HashSet();
        hashSet2.add("client");
        ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
        serviceConfiguration.setAdvertisedAddress("localhost");
        serviceConfiguration.setBrokerShutdownTimeoutMs(0L);
        serviceConfiguration.setBrokerServicePort(Optional.of(0));
        serviceConfiguration.setWebServicePort(Optional.of(0));
        if (z3) {
            serviceConfiguration.setWebServicePortTls(Optional.of(0));
        }
        serviceConfiguration.setClientLibraryVersionCheckEnabled(z);
        serviceConfiguration.setAuthenticationEnabled(z4);
        serviceConfiguration.setAuthenticationProviders(hashSet);
        serviceConfiguration.setAuthorizationEnabled(false);
        serviceConfiguration.setSuperUserRoles(hashSet2);
        serviceConfiguration.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
        serviceConfiguration.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
        serviceConfiguration.setTlsAllowInsecureConnection(z5);
        serviceConfiguration.setTlsTrustCertsFilePath(z5 ? "" : TLS_CLIENT_CERT_FILE_PATH);
        serviceConfiguration.setClusterName("local");
        serviceConfiguration.setAdvertisedAddress("localhost");
        serviceConfiguration.setZookeeperServers("localhost:2181");
        serviceConfiguration.setHttpMaxRequestSize(10240L);
        serviceConfiguration.setDisableHttpDebugMethods(z6);
        if (d > CMAESOptimizer.DEFAULT_STOPFITNESS) {
            serviceConfiguration.setHttpRequestsLimitEnabled(true);
            serviceConfiguration.setHttpRequestsMaxPerSecond(d);
        }
        this.pulsar = (PulsarService) Mockito.spy(new PulsarService(serviceConfiguration));
        final MockZooKeeper createMockZooKeeper = MockedPulsarServiceBaseTest.createMockZooKeeper();
        ((PulsarService) Mockito.doReturn(new ZooKeeperClientFactory() { // from class: org.apache.pulsar.broker.web.WebServiceTest.1
            public CompletableFuture<ZooKeeper> create(String str2, ZooKeeperClientFactory.SessionType sessionType, int i) {
                return CompletableFuture.completedFuture(createMockZooKeeper);
            }
        }).when(this.pulsar)).getZooKeeperClientFactory();
        ((PulsarService) Mockito.doReturn(new ZKMetadataStore(createMockZooKeeper)).when(this.pulsar)).createConfigurationMetadataStore();
        ((PulsarService) Mockito.doReturn(new ZKMetadataStore(createMockZooKeeper)).when(this.pulsar)).createLocalMetadataStore();
        ((PulsarService) Mockito.doReturn(new MockedBookKeeperClientFactory()).when(this.pulsar)).newBookKeeperClientFactory();
        this.pulsar.start();
        try {
            this.pulsar.getZkClient().delete("/minApiVersion", -1);
        } catch (Exception e) {
        }
        this.pulsar.getZkClient().create("/minApiVersion", str.getBytes(), (List) null, CreateMode.PERSISTENT);
        String str2 = "http://localhost:" + this.pulsar.getListenPortHTTP().get();
        String str3 = "https://localhost:" + this.pulsar.getListenPortHTTPS().orElse(-1);
        String str4 = str2;
        PulsarAdminBuilder builder = PulsarAdmin.builder();
        if (z3 && z4) {
            str4 = str3;
            HashMap hashMap = new HashMap();
            hashMap.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
            hashMap.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
            builder.authentication(AuthenticationTls.class.getName(), hashMap).allowTlsInsecureConnection(true);
        }
        this.BROKER_LOOKUP_URL = str2 + "/lookup/v2/destination/persistent/my-property/local/my-namespace/my-topic";
        this.BROKER_LOOKUP_URL_TLS = str3 + "/lookup/v2/destination/persistent/my-property/local/my-namespace/my-topic";
        PulsarAdmin build = builder.serviceHttpUrl(str4).build();
        try {
            build.clusters().createCluster(serviceConfiguration.getClusterName(), ClusterData.builder().serviceUrl(this.pulsar.getWebServiceAddress()).build());
            build.close();
        } catch (PulsarAdminException.ConflictException e2) {
            build.close();
        } catch (Throwable th) {
            build.close();
            throw th;
        }
    }

    @AfterMethod(alwaysRun = true)
    void teardown() {
        if (this.pulsar != null) {
            try {
                this.pulsar.close();
                this.pulsar = null;
            } catch (Exception e) {
                Assert.fail("Got exception while closing the pulsar instance ", e);
            }
        }
    }
}
