package org.apache.pulsar.broker.web;

import com.google.common.collect.Multimap;
import com.google.common.collect.Sets;
import com.google.common.io.CharStreams;
import com.google.common.io.Closeables;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Optional;
import java.util.zip.GZIPInputStream;
import java.util.zip.ZipException;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.PrometheusMetricsTestUtil;
import org.apache.pulsar.broker.PulsarService;
import org.apache.pulsar.broker.ServiceConfiguration;
import org.apache.pulsar.broker.stats.prometheus.PrometheusMetricsClient;
import org.apache.pulsar.broker.testcontext.PulsarTestContext;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.admin.PulsarAdminBuilder;
import org.apache.pulsar.client.admin.PulsarAdminException;
import org.apache.pulsar.client.impl.auth.AuthenticationTls;
import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.ClusterDataImpl;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.apache.pulsar.common.util.ObjectMapperFactory;
import org.apache.pulsar.common.util.SecurityUtility;
import org.apache.pulsar.utils.ResourceUtils;
import org.asynchttpclient.BoundRequestBuilder;
import org.asynchttpclient.DefaultAsyncHttpClient;
import org.asynchttpclient.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.Test;

@Test(groups = {"broker"})
/* loaded from: input_file:org/apache/pulsar/broker/web/WebServiceTest.class */
public class WebServiceTest {
    private PulsarTestContext pulsarTestContext;
    private PulsarService pulsar;
    private String BROKER_LOOKUP_URL;
    private String BROKER_LOOKUP_URL_TLS;
    private static final String CA_CERT_FILE_PATH = ResourceUtils.getAbsolutePath("certificate-authority/certs/ca.cert.pem");
    private static final String BROKER_CERT_FILE_PATH = ResourceUtils.getAbsolutePath("certificate-authority/server-keys/broker.cert.pem");
    private static final String BROKER_KEY_FILE_PATH = ResourceUtils.getAbsolutePath("certificate-authority/server-keys/broker.key-pk8.pem");
    private static final String CLIENT_CERT_FILE_PATH = ResourceUtils.getAbsolutePath("certificate-authority/client-keys/admin.cert.pem");
    private static final String CLIENT_KEY_FILE_PATH = ResourceUtils.getAbsolutePath("certificate-authority/client-keys/admin.key-pk8.pem");
    private static final Logger log = LoggerFactory.getLogger(WebServiceTest.class);

    @Test
    public void testWebExecutorMetrics() throws Exception {
        setupEnv(true, false, false, false, -1.0d, false);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PrometheusMetricsTestUtil.generate(this.pulsar, false, false, false, byteArrayOutputStream);
        Multimap<String, PrometheusMetricsClient.Metric> parseMetrics = PrometheusMetricsClient.parseMetrics(byteArrayOutputStream.toString());
        Collection<PrometheusMetricsClient.Metric> collection = parseMetrics.get("pulsar_web_executor_max_threads");
        Collection<PrometheusMetricsClient.Metric> collection2 = parseMetrics.get("pulsar_web_executor_min_threads");
        Collection<PrometheusMetricsClient.Metric> collection3 = parseMetrics.get("pulsar_web_executor_active_threads");
        Collection<PrometheusMetricsClient.Metric> collection4 = parseMetrics.get("pulsar_web_executor_idle_threads");
        Collection<PrometheusMetricsClient.Metric> collection5 = parseMetrics.get("pulsar_web_executor_current_threads");
        for (PrometheusMetricsClient.Metric metric : collection) {
            Assert.assertNotNull(metric.tags.get("cluster"));
            Assert.assertTrue(metric.value > 0.0d);
        }
        for (PrometheusMetricsClient.Metric metric2 : collection2) {
            Assert.assertNotNull(metric2.tags.get("cluster"));
            Assert.assertTrue(metric2.value > 0.0d);
        }
        for (PrometheusMetricsClient.Metric metric3 : collection3) {
            Assert.assertNotNull(metric3.tags.get("cluster"));
            Assert.assertTrue(metric3.value >= 0.0d);
        }
        for (PrometheusMetricsClient.Metric metric4 : collection4) {
            Assert.assertNotNull(metric4.tags.get("cluster"));
            Assert.assertTrue(metric4.value >= 0.0d);
        }
        for (PrometheusMetricsClient.Metric metric5 : collection5) {
            Assert.assertNotNull(metric5.tags.get("cluster"));
            Assert.assertTrue(metric5.value > 0.0d);
        }
    }

    @Test
    public void testDefaultClientVersion() throws Exception {
        setupEnv(true, false, false, false, -1.0d, false);
        try {
            makeHttpRequest(false, false);
        } catch (Exception e) {
            Assert.fail("HTTP request to lookup a namespace shouldn't fail ", e);
        }
    }

    @Test
    public void testTlsEnabled() throws Exception {
        setupEnv(false, true, false, false, -1.0d, false);
        try {
            makeHttpRequest(false, false);
        } catch (Exception e) {
            Assert.fail("HTTP request shouldn't fail ", e);
        }
        try {
            makeHttpRequest(true, false);
        } catch (Exception e2) {
            Assert.fail("HTTPS request shouldn't fail ", e2);
        }
    }

    @Test
    public void testTlsDisabled() throws Exception {
        setupEnv(false, false, false, false, -1.0d, false);
        try {
            makeHttpRequest(false, false);
        } catch (Exception e) {
            Assert.fail("HTTP request shouldn't fail ", e);
        }
        try {
            makeHttpRequest(true, false);
            Assert.fail("HTTPS request should fail ");
        } catch (Exception e2) {
        }
    }

    @Test
    public void testTlsAuthAllowInsecure() throws Exception {
        setupEnv(false, true, true, true, -1.0d, false);
        try {
            makeHttpRequest(true, false);
            Assert.fail("Request without client certficate should fail");
        } catch (Exception e) {
            Assert.assertTrue(e.getMessage().contains("HTTP response code: 401"));
        }
        try {
            makeHttpRequest(true, true);
        } catch (Exception e2) {
            Assert.fail("Request with client certificate shouldn't fail", e2);
        }
    }

    @Test
    public void testTlsAuthDisallowInsecure() throws Exception {
        setupEnv(false, true, true, false, -1.0d, false);
        try {
            makeHttpRequest(true, false);
            Assert.fail("Request without client certficate should fail");
        } catch (Exception e) {
            Assert.assertTrue(e.getMessage().contains("HTTP response code: 401"));
        }
        try {
            makeHttpRequest(true, true);
        } catch (Exception e2) {
            Assert.fail("Request with client certificate shouldn't fail", e2);
        }
    }

    @Test
    public void testRateLimiting() throws Exception {
        setupEnv(false, false, false, false, 10.0d, false);
        for (int i = 0; i < 5; i++) {
            makeHttpRequest(false, false);
            Thread.sleep(200L);
        }
        for (int i2 = 0; i2 < 500; i2++) {
            try {
                makeHttpRequest(false, false);
            } catch (IOException e) {
                Assert.assertTrue(e.getMessage().contains("429"));
                return;
            }
        }
        Assert.fail("Some request should have failed");
    }

    @Test
    public void testSplitPath() {
        Assert.assertEquals(PulsarWebResource.splitPath("prop/cluster/ns/topic1", 4), "topic1");
    }

    @Test
    public void testDisableHttpTraceAndTrackMethods() throws Exception {
        setupEnv(true, false, false, false, -1.0d, true);
        String str = this.pulsar.getWebServiceAddress() + "/admin/v2/tenants/my-tenant" + System.currentTimeMillis();
        DefaultAsyncHttpClient defaultAsyncHttpClient = new DefaultAsyncHttpClient();
        try {
            Assert.assertEquals(((Response) defaultAsyncHttpClient.prepare("TRACE", str).execute().get()).getStatusCode(), 405);
            Assert.assertEquals(((Response) defaultAsyncHttpClient.prepare("TRACK", str).execute().get()).getStatusCode(), 405);
            if (Collections.singletonList(defaultAsyncHttpClient).get(0) != null) {
                defaultAsyncHttpClient.close();
            }
        } catch (Throwable th) {
            if (Collections.singletonList(defaultAsyncHttpClient).get(0) != null) {
                defaultAsyncHttpClient.close();
            }
            throw th;
        }
    }

    @Test
    public void testMaxRequestSize() throws Exception {
        setupEnv(true, false, false, false, -1.0d, false);
        String str = this.pulsar.getWebServiceAddress() + "/admin/v2/tenants/my-tenant" + System.currentTimeMillis();
        DefaultAsyncHttpClient defaultAsyncHttpClient = new DefaultAsyncHttpClient();
        try {
            BoundRequestBuilder header = defaultAsyncHttpClient.preparePut(str).setHeader("Accept", "application/json").setHeader("Content-Type", "application/json");
            header.setBody(ObjectMapperFactory.getMapper().writer().writeValueAsBytes(TenantInfo.builder().adminRoles(Collections.singleton(StringUtils.repeat("*", 20480))).build()));
            Assert.assertEquals(((Response) header.execute().get()).getStatusCode(), 400);
            this.pulsar.getPulsarResources().getClusterResources().createCluster("test", ClusterDataImpl.builder().build());
            header.setBody(ObjectMapperFactory.getMapper().writer().writeValueAsBytes(TenantInfo.builder().adminRoles(Collections.singleton(StringUtils.repeat("*", 1024))).allowedClusters(Sets.newHashSet(new String[]{"test"})).build()));
            Assert.assertEquals(((Response) header.execute().get()).getStatusCode(), 204);
            Assert.assertEquals(((Response) defaultAsyncHttpClient.prepareGet(str).setHeader("Accept", "application/json").setHeader("Content-Type", "application/json").execute().get()).getStatusCode(), 200);
            if (Collections.singletonList(defaultAsyncHttpClient).get(0) != null) {
                defaultAsyncHttpClient.close();
            }
        } catch (Throwable th) {
            if (Collections.singletonList(defaultAsyncHttpClient).get(0) != null) {
                defaultAsyncHttpClient.close();
            }
            throw th;
        }
    }

    @Test
    public void testBrokerReady() throws Exception {
        setupEnv(true, false, false, false, -1.0d, false);
        String str = this.pulsar.getWebServiceAddress() + "/admin/v2/brokers/ready";
        DefaultAsyncHttpClient defaultAsyncHttpClient = new DefaultAsyncHttpClient();
        try {
            Response response = (Response) defaultAsyncHttpClient.prepareGet(str).execute().get();
            Assert.assertEquals(response.getStatusCode(), 200);
            Assert.assertEquals(response.getResponseBody(), "ok");
            if (Collections.singletonList(defaultAsyncHttpClient).get(0) != null) {
                defaultAsyncHttpClient.close();
            }
        } catch (Throwable th) {
            if (Collections.singletonList(defaultAsyncHttpClient).get(0) != null) {
                defaultAsyncHttpClient.close();
            }
            throw th;
        }
    }

    @Test
    public void testCompressOutputMetricsInPrometheus() throws Exception {
        setupEnv(true, false, false, false, -1.0d, false);
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(this.pulsar.getWebServiceAddress() + "/metrics/").openConnection();
        httpURLConnection.setRequestMethod("GET");
        httpURLConnection.setRequestProperty("Accept-Encoding", "gzip");
        StringBuilder sb = new StringBuilder();
        try {
            try {
                InputStream inputStream = httpURLConnection.getInputStream();
                try {
                    GZIPInputStream gZIPInputStream = new GZIPInputStream(inputStream);
                    while (true) {
                        try {
                            int read = gZIPInputStream.read();
                            if (read == -1) {
                                break;
                            } else {
                                sb.append((char) read);
                            }
                        } catch (Throwable th) {
                            try {
                                gZIPInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                            throw th;
                        }
                    }
                    gZIPInputStream.close();
                    log.info("Response Content: {}", sb);
                    Assert.assertTrue(sb.toString().contains("process_cpu_seconds_total"));
                    if (inputStream != null) {
                        inputStream.close();
                    }
                    httpURLConnection.disconnect();
                } catch (Throwable th3) {
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    }
                    throw th3;
                }
            } catch (IOException e) {
                log.error("Failed to decompress the content, likely the content is not compressed ", e);
                Assert.fail();
                httpURLConnection.disconnect();
            }
        } catch (Throwable th5) {
            httpURLConnection.disconnect();
            throw th5;
        }
    }

    @Test
    public void testUnCompressOutputMetricsInPrometheus() throws Exception {
        GZIPInputStream gZIPInputStream;
        setupEnv(true, false, false, false, -1.0d, false);
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(this.pulsar.getWebServiceAddress() + "/metrics/").openConnection();
        httpURLConnection.setRequestMethod("GET");
        StringBuilder sb = new StringBuilder();
        try {
            InputStream inputStream = httpURLConnection.getInputStream();
            try {
                try {
                    gZIPInputStream = new GZIPInputStream(inputStream);
                } finally {
                }
            } catch (IOException e) {
                Assert.assertTrue(e instanceof ZipException);
            }
            try {
                Assert.fail();
                gZIPInputStream.close();
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    } else {
                        sb.append(readLine + "\n");
                    }
                }
                if (inputStream != null) {
                    inputStream.close();
                }
                log.info("Response Content: {}", sb);
                Assert.assertTrue(sb.toString().contains("process_cpu_seconds_total"));
            } catch (Throwable th) {
                try {
                    gZIPInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } finally {
            httpURLConnection.disconnect();
        }
    }

    private String makeHttpRequest(boolean z, boolean z2) throws Exception {
        InputStream inputStream = null;
        try {
            if (z) {
                KeyManager[] keyManagerArr = null;
                if (z2) {
                    X509Certificate[] loadCertificatesFromPemFile = SecurityUtility.loadCertificatesFromPemFile(CLIENT_CERT_FILE_PATH);
                    PrivateKey loadPrivateKeyFromPemFile = SecurityUtility.loadPrivateKeyFromPemFile(CLIENT_KEY_FILE_PATH);
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(null, null);
                    keyStore.setKeyEntry("private", loadPrivateKeyFromPemFile, "".toCharArray(), loadCertificatesFromPemFile);
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore, "".toCharArray());
                    keyManagerArr = keyManagerFactory.getKeyManagers();
                }
                TrustManager[] trustManagers = InsecureTrustManagerFactory.INSTANCE.getTrustManagers();
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(keyManagerArr, trustManagers, new SecureRandom());
                HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
                inputStream = new URL(this.BROKER_LOOKUP_URL_TLS).openStream();
            } else {
                inputStream = new URL(this.BROKER_LOOKUP_URL).openStream();
            }
            String charStreams = CharStreams.toString(new InputStreamReader(inputStream));
            log.info("Response: {}", charStreams);
            Closeables.close(inputStream, false);
            return charStreams;
        } catch (Throwable th) {
            Closeables.close(inputStream, false);
            throw th;
        }
    }

    private void setupEnv(boolean z, boolean z2, boolean z3, boolean z4, double d, boolean z5) throws Exception {
        if (this.pulsar != null) {
            throw new Exception("broker already started");
        }
        HashSet hashSet = new HashSet();
        hashSet.add("org.apache.pulsar.broker.authentication.AuthenticationProviderTls");
        HashSet hashSet2 = new HashSet();
        hashSet2.add("client");
        ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
        serviceConfiguration.setAdvertisedAddress("localhost");
        serviceConfiguration.setBrokerShutdownTimeoutMs(0L);
        serviceConfiguration.setLoadBalancerOverrideBrokerNicSpeedGbps(Optional.of(Double.valueOf(1.0d)));
        serviceConfiguration.setBrokerServicePort(Optional.of(0));
        serviceConfiguration.setWebServicePort(Optional.of(0));
        if (z2) {
            serviceConfiguration.setWebServicePortTls(Optional.of(0));
        }
        serviceConfiguration.setClientLibraryVersionCheckEnabled(z);
        serviceConfiguration.setAuthenticationEnabled(z3);
        serviceConfiguration.setAuthenticationProviders(hashSet);
        serviceConfiguration.setAuthorizationEnabled(false);
        serviceConfiguration.setSuperUserRoles(hashSet2);
        serviceConfiguration.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
        serviceConfiguration.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
        serviceConfiguration.setTlsAllowInsecureConnection(z4);
        serviceConfiguration.setTlsTrustCertsFilePath(z4 ? "" : CA_CERT_FILE_PATH);
        serviceConfiguration.setClusterName("local");
        serviceConfiguration.setAdvertisedAddress("localhost");
        serviceConfiguration.setMetadataStoreUrl("zk:localhost:2181");
        serviceConfiguration.setHttpMaxRequestSize(10240L);
        serviceConfiguration.setDisableHttpDebugMethods(z5);
        if (d > 0.0d) {
            serviceConfiguration.setHttpRequestsLimitEnabled(true);
            serviceConfiguration.setHttpRequestsMaxPerSecond(d);
        }
        this.pulsarTestContext = PulsarTestContext.builder().spyByDefault().config(serviceConfiguration).build();
        this.pulsar = this.pulsarTestContext.getPulsarService();
        String str = "http://localhost:" + this.pulsar.getListenPortHTTP().get();
        String str2 = "https://localhost:" + this.pulsar.getListenPortHTTPS().orElse(-1);
        String str3 = str;
        PulsarAdminBuilder builder = PulsarAdmin.builder();
        if (z2 && z3) {
            str3 = str2;
            HashMap hashMap = new HashMap();
            hashMap.put("tlsCertFile", CLIENT_CERT_FILE_PATH);
            hashMap.put("tlsKeyFile", CLIENT_KEY_FILE_PATH);
            builder.authentication(AuthenticationTls.class.getName(), hashMap).allowTlsInsecureConnection(true);
        }
        this.BROKER_LOOKUP_URL = str + "/lookup/v2/destination/persistent/my-property/local/my-namespace/my-topic";
        this.BROKER_LOOKUP_URL_TLS = str2 + "/lookup/v2/destination/persistent/my-property/local/my-namespace/my-topic";
        PulsarAdmin build = builder.serviceHttpUrl(str3).build();
        try {
            build.clusters().createCluster(serviceConfiguration.getClusterName(), ClusterData.builder().serviceUrl(this.pulsar.getWebServiceAddress()).build());
            build.close();
        } catch (PulsarAdminException.ConflictException e) {
            build.close();
        } catch (Throwable th) {
            build.close();
            throw th;
        }
    }

    @AfterMethod(alwaysRun = true)
    void teardown() {
        if (this.pulsarTestContext != null) {
            try {
                this.pulsarTestContext.close();
                this.pulsarTestContext = null;
            } catch (Exception e) {
                Assert.fail("Got exception while closing the pulsar instance ", e);
            }
        }
        this.pulsar = null;
    }
}
