package org.apache.pulsar.broker.web;

import java.io.PrintStream;
import java.time.Duration;
import java.time.temporal.ChronoUnit;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import nl.altindag.console.ConsoleCaptor;
import org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest;
import org.assertj.core.api.ThrowingConsumer;
import org.awaitility.Awaitility;
import org.eclipse.jetty.client.HttpClient;
import org.eclipse.jetty.client.ProxyProtocolClientConnectionFactory;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

@Test(groups = {"broker"})
/* loaded from: input_file:org/apache/pulsar/broker/web/WebServiceOriginalClientIPTest.class */
public class WebServiceOriginalClientIPTest extends MockedPulsarServiceBaseTest {
    private static final Logger log = LoggerFactory.getLogger(WebServiceOriginalClientIPTest.class);
    HttpClient httpClient;

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @BeforeClass(alwaysRun = true)
    protected void setup() throws Exception {
        super.internalSetup();
        this.httpClient = new HttpClient(new SslContextFactory(true));
        this.httpClient.start();
    }

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @AfterClass(alwaysRun = true)
    protected void cleanup() throws Exception {
        super.internalCleanup();
        if (this.httpClient != null) {
            this.httpClient.stop();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    public void doInitConf() throws Exception {
        super.doInitConf();
        this.conf.setWebServiceTrustXForwardedFor(true);
        this.conf.setWebServiceHaProxyProtocolEnabled(true);
        this.conf.setWebServicePortTls(Optional.of(0));
        this.conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
        this.conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
        this.conf.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(name = "tlsEnabled")
    public Object[][] tlsEnabled() {
        return new Object[]{new Object[]{true}, new Object[]{false}};
    }

    @Test(dataProvider = "tlsEnabled")
    public void testClientIPIsPickedFromXForwardedForHeaderAndLogged(boolean z) throws Exception {
        String str = (z ? this.pulsar.getWebServiceAddressTls() : this.pulsar.getWebServiceAddress()) + "/metrics/";
        performLoggingTest(consoleCaptor -> {
            Assert.assertTrue(this.httpClient.newRequest(str).header("X-Forwarded-For", "11.22.33.44:12345").send().getContentAsString().contains("process_cpu_seconds_total"));
            Assert.assertTrue(consoleCaptor.getStandardOutput().stream().anyMatch(str2 -> {
                return str2.contains("RequestLog") && str2.contains("[R:11.22.33.44:12345 via ");
            }));
        });
    }

    @Test(dataProvider = "tlsEnabled")
    public void testClientIPIsPickedFromForwardedHeaderAndLogged(boolean z) throws Exception {
        String str = (z ? this.pulsar.getWebServiceAddressTls() : this.pulsar.getWebServiceAddress()) + "/metrics/";
        performLoggingTest(consoleCaptor -> {
            Assert.assertTrue(this.httpClient.newRequest(str).header("Forwarded", "for=11.22.33.44:12345").send().getContentAsString().contains("process_cpu_seconds_total"));
            Assert.assertTrue(consoleCaptor.getStandardOutput().stream().anyMatch(str2 -> {
                return str2.contains("RequestLog") && str2.contains("[R:11.22.33.44:12345 via ");
            }));
        });
    }

    @Test(dataProvider = "tlsEnabled")
    public void testClientIPIsPickedFromHAProxyProtocolAndLogged(boolean z) throws Exception {
        String str = (z ? this.pulsar.getWebServiceAddressTls() : this.pulsar.getWebServiceAddress()) + "/metrics/";
        performLoggingTest(consoleCaptor -> {
            Assert.assertTrue(this.httpClient.newRequest(str).tag(new ProxyProtocolClientConnectionFactory.V2.Tag(ProxyProtocolClientConnectionFactory.V2.Tag.Command.PROXY, (ProxyProtocolClientConnectionFactory.V2.Tag.Family) null, ProxyProtocolClientConnectionFactory.V2.Tag.Protocol.STREAM, "99.22.33.44", 1234, "5.4.3.1", 4321, (List) null)).send().getContentAsString().contains("process_cpu_seconds_total"));
            Assert.assertTrue(consoleCaptor.getStandardOutput().stream().anyMatch(str2 -> {
                return str2.contains("RequestLog") && str2.contains("[R:99.22.33.44:1234 via ") && str2.contains(" dst 5.4.3.1:4321]");
            }));
        });
    }

    void performLoggingTest(ThrowingConsumer<ConsoleCaptor> throwingConsumer) {
        ConsoleCaptor consoleCaptor = new ConsoleCaptor();
        try {
            Awaitility.await().atMost(Duration.of(2L, ChronoUnit.SECONDS)).untilAsserted(() -> {
                consoleCaptor.clearOutput();
                throwingConsumer.accept(consoleCaptor);
            });
        } finally {
            consoleCaptor.close();
            System.out.println("--- Captured console output:");
            List standardOutput = consoleCaptor.getStandardOutput();
            PrintStream printStream = System.out;
            Objects.requireNonNull(printStream);
            standardOutput.forEach(printStream::println);
            List errorOutput = consoleCaptor.getErrorOutput();
            PrintStream printStream2 = System.err;
            Objects.requireNonNull(printStream2);
            errorOutput.forEach(printStream2::println);
            System.out.println("--- End of captured console output");
        }
    }
}
