package org.apache.activemq.transport.tcp;

import java.net.URI;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Map;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.activemq.broker.BrokerService;
import org.apache.activemq.broker.TransportConnector;
import org.apache.activemq.usecases.DurableSubDelayedUnsubscribeTest;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.support.ClassPathXmlApplicationContext;

/* loaded from: input_file:org/apache/activemq/transport/tcp/SslContextNBrokerServiceTest.class */
public class SslContextNBrokerServiceTest {
    private static final transient Logger LOG = LoggerFactory.getLogger(SslContextNBrokerServiceTest.class);
    private ClassPathXmlApplicationContext context;
    Map<String, BrokerService> beansOfType;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/activemq/transport/tcp/SslContextNBrokerServiceTest$CertChainCatcher.class */
    public class CertChainCatcher implements X509TrustManager {
        X509Certificate[] serverCerts;

        CertChainCatcher() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.serverCerts = x509CertificateArr;
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    @Test(timeout = 120000)
    public void testDummyConfigurationIsolation() throws Exception {
        Assert.assertTrue("dummy bean has dummy cert", verifyCredentials("dummy"));
    }

    @Test(timeout = 120000)
    public void testActiveMQDotOrgConfigurationIsolation() throws Exception {
        Assert.assertTrue("good bean has amq cert", verifyCredentials("activemq.org"));
    }

    private boolean verifyCredentials(String str) throws Exception {
        BrokerService broker = getBroker(str);
        Assert.assertNotNull(str, broker);
        broker.start();
        broker.waitUntilStarted();
        try {
            boolean verifySslCredentials = verifySslCredentials(broker);
            broker.stop();
            return verifySslCredentials;
        } catch (Throwable th) {
            broker.stop();
            throw th;
        }
    }

    private boolean verifySslCredentials(BrokerService brokerService) throws Exception {
        URI connectUri = ((TransportConnector) brokerService.getTransportConnectors().get(0)).getConnectUri();
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        CertChainCatcher certChainCatcher = new CertChainCatcher();
        sSLContext.init(null, new TrustManager[]{certChainCatcher}, null);
        SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
        LOG.info("Connecting to broker: " + brokerService.getBrokerName() + " on: " + connectUri.getHost() + ":" + connectUri.getPort());
        SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(connectUri.getHost(), connectUri.getPort());
        sSLSocket.setSoTimeout(DurableSubDelayedUnsubscribeTest.Client.lifetime);
        sSLSocket.startHandshake();
        sSLSocket.close();
        boolean z = false;
        if (certChainCatcher.serverCerts != null) {
            for (int i = 0; i < certChainCatcher.serverCerts.length; i++) {
                LOG.info(" " + (i + 1) + " Issuer " + certChainCatcher.serverCerts[i].getIssuerDN());
            }
            if (certChainCatcher.serverCerts.length > 0 && certChainCatcher.serverCerts[0].getIssuerDN().toString().indexOf(brokerService.getBrokerName()) != -1) {
                z = true;
            }
        }
        return z;
    }

    private BrokerService getBroker(String str) {
        BrokerService brokerService = null;
        Iterator<BrokerService> it = this.beansOfType.values().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            BrokerService next = it.next();
            if (next.getBrokerName().equals(str)) {
                brokerService = next;
                break;
            }
        }
        return brokerService;
    }

    @Before
    public void setUp() throws Exception {
        Thread.currentThread().setContextClassLoader(SslContextNBrokerServiceTest.class.getClassLoader());
        this.context = new ClassPathXmlApplicationContext("org/apache/activemq/transport/tcp/n-brokers-ssl.xml");
        this.beansOfType = this.context.getBeansOfType(BrokerService.class);
    }

    @After
    public void tearDown() throws Exception {
        this.context.destroy();
    }
}
