package org.eclipse.jetty.server.ssl;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.http.HttpMethod;
import org.eclipse.jetty.http.HttpTester;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.AbstractHandler;
import org.eclipse.jetty.util.IO;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.ScheduledExecutorScheduler;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/eclipse/jetty/server/ssl/SslContextFactoryReloadTest.class */
public class SslContextFactoryReloadTest {
    public static final String KEYSTORE_1 = "src/test/resources/reload_keystore_1.jks";
    public static final String KEYSTORE_2 = "src/test/resources/reload_keystore_2.jks";
    private Server server;
    private SslContextFactory sslContextFactory;
    private ServerConnector connector;

    /* loaded from: input_file:org/eclipse/jetty/server/ssl/SslContextFactoryReloadTest$EchoHandler.class */
    private static class EchoHandler extends AbstractHandler {
        private EchoHandler() {
        }

        public void handle(String str, Request request, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
            request.setHandled(true);
            if (HttpMethod.POST.is(httpServletRequest.getMethod())) {
                IO.copy(httpServletRequest.getInputStream(), httpServletResponse.getOutputStream());
            } else {
                httpServletResponse.setContentLength(0);
            }
        }
    }

    private void start(Handler handler) throws Exception {
        this.server = new Server();
        this.sslContextFactory = new SslContextFactory.Server();
        this.sslContextFactory.setKeyStorePath(KEYSTORE_1);
        this.sslContextFactory.setKeyStorePassword("storepwd");
        this.sslContextFactory.setKeyStoreType("JKS");
        this.sslContextFactory.setKeyStoreProvider((String) null);
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.addCustomizer(new SecureRequestCustomizer());
        this.connector = new ServerConnector(this.server, new ConnectionFactory[]{new SslConnectionFactory(this.sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfiguration)});
        this.server.addConnector(this.connector);
        this.server.setHandler(handler);
        this.server.start();
    }

    @AfterEach
    public void dispose() throws Exception {
        if (this.server != null) {
            this.server.stop();
        }
    }

    @Test
    public void testReload() throws Exception {
        start(new EchoHandler());
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(null, SslContextFactory.TRUST_ALL_CERTS, null);
        SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
        SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket("localhost", this.connector.getLocalPort());
        try {
            MatcherAssert.assertThat(sSLSocket.getSession().getPeerPrincipal().getName(), Matchers.startsWith("CN=localhost1"));
            OutputStream outputStream = sSLSocket.getOutputStream();
            outputStream.write("GET / HTTP/1.1\r\nHost: localhost\r\n\r\n".getBytes(StandardCharsets.UTF_8));
            outputStream.flush();
            HttpTester.Response parseResponse = HttpTester.parseResponse(HttpTester.from(sSLSocket.getInputStream()));
            Assertions.assertNotNull(parseResponse);
            MatcherAssert.assertThat(Integer.valueOf(parseResponse.getStatus()), Matchers.equalTo(200));
            this.sslContextFactory.reload(sslContextFactory -> {
                sslContextFactory.setKeyStorePath(KEYSTORE_2);
                sslContextFactory.setKeyStorePassword("storepwd");
            });
            SSLSocket sSLSocket2 = (SSLSocket) socketFactory.createSocket("localhost", this.connector.getLocalPort());
            try {
                MatcherAssert.assertThat(sSLSocket2.getSession().getPeerPrincipal().getName(), Matchers.startsWith("CN=localhost2"));
                OutputStream outputStream2 = sSLSocket.getOutputStream();
                outputStream2.write("GET / HTTP/1.1\r\nHost: localhost\r\n\r\n".getBytes(StandardCharsets.UTF_8));
                outputStream2.flush();
                HttpTester.Response parseResponse2 = HttpTester.parseResponse(HttpTester.from(sSLSocket.getInputStream()));
                Assertions.assertNotNull(parseResponse2);
                MatcherAssert.assertThat(Integer.valueOf(parseResponse2.getStatus()), Matchers.equalTo(200));
                if (sSLSocket2 != null) {
                    sSLSocket2.close();
                }
                outputStream.write("GET / HTTP/1.1\r\nHost: localhost\r\n\r\n".getBytes(StandardCharsets.UTF_8));
                outputStream.flush();
                HttpTester.Response parseResponse3 = HttpTester.parseResponse(HttpTester.from(sSLSocket.getInputStream()));
                Assertions.assertNotNull(parseResponse3);
                MatcherAssert.assertThat(Integer.valueOf(parseResponse3.getStatus()), Matchers.equalTo(200));
                if (sSLSocket != null) {
                    sSLSocket.close();
                }
            } catch (Throwable th) {
                if (sSLSocket2 != null) {
                    try {
                        sSLSocket2.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (sSLSocket != null) {
                try {
                    sSLSocket.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    @Test
    public void testReloadWhileServing() throws Exception {
        start(new EchoHandler());
        final ScheduledExecutorScheduler scheduledExecutorScheduler = new ScheduledExecutorScheduler();
        scheduledExecutorScheduler.start();
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            sSLContext.init(null, SslContextFactory.TRUST_ALL_CERTS, null);
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            final AtomicInteger atomicInteger = new AtomicInteger(4);
            final long j = 500;
            final AtomicBoolean atomicBoolean = new AtomicBoolean(true);
            scheduledExecutorScheduler.schedule(new Runnable() { // from class: org.eclipse.jetty.server.ssl.SslContextFactoryReloadTest.1
                @Override // java.lang.Runnable
                public void run() {
                    if (atomicInteger.decrementAndGet() == 0) {
                        atomicBoolean.set(false);
                        return;
                    }
                    try {
                        SslContextFactoryReloadTest.this.sslContextFactory.reload(sslContextFactory -> {
                            if (sslContextFactory.getKeyStorePath().endsWith(SslContextFactoryReloadTest.KEYSTORE_1)) {
                                sslContextFactory.setKeyStorePath(SslContextFactoryReloadTest.KEYSTORE_2);
                            } else {
                                sslContextFactory.setKeyStorePath(SslContextFactoryReloadTest.KEYSTORE_1);
                            }
                        });
                        scheduledExecutorScheduler.schedule(this, j, TimeUnit.MILLISECONDS);
                    } catch (Exception e) {
                        atomicBoolean.set(false);
                        atomicInteger.set(-1);
                    }
                }
            }, 500L, TimeUnit.MILLISECONDS);
            byte[] bArr = new byte[16384];
            while (atomicBoolean.get()) {
                SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket("localhost", this.connector.getLocalPort());
                try {
                    sSLSocket.getSession().invalidate();
                    String str = "POST / HTTP/1.1\r\nHost: localhost\r\nContent-Length: " + bArr.length + "\r\n\r\n";
                    OutputStream outputStream = sSLSocket.getOutputStream();
                    outputStream.write(str.getBytes(StandardCharsets.UTF_8));
                    outputStream.write(bArr);
                    outputStream.flush();
                    InputStream inputStream = sSLSocket.getInputStream();
                    HttpTester.Response parseResponse = HttpTester.parseResponse(HttpTester.from(inputStream));
                    Assertions.assertNotNull(parseResponse);
                    MatcherAssert.assertThat(Integer.valueOf(parseResponse.getStatus()), Matchers.equalTo(200));
                    outputStream.write("GET / HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n".getBytes(StandardCharsets.UTF_8));
                    outputStream.flush();
                    HttpTester.Response parseResponse2 = HttpTester.parseResponse(HttpTester.from(inputStream));
                    Assertions.assertNotNull(parseResponse2);
                    MatcherAssert.assertThat(Integer.valueOf(parseResponse2.getStatus()), Matchers.equalTo(200));
                    if (sSLSocket != null) {
                        sSLSocket.close();
                    }
                } finally {
                }
            }
            Assertions.assertEquals(0, atomicInteger.get());
            scheduledExecutorScheduler.stop();
        } catch (Throwable th) {
            scheduledExecutorScheduler.stop();
            throw th;
        }
    }
}
