package org.apache.james;

import com.google.common.collect.ImmutableList;
import com.google.inject.Module;
import io.restassured.RestAssured;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.james.data.UsersRepositoryModuleChooser;
import org.apache.james.modules.data.MemoryUsersRepositoryModule;
import org.apache.james.modules.protocols.ImapGuiceProbe;
import org.apache.james.modules.protocols.SmtpGuiceProbe;
import org.apache.james.utils.WebAdminGuiceProbe;
import org.apache.james.webadmin.WebAdminConfiguration;
import org.apache.james.webadmin.WebAdminUtils;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.io.TempDir;

/* loaded from: input_file:org/apache/james/CertificateReloadTest.class */
class CertificateReloadTest {
    private static final List<String> BASE_CONFIGURATION_FILE_NAMES = ImmutableList.of("dnsservice.xml", "dnsservice.xml", "imapserver.xml", "imapserver2.xml", "jwt_publickey", "lmtpserver.xml", "keystore", "mailetcontainer.xml", "mailrepositorystore.xml", "managesieveserver.xml", "pop3server.xml", "smtpserver.xml", new String[]{"smtpserver2.xml"});
    private GuiceJamesServer jamesServer;
    private TemporaryJamesServer temporaryJamesServer;

    /* loaded from: input_file:org/apache/james/CertificateReloadTest$BlindTrustManager.class */
    public static class BlindTrustManager implements X509TrustManager {
        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }
    }

    CertificateReloadTest() {
    }

    @BeforeEach
    void beforeEach(@TempDir Path path) {
        this.temporaryJamesServer = new TemporaryJamesServer(path.toFile(), BASE_CONFIGURATION_FILE_NAMES);
        this.jamesServer = this.temporaryJamesServer.getJamesServer().combineWith(new Module[]{MemoryJamesServerMain.IN_MEMORY_SERVER_AGGREGATE_MODULE}).combineWith(new UsersRepositoryModuleChooser(new MemoryUsersRepositoryModule()).chooseModules(UsersRepositoryModuleChooser.Implementation.DEFAULT)).overrideWith(new Module[]{binder -> {
            binder.bind(WebAdminConfiguration.class).toInstance(WebAdminConfiguration.TEST_CONFIGURATION);
        }});
    }

    @AfterEach
    void afterEach() {
        if (this.jamesServer == null || !this.jamesServer.isStarted()) {
            return;
        }
        this.jamesServer.stop();
    }

    @Test
    void subjectShouldBeKeptWhenNoRestart() throws Exception {
        this.temporaryJamesServer.copyResources("smtpserver2.xml", "smtpserver.xml");
        this.jamesServer.start();
        Assertions.assertThat(getServerCertificate(this.jamesServer.getProbe(SmtpGuiceProbe.class).getSmtpSslPort().getValue()).getSubjectX500Principal().getName()).isEqualTo("CN=Benoit Tellier,OU=Linagora,O=James,L=Puteaux,ST=Unknown,C=FR");
    }

    private X509Certificate getServerCertificate(int i) throws NoSuchAlgorithmException, KeyManagementException, IOException {
        Stream stream = Arrays.stream(openSSLConnection(i).getSession().getPeerCertificates());
        Class<X509Certificate> cls = X509Certificate.class;
        Objects.requireNonNull(X509Certificate.class);
        Stream filter = stream.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<X509Certificate> cls2 = X509Certificate.class;
        Objects.requireNonNull(X509Certificate.class);
        return (X509Certificate) filter.map((v1) -> {
            return r1.cast(v1);
        }).findFirst().orElseThrow();
    }

    private SSLSocket openSSLConnection(int i) throws NoSuchAlgorithmException, KeyManagementException, IOException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, new TrustManager[]{new BlindTrustManager()}, null);
        return (SSLSocket) sSLContext.getSocketFactory().createSocket("127.0.0.1", i);
    }

    @Test
    void reloadShouldUpdateCertificates() throws Exception {
        this.temporaryJamesServer.copyResources("smtpserver2.xml", "smtpserver.xml");
        this.jamesServer.start();
        this.temporaryJamesServer.copyResources("keystore2", "keystore");
        RestAssured.requestSpecification = WebAdminUtils.buildRequestSpecification(this.jamesServer.getProbe(WebAdminGuiceProbe.class).getWebAdminPort()).build();
        int value = this.jamesServer.getProbe(SmtpGuiceProbe.class).getSmtpSslPort().getValue();
        RestAssured.given().queryParam("reload-certificate", new Object[0]).queryParam("port", new Object[]{Integer.valueOf(value)}).when().post("/servers", new Object[0]).then().statusCode(204);
        Assertions.assertThat(getServerCertificate(value).getSubjectX500Principal().getName()).isEqualTo("CN=Testing,OU=Testing,O=Testing,L=Testing,ST=Testing,C=Te");
    }

    @Test
    void reloadShouldUpdateCertificatesForImap() throws Exception {
        this.temporaryJamesServer.copyResources("imapserver2.xml", "imapserver.xml");
        this.jamesServer.start();
        this.temporaryJamesServer.copyResources("keystore2", "keystore");
        RestAssured.requestSpecification = WebAdminUtils.buildRequestSpecification(this.jamesServer.getProbe(WebAdminGuiceProbe.class).getWebAdminPort()).build();
        int imapSSLPort = this.jamesServer.getProbe(ImapGuiceProbe.class).getImapSSLPort();
        RestAssured.given().queryParam("reload-certificate", new Object[0]).queryParam("port", new Object[]{Integer.valueOf(imapSSLPort)}).when().post("/servers", new Object[0]).then().statusCode(204);
        Assertions.assertThat(getServerCertificate(imapSSLPort).getSubjectX500Principal().getName()).isEqualTo("CN=Testing,OU=Testing,O=Testing,L=Testing,ST=Testing,C=Te");
    }

    @Test
    void reloadShouldNotAbortExistingConnections() throws Exception {
        this.temporaryJamesServer.copyResources("smtpserver2.xml", "smtpserver.xml");
        this.jamesServer.start();
        SSLSocket openSSLConnection = openSSLConnection(this.jamesServer.getProbe(SmtpGuiceProbe.class).getSmtpSslPort().getValue());
        this.temporaryJamesServer.copyResources("keystore2", "keystore");
        RestAssured.requestSpecification = WebAdminUtils.buildRequestSpecification(this.jamesServer.getProbe(WebAdminGuiceProbe.class).getWebAdminPort()).build();
        RestAssured.given().queryParam("reload-certificate", new Object[0]).queryParam("port", new Object[]{Integer.valueOf(this.jamesServer.getProbe(SmtpGuiceProbe.class).getSmtpSslPort().getValue())}).when().post("/servers", new Object[0]).then().statusCode(204);
        readBytes(openSSLConnection);
        openSSLConnection.getOutputStream().write("EHLO toto.com\r\n".getBytes(StandardCharsets.UTF_8));
        Assertions.assertThat(readBytes(openSSLConnection)).contains(new CharSequence[]{"250 8BITMIME"});
    }

    private String readBytes(SSLSocket sSLSocket) throws IOException {
        byte[] bArr = new byte[1024];
        return new String(bArr, 0, sSLSocket.getInputStream().read(bArr));
    }
}
