package org.apache.ignite.common;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.Collections;
import java.util.function.Supplier;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.Ignition;
import org.apache.ignite.client.ClientConnectionException;
import org.apache.ignite.client.IgniteClient;
import org.apache.ignite.client.SslMode;
import org.apache.ignite.configuration.ClientConfiguration;
import org.apache.ignite.configuration.ClientConnectorConfiguration;
import org.apache.ignite.configuration.ConnectorConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.internal.IgniteEx;
import org.apache.ignite.internal.client.GridClient;
import org.apache.ignite.internal.client.GridClientConfiguration;
import org.apache.ignite.internal.client.GridClientFactory;
import org.apache.ignite.internal.processors.metric.GridMetricManager;
import org.apache.ignite.internal.processors.metric.MetricRegistry;
import org.apache.ignite.internal.processors.rest.protocols.tcp.GridTcpRestProtocol;
import org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi;
import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi;
import org.apache.ignite.ssl.SslContextFactory;
import org.apache.ignite.testframework.GridTestUtils;
import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
import org.junit.Test;

/* loaded from: input_file:org/apache/ignite/common/NodeSslConnectionMetricTest.class */
public class NodeSslConnectionMetricTest extends GridCommonAbstractTest {
    private static final String CIPHER_SUITE = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
    private static final String UNSUPPORTED_CIPHER_SUITE = "TLS_RSA_WITH_AES_128_GCM_SHA256";
    private static final long TIMEOUT = 7000;

    protected void beforeTestsStarted() throws Exception {
        super.beforeTestsStarted();
        GridClientFactory.stopAll(false);
    }

    protected void afterTest() throws Exception {
        super.afterTest();
        stopAllGrids(true);
    }

    @Test
    public void testSslDisabled() throws Exception {
        IgniteEx startGrid = startGrid();
        MetricRegistry mreg = mreg(startGrid, TcpDiscoverySpi.DISCO_METRICS);
        assertFalse(mreg.findMetric("SslEnabled").value());
        assertEquals(0, mreg.findMetric("RejectedSslConnectionsCount").value());
        MetricRegistry mreg2 = mreg(startGrid, TcpCommunicationSpi.COMMUNICATION_METRICS_GROUP_NAME);
        assertFalse(mreg2.findMetric("SslEnabled").value());
        assertNull(mreg2.findMetric("RejectedSslSessionsCount"));
        assertNull(mreg2.findMetric("SslHandshakeDurationHistogram"));
        assertEquals(0, mreg2.findMetric("ActiveSessionsCount").value());
        MetricRegistry mreg3 = mreg(startGrid, GridMetricManager.CLIENT_CONNECTOR_METRICS);
        assertFalse(mreg3.findMetric("SslEnabled").value());
        assertNull(mreg3.findMetric("RejectedSslSessionsCount"));
        assertNull(mreg3.findMetric("SslHandshakeDurationHistogram"));
        assertEquals(0, mreg3.findMetric("ActiveSessionsCount").value());
        MetricRegistry mreg4 = mreg(startGrid, GridTcpRestProtocol.REST_CONNECTOR_METRIC_REGISTRY_NAME);
        assertNull(mreg4.findMetric("SslEnabled"));
        assertNull(mreg4.findMetric("RejectedSslSessionsCount"));
        assertNull(mreg4.findMetric("SslHandshakeDurationHistogram"));
        assertNull(mreg4.findMetric("ActiveSessionsCount"));
        stopAllGrids();
        MetricRegistry mreg5 = mreg(startGrid(getConfiguration().setConnectorConfiguration(new ConnectorConfiguration())), GridTcpRestProtocol.REST_CONNECTOR_METRIC_REGISTRY_NAME);
        assertFalse(mreg5.findMetric("SslEnabled").value());
        assertEquals(0, mreg5.findMetric("ActiveSessionsCount").value());
    }

    @Test
    public void testJdbc() throws Exception {
        MetricRegistry mreg = mreg(startClusterNode(0), GridMetricManager.CLIENT_CONNECTOR_METRICS);
        assertEquals(0L, mreg.findMetric("sentBytes").value());
        assertEquals(0L, mreg.findMetric("receivedBytes").value());
        Connection connection = DriverManager.getConnection(jdbcConfiguration("thinClient", "trusttwo", CIPHER_SUITE, "TLSv1.2"));
        Throwable th = null;
        try {
            try {
                checkSslCommunicationMetrics(mreg, 1, 1, 0);
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        connection.close();
                    }
                }
                assertTrue(mreg.findMetric("sentBytes").value() > 0);
                assertTrue(mreg.findMetric("receivedBytes").value() > 0);
                checkSslCommunicationMetrics(mreg, 1, 0, 0);
                GridTestUtils.assertThrowsWithCause(() -> {
                    return DriverManager.getConnection(jdbcConfiguration("client", "trusttwo", CIPHER_SUITE, "TLSv1.2"));
                }, SQLException.class);
                checkSslCommunicationMetrics(mreg, 2, 0, 1);
                GridTestUtils.assertThrowsWithCause(() -> {
                    return DriverManager.getConnection(jdbcConfiguration("thinClient", "trusttwo", UNSUPPORTED_CIPHER_SUITE, "TLSv1.2"));
                }, SQLException.class);
                checkSslCommunicationMetrics(mreg, 3, 0, 2);
                GridTestUtils.assertThrowsWithCause(() -> {
                    return DriverManager.getConnection(jdbcConfiguration("thinClient", "trusttwo", null, "TLSv1.1"));
                }, SQLException.class);
                checkSslCommunicationMetrics(mreg, 4, 0, 3);
            } finally {
            }
        } catch (Throwable th3) {
            if (connection != null) {
                if (th != null) {
                    try {
                        connection.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    connection.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testRestClientConnector() throws Exception {
        MetricRegistry mreg = mreg(startClusterNode(0), GridTcpRestProtocol.REST_CONNECTOR_METRIC_REGISTRY_NAME);
        assertEquals(0L, mreg.findMetric("sentBytes").value());
        assertEquals(0L, mreg.findMetric("receivedBytes").value());
        GridClient start = GridClientFactory.start(gridClientConfiguration("connectorClient", "trustthree", CIPHER_SUITE, "TLSv1.2"));
        Throwable th = null;
        try {
            try {
                checkSslCommunicationMetrics(mreg, 1, 1, 0);
                if (start != null) {
                    if (0 != 0) {
                        try {
                            start.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        start.close();
                    }
                }
                assertTrue(mreg.findMetric("sentBytes").value() > 0);
                assertTrue(mreg.findMetric("receivedBytes").value() > 0);
                checkSslCommunicationMetrics(mreg, 1, 0, 0);
                GridClient start2 = GridClientFactory.start(gridClientConfiguration("client", "trustthree", CIPHER_SUITE, "TLSv1.2"));
                Throwable th3 = null;
                if (start2 != null) {
                    if (0 != 0) {
                        try {
                            start2.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    } else {
                        start2.close();
                    }
                }
                checkSslCommunicationMetrics(mreg, 4, 0, 3);
                GridClient start3 = GridClientFactory.start(gridClientConfiguration("connectorClient", "trustthree", UNSUPPORTED_CIPHER_SUITE, "TLSv1.2"));
                Throwable th5 = null;
                if (start3 != null) {
                    if (0 != 0) {
                        try {
                            start3.close();
                        } catch (Throwable th6) {
                            th5.addSuppressed(th6);
                        }
                    } else {
                        start3.close();
                    }
                }
                checkSslCommunicationMetrics(mreg, 7, 0, 6);
                GridClient start4 = GridClientFactory.start(gridClientConfiguration("connectorClient", "trustthree", null, "TLSv1.1"));
                Throwable th7 = null;
                if (start4 != null) {
                    if (0 != 0) {
                        try {
                            start4.close();
                        } catch (Throwable th8) {
                            th7.addSuppressed(th8);
                        }
                    } else {
                        start4.close();
                    }
                }
                checkSslCommunicationMetrics(mreg, 10, 0, 9);
            } finally {
            }
        } catch (Throwable th9) {
            if (start != null) {
                if (th != null) {
                    try {
                        start.close();
                    } catch (Throwable th10) {
                        th.addSuppressed(th10);
                    }
                } else {
                    start.close();
                }
            }
            throw th9;
        }
    }

    @Test
    public void testDiscovery() throws Exception {
        MetricRegistry mreg = mreg(startClusterNode(0), TcpDiscoverySpi.DISCO_METRICS);
        startGrid(nodeConfiguration(1, true, "client", "trustone", CIPHER_SUITE, "TLSv1.2"));
        assertTrue(mreg.findMetric("SslEnabled").value());
        assertEquals(0, mreg.findMetric("RejectedSslConnectionsCount").value());
        checkNodeJoinFails(2, true, "thinClient", "trusttwo", CIPHER_SUITE, "TLSv1.2");
        checkNodeJoinFails(2, false, "thinClient", "trusttwo", CIPHER_SUITE, "TLSv1.2");
        checkNodeJoinFails(2, true, "client", "trustone", UNSUPPORTED_CIPHER_SUITE, "TLSv1.2");
        checkNodeJoinFails(2, false, "node01", "trustone", UNSUPPORTED_CIPHER_SUITE, "TLSv1.2");
        checkNodeJoinFails(2, true, "client", "trustone", null, "TLSv1.1");
        checkNodeJoinFails(2, false, "node01", "trustone", null, "TLSv1.1");
        waitForMetricGreaterOrEqual("RejectedSslConnectionsCount", 12, () -> {
            return Integer.valueOf(mreg.findMetric("RejectedSslConnectionsCount").value());
        });
    }

    @Test
    public void testCommunication() throws Exception {
        MetricRegistry mreg = mreg(startClusterNode(0), TcpCommunicationSpi.COMMUNICATION_METRICS_GROUP_NAME);
        assertEquals(0L, mreg.findMetric("sentBytes").value());
        assertEquals(0L, mreg.findMetric("receivedBytes").value());
        checkSslCommunicationMetrics(mreg, 0, 0, 0);
        IgniteEx startGrid = startGrid(nodeConfiguration(1, true, "client", "trustone", CIPHER_SUITE, "TLSv1.2"));
        Throwable th = null;
        try {
            IgniteEx startGrid2 = startGrid(nodeConfiguration(2, false, "node01", "trustone", CIPHER_SUITE, "TLSv1.2"));
            Throwable th2 = null;
            try {
                try {
                    checkSslCommunicationMetrics(mreg, 2, 2, 0);
                    MetricRegistry mreg2 = mreg(startGrid, TcpCommunicationSpi.COMMUNICATION_METRICS_GROUP_NAME);
                    checkSslCommunicationMetrics(mreg2, 0, 1, 0);
                    assertTrue(mreg2.findMetric("sentBytes").value() > 0);
                    assertTrue(mreg2.findMetric("receivedBytes").value() > 0);
                    MetricRegistry mreg3 = mreg(startGrid2, TcpCommunicationSpi.COMMUNICATION_METRICS_GROUP_NAME);
                    checkSslCommunicationMetrics(mreg3, 0, 1, 0);
                    assertTrue(mreg3.findMetric("sentBytes").value() > 0);
                    assertTrue(mreg3.findMetric("receivedBytes").value() > 0);
                    if (startGrid2 != null) {
                        if (0 != 0) {
                            try {
                                startGrid2.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            startGrid2.close();
                        }
                    }
                    assertTrue(mreg.findMetric("sentBytes").value() > 0);
                    assertTrue(mreg.findMetric("receivedBytes").value() > 0);
                    checkSslCommunicationMetrics(mreg, 2, 0, 0);
                } finally {
                }
            } catch (Throwable th4) {
                if (startGrid2 != null) {
                    if (th2 != null) {
                        try {
                            startGrid2.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        startGrid2.close();
                    }
                }
                throw th4;
            }
        } finally {
            if (startGrid != null) {
                if (0 != 0) {
                    try {
                        startGrid.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    startGrid.close();
                }
            }
        }
    }

    @Test
    public void testClientConnector() throws Exception {
        MetricRegistry mreg = mreg(startClusterNode(0), GridMetricManager.CLIENT_CONNECTOR_METRICS);
        assertEquals(0L, mreg.findMetric("sentBytes").value());
        assertEquals(0L, mreg.findMetric("receivedBytes").value());
        IgniteClient startClient = Ignition.startClient(clientConfiguration("thinClient", "trusttwo", CIPHER_SUITE, "TLSv1.2"));
        Throwable th = null;
        try {
            try {
                checkSslCommunicationMetrics(mreg, 1, 1, 0);
                if (startClient != null) {
                    if (0 != 0) {
                        try {
                            startClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        startClient.close();
                    }
                }
                assertTrue(mreg.findMetric("sentBytes").value() > 0);
                assertTrue(mreg.findMetric("receivedBytes").value() > 0);
                checkSslCommunicationMetrics(mreg, 1, 0, 0);
                GridTestUtils.assertThrowsWithCause(() -> {
                    return Ignition.startClient(clientConfiguration("client", "trustboth", CIPHER_SUITE, "TLSv1.2"));
                }, ClientConnectionException.class);
                checkSslCommunicationMetrics(mreg, 2, 0, 1);
                GridTestUtils.assertThrowsWithCause(() -> {
                    return Ignition.startClient(clientConfiguration("thinClient", "trusttwo", UNSUPPORTED_CIPHER_SUITE, "TLSv1.2"));
                }, ClientConnectionException.class);
                checkSslCommunicationMetrics(mreg, 3, 0, 2);
                GridTestUtils.assertThrowsWithCause(() -> {
                    return Ignition.startClient(clientConfiguration("thinClient", "trusttwo", null, "TLSv1.1"));
                }, ClientConnectionException.class);
                checkSslCommunicationMetrics(mreg, 4, 0, 3);
            } finally {
            }
        } catch (Throwable th3) {
            if (startClient != null) {
                if (th != null) {
                    try {
                        startClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    startClient.close();
                }
            }
            throw th3;
        }
    }

    private IgniteEx startClusterNode(int i) throws Exception {
        IgniteConfiguration configuration = getConfiguration(getTestIgniteInstanceName(i));
        configuration.setSslContextFactory(sslContextFactory("server", "trustone", CIPHER_SUITE, "TLSv1.2"));
        configuration.setClientConnectorConfiguration(new ClientConnectorConfiguration().setSslEnabled(true).setSslClientAuth(true).setUseIgniteSslContextFactory(false).setSslContextFactory(sslContextFactory("thinServer", "trusttwo", CIPHER_SUITE, "TLSv1.2")));
        configuration.setConnectorConfiguration(new ConnectorConfiguration().setSslClientAuth(true).setSslEnabled(true).setSslFactory(sslContextFactory("connectorServer", "trustthree", CIPHER_SUITE, "TLSv1.2")));
        return startGrid(configuration);
    }

    private String jdbcConfiguration(String str, String str2, String str3, String str4) {
        String str5 = "jdbc:ignite:thin://127.0.0.1:10800?sslMode=require&sslClientCertificateKeyStoreUrl=" + GridTestUtils.keyStorePath(str) + "&sslClientCertificateKeyStorePassword=" + GridTestUtils.keyStorePassword() + "&sslTrustCertificateKeyStoreUrl=" + GridTestUtils.keyStorePath(str2) + "&sslTrustCertificateKeyStorePassword=" + GridTestUtils.keyStorePassword() + "&sslProtocol=" + str4;
        if (str3 != null) {
            str5 = str5 + "&sslCipherSuites=" + str3;
        }
        return str5;
    }

    private IgniteConfiguration nodeConfiguration(int i, boolean z, String str, String str2, String str3, String str4) throws Exception {
        return getConfiguration(getTestIgniteInstanceName(i)).setSslContextFactory(sslContextFactory(str, str2, str3, str4)).setClientMode(z);
    }

    private GridClientConfiguration gridClientConfiguration(String str, String str2, String str3, String str4) {
        SslContextFactory sslContextFactory = sslContextFactory(str, str2, str3, str4);
        GridClientConfiguration servers = new GridClientConfiguration().setServers(Collections.singleton("127.0.0.1:11211"));
        sslContextFactory.getClass();
        return servers.setSslContextFactory(sslContextFactory::create);
    }

    private ClientConfiguration clientConfiguration(String str, String str2, String str3, String str4) {
        return new ClientConfiguration().setAddresses(new String[]{"127.0.0.1:10800"}).setSslMode(SslMode.REQUIRED).setSslContextFactory(sslContextFactory(str, str2, str3, str4));
    }

    private void checkNodeJoinFails(int i, boolean z, String str, String str2, String str3, String str4) throws Exception {
        IgniteConfiguration nodeConfiguration = nodeConfiguration(i, z, str, str2, str3, str4);
        if (z) {
            nodeConfiguration.getDiscoverySpi().setJoinTimeout(1L);
        }
        GridTestUtils.assertThrowsWithCause(() -> {
            return startGrid(nodeConfiguration);
        }, IgniteCheckedException.class);
    }

    private MetricRegistry mreg(IgniteEx igniteEx, String str) {
        return igniteEx.context().metric().registry(str);
    }

    private void checkSslCommunicationMetrics(MetricRegistry metricRegistry, int i, int i2, int i3) throws Exception {
        assertEquals(true, metricRegistry.findMetric("SslEnabled").value());
        waitForMetric("ActiveSessionsCount", i2, () -> {
            return Integer.valueOf(metricRegistry.findMetric("ActiveSessionsCount").value());
        });
        waitForMetric("SslHandshakeDurationHistogram", i, () -> {
            return Integer.valueOf((int) Arrays.stream((long[]) metricRegistry.findMetric("SslHandshakeDurationHistogram").value()).sum());
        });
        waitForMetric("RejectedSslSessionsCount", i3, () -> {
            return Integer.valueOf(metricRegistry.findMetric("RejectedSslSessionsCount").value());
        });
    }

    private void waitForMetric(String str, int i, Supplier<Integer> supplier) throws Exception {
        assertTrue("Metric " + str + " expected " + i + " but was " + supplier.get(), GridTestUtils.waitForCondition(() -> {
            return i == ((Integer) supplier.get()).intValue();
        }, TIMEOUT));
    }

    private void waitForMetricGreaterOrEqual(String str, int i, Supplier<Integer> supplier) throws Exception {
        assertTrue("Metric " + str + " expected greater or equal than " + i + " but was " + supplier.get(), GridTestUtils.waitForCondition(() -> {
            return i <= ((Integer) supplier.get()).intValue();
        }, TIMEOUT));
    }

    private SslContextFactory sslContextFactory(String str, String str2, String str3, String str4) {
        SslContextFactory sslTrustedFactory = GridTestUtils.sslTrustedFactory(str, str2);
        if (str3 != null) {
            sslTrustedFactory.setCipherSuites(new String[]{str3});
        }
        sslTrustedFactory.setProtocols(new String[]{str4});
        return sslTrustedFactory;
    }
}
