package org.apache.ignite.ssl;

import javax.net.ssl.SSLContext;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.Ignition;
import org.apache.ignite.client.Config;
import org.apache.ignite.client.IgniteClient;
import org.apache.ignite.client.SslMode;
import org.apache.ignite.configuration.ClientConfiguration;
import org.apache.ignite.configuration.ClientConnectorConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.testframework.GridTestUtils;
import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
import org.junit.After;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/ignite/ssl/OneWaySslThinClientTest.class */
public class OneWaySslThinClientTest extends GridCommonAbstractTest {
    private SslContextFactory sslContextFactory;
    private boolean sslClientAuth;

    @After
    public void tearDown() throws Exception {
        stopAllGrids();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.ignite.testframework.junits.GridAbstractTest
    public IgniteConfiguration getConfiguration(String str) throws Exception {
        return super.getConfiguration(str).setClientConnectorConfiguration(new ClientConnectorConfiguration().setSslEnabled(true).setSslClientAuth(this.sslClientAuth)).setSslContextFactory(this.sslContextFactory);
    }

    private ClientConfiguration clientConfiguration() {
        ClientConfiguration addresses = new ClientConfiguration().setAddresses(new String[]{Config.SERVER});
        addresses.setSslContextFactory(this.sslContextFactory);
        addresses.setSslMode(SslMode.REQUIRED);
        return addresses;
    }

    @Test
    public void testSimpleOneWay() throws Exception {
        this.sslContextFactory = GridTestUtils.sslTrustedFactory("node01", null);
        this.sslClientAuth = false;
        startGrid(0);
        this.sslContextFactory = GridTestUtils.sslTrustedFactory(null, "trustone");
        IgniteClient startClient = Ignition.startClient(clientConfiguration());
        startClient.createCache("foo").put("a", "b");
        Assert.assertEquals("b", startClient.cache("foo").get("a"));
    }

    @Test
    public void testClientHasKeyServerDoesntTrust() throws Exception {
        this.sslContextFactory = GridTestUtils.sslTrustedFactory("node01", null);
        this.sslClientAuth = false;
        startGrid(0);
        this.sslContextFactory = GridTestUtils.sslTrustedFactory("node02", "trustone");
        IgniteClient startClient = Ignition.startClient(clientConfiguration());
        startClient.createCache("foo").put("a", "b");
        Assert.assertEquals("b", startClient.cache("foo").get("a"));
    }

    @Test
    public void testClientTrustsNoOne() throws Exception {
        this.sslContextFactory = GridTestUtils.sslTrustedFactory("node01", null);
        this.sslClientAuth = false;
        startGrid(0);
        this.sslContextFactory = GridTestUtils.sslTrustedFactory(null, null);
        GridTestUtils.assertThrowsAnyCause(log, () -> {
            return Ignition.startClient(clientConfiguration());
        }, IgniteCheckedException.class, "SSL handshake failed");
    }

    @Test
    public void testClientTrustsAnother() throws Exception {
        this.sslContextFactory = GridTestUtils.sslTrustedFactory("node01", null);
        this.sslClientAuth = false;
        startGrid(0);
        this.sslContextFactory = GridTestUtils.sslTrustedFactory(null, "trusttwo");
        GridTestUtils.assertThrowsAnyCause(log, () -> {
            return Ignition.startClient(clientConfiguration());
        }, IgniteCheckedException.class, "SSL handshake failed");
    }

    @Test
    public void testClientAuthOverridesSslFactoryAuthTrue() throws Exception {
        this.sslContextFactory = GridTestUtils.sslTrustedFactory("node01", null);
        this.sslContextFactory.setNeedClientAuth(false);
        this.sslClientAuth = true;
        startGrid(0);
        this.sslContextFactory = GridTestUtils.sslTrustedFactory(null, "trustone");
        GridTestUtils.assertThrowsAnyCause(log, () -> {
            return Ignition.startClient(clientConfiguration());
        }, IgniteCheckedException.class, "SSL handshake failed");
    }

    @Test
    public void testClientAuthOverridesSslFactoryAuthFalse() throws Exception {
        this.sslContextFactory = GridTestUtils.sslTrustedFactory("node01", null);
        this.sslContextFactory.setNeedClientAuth(true);
        this.sslClientAuth = false;
        startGrid(0);
        this.sslContextFactory = GridTestUtils.sslTrustedFactory(null, "trustone");
        IgniteClient startClient = Ignition.startClient(clientConfiguration());
        startClient.createCache("foo").put("a", "b");
        Assert.assertEquals("b", startClient.cache("foo").get("a"));
    }

    @Test
    public void testDefaultSslContextOnClient() throws Exception {
        this.sslContextFactory = GridTestUtils.sslTrustedFactory("node01", null);
        this.sslContextFactory.setNeedClientAuth(true);
        this.sslClientAuth = false;
        startGrid(0);
        this.sslContextFactory = null;
        SSLContext sSLContext = SSLContext.getDefault();
        try {
            SSLContext.setDefault(GridTestUtils.sslTrustedFactory(null, "trustone").create());
            IgniteClient startClient = Ignition.startClient(clientConfiguration());
            startClient.createCache("foo").put("a", "b");
            Assert.assertEquals("b", startClient.cache("foo").get("a"));
        } finally {
            SSLContext.setDefault(sSLContext);
        }
    }
}
