package org.apache.brooklyn.entity.proxy.nginx;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import java.io.File;
import java.net.URI;
import java.util.Iterator;
import org.apache.brooklyn.api.entity.Entity;
import org.apache.brooklyn.api.entity.EntitySpec;
import org.apache.brooklyn.api.location.Location;
import org.apache.brooklyn.core.location.PortRanges;
import org.apache.brooklyn.core.sensor.PortAttributeSensorAndConfigKey;
import org.apache.brooklyn.core.test.BrooklynAppLiveTestSupport;
import org.apache.brooklyn.entity.group.DynamicCluster;
import org.apache.brooklyn.entity.proxy.LoadBalancer;
import org.apache.brooklyn.entity.proxy.ProxySslConfig;
import org.apache.brooklyn.entity.software.base.SoftwareProcess;
import org.apache.brooklyn.entity.webapp.JavaWebAppService;
import org.apache.brooklyn.entity.webapp.WebAppService;
import org.apache.brooklyn.entity.webapp.jboss.JBoss7Server;
import org.apache.brooklyn.test.Asserts;
import org.apache.brooklyn.test.HttpTestUtils;
import org.apache.brooklyn.test.support.TestResourceUnavailableException;
import org.apache.brooklyn.util.exceptions.Exceptions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/brooklyn/entity/proxy/nginx/NginxHttpsSslIntegrationTest.class */
public class NginxHttpsSslIntegrationTest extends BrooklynAppLiveTestSupport {
    private static final Logger log = LoggerFactory.getLogger(NginxHttpsSslIntegrationTest.class);
    private NginxController nginx;
    private DynamicCluster cluster;
    private Location localLoc;
    private static final String CERTIFICATE_URL = "classpath://ssl/certs/localhost/server.crt";
    private static final String KEY_URL = "classpath://ssl/certs/localhost/server.key";

    @BeforeMethod(alwaysRun = true)
    public void setUp() throws Exception {
        super.setUp();
        this.localLoc = this.mgmt.getLocationRegistry().resolve("localhost");
    }

    private static void urlContainsPort(NginxController nginxController, PortAttributeSensorAndConfigKey portAttributeSensorAndConfigKey, String str) {
        Integer num = (Integer) nginxController.getAttribute(portAttributeSensorAndConfigKey);
        Assert.assertTrue(Iterables.contains(PortRanges.fromString(str), num), "Port " + num + " not in range " + str);
        String uri = ((URI) Preconditions.checkNotNull((URI) nginxController.getAttribute(LoadBalancer.MAIN_URI), "main uri")).toString();
        Assert.assertTrue(uri.contains(":" + num), "URL does not contain expected port; port " + num + ", url " + uri);
    }

    public String getTestWar() {
        TestResourceUnavailableException.throwIfResourceUnavailable(getClass(), "/hello-world.war");
        return "classpath://hello-world.war";
    }

    @Test(groups = {"Integration"})
    public void testStartsWithGlobalSsl_withCertificateAndKeyCopy() {
        this.cluster = this.app.createAndManageChild(EntitySpec.create(DynamicCluster.class).configure(DynamicCluster.MEMBER_SPEC, EntitySpec.create(JBoss7Server.class)).configure("initialSize", 1).configure(JavaWebAppService.ROOT_WAR, getTestWar()));
        this.nginx = this.app.createAndManageChild(EntitySpec.create(NginxController.class).configure("sticky", false).configure("serverPool", this.cluster).configure("domain", "localhost").configure("httpsPort", "8453+").configure("ssl", ProxySslConfig.builder().certificateSourceUrl(CERTIFICATE_URL).keySourceUrl(KEY_URL).build()));
        this.app.start(ImmutableList.of(this.localLoc));
        urlContainsPort(this.nginx, LoadBalancer.PROXY_HTTPS_PORT, "8453+");
        final String str = (String) this.nginx.getAttribute(WebAppService.ROOT_URL);
        log.info("URL for nginx is " + str);
        if (!str.startsWith("https://")) {
            Assert.fail("URL should be https: " + str);
        }
        Asserts.succeedsEventually(new Runnable() { // from class: org.apache.brooklyn.entity.proxy.nginx.NginxHttpsSslIntegrationTest.1
            @Override // java.lang.Runnable
            public void run() {
                Assert.assertTrue(((Boolean) NginxHttpsSslIntegrationTest.this.cluster.getAttribute(SoftwareProcess.SERVICE_UP)).booleanValue());
                Iterator it = NginxHttpsSslIntegrationTest.this.cluster.getMembers().iterator();
                while (it.hasNext()) {
                    Assert.assertTrue(((Boolean) ((Entity) it.next()).getAttribute(SoftwareProcess.SERVICE_UP)).booleanValue());
                }
                Assert.assertTrue(((Boolean) NginxHttpsSslIntegrationTest.this.nginx.getAttribute(SoftwareProcess.SERVICE_UP)).booleanValue());
                HttpTestUtils.assertHttpStatusCodeEquals(str, new int[]{200});
                Iterator it2 = NginxHttpsSslIntegrationTest.this.cluster.getMembers().iterator();
                while (it2.hasNext()) {
                    HttpTestUtils.assertHttpStatusCodeEquals((String) ((Entity) it2.next()).getAttribute(WebAppService.ROOT_URL), new int[]{200});
                }
            }
        });
        this.app.stop();
        Assert.assertFalse(((Boolean) this.nginx.getAttribute(SoftwareProcess.SERVICE_UP)).booleanValue());
        Assert.assertFalse(((Boolean) this.cluster.getAttribute(SoftwareProcess.SERVICE_UP)).booleanValue());
        Iterator it = this.cluster.getMembers().iterator();
        while (it.hasNext()) {
            Assert.assertFalse(((Boolean) ((Entity) it.next()).getAttribute(SoftwareProcess.SERVICE_UP)).booleanValue());
        }
    }

    private String getFile(String str) {
        return new File(getClass().getResource("/" + str).getFile()).getAbsolutePath();
    }

    @Test(groups = {"Integration"})
    public void testStartsWithGlobalSsl_withPreinstalledCertificateAndKey() {
        this.cluster = this.app.createAndManageChild(EntitySpec.create(DynamicCluster.class).configure(DynamicCluster.MEMBER_SPEC, EntitySpec.create(JBoss7Server.class)).configure("initialSize", 1).configure(JavaWebAppService.ROOT_WAR, getTestWar()));
        this.nginx = this.app.createAndManageChild(EntitySpec.create(NginxController.class).configure("sticky", false).configure("serverPool", this.cluster).configure("domain", "localhost").configure("port", "8443+").configure("ssl", ProxySslConfig.builder().certificateDestination(getFile("ssl/certs/localhost/server.crt")).keyDestination(getFile("ssl/certs/localhost/server.key")).build()));
        this.app.start(ImmutableList.of(this.localLoc));
        final String str = (String) this.nginx.getAttribute(WebAppService.ROOT_URL);
        if (!str.startsWith("https://")) {
            Assert.fail("URL should be https: " + str);
        }
        Asserts.succeedsEventually(new Runnable() { // from class: org.apache.brooklyn.entity.proxy.nginx.NginxHttpsSslIntegrationTest.2
            @Override // java.lang.Runnable
            public void run() {
                Assert.assertTrue(((Boolean) NginxHttpsSslIntegrationTest.this.cluster.getAttribute(SoftwareProcess.SERVICE_UP)).booleanValue());
                Iterator it = NginxHttpsSslIntegrationTest.this.cluster.getMembers().iterator();
                while (it.hasNext()) {
                    Assert.assertTrue(((Boolean) ((Entity) it.next()).getAttribute(SoftwareProcess.SERVICE_UP)).booleanValue());
                }
                Assert.assertTrue(((Boolean) NginxHttpsSslIntegrationTest.this.nginx.getAttribute(SoftwareProcess.SERVICE_UP)).booleanValue());
                HttpTestUtils.assertHttpStatusCodeEquals(str, new int[]{200});
                Iterator it2 = NginxHttpsSslIntegrationTest.this.cluster.getMembers().iterator();
                while (it2.hasNext()) {
                    HttpTestUtils.assertHttpStatusCodeEquals((String) ((Entity) it2.next()).getAttribute(WebAppService.ROOT_URL), new int[]{200});
                }
            }
        });
        this.app.stop();
        Assert.assertFalse(((Boolean) this.nginx.getAttribute(SoftwareProcess.SERVICE_UP)).booleanValue());
        Assert.assertFalse(((Boolean) this.cluster.getAttribute(SoftwareProcess.SERVICE_UP)).booleanValue());
        Iterator it = this.cluster.getMembers().iterator();
        while (it.hasNext()) {
            Assert.assertFalse(((Boolean) ((Entity) it.next()).getAttribute(SoftwareProcess.SERVICE_UP)).booleanValue());
        }
    }

    @Test(groups = {"Integration"})
    public void testStartsNonSslThenBecomesSsl() {
        this.cluster = this.app.createAndManageChild(EntitySpec.create(DynamicCluster.class).configure(DynamicCluster.MEMBER_SPEC, EntitySpec.create(JBoss7Server.class)).configure("initialSize", 1).configure(JavaWebAppService.ROOT_WAR, getTestWar()));
        this.nginx = this.app.createAndManageChild(EntitySpec.create(NginxController.class).configure("serverPool", this.cluster).configure("domain", "localhost"));
        this.app.start(ImmutableList.of(this.localLoc));
        urlContainsPort(this.nginx, LoadBalancer.PROXY_HTTP_PORT, "8000-8100");
        ProxySslConfig build = ProxySslConfig.builder().certificateDestination(getFile("ssl/certs/localhost/server.crt")).keyDestination(getFile("ssl/certs/localhost/server.key")).build();
        this.nginx.setConfig(LoadBalancer.PROXY_HTTPS_PORT, PortRanges.fromString("8443+"));
        this.nginx.setConfig(NginxController.SSL_CONFIG, build);
        try {
            log.info("restarting nginx as ssl");
            this.nginx.restart();
            urlContainsPort(this.nginx, LoadBalancer.PROXY_HTTPS_PORT, "8443-8543");
            this.app.stop();
        } catch (Exception e) {
            throw Exceptions.propagate(e);
        }
    }
}
