package io.atomix.cluster.messaging.impl;

import io.atomix.cluster.messaging.MessagingConfig;
import io.atomix.cluster.messaging.MessagingException;
import io.atomix.utils.net.Address;
import io.camunda.zeebe.test.util.junit.AutoCloseResources;
import io.camunda.zeebe.test.util.socket.SocketUtil;
import io.micrometer.core.instrument.MeterRegistry;
import io.micrometer.core.instrument.simple.SimpleMeterRegistry;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import java.security.cert.CertificateException;
import java.time.Duration;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutionException;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:io/atomix/cluster/messaging/impl/NettyMessagingServiceTlsTest.class */
final class NettyMessagingServiceTlsTest {

    @AutoCloseResources.AutoCloseResource
    private final MeterRegistry registry = new SimpleMeterRegistry();

    NettyMessagingServiceTlsTest() {
    }

    @Test
    void shouldCommunicateOverTls() throws CertificateException {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        NettyMessagingService createSecureMessagingService = createSecureMessagingService(selfSignedCertificate);
        NettyMessagingService createSecureMessagingService2 = createSecureMessagingService(selfSignedCertificate);
        byte[] bytes = "foo".getBytes();
        createSecureMessagingService.start().join();
        createSecureMessagingService2.start().join();
        createSecureMessagingService2.registerHandler("topic", (address, bArr) -> {
            return CompletableFuture.completedFuture((new String(bArr) + "bar").getBytes());
        });
        Assertions.assertThat((byte[]) createSecureMessagingService.sendAndReceive(createSecureMessagingService2.address(), "topic", bytes).join()).isEqualTo("foobar".getBytes());
    }

    @Test
    void shouldFailWhenClientIsNotUsingTls() throws CertificateException {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        NettyMessagingService createInsecureMessagingService = createInsecureMessagingService();
        NettyMessagingService createSecureMessagingService = createSecureMessagingService(selfSignedCertificate);
        byte[] bytes = "foo".getBytes();
        createInsecureMessagingService.start().join();
        createSecureMessagingService.start().join();
        createSecureMessagingService.registerHandler("topic", (address, bArr) -> {
            return CompletableFuture.completedFuture((new String(bArr) + "bar").getBytes());
        });
        Assertions.assertThat(createInsecureMessagingService.sendAndReceive(createSecureMessagingService.address(), "topic", bytes, true, Duration.ofSeconds(10L))).failsWithin(Duration.ofSeconds(10L)).withThrowableOfType(ExecutionException.class).havingRootCause().isInstanceOf(MessagingException.ConnectionClosed.class);
    }

    @Test
    void shouldFailWhenServerIsNotUsingTls() throws CertificateException {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        NettyMessagingService createInsecureMessagingService = createInsecureMessagingService();
        NettyMessagingService createSecureMessagingService = createSecureMessagingService(selfSignedCertificate);
        byte[] bytes = "foo".getBytes();
        createSecureMessagingService.start().join();
        createInsecureMessagingService.start().join();
        createInsecureMessagingService.registerHandler("topic", (address, bArr) -> {
            return CompletableFuture.completedFuture((new String(bArr) + "bar").getBytes());
        });
        Assertions.assertThat(createSecureMessagingService.sendAndReceive(createInsecureMessagingService.address(), "topic", bytes, true, Duration.ofSeconds(1L))).failsWithin(Duration.ofSeconds(2L)).withThrowableOfType(ExecutionException.class).havingRootCause().isInstanceOf(MessagingException.ConnectionClosed.class);
    }

    private NettyMessagingService createInsecureMessagingService() {
        MessagingConfig tlsEnabled = new MessagingConfig().setPort(Integer.valueOf(SocketUtil.getNextAddress().getPort())).setTlsEnabled(false);
        return new NettyMessagingService("cluster", Address.from(tlsEnabled.getPort().intValue()), tlsEnabled, this.registry);
    }

    private NettyMessagingService createSecureMessagingService(SelfSignedCertificate selfSignedCertificate) {
        MessagingConfig privateKey = new MessagingConfig().setPort(Integer.valueOf(SocketUtil.getNextAddress().getPort())).setTlsEnabled(true).setCertificateChain(selfSignedCertificate.certificate()).setPrivateKey(selfSignedCertificate.privateKey());
        return new NettyMessagingService("cluster", Address.from(privateKey.getPort().intValue()), privateKey, this.registry);
    }
}
