package io.camunda.zeebe.broker;

import io.camunda.zeebe.broker.system.configuration.BrokerCfg;
import io.camunda.zeebe.broker.system.configuration.SecurityCfg;
import io.camunda.zeebe.broker.test.EmbeddedBrokerRule;
import io.camunda.zeebe.test.util.asserts.SslAssert;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import java.security.cert.CertificateException;
import org.agrona.LangUtil;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.rules.ExternalResource;
import org.junit.runner.Description;
import org.junit.runners.model.Statement;

/* loaded from: input_file:io/camunda/zeebe/broker/BrokerNetworkSecurityTest.class */
public final class BrokerNetworkSecurityTest {

    @ClassRule
    public static final SecuredEmbeddedBrokerRule BROKER_RULE = new SecuredEmbeddedBrokerRule();

    /* loaded from: input_file:io/camunda/zeebe/broker/BrokerNetworkSecurityTest$SecuredEmbeddedBrokerRule.class */
    private static final class SecuredEmbeddedBrokerRule extends ExternalResource {
        private SelfSignedCertificate certificate;
        private EmbeddedBrokerRule broker;

        private SecuredEmbeddedBrokerRule() {
        }

        public Statement apply(Statement statement, Description description) {
            try {
                this.certificate = new SelfSignedCertificate();
            } catch (CertificateException e) {
                LangUtil.rethrowUnchecked(e);
            }
            this.broker = new EmbeddedBrokerRule(this::configureBroker);
            return this.broker.apply(super.apply(statement, description), description);
        }

        private void configureBroker(BrokerCfg brokerCfg) {
            brokerCfg.getNetwork().setSecurity(new SecurityCfg().setEnabled(true).setCertificateChainPath(this.certificate.certificate()).setPrivateKeyPath(this.certificate.privateKey()));
        }
    }

    @Test
    public void shouldSecureCommandApi() {
        SslAssert.assertThat(BROKER_RULE.broker.getBrokerCfg().getNetwork().getCommandApi().getAddress()).isSecuredBy(BROKER_RULE.certificate);
    }

    @Test
    public void shouldSecureInternalApi() {
        SslAssert.assertThat(BROKER_RULE.broker.getBrokerCfg().getNetwork().getInternalApi().getAddress()).isSecuredBy(BROKER_RULE.certificate);
    }
}
