package io.confluent.security.integration;

import io.confluent.common.security.SecureTestUtils;
import io.confluent.kafkarest.security.KafkaRestSecurityResourceExtension;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.util.ArrayList;
import java.util.Map;
import java.util.Properties;
import javax.security.auth.login.Configuration;
import kafka.security.authorizer.AclAuthorizer;
import kafka.server.KafkaConfig;
import kafka.utils.TestUtils;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import scala.Option;

/* loaded from: input_file:io/confluent/security/integration/KafkaRestSaslClusterTestHarnessUtil.class */
public class KafkaRestSaslClusterTestHarnessUtil extends KafkaRestSslClusterTestHarnessUtil {
    Properties brokerProps;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.confluent.security.integration.KafkaRestSslClusterTestHarnessUtil
    public void overrideKafkaRestConfigs(Properties properties) {
        properties.putAll(this.clientSslConfigs);
        for (Map.Entry entry : this.clientSslConfigs.entrySet()) {
            properties.put("client." + entry.getKey(), entry.getValue());
        }
        properties.put("confluent.rest.auth.propagate.method", "SSL");
        properties.put("kafka.rest.resource.extension.class", KafkaRestSecurityResourceExtension.class.getName());
        properties.put("client.security.protocol", "SASL_PLAINTEXT");
        properties.put("client.sasl.mechanism", "PLAIN");
        properties.put("security.protocol", "SASL_PLAINTEXT");
        properties.put("client.sasl.kerberos.service.name", "kafka");
        properties.put("ssl.client.auth", true);
        properties.put("ssl.endpoint.identification.algorithm", "");
        properties.put("http2.enabled", false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.confluent.security.integration.KafkaRestSslClusterTestHarnessUtil
    public Properties getBrokerProperties(int i, String str) {
        Properties properties = new Properties();
        properties.putAll(this.brokerProps);
        properties.put(KafkaConfig.BrokerIdProp(), Integer.toString(i));
        properties.put(KafkaConfig.ZkConnectProp(), str);
        return properties;
    }

    public void init() {
        try {
            File createTempFile = File.createTempFile("SSLClusterTestHarness-truststore", ".jks");
            Option apply = Option.apply(createTempFile);
            Option apply2 = Option.apply(SecurityProtocol.SASL_PLAINTEXT);
            Properties properties = new Properties();
            properties.setProperty("sasl.enabled.mechanisms", "PLAIN");
            properties.setProperty("sasl.mechanism.inter.broker.protocol", "PLAIN");
            this.brokerProps = TestUtils.createBrokerConfig(0, "", false, false, TestUtils.RandomPort(), apply2, apply, Option.apply(properties), true, true, TestUtils.RandomPort(), true, TestUtils.RandomPort(), false, TestUtils.RandomPort(), Option.empty(), 1, false, 1, (short) 1, false);
            try {
                this.clientSslConfigs = SecureTestUtils.clientSslConfigsWithKeyStore(3, createTempFile, new Password((String) this.brokerProps.get("ssl.truststore.password")), this.clientCerts, this.keyPairs);
                this.brokerProps.setProperty("auto.create.topics.enable", "true");
                this.brokerProps.setProperty("num.partitions", "1");
                this.brokerProps.setProperty("authorizer.class.name", AclAuthorizer.class.getName());
                this.brokerProps.setProperty("super.users", "User:superuser");
                try {
                    File createTempFile2 = File.createTempFile("ks-jaas-", ".conf");
                    createTempFile2.deleteOnExit();
                    System.setProperty("java.security.auth.login.config", createTempFile2.getPath());
                    System.setProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
                    ArrayList arrayList = new ArrayList();
                    arrayList.add("KafkaServer { org.apache.kafka.common.security.plain.PlainLoginModule required username=superuser password=superpwd user_superuser=superpwd \"user_" + this.clientCerts.get(2).getSubjectX500Principal().getName() + "\"=\"password1\";};");
                    arrayList.add("KafkaClient { org.apache.kafka.common.security.plain.PlainLoginModule required username=\"" + this.clientCerts.get(2).getSubjectX500Principal().getName() + "\" password=\"password1\";};");
                    arrayList.add("Client {    org.apache.zookeeper.server.auth.DigestLoginModule optional     username=\"admin\"     password=\"admin-secret\";     };");
                    arrayList.add("Server {    org.apache.zookeeper.server.auth.DigestLoginModule optional     user_admin=\"admin-secret\";     };");
                    Files.write(createTempFile2.toPath(), arrayList, StandardCharsets.UTF_8, new OpenOption[0]);
                    Configuration.setConfiguration((Configuration) null);
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            } catch (Exception e2) {
                throw new RuntimeException(e2);
            }
        } catch (IOException e3) {
            throw new RuntimeException("Unable to create temporary file for the truststore.");
        }
    }

    public void clean() {
        Configuration.setConfiguration((Configuration) null);
        System.clearProperty("java.security.auth.login.config");
        System.clearProperty("zookeeper.authProvider.1");
    }
}
