package io.confluent.common.security;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Properties;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.TrustManagerFactory;
import kafka.admin.AclCommand;
import org.apache.kafka.common.acl.AclOperation;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.test.TestSslUtils;

/* loaded from: input_file:io/confluent/common/security/SecureTestUtils.class */
public class SecureTestUtils {
    public static Properties clientSslConfigsWithKeyStore(int i, File file, Password password, List<X509Certificate> list, List<KeyPair> list2) throws GeneralSecurityException, IOException {
        HashMap hashMap = new HashMap();
        File createTempFile = File.createTempFile("CKeystore", ".jks");
        String value = new Password("Client-KS-Password").value();
        for (int i2 = 0; i2 < i; i2++) {
            KeyPair generateKeyPair = TestSslUtils.generateKeyPair("RSA");
            X509Certificate generateCertificate = TestSslUtils.generateCertificate("CN=localhost, O=Client" + i2, generateKeyPair, 30, "SHA1withRSA");
            list.add(generateCertificate);
            list2.add(generateKeyPair);
            hashMap.put("client-" + i2, generateCertificate);
        }
        createKeyStore(createTempFile, value, list, list2);
        TestSslUtils.createTrustStore(file.toString(), password, hashMap);
        return getClientSslConfigs(file, password.value(), createTempFile, value);
    }

    public static void createKeyStore(File file, String str, List<X509Certificate> list, List<KeyPair> list2) throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        for (int i = 0; i < list.size(); i++) {
            keyStore.setKeyEntry("client-" + i, list2.get(i).getPrivate(), str.toCharArray(), new Certificate[]{list.get(i)});
        }
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        keyStore.store(fileOutputStream, str.toCharArray());
        fileOutputStream.close();
    }

    public static void setCreateClusterACls(String str, String str2) {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, ("--authorizer kafka.security.authorizer.AclAuthorizer --authorizer-properties  zookeeper.connect=" + str + " --cluster --add --operation Create  --allow-principal ").split("\\s+"));
        arrayList.add("User:" + str2);
        AclCommand.main((String[]) arrayList.toArray(new String[0]));
    }

    public static void addClusterACLs(String str, String str2, AclOperation... aclOperationArr) {
        AclCommand.main(String.format("--authorizer kafka.security.authorizer.AclAuthorizer --authorizer-properties zookeeper.connect=%s --cluster --add --operation %s --allow-principal User:%s", str, Stream.of((Object[]) aclOperationArr).map((v0) -> {
            return v0.toString();
        }).collect(Collectors.joining(",")), str2).split("\\s+"));
    }

    public static void addTopicACLs(String str, String str2, String str3, AclOperation... aclOperationArr) {
        AclCommand.main(String.format("--authorizer kafka.security.authorizer.AclAuthorizer --authorizer-properties zookeeper.connect=%s --topic %s --add --operation %s --allow-principal User:%s", str, str2, Stream.of((Object[]) aclOperationArr).map((v0) -> {
            return v0.toString();
        }).collect(Collectors.joining(",")), str3).split("\\s+"));
    }

    public static void setProduceACls(String str, String str2, String str3) {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, ("--authorizer kafka.security.authorizer.AclAuthorizer --authorizer-properties  zookeeper.connect=" + str + " --topic " + str2 + " --add --producer  --allow-principal ").split("\\s+"));
        arrayList.add("User:" + str3);
        AclCommand.main((String[]) arrayList.toArray(new String[0]));
    }

    public static void removeProduceACls(String str, String str2, String str3) {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, ("--authorizer kafka.security.authorizer.AclAuthorizer --authorizer-properties  zookeeper.connect=" + str + " --topic " + str2 + " --remove --producer  --allow-principal ").split("\\s+"));
        arrayList.add("User:" + str3);
        AclCommand.main((String[]) arrayList.toArray(new String[0]));
    }

    public static void setConsumerACls(String str, String str2, String str3, String str4) {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, ("--authorizer kafka.security.authorizer.AclAuthorizer --authorizer-properties  zookeeper.connect=" + str + " --topic " + str2 + " --add --consumer  --allow-principal ").split("\\s+"));
        arrayList.add("User:" + str3);
        arrayList.add("--group");
        arrayList.add(str4);
        AclCommand.main((String[]) arrayList.toArray(new String[0]));
    }

    private static Properties getClientSslConfigs(File file, String str, File file2, String str2) {
        Properties properties = new Properties();
        properties.put("ssl.keystore.location", file2.getPath());
        properties.put("ssl.keystore.type", "JKS");
        properties.put("ssl.keymanager.algorithm", TrustManagerFactory.getDefaultAlgorithm());
        properties.put("ssl.keystore.password", str2);
        properties.put("ssl.key.password", str2);
        properties.put("ssl.truststore.location", file.getPath());
        properties.put("ssl.truststore.password", str);
        properties.put("ssl.truststore.type", "JKS");
        properties.put("ssl.trustmanager.algorithm", TrustManagerFactory.getDefaultAlgorithm());
        properties.put("security.protocol", "SSL");
        return properties;
    }
}
