package io.confluent.kafka.security.fips;

import io.confluent.kafka.security.fips.exceptions.InvalidFipsBrokerProtocolException;
import io.confluent.kafka.security.fips.exceptions.InvalidFipsTlsCipherSuiteException;
import io.confluent.kafka.security.fips.exceptions.InvalidFipsTlsVersionException;
import java.util.Arrays;
import java.util.HashMap;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.junit.Test;

/* loaded from: input_file:io/confluent/kafka/security/fips/FipsValidatorTest.class */
public class FipsValidatorTest {
    @Test(expected = InvalidFipsTlsCipherSuiteException.class)
    public void testInvalidFipsTlsCipherSuitesConfigured() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("ssl.cipher.suites", Arrays.asList("TLS_DHE_DSS_WITH_DES_EDE_CBC_SHA", "TLS_DHE_DSS_WITH_AES_92_CBC_SHA"));
        new ConfluentFipsValidator().validateFipsTlsCipherSuite(hashMap);
    }

    @Test(expected = InvalidFipsTlsVersionException.class)
    public void testInvalidFipsTlsVersionsConfigured() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("ssl.enabled.protocols", Arrays.asList("TLSv1.0", "SSL3.0"));
        new ConfluentFipsValidator().validateFipsTls(hashMap);
    }

    @Test(expected = InvalidFipsBrokerProtocolException.class)
    public void testInvalidFipsBrokerProtocolsConfigured() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("External", SecurityProtocol.SASL_PLAINTEXT);
        hashMap.put("Internal", SecurityProtocol.SASL_PLAINTEXT);
        new ConfluentFipsValidator().validateFipsBrokerProtocol(hashMap);
    }

    @Test
    public void testValidFipsTlsConfiguration() {
        HashMap hashMap = new HashMap();
        hashMap.put("ssl.cipher.suites", Arrays.asList("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"));
        hashMap.put("ssl.enabled.protocols", Arrays.asList("TLSv1.2"));
        new ConfluentFipsValidator().validateFipsTls(hashMap);
        new ConfluentFipsValidator().validateFipsTlsCipherSuite(Arrays.asList("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"));
        new ConfluentFipsValidator().validateFipsTlsVersion(Arrays.asList("TLSv1.2"));
    }

    @Test
    public void testValidFipsBrokerProtocolConfigured() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("External", SecurityProtocol.SASL_SSL);
        new ConfluentFipsValidator().validateFipsBrokerProtocol(hashMap);
    }
}
