package io.confluent.mqtt;

import io.confluent.mqtt.protocol.security.ClientAuth;
import io.confluent.mqtt.protocol.security.SecurityProtocol;
import io.netty.channel.ChannelHandler;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.ssl.SslHandler;
import java.net.InetSocketAddress;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Optional;
import java.util.stream.Stream;
import javax.net.ssl.SSLEngine;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Matchers;
import org.mockito.Mockito;

/* loaded from: input_file:io/confluent/mqtt/PipelineFactoryTest.class */
public class PipelineFactoryTest {
    private MqttConfig configMock;

    private void assertEncryptionDisabled(SecurityProtocol securityProtocol) {
        SocketChannel socketChannel = (SocketChannel) Mockito.mock(SocketChannel.class);
        Mockito.when(this.configMock.listenersSecurityProtocol()).thenReturn(securityProtocol);
        Stream stream = Arrays.stream(new PipelineFactory(this.configMock).newPublishPipelineHandlers(socketChannel));
        Class<SslHandler> cls = SslHandler.class;
        SslHandler.class.getClass();
        Assert.assertEquals(false, Boolean.valueOf(stream.filter((v1) -> {
            return r1.isInstance(v1);
        }).findFirst().isPresent()));
    }

    private void assertEncryptionEnabled(SecurityProtocol securityProtocol) {
        Assert.assertEquals(true, Boolean.valueOf(getSslHandlerOpt(securityProtocol, ClientAuth.NONE).isPresent()));
    }

    private Optional<ChannelHandler> getSslHandlerOpt(SecurityProtocol securityProtocol, ClientAuth clientAuth) {
        SocketChannel socketChannel = (SocketChannel) Mockito.mock(SocketChannel.class);
        Mockito.when(socketChannel.remoteAddress()).thenReturn(new InetSocketAddress("localhost", 8083));
        Mockito.when(this.configMock.listenersSecurityProtocol()).thenReturn(securityProtocol);
        Mockito.when(this.configMock.bootstrapServers()).thenReturn("PLAINTEXT://localhost:9092");
        HashMap hashMap = new HashMap();
        hashMap.put("ssl.keystore.type", "JKS");
        hashMap.put("ssl.truststore.type", "JKS");
        hashMap.put("ssl.protocol", "TLS");
        hashMap.put("ssl.client.auth", clientAuth.value);
        ((MqttConfig) Mockito.doReturn(hashMap).when(this.configMock)).valuesWithPrefix((String) Matchers.eq("listeners."));
        Stream stream = Arrays.stream(new PipelineFactory(this.configMock).newPublishPipelineHandlers(socketChannel));
        Class<SslHandler> cls = SslHandler.class;
        SslHandler.class.getClass();
        return stream.filter((v1) -> {
            return r1.isInstance(v1);
        }).findFirst();
    }

    private SSLEngine getEngineEncryptionEnabledClientAuth(ClientAuth clientAuth) {
        Optional<ChannelHandler> sslHandlerOpt = getSslHandlerOpt(SecurityProtocol.SASL_SSL, clientAuth);
        Assert.assertTrue(sslHandlerOpt.isPresent());
        return sslHandlerOpt.get().engine();
    }

    @Before
    public void setUp() {
        this.configMock = (MqttConfig) Mockito.mock(MqttConfig.class);
        Mockito.when(this.configMock.bootstrapServers()).thenReturn("PLAINTEXT://localhost:9092");
    }

    @Test
    public void testEncryptionEnabledSaslSsl() {
        assertEncryptionEnabled(SecurityProtocol.SASL_SSL);
    }

    @Test
    public void testEncryptionEnabledSaslTls() {
        assertEncryptionEnabled(SecurityProtocol.SASL_TLS);
    }

    @Test
    public void testEncryptionDisabledSaslPlainText() {
        assertEncryptionDisabled(SecurityProtocol.SASL_PLAINTEXT);
    }

    @Test
    public void testEncryptionEnabledClientAuthRequired() {
        SSLEngine engineEncryptionEnabledClientAuth = getEngineEncryptionEnabledClientAuth(ClientAuth.REQUIRED);
        Assert.assertTrue(engineEncryptionEnabledClientAuth.getNeedClientAuth());
        Assert.assertFalse(engineEncryptionEnabledClientAuth.getWantClientAuth());
    }

    @Test
    public void testEncryptionEnabledClientAuthRequested() {
        SSLEngine engineEncryptionEnabledClientAuth = getEngineEncryptionEnabledClientAuth(ClientAuth.REQUESTED);
        Assert.assertFalse(engineEncryptionEnabledClientAuth.getNeedClientAuth());
        Assert.assertTrue(engineEncryptionEnabledClientAuth.getWantClientAuth());
    }

    @Test
    public void testEncryptionEnabledClientAuthNone() {
        SSLEngine engineEncryptionEnabledClientAuth = getEngineEncryptionEnabledClientAuth(ClientAuth.NONE);
        Assert.assertFalse(engineEncryptionEnabledClientAuth.getNeedClientAuth());
        Assert.assertFalse(engineEncryptionEnabledClientAuth.getWantClientAuth());
    }
}
