package io.confluent.kafkarest.testing;

import com.google.auto.value.AutoValue;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.UnmodifiableIterator;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyPair;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nullable;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.test.TestSslUtils;
import org.glassfish.jersey.SslConfigurator;
import org.junit.jupiter.api.extension.AfterEachCallback;
import org.junit.jupiter.api.extension.BeforeEachCallback;
import org.junit.jupiter.api.extension.ExtensionContext;

/* loaded from: input_file:io/confluent/kafkarest/testing/SslFixture.class */
public final class SslFixture implements BeforeEachCallback, AfterEachCallback {
    private static final String SSL_PROTOCOL = "TLSv1.2";
    private static final String SSL_ENABLED_PROTOCOLS = "TLSv1.2";
    private static final String TRUST_STORE_TYPE = "JKS";
    private static final String KEY_STORE_TYPE = "JKS";
    private final ImmutableSet<String> keyNames;

    @Nullable
    private Path trustStoreLocation;

    @Nullable
    private String trustStorePassword;

    @Nullable
    private ImmutableMap<String, Key> keys;
    private static final String TRUST_MANAGER_ALGORITHM = TrustManagerFactory.getDefaultAlgorithm();
    private static final String KEY_MANAGER_ALGORITHM = TrustManagerFactory.getDefaultAlgorithm();

    /* loaded from: input_file:io/confluent/kafkarest/testing/SslFixture$Builder.class */
    public static final class Builder {
        private final ImmutableSet.Builder<String> keyNames;

        private Builder() {
            this.keyNames = ImmutableSet.builder();
        }

        public Builder addKey(String str) {
            this.keyNames.add(str);
            return this;
        }

        public SslFixture build() {
            return new SslFixture(this.keyNames.build());
        }
    }

    @AutoValue
    /* loaded from: input_file:io/confluent/kafkarest/testing/SslFixture$Key.class */
    public static abstract class Key {
        public abstract Path getKeyStoreLocation();

        public abstract String getKeyStorePassword();

        public abstract Certificate getCertificate();

        public abstract String getKeyPassword();

        /* JADX INFO: Access modifiers changed from: private */
        public static Key create(Path path, String str, Certificate certificate, String str2) {
            return new AutoValue_SslFixture_Key(path, str, certificate, str2);
        }
    }

    private SslFixture(Set<String> set) {
        this.keyNames = ImmutableSet.copyOf(set);
    }

    public void beforeEach(ExtensionContext extensionContext) throws Exception {
        this.keys = generateKeys();
        this.trustStoreLocation = Files.createTempFile("truststore", ".jks", new FileAttribute[0]);
        this.trustStorePassword = "truststore-pass";
        TestSslUtils.createTrustStore(this.trustStoreLocation.toString(), new Password(this.trustStorePassword), (Map) this.keys.entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return ((Key) entry.getValue()).getCertificate();
        })));
    }

    private ImmutableMap<String, Key> generateKeys() throws Exception {
        ImmutableMap.Builder builder = ImmutableMap.builder();
        UnmodifiableIterator it = this.keyNames.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            KeyPair generateKeyPair = TestSslUtils.generateKeyPair("RSA");
            X509Certificate generateCertificate = TestSslUtils.generateCertificate("CN=localhost, O=" + str, generateKeyPair, 30, "SHA1withRSA");
            Path createTempFile = Files.createTempFile(str + "-keystore", ".jks", new FileAttribute[0]);
            String str2 = str + "-pass";
            String str3 = str + "-pass";
            TestSslUtils.createKeyStore(createTempFile.toString(), new Password(str2), new Password(str3), str, generateKeyPair.getPrivate(), generateCertificate);
            builder.put(str, Key.create(createTempFile, str2, generateCertificate, str3));
        }
        return builder.build();
    }

    public void afterEach(ExtensionContext extensionContext) {
        if (this.trustStoreLocation != null) {
            try {
                Files.delete(this.trustStoreLocation);
            } catch (IOException e) {
            }
        }
        if (this.keys != null) {
            UnmodifiableIterator it = this.keys.values().iterator();
            while (it.hasNext()) {
                try {
                    Files.delete(((Key) it.next()).getKeyStoreLocation());
                } catch (IOException e2) {
                }
            }
        }
        this.trustStoreLocation = null;
        this.trustStorePassword = null;
        this.keys = null;
    }

    public Path getTrustStoreLocation() {
        Preconditions.checkState(this.trustStoreLocation != null);
        return this.trustStoreLocation;
    }

    public String getTrustStorePassword() {
        Preconditions.checkState(this.trustStorePassword != null);
        return this.trustStorePassword;
    }

    public Key getKey(String str) {
        Preconditions.checkState(this.keys != null);
        return (Key) this.keys.get(str);
    }

    public Map<String, String> getSslConfigs(String str) {
        return getSslConfigs(str, "");
    }

    public Map<String, String> getSslConfigs(String str, String str2) {
        Key key = getKey(str);
        ImmutableMap.Builder builder = ImmutableMap.builder();
        builder.put(str2 + "ssl.protocol", "TLSv1.2");
        builder.put(str2 + "ssl.enabled.protocols", "TLSv1.2");
        builder.put(str2 + "ssl.keystore.location", key.getKeyStoreLocation().toString());
        builder.put(str2 + "ssl.keystore.type", "JKS");
        builder.put(str2 + "ssl.keystore.password", key.getKeyStorePassword());
        builder.put(str2 + "ssl.keymanager.algorithm", KEY_MANAGER_ALGORITHM);
        builder.put(str2 + "ssl.key.password", key.getKeyPassword());
        builder.put(str2 + "ssl.truststore.location", getTrustStoreLocation().toString());
        builder.put(str2 + "ssl.truststore.type", "JKS");
        builder.put(str2 + "ssl.truststore.password", getTrustStorePassword());
        builder.put(str2 + "ssl.trustmanager.algorithm", TRUST_MANAGER_ALGORITHM);
        return builder.build();
    }

    public SSLContext getSslContext(String str) {
        Key key = getKey(str);
        return SslConfigurator.newInstance().securityProtocol("TLSv1.2").keyStoreFile(key.getKeyStoreLocation().toString()).keyStoreType("JKS").keyStorePassword(key.getKeyStorePassword()).keyManagerFactoryAlgorithm(KEY_MANAGER_ALGORITHM).keyPassword(key.getKeyPassword()).trustStoreFile(getTrustStoreLocation().toString()).trustStoreType("JKS").trustStorePassword(getTrustStorePassword()).trustManagerFactoryAlgorithm(TRUST_MANAGER_ALGORITHM).createSSLContext();
    }

    public static Builder builder() {
        return new Builder();
    }
}
