package io.confluent.kafka.schemaregistry.rest;

import io.confluent.kafka.schemaregistry.ClusterTestHarness;
import io.confluent.kafka.schemaregistry.avro.AvroCompatibilityLevel;
import io.confluent.kafka.schemaregistry.avro.AvroUtils;
import io.confluent.kafka.schemaregistry.client.CachedSchemaRegistryClient;
import java.io.File;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Properties;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.security.auth.login.Configuration;
import org.apache.avro.Schema;
import org.apache.kafka.common.config.types.Password;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:io/confluent/kafka/schemaregistry/rest/RestApiSslTest.class */
public class RestApiSslTest extends ClusterTestHarness {
    Properties props;

    public RestApiSslTest() {
        super(1, true, AvroCompatibilityLevel.BACKWARD.name);
        this.props = new Properties();
    }

    @Test
    public void testRegisterWithClientSecurity() throws Exception {
        setupHostNameVerifier();
        Schema rawSchema = AvroUtils.parseSchema("{\"type\":\"record\",\"name\":\"myrecord\",\"fields\":[{\"type\":\"string\",\"name\":\"f1\"}]}").rawSchema();
        HashMap hashMap = new HashMap();
        hashMap.put("schema.registry.ssl.protocol", "TLS");
        hashMap.put("schema.registry.ssl.keystore.location", this.props.get("ssl.keystore.location"));
        hashMap.put("schema.registry.ssl.keystore.password", this.props.get("ssl.keystore.password"));
        hashMap.put("schema.registry.ssl.key.password", this.props.get("ssl.keystore.password"));
        hashMap.put("schema.registry.ssl.keystore.type", this.props.get("ssl.keystore.type"));
        hashMap.put("schema.registry.ssl.truststore.location", this.props.get("ssl.truststore.location"));
        hashMap.put("schema.registry.ssl.truststore.password", this.props.get("ssl.truststore.password"));
        hashMap.put("schema.registry.ssl.truststore.type", this.props.get("ssl.truststore.type"));
        Assert.assertEquals("Registering should succeed", 1, new CachedSchemaRegistryClient(this.restApp.restClient, 10, hashMap).register("testSubject", rawSchema));
    }

    @Test
    public void testRegisterWithClientSecurityWithMinimalProperties() throws Exception {
        setupHostNameVerifier();
        Schema rawSchema = AvroUtils.parseSchema("{\"type\":\"record\",\"name\":\"myrecord\",\"fields\":[{\"type\":\"string\",\"name\":\"f2\"}]}").rawSchema();
        HashMap hashMap = new HashMap();
        hashMap.put("schema.registry.ssl.keystore.location", this.props.get("ssl.keystore.location"));
        hashMap.put("schema.registry.ssl.keystore.password", this.props.get("ssl.keystore.password"));
        hashMap.put("schema.registry.ssl.truststore.location", this.props.get("ssl.truststore.location"));
        hashMap.put("schema.registry.ssl.truststore.password", this.props.get("ssl.truststore.password"));
        Assert.assertEquals("Registering should succeed", 1, new CachedSchemaRegistryClient(this.restApp.restClient, 10, hashMap).register("testSubject", rawSchema));
    }

    @Override // io.confluent.kafka.schemaregistry.ClusterTestHarness
    protected Properties getSchemaRegistryProperties() {
        Configuration.setConfiguration((Configuration) null);
        this.props.put("schema.registry.inter.instance.protocol", "https");
        this.props.put("ssl.endpoint.identification.algorithm", "");
        try {
            File createTempFile = File.createTempFile("truststore", ".jks");
            createTempFile.deleteOnExit();
            this.props.putAll(SecureTestUtils.clientSslConfigsWithKeyStore(1, createTempFile, new Password("TrustPassword"), new ArrayList(), new ArrayList()));
            this.props.put("ssl.client.authentication", "REQUIRED");
            return this.props;
        } catch (Exception e) {
            throw new RuntimeException("Exception creation SSL properties ", e);
        }
    }

    @Override // io.confluent.kafka.schemaregistry.ClusterTestHarness
    protected String getSchemaRegistryProtocol() {
        return "https";
    }

    private void setupHostNameVerifier() {
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { // from class: io.confluent.kafka.schemaregistry.rest.RestApiSslTest.1
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        });
    }
}
