package io.confluent.ksql.rest.client.ssl;

import com.google.common.collect.ImmutableMap;
import io.confluent.ksql.test.util.secure.ClientTrustStore;
import io.confluent.ksql.test.util.secure.ServerKeyStore;
import io.confluent.ksql.util.KsqlException;
import java.util.Collections;
import java.util.Optional;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.kafka.common.config.ConfigException;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Test;
import org.junit.internal.matchers.ThrowableMessageMatcher;

/* loaded from: input_file:io/confluent/ksql/rest/client/ssl/SslUtilTest.class */
public class SslUtilTest {
    @Test
    public void shouldNotLoadKeyStoreByDefault() {
        MatcherAssert.assertThat(SslUtil.loadKeyStore(Collections.emptyMap()), Matchers.is(Optional.empty()));
    }

    @Test
    public void shouldNotLoadTrustStoreByDefault() {
        MatcherAssert.assertThat(SslUtil.loadTrustStore(Collections.emptyMap()), Matchers.is(Optional.empty()));
    }

    @Test
    public void shouldLoadKeyStore() {
        MatcherAssert.assertThat(SslUtil.loadKeyStore(ImmutableMap.of("ssl.keystore.location", keyStoreProp("ssl.keystore.location"), "ssl.keystore.password", keyStoreProp("ssl.keystore.password"))), Matchers.is(Matchers.not(Optional.empty())));
    }

    @Test
    public void shouldLoadTrustStore() {
        MatcherAssert.assertThat(SslUtil.loadTrustStore(ImmutableMap.of("ssl.truststore.location", trustStoreProp("ssl.truststore.location"), "ssl.truststore.password", trustStoreProp("ssl.truststore.password"))), Matchers.is(Matchers.not(Optional.empty())));
    }

    @Test
    public void shouldThrowIfKeyStoreNotFound() {
        ImmutableMap of = ImmutableMap.of("ssl.keystore.location", "/will/not/find/me");
        MatcherAssert.assertThat(Assert.assertThrows(KsqlException.class, () -> {
            SslUtil.loadKeyStore(of);
        }).getMessage(), Matchers.containsString("Failed to load keyStore: /will/not/find/me"));
    }

    @Test
    public void shouldThrowIfTrustStoreNotFound() {
        ImmutableMap of = ImmutableMap.of("ssl.truststore.location", "/will/not/find/me");
        MatcherAssert.assertThat(Assert.assertThrows(KsqlException.class, () -> {
            SslUtil.loadTrustStore(of);
        }).getMessage(), Matchers.containsString("Failed to load keyStore: /will/not/find/me"));
    }

    @Test
    public void shouldThrowIfKeyStorePasswordWrong() {
        ImmutableMap of = ImmutableMap.of("ssl.keystore.location", keyStoreProp("ssl.keystore.location"), "ssl.keystore.password", "wrong!");
        Exception exc = (Exception) Assert.assertThrows(KsqlException.class, () -> {
            SslUtil.loadKeyStore(of);
        });
        MatcherAssert.assertThat(exc.getMessage(), Matchers.containsString("Failed to load keyStore:"));
        MatcherAssert.assertThat(exc.getCause(), ThrowableMessageMatcher.hasMessage(Matchers.is("Keystore was tampered with, or password was incorrect")));
    }

    @Test
    public void shouldThrowIfTrustStorePasswordWrong() {
        ImmutableMap of = ImmutableMap.of("ssl.truststore.location", trustStoreProp("ssl.truststore.location"), "ssl.truststore.password", "wrong!");
        KsqlException assertThrows = Assert.assertThrows(KsqlException.class, () -> {
            SslUtil.loadTrustStore(of);
        });
        MatcherAssert.assertThat(assertThrows.getMessage(), Matchers.containsString("Failed to load keyStore:"));
        MatcherAssert.assertThat(assertThrows.getCause(), ThrowableMessageMatcher.hasMessage(Matchers.is("Keystore was tampered with, or password was incorrect")));
    }

    @Test
    public void shouldDefaultToNoKeyPassword() {
        MatcherAssert.assertThat(SslUtil.getKeyPassword(Collections.emptyMap()), Matchers.is(""));
    }

    @Test
    public void shouldExtractKeyPassword() {
        MatcherAssert.assertThat(SslUtil.getKeyPassword(ImmutableMap.of("ssl.key.password", "let me in")), Matchers.is("let me in"));
    }

    @Test
    public void shouldDefaultToNoopHostNameVerification() {
        MatcherAssert.assertThat(SslUtil.getHostNameVerifier(Collections.emptyMap()), Matchers.is(Optional.of(NoopHostnameVerifier.INSTANCE)));
    }

    @Test
    public void shouldSupportNoOpHostNameVerifier() {
        MatcherAssert.assertThat(SslUtil.getHostNameVerifier(ImmutableMap.of("ssl.endpoint.identification.algorithm", "")), Matchers.is(Optional.of(NoopHostnameVerifier.INSTANCE)));
    }

    @Test
    public void shouldSupportHttpsHostNameVerifier() {
        MatcherAssert.assertThat(SslUtil.getHostNameVerifier(ImmutableMap.of("ssl.endpoint.identification.algorithm", "httpS")), Matchers.is(Optional.empty()));
    }

    @Test
    public void shouldThrowOnUnsupportedHostNameVerifier() {
        ImmutableMap of = ImmutableMap.of("ssl.endpoint.identification.algorithm", "what?");
        MatcherAssert.assertThat(Assert.assertThrows(ConfigException.class, () -> {
            SslUtil.getHostNameVerifier(of);
        }).getMessage(), Matchers.containsString("Invalid value what? for configuration ssl.endpoint.identification.algorithm: Not supported"));
    }

    private static String keyStoreProp(String str) {
        return (String) ServerKeyStore.keyStoreProps().get(str);
    }

    private static String trustStoreProp(String str) {
        return (String) ClientTrustStore.trustStoreProps().get(str);
    }
}
