package io.confluent.ksql.api.client;

import io.confluent.ksql.rest.server.KsqlRestConfig;
import io.confluent.ksql.test.util.secure.ServerKeyStore;
import java.net.URI;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import javax.net.ssl.SSLHandshakeException;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:io/confluent/ksql/api/client/ClientTlsTest.class */
public class ClientTlsTest extends ClientTest {
    private static final ServerKeyStore SERVER_KEY_STORE = new ServerKeyStore();
    protected static final String TRUST_STORE_PATH = (String) SERVER_KEY_STORE.keyStoreProps().get("ssl.truststore.location");
    protected static final String TRUST_STORE_PASSWORD = (String) SERVER_KEY_STORE.keyStoreProps().get("ssl.truststore.password");
    protected static final String KEY_STORE_PATH = (String) SERVER_KEY_STORE.keyStoreProps().get("ssl.keystore.location");
    protected static final String KEY_STORE_PASSWORD = (String) SERVER_KEY_STORE.keyStoreProps().get("ssl.keystore.password");
    protected static final String KEY_PASSWORD = (String) SERVER_KEY_STORE.keyStoreProps().get("ssl.key.password");
    protected static final String KEYSTORE_ALIAS = SERVER_KEY_STORE.getKeyAlias();

    /* JADX INFO: Access modifiers changed from: protected */
    public KsqlRestConfig createServerConfig() {
        Map originals = super.createServerConfig().originals();
        originals.put("listeners", "https://localhost:0");
        originals.put("ssl.keystore.location", KEY_STORE_PATH);
        originals.put("ssl.keystore.password", KEY_STORE_PASSWORD);
        originals.put("ssl.key.password", KEY_PASSWORD);
        originals.put("ksql.ssl.keystore.alias.internal", KEYSTORE_ALIAS);
        originals.put("ksql.ssl.keystore.alias.external", KEYSTORE_ALIAS);
        return new KsqlRestConfig(originals);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.confluent.ksql.api.client.ClientTest
    public ClientOptions createJavaClientOptions() {
        return ClientOptions.create().setHost("localhost").setPort(((URI) this.server.getListeners().get(0)).getPort()).setUseTls(true).setTrustStore(TRUST_STORE_PATH).setTrustStorePassword(TRUST_STORE_PASSWORD).setVerifyHost(false).setUseAlpn(true);
    }

    @Test
    public void shouldFailRequestIfServerNotInTrustStore() {
        Client create = Client.create(clientOptionsWithoutTrustStore(), this.vertx);
        Exception exc = (Exception) Assert.assertThrows(ExecutionException.class, () -> {
        });
        MatcherAssert.assertThat(exc.getCause(), Matchers.instanceOf(SSLHandshakeException.class));
        MatcherAssert.assertThat(exc.getCause().getMessage(), Matchers.containsString("Failed to create SSL connection"));
    }

    private ClientOptions clientOptionsWithoutTrustStore() {
        return ClientOptions.create().setHost("localhost").setPort(((URI) this.server.getListeners().get(0)).getPort()).setUseTls(true).setVerifyHost(false).setUseAlpn(true);
    }
}
