package io.confluent.rest;

import java.io.FileWriter;
import java.net.URI;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.Security;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.errors.InvalidConfigurationException;
import org.apache.kafka.test.TestUtils;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:io/confluent/rest/SslFactoryFipsTest.class */
public class SslFactoryFipsTest {
    private static final String PEM_TYPE = "PEM";
    protected String CA1;
    protected String CA2;
    protected String CERTCHAIN;
    protected String KEY;
    protected String ENCRYPTED_KEY;
    protected RestConfig config;

    @BeforeAll
    public static void setupAll() {
        Security.insertProviderAt(new BouncyCastleFipsProvider(), 1);
        Security.insertProviderAt(new BouncyCastleJsseProvider(), 2);
        CryptoServicesRegistrar.setApprovedOnlyMode(true);
    }

    @AfterAll
    public static void tearDownAll() {
        Security.removeProvider("BCFIPS");
        Security.removeProvider("BCJSSE");
    }

    @BeforeEach
    public void setUp() {
        try {
            this.CA1 = new String(Files.readAllBytes(Paths.get((URI) Objects.requireNonNull(SslFactoryFipsTest.class.getClassLoader().getResource("certs/cert1.pem").toURI()))));
            this.CA2 = new String(Files.readAllBytes(Paths.get((URI) Objects.requireNonNull(SslFactoryFipsTest.class.getClassLoader().getResource("certs/cert2.pem").toURI()))));
            this.KEY = new String(Files.readAllBytes(Paths.get((URI) Objects.requireNonNull(SslFactoryFipsTest.class.getClassLoader().getResource("certs/privkey_non_enc.pem").toURI()))));
            this.ENCRYPTED_KEY = new String(Files.readAllBytes(Paths.get((URI) Objects.requireNonNull(SslFactoryFipsTest.class.getClassLoader().getResource("certs/privkey_enc.pem").toURI()))));
            this.CERTCHAIN = new String(Files.readAllBytes(Paths.get((URI) Objects.requireNonNull(SslFactoryFipsTest.class.getClassLoader().getResource("certs/cert_chain.pem").toURI()))));
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    protected void setConfigs(Map<String, String> map) {
        map.put("ssl.provider", "BCJSSE");
        this.config = new RestConfig(RestConfig.baseConfigDef(), map);
    }

    protected String getKeyStoreType() {
        return "BCFKS";
    }

    protected String getEncryptedKey() {
        return this.KEY;
    }

    protected Password getKeyPassword() {
        return null;
    }

    @Test
    public void testPemKeyStoreSuccessKeyNoPassword() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("ssl.keystore.location", asFile(asString(this.KEY, this.CERTCHAIN)));
        hashMap.put("ssl.keystore.type", PEM_TYPE);
        setConfigs(hashMap);
        SslContextFactory createSslContextFactory = SslFactory.createSslContextFactory(new SslConfig(this.config));
        Assertions.assertNotNull(createSslContextFactory.getKeyStore());
        Assertions.assertEquals(getKeyStoreType(), createSslContextFactory.getKeyStore().getType());
        verifyKeyStore(createSslContextFactory.getKeyStore(), null);
    }

    @Test
    public void testPemKeyStoreSuccessKeyPassword() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("ssl.keystore.location", asFile(asString(getEncryptedKey(), this.CERTCHAIN)));
        hashMap.put("ssl.keystore.type", PEM_TYPE);
        if (getKeyPassword() != null) {
            hashMap.put("ssl.key.password", getKeyPassword().value());
        }
        setConfigs(hashMap);
        SslContextFactory createSslContextFactory = SslFactory.createSslContextFactory(new SslConfig(this.config));
        Assertions.assertNotNull(createSslContextFactory.getKeyStore());
        Assertions.assertEquals(getKeyStoreType(), createSslContextFactory.getKeyStore().getType());
        verifyKeyStore(createSslContextFactory.getKeyStore(), getKeyPassword());
    }

    @Test
    public void testBadPemKeyStoreFailure() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("ssl.keystore.location", asFile(asString(this.KEY)));
        hashMap.put("ssl.keystore.type", PEM_TYPE);
        setConfigs(hashMap);
        Assertions.assertThrows(InvalidConfigurationException.class, () -> {
            SslFactory.createSslContextFactory(new SslConfig(this.config));
        });
    }

    @Test
    public void testPemKeyStoreReload() throws Exception {
        Throwable th;
        HashMap hashMap = new HashMap();
        String asFile = asFile(asString(getEncryptedKey(), this.CERTCHAIN));
        hashMap.put("ssl.keystore.location", asFile);
        hashMap.put("ssl.keystore.type", PEM_TYPE);
        if (getKeyPassword() != null) {
            hashMap.put("ssl.key.password", getKeyPassword().value());
        }
        hashMap.put("ssl.keystore.reload", "true");
        setConfigs(hashMap);
        SslContextFactory createSslContextFactory = SslFactory.createSslContextFactory(new SslConfig(this.config));
        Assertions.assertNotNull(createSslContextFactory.getKeyStore());
        Assertions.assertEquals(getKeyStoreType(), createSslContextFactory.getKeyStore().getType());
        verifyKeyStore(createSslContextFactory.getKeyStore(), getKeyPassword());
        TestUtils.waitForCondition(() -> {
            return !SslFactory.lastLoadFailure().isPresent();
        }, "could not load keystore");
        FileWriter fileWriter = new FileWriter(asFile);
        Throwable th2 = null;
        try {
            try {
                fileWriter.write(asString(this.KEY, this.CERTCHAIN));
                fileWriter.flush();
                if (fileWriter != null) {
                    if (0 != 0) {
                        try {
                            fileWriter.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        fileWriter.close();
                    }
                }
                fileWriter = new FileWriter(asFile);
                th = null;
            } finally {
            }
            try {
                try {
                    fileWriter.write(asString(getEncryptedKey(), this.CERTCHAIN));
                    fileWriter.flush();
                    if (fileWriter != null) {
                        if (0 != 0) {
                            try {
                                fileWriter.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            fileWriter.close();
                        }
                    }
                    TestUtils.waitForCondition(() -> {
                        return !SslFactory.lastLoadFailure().isPresent();
                    }, "keystore not loaded unexpectedly");
                    verifyKeyStore(createSslContextFactory.getKeyStore(), getKeyPassword());
                } finally {
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testPemTrustStoreSuccessSingleCert() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("ssl.truststore.location", asFile(asString(this.CA1)));
        hashMap.put("ssl.truststore.type", PEM_TYPE);
        setConfigs(hashMap);
        SslContextFactory createSslContextFactory = SslFactory.createSslContextFactory(new SslConfig(this.config));
        Assertions.assertNotNull(createSslContextFactory.getTrustStore());
        Assertions.assertEquals(getKeyStoreType(), createSslContextFactory.getTrustStore().getType());
    }

    @Test
    public void testPemTrustStoreSuccessMultiCert() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("ssl.truststore.location", asFile(asString(this.CA1, this.CA2)));
        hashMap.put("ssl.truststore.type", PEM_TYPE);
        setConfigs(hashMap);
        SslContextFactory createSslContextFactory = SslFactory.createSslContextFactory(new SslConfig(this.config));
        Assertions.assertNotNull(createSslContextFactory.getTrustStore());
        Assertions.assertEquals(getKeyStoreType(), createSslContextFactory.getTrustStore().getType());
    }

    @Test
    public void testBadPemTrustStoreFailure() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("ssl.truststore.location", asFile(asString(this.KEY)));
        hashMap.put("ssl.truststore.type", PEM_TYPE);
        setConfigs(hashMap);
        Assertions.assertThrows(InvalidConfigurationException.class, () -> {
            SslFactory.createSslContextFactory(new SslConfig(this.config));
        });
    }

    private String asString(String... strArr) {
        StringBuilder sb = new StringBuilder();
        for (String str : strArr) {
            sb.append(str);
            sb.append("\n");
        }
        return sb.toString().trim();
    }

    private String asFile(String str) throws Exception {
        return TestUtils.tempFile(str).getAbsolutePath();
    }

    private void verifyKeyStore(KeyStore keyStore, Password password) throws Exception {
        Assertions.assertEquals(Collections.singletonList("kafka"), Collections.list(keyStore.aliases()));
        Assertions.assertNotNull(keyStore.getCertificate("kafka"), "Certificate not loaded");
        Assertions.assertNotNull(keyStore.getKey("kafka", password == null ? null : password.value().toCharArray()), "Private key not loaded");
        Assertions.assertEquals(getKeyStoreType(), keyStore.getType());
    }
}
