package org.apache.kafka.common.network;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.nio.ByteBuffer;
import java.nio.channels.Channels;
import java.nio.channels.SelectionKey;
import java.nio.channels.SocketChannel;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicLong;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import org.apache.kafka.common.KafkaException;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.memory.MemoryPool;
import org.apache.kafka.common.metrics.Metrics;
import org.apache.kafka.common.network.ChannelState;
import org.apache.kafka.common.security.TestSecurityConfig;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.security.authenticator.CredentialCache;
import org.apache.kafka.common.security.ssl.SslFactory;
import org.apache.kafka.common.security.token.delegation.internals.DelegationTokenCache;
import org.apache.kafka.common.utils.Java;
import org.apache.kafka.common.utils.LogContext;
import org.apache.kafka.common.utils.Time;
import org.apache.kafka.common.utils.Utils;
import org.apache.kafka.test.TestCondition;
import org.apache.kafka.test.TestSslUtils;
import org.apache.kafka.test.TestUtils;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

/*  JADX ERROR: NullPointerException in pass: ClassModifier
    java.lang.NullPointerException: Cannot invoke "java.util.List.forEach(java.util.function.Consumer)" because "blocks" is null
    	at jadx.core.utils.BlockUtils.collectAllInsns(BlockUtils.java:1017)
    	at jadx.core.dex.visitors.ClassModifier.removeBridgeMethod(ClassModifier.java:239)
    	at jadx.core.dex.visitors.ClassModifier.removeSyntheticMethods(ClassModifier.java:154)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.ClassModifier.visit(ClassModifier.java:64)
    	at jadx.core.dex.visitors.ClassModifier.visit(ClassModifier.java:57)
    */
@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/kafka/common/network/SslTransportLayerTest.class */
public class SslTransportLayerTest {
    private static final int BUFFER_SIZE = 4096;
    private static Time time = Time.SYSTEM;
    private final String tlsProtocol;
    private NioEchoServer server;
    private Selector selector;
    private ChannelBuilder channelBuilder;
    private CertStores serverCertStores;
    private CertStores clientCertStores;
    private Map<String, Object> sslClientConfigs;
    private Map<String, Object> sslServerConfigs;
    private Map<String, Object> sslConfigOverrides = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    @FunctionalInterface
    /* loaded from: input_file:org/apache/kafka/common/network/SslTransportLayerTest$FailureAction.class */
    public interface FailureAction {
        public static final FailureAction NO_OP = () -> {
        };
        public static final FailureAction THROW_IO_EXCEPTION = () -> {
            throw new IOException("Test IO exception");
        };

        void run() throws IOException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/kafka/common/network/SslTransportLayerTest$TestSslChannelBuilder.class */
    public static class TestSslChannelBuilder extends SslChannelBuilder {
        private Integer netReadBufSizeOverride;
        private Integer netWriteBufSizeOverride;
        private Integer appBufSizeOverride;
        private long failureIndex;
        FailureAction readFailureAction;
        FailureAction flushFailureAction;
        int flushDelayCount;

        /* loaded from: input_file:org/apache/kafka/common/network/SslTransportLayerTest$TestSslChannelBuilder$ResizeableBufferSize.class */
        private static class ResizeableBufferSize {
            private Integer bufSizeOverride;

            ResizeableBufferSize(Integer num) {
                this.bufSizeOverride = num;
            }

            int updateAndGet(int i, boolean z) {
                int i2 = i;
                if (this.bufSizeOverride != null) {
                    if (z) {
                        this.bufSizeOverride = Integer.valueOf(Math.min(this.bufSizeOverride.intValue() * 2, i2));
                    }
                    i2 = this.bufSizeOverride.intValue();
                }
                return i2;
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:org/apache/kafka/common/network/SslTransportLayerTest$TestSslChannelBuilder$TestSslTransportLayer.class */
        public class TestSslTransportLayer extends SslTransportLayer {
            private final ResizeableBufferSize netReadBufSize;
            private final ResizeableBufferSize netWriteBufSize;
            private final ResizeableBufferSize appBufSize;
            private final AtomicLong numReadsRemaining;
            private final AtomicLong numFlushesRemaining;
            private final AtomicInteger numDelayedFlushesRemaining;

            public TestSslTransportLayer(String str, SelectionKey selectionKey, SSLEngine sSLEngine) throws IOException {
                super(str, selectionKey, sSLEngine, new DefaultChannelMetadataRegistry());
                this.netReadBufSize = new ResizeableBufferSize(TestSslChannelBuilder.this.netReadBufSizeOverride);
                this.netWriteBufSize = new ResizeableBufferSize(TestSslChannelBuilder.this.netWriteBufSizeOverride);
                this.appBufSize = new ResizeableBufferSize(TestSslChannelBuilder.this.appBufSizeOverride);
                this.numReadsRemaining = new AtomicLong(TestSslChannelBuilder.this.failureIndex);
                this.numFlushesRemaining = new AtomicLong(TestSslChannelBuilder.this.failureIndex);
                this.numDelayedFlushesRemaining = new AtomicInteger(TestSslChannelBuilder.this.flushDelayCount);
            }

            protected int netReadBufferSize() {
                return this.netReadBufSize.updateAndGet(super.netReadBufferSize(), (netReadBuffer() == null || netReadBuffer().hasRemaining()) ? false : true);
            }

            protected int netWriteBufferSize() {
                return this.netWriteBufSize.updateAndGet(super.netWriteBufferSize(), true);
            }

            protected int applicationBufferSize() {
                return this.appBufSize.updateAndGet(super.applicationBufferSize(), true);
            }

            protected int readFromSocketChannel() throws IOException {
                if (this.numReadsRemaining.decrementAndGet() == 0 && !ready()) {
                    TestSslChannelBuilder.this.readFailureAction.run();
                }
                return super.readFromSocketChannel();
            }

            protected boolean flush(ByteBuffer byteBuffer) throws IOException {
                if (this.numFlushesRemaining.decrementAndGet() == 0 && !ready()) {
                    TestSslChannelBuilder.this.flushFailureAction.run();
                } else if (this.numDelayedFlushesRemaining.getAndDecrement() != 0) {
                    return false;
                }
                resetDelayedFlush();
                return super.flush(byteBuffer);
            }

            protected void startHandshake() throws IOException {
                Assert.assertTrue("SSL handshake initialized too early", socketChannel().isConnected());
                super.startHandshake();
            }

            private void resetDelayedFlush() {
                this.numDelayedFlushesRemaining.set(TestSslChannelBuilder.this.flushDelayCount);
            }
        }

        public TestSslChannelBuilder(Mode mode) {
            super(mode, ListenerName.forSecurityProtocol(SecurityProtocol.SSL), false, new LogContext());
            this.failureIndex = Long.MAX_VALUE;
            this.readFailureAction = FailureAction.NO_OP;
            this.flushFailureAction = FailureAction.NO_OP;
            this.flushDelayCount = 0;
        }

        public void configureBufferSizes(Integer num, Integer num2, Integer num3) {
            this.netReadBufSizeOverride = num;
            this.netWriteBufSizeOverride = num2;
            this.appBufSizeOverride = num3;
        }

        protected SslTransportLayer buildTransportLayer(SslFactory sslFactory, String str, SelectionKey selectionKey, String str2, ChannelMetadataRegistry channelMetadataRegistry) throws IOException {
            return newTransportLayer(str, selectionKey, sslFactory.createSslEngine(str2, ((SocketChannel) selectionKey.channel()).socket().getPort()));
        }

        protected TestSslTransportLayer newTransportLayer(String str, SelectionKey selectionKey, SSLEngine sSLEngine) throws IOException {
            return new TestSslTransportLayer(str, selectionKey, sSLEngine);
        }

        /*  JADX ERROR: Failed to decode insn: 0x0002: MOVE_MULTI, method: org.apache.kafka.common.network.SslTransportLayerTest.TestSslChannelBuilder.access$202(org.apache.kafka.common.network.SslTransportLayerTest$TestSslChannelBuilder, long):long
            java.lang.ArrayIndexOutOfBoundsException: arraycopy: source index -1 out of bounds for object array[6]
            	at java.base/java.lang.System.arraycopy(Native Method)
            	at jadx.plugins.input.java.data.code.StackState.insert(StackState.java:49)
            	at jadx.plugins.input.java.data.code.CodeDecodeState.insert(CodeDecodeState.java:118)
            	at jadx.plugins.input.java.data.code.JavaInsnsRegister.dup2x1(JavaInsnsRegister.java:313)
            	at jadx.plugins.input.java.data.code.JavaInsnData.decode(JavaInsnData.java:46)
            	at jadx.core.dex.instructions.InsnDecoder.lambda$process$0(InsnDecoder.java:54)
            	at jadx.plugins.input.java.data.code.JavaCodeReader.visitInstructions(JavaCodeReader.java:81)
            	at jadx.core.dex.instructions.InsnDecoder.process(InsnDecoder.java:50)
            	at jadx.core.dex.nodes.MethodNode.load(MethodNode.java:156)
            	at jadx.core.dex.nodes.ClassNode.load(ClassNode.java:443)
            	at jadx.core.dex.nodes.ClassNode.load(ClassNode.java:449)
            	at jadx.core.ProcessClass.process(ProcessClass.java:70)
            	at jadx.core.ProcessClass.generateCode(ProcessClass.java:118)
            	at jadx.core.dex.nodes.ClassNode.generateClassCode(ClassNode.java:400)
            	at jadx.core.dex.nodes.ClassNode.decompile(ClassNode.java:388)
            	at jadx.core.dex.nodes.ClassNode.getCode(ClassNode.java:338)
            */
        static /* synthetic */ long access$202(org.apache.kafka.common.network.SslTransportLayerTest.TestSslChannelBuilder r6, long r7) {
            /*
                r0 = r6
                r1 = r7
                // decode failed: arraycopy: source index -1 out of bounds for object array[6]
                r0.failureIndex = r1
                return r-1
            */
            throw new UnsupportedOperationException("Method not decompiled: org.apache.kafka.common.network.SslTransportLayerTest.TestSslChannelBuilder.access$202(org.apache.kafka.common.network.SslTransportLayerTest$TestSslChannelBuilder, long):long");
        }
    }

    @Parameterized.Parameters(name = "tlsProtocol={0}")
    public static Collection<Object[]> data() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Object[]{TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS});
        if (Java.IS_JAVA11_COMPATIBLE) {
            arrayList.add(new Object[]{"TLSv1.3"});
        }
        return arrayList;
    }

    public SslTransportLayerTest(String str) {
        this.tlsProtocol = str;
        this.sslConfigOverrides.put("ssl.protocol", str);
        this.sslConfigOverrides.put("ssl.enabled.protocols", Collections.singletonList(str));
    }

    @Before
    public void setup() throws Exception {
        this.serverCertStores = new CertStores(true, "server", "localhost");
        this.clientCertStores = new CertStores(false, "client", "localhost");
        this.sslServerConfigs = this.serverCertStores.getTrustingConfig(this.clientCertStores);
        this.sslClientConfigs = this.clientCertStores.getTrustingConfig(this.serverCertStores);
        this.sslServerConfigs.put("ssl.engine.builder.class", "org.apache.kafka.common.security.ssl.KafkaSslEngineBuilder");
        this.sslClientConfigs.put("ssl.engine.builder.class", "org.apache.kafka.common.security.ssl.KafkaSslEngineBuilder");
        this.sslServerConfigs = getTrustingConfig(this.serverCertStores, this.clientCertStores);
        this.sslClientConfigs = getTrustingConfig(this.clientCertStores, this.serverCertStores);
        this.sslServerConfigs.putAll(this.sslConfigOverrides);
        this.sslClientConfigs.putAll(this.sslConfigOverrides);
        LogContext logContext = new LogContext();
        this.channelBuilder = new SslChannelBuilder(Mode.CLIENT, (ListenerName) null, false, logContext);
        this.channelBuilder.configure(this.sslClientConfigs);
        this.selector = new Selector(5000L, new Metrics(), time, "MetricGroup", this.channelBuilder, logContext);
    }

    @After
    public void teardown() throws Exception {
        if (this.selector != null) {
            this.selector.close();
        }
        if (this.server != null) {
            this.server.close();
        }
    }

    @Test
    public void testValidEndpointIdentificationSanDns() throws Exception {
        this.server = createEchoServer(SecurityProtocol.SSL);
        this.sslClientConfigs.put("ssl.endpoint.identification.algorithm", "HTTPS");
        createSelector(this.sslClientConfigs);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(this.selector, "0", 100, 10);
        this.server.verifyAuthenticationMetrics(1, 0);
    }

    @Test
    public void testValidEndpointIdentificationSanIp() throws Exception {
        this.serverCertStores = new CertStores(true, "server", InetAddress.getByName("127.0.0.1"));
        this.clientCertStores = new CertStores(false, "client", InetAddress.getByName("127.0.0.1"));
        this.sslServerConfigs = getTrustingConfig(this.serverCertStores, this.clientCertStores);
        this.sslClientConfigs = getTrustingConfig(this.clientCertStores, this.serverCertStores);
        this.server = createEchoServer(SecurityProtocol.SSL);
        this.sslClientConfigs.put("ssl.endpoint.identification.algorithm", "HTTPS");
        createSelector(this.sslClientConfigs);
        this.selector.connect("0", new InetSocketAddress("127.0.0.1", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(this.selector, "0", 100, 10);
    }

    @Test
    public void testValidEndpointIdentificationCN() throws Exception {
        this.serverCertStores = new CertStores(true, "localhost");
        this.clientCertStores = new CertStores(false, "localhost");
        this.sslServerConfigs = getTrustingConfig(this.serverCertStores, this.clientCertStores);
        this.sslClientConfigs = getTrustingConfig(this.clientCertStores, this.serverCertStores);
        this.server = createEchoServer(SecurityProtocol.SSL);
        this.sslClientConfigs.put("ssl.endpoint.identification.algorithm", "HTTPS");
        createSelector(this.sslClientConfigs);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(this.selector, "0", 100, 10);
    }

    @Test
    public void testEndpointIdentificationNoReverseLookup() throws Exception {
        this.server = createEchoServer(SecurityProtocol.SSL);
        this.sslClientConfigs.put("ssl.endpoint.identification.algorithm", "HTTPS");
        createSelector(this.sslClientConfigs);
        this.selector.connect("0", new InetSocketAddress("127.0.0.1", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.waitForChannelClose(this.selector, "0", ChannelState.State.AUTHENTICATION_FAILED);
    }

    @Test
    public void testClientEndpointNotValidated() throws Exception {
        this.clientCertStores = new CertStores(false, "non-existent.com");
        this.serverCertStores = new CertStores(true, "localhost");
        this.sslServerConfigs = getTrustingConfig(this.serverCertStores, this.clientCertStores);
        this.sslClientConfigs = getTrustingConfig(this.clientCertStores, this.serverCertStores);
        TestSslChannelBuilder testSslChannelBuilder = new TestSslChannelBuilder(Mode.SERVER) { // from class: org.apache.kafka.common.network.SslTransportLayerTest.1
            @Override // org.apache.kafka.common.network.SslTransportLayerTest.TestSslChannelBuilder
            protected TestSslChannelBuilder.TestSslTransportLayer newTransportLayer(String str, SelectionKey selectionKey, SSLEngine sSLEngine) throws IOException {
                SSLParameters sSLParameters = sSLEngine.getSSLParameters();
                sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
                sSLEngine.setSSLParameters(sSLParameters);
                return super.newTransportLayer(str, selectionKey, sSLEngine);
            }
        };
        testSslChannelBuilder.configure(this.sslServerConfigs);
        this.server = new NioEchoServer(ListenerName.forSecurityProtocol(SecurityProtocol.SSL), SecurityProtocol.SSL, new TestSecurityConfig(this.sslServerConfigs), "localhost", testSslChannelBuilder, null, time);
        this.server.start();
        createSelector(this.sslClientConfigs);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(this.selector, "0", 100, 10);
    }

    @Test
    public void testInvalidEndpointIdentification() throws Exception {
        this.serverCertStores = new CertStores(true, "server", "notahost");
        this.clientCertStores = new CertStores(false, "client", "localhost");
        this.sslServerConfigs = getTrustingConfig(this.serverCertStores, this.clientCertStores);
        this.sslClientConfigs = getTrustingConfig(this.clientCertStores, this.serverCertStores);
        this.sslClientConfigs.put("ssl.endpoint.identification.algorithm", "HTTPS");
        this.server = createEchoServer(SecurityProtocol.SSL);
        createSelector(this.sslClientConfigs);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.waitForChannelClose(this.selector, "0", ChannelState.State.AUTHENTICATION_FAILED);
        this.server.verifyAuthenticationMetrics(0, 1);
    }

    @Test
    public void testEndpointIdentificationDisabled() throws Exception {
        this.serverCertStores = new CertStores(true, "server", "notahost");
        this.clientCertStores = new CertStores(false, "client", "localhost");
        this.sslServerConfigs = getTrustingConfig(this.serverCertStores, this.clientCertStores);
        this.sslClientConfigs = getTrustingConfig(this.clientCertStores, this.serverCertStores);
        SecurityProtocol securityProtocol = SecurityProtocol.SSL;
        this.server = createEchoServer(SecurityProtocol.SSL);
        InetSocketAddress inetSocketAddress = new InetSocketAddress("localhost", this.server.port());
        this.sslClientConfigs.put("ssl.endpoint.identification.algorithm", "");
        createSelector(this.sslClientConfigs);
        this.selector.connect("1", inetSocketAddress, BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(this.selector, "1", 100, 10);
        this.sslClientConfigs.put("ssl.endpoint.identification.algorithm", null);
        createSelector(this.sslClientConfigs);
        this.selector.connect("2", inetSocketAddress, BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(this.selector, "2", 100, 10);
        this.sslClientConfigs.put("ssl.endpoint.identification.algorithm", "HTTPS");
        createSelector(this.sslClientConfigs);
        this.selector.connect("3", inetSocketAddress, BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.waitForChannelClose(this.selector, "3", ChannelState.State.AUTHENTICATION_FAILED);
        this.selector.close();
    }

    @Test
    public void testClientAuthenticationRequiredValidProvided() throws Exception {
        this.sslServerConfigs.put("ssl.client.auth", "required");
        this.server = createEchoServer(SecurityProtocol.SSL);
        createSelector(this.sslClientConfigs);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(this.selector, "0", 100, 10);
    }

    @Test
    public void testListenerConfigOverride() throws Exception {
        ListenerName listenerName = new ListenerName("client");
        this.sslServerConfigs.put("ssl.client.auth", "required");
        this.sslServerConfigs.put(listenerName.configPrefix() + "ssl.client.auth", "none");
        this.server = createEchoServer(SecurityProtocol.SSL);
        InetSocketAddress inetSocketAddress = new InetSocketAddress("localhost", this.server.port());
        createSelector(this.sslClientConfigs);
        this.selector.connect("0", inetSocketAddress, BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(this.selector, "0", 100, 10);
        this.selector.close();
        this.sslClientConfigs.remove("ssl.keystore.location");
        this.sslClientConfigs.remove("ssl.keystore.password");
        this.sslClientConfigs.remove("ssl.key.password");
        createSelector(this.sslClientConfigs);
        this.selector.connect("0", inetSocketAddress, BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.waitForChannelClose(this.selector, "0", ChannelState.State.AUTHENTICATION_FAILED);
        this.selector.close();
        this.server.close();
        this.server = createEchoServer(listenerName, SecurityProtocol.SSL);
        InetSocketAddress inetSocketAddress2 = new InetSocketAddress("localhost", this.server.port());
        createSelector(this.sslClientConfigs);
        this.selector.connect("0", inetSocketAddress2, BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(this.selector, "0", 100, 10);
    }

    @Test
    public void testClientAuthenticationRequiredUntrustedProvided() throws Exception {
        this.sslServerConfigs = this.serverCertStores.getUntrustingConfig();
        this.sslServerConfigs.putAll(this.sslConfigOverrides);
        this.sslServerConfigs.put("ssl.client.auth", "required");
        this.server = createEchoServer(SecurityProtocol.SSL);
        createSelector(this.sslClientConfigs);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.waitForChannelClose(this.selector, "0", ChannelState.State.AUTHENTICATION_FAILED);
        this.server.verifyAuthenticationMetrics(0, 1);
    }

    @Test
    public void testClientAuthenticationRequiredNotProvided() throws Exception {
        this.sslServerConfigs.put("ssl.client.auth", "required");
        this.server = createEchoServer(SecurityProtocol.SSL);
        this.sslClientConfigs.remove("ssl.keystore.location");
        this.sslClientConfigs.remove("ssl.keystore.password");
        this.sslClientConfigs.remove("ssl.key.password");
        createSelector(this.sslClientConfigs);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.waitForChannelClose(this.selector, "0", ChannelState.State.AUTHENTICATION_FAILED);
        this.server.verifyAuthenticationMetrics(0, 1);
    }

    @Test
    public void testClientAuthenticationDisabledUntrustedProvided() throws Exception {
        this.sslServerConfigs = this.serverCertStores.getUntrustingConfig();
        this.sslServerConfigs.putAll(this.sslConfigOverrides);
        this.sslServerConfigs.put("ssl.client.auth", "none");
        this.server = createEchoServer(SecurityProtocol.SSL);
        createSelector(this.sslClientConfigs);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(this.selector, "0", 100, 10);
    }

    @Test
    public void testClientAuthenticationDisabledNotProvided() throws Exception {
        this.sslServerConfigs.put("ssl.client.auth", "none");
        this.server = createEchoServer(SecurityProtocol.SSL);
        this.sslClientConfigs.remove("ssl.keystore.location");
        this.sslClientConfigs.remove("ssl.keystore.password");
        this.sslClientConfigs.remove("ssl.key.password");
        createSelector(this.sslClientConfigs);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(this.selector, "0", 100, 10);
    }

    @Test
    public void testClientAuthenticationRequestedValidProvided() throws Exception {
        this.sslServerConfigs.put("ssl.client.auth", "requested");
        this.server = createEchoServer(SecurityProtocol.SSL);
        createSelector(this.sslClientConfigs);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(this.selector, "0", 100, 10);
    }

    @Test
    public void testClientAuthenticationRequestedNotProvided() throws Exception {
        this.sslServerConfigs.put("ssl.client.auth", "requested");
        this.server = createEchoServer(SecurityProtocol.SSL);
        this.sslClientConfigs.remove("ssl.keystore.location");
        this.sslClientConfigs.remove("ssl.keystore.password");
        this.sslClientConfigs.remove("ssl.key.password");
        createSelector(this.sslClientConfigs);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(this.selector, "0", 100, 10);
    }

    @Test
    public void testInvalidSecureRandomImplementation() throws Exception {
        try {
            SslChannelBuilder newClientChannelBuilder = newClientChannelBuilder();
            Throwable th = null;
            try {
                this.sslClientConfigs.put("ssl.secure.random.implementation", "invalid");
                newClientChannelBuilder.configure(this.sslClientConfigs);
                Assert.fail("SSL channel configured with invalid SecureRandom implementation");
                if (newClientChannelBuilder != null) {
                    if (0 != 0) {
                        try {
                            newClientChannelBuilder.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newClientChannelBuilder.close();
                    }
                }
            } finally {
            }
        } catch (KafkaException e) {
        }
    }

    @Test
    public void testInvalidTruststorePassword() throws Exception {
        try {
            SslChannelBuilder newClientChannelBuilder = newClientChannelBuilder();
            Throwable th = null;
            try {
                this.sslClientConfigs.put("ssl.truststore.password", "invalid");
                newClientChannelBuilder.configure(this.sslClientConfigs);
                Assert.fail("SSL channel configured with invalid truststore password");
                if (newClientChannelBuilder != null) {
                    if (0 != 0) {
                        try {
                            newClientChannelBuilder.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newClientChannelBuilder.close();
                    }
                }
            } finally {
            }
        } catch (KafkaException e) {
        }
    }

    @Test
    public void testInvalidKeystorePassword() throws Exception {
        try {
            SslChannelBuilder newClientChannelBuilder = newClientChannelBuilder();
            Throwable th = null;
            try {
                this.sslClientConfigs.put("ssl.keystore.password", "invalid");
                newClientChannelBuilder.configure(this.sslClientConfigs);
                Assert.fail("SSL channel configured with invalid keystore password");
                if (newClientChannelBuilder != null) {
                    if (0 != 0) {
                        try {
                            newClientChannelBuilder.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newClientChannelBuilder.close();
                    }
                }
            } finally {
            }
        } catch (KafkaException e) {
        }
    }

    @Test
    public void testNullTruststorePassword() throws Exception {
        this.sslClientConfigs.remove("ssl.truststore.password");
        this.sslServerConfigs.remove("ssl.truststore.password");
        this.server = createEchoServer(SecurityProtocol.SSL);
        createSelector(this.sslClientConfigs);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(this.selector, "0", 100, 10);
    }

    @Test
    public void testInvalidKeyPassword() throws Exception {
        this.sslServerConfigs.put("ssl.key.password", new Password("invalid"));
        this.server = createEchoServer(SecurityProtocol.SSL);
        createSelector(this.sslClientConfigs);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.waitForChannelClose(this.selector, "0", ChannelState.State.AUTHENTICATION_FAILED);
        this.server.verifyAuthenticationMetrics(0, 1);
    }

    @Test
    public void testUnsupportedCiphers() throws Exception {
        SSLContext sSLContext = SSLContext.getInstance(this.tlsProtocol);
        sSLContext.init(null, null, null);
        String[] cipherSuites = sSLContext.getDefaultSSLParameters().getCipherSuites();
        this.sslServerConfigs.put("ssl.cipher.suites", Arrays.asList(cipherSuites[0]));
        this.server = createEchoServer(SecurityProtocol.SSL);
        this.sslClientConfigs.put("ssl.cipher.suites", Arrays.asList(cipherSuites[1]));
        createSelector(this.sslClientConfigs);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.waitForChannelClose(this.selector, "0", ChannelState.State.AUTHENTICATION_FAILED);
        this.server.verifyAuthenticationMetrics(0, 1);
    }

    @Test
    public void testServerRequestMetrics() throws Exception {
        this.server = createEchoServer(SecurityProtocol.SSL);
        createSelector(this.sslClientConfigs, 16384, 16384, 16384);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), 102400, 102400);
        NetworkTestUtils.waitForChannelReady(this.selector, "0");
        this.selector.send(new NetworkSend("0", ByteBuffer.wrap(TestUtils.randomString(1048576).getBytes())));
        while (this.selector.completedReceives().isEmpty()) {
            this.selector.poll(100L);
        }
        int i = 1048576 + 4;
        this.server.waitForMetric("incoming-byte", i);
        this.server.waitForMetric("outgoing-byte", i);
        this.server.waitForMetric("request", 1.0d);
        this.server.waitForMetric("response", 1.0d);
    }

    @Test
    public void testSelectorPollReadSize() throws Exception {
        this.server = createEchoServer(SecurityProtocol.SSL);
        createSelector(this.sslClientConfigs, 16384, 16384, 16384);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), 102400, 102400);
        NetworkTestUtils.checkClientConnection(this.selector, "0", 81920, 1);
        String randomString = TestUtils.randomString(81920);
        this.selector.send(new NetworkSend("0", ByteBuffer.wrap(randomString.getBytes())));
        TestUtils.waitForCondition(new TestCondition() { // from class: org.apache.kafka.common.network.SslTransportLayerTest.2
            @Override // org.apache.kafka.test.TestCondition
            public boolean conditionMet() {
                try {
                    SslTransportLayerTest.this.selector.poll(100L);
                    return SslTransportLayerTest.this.selector.completedSends().size() > 0;
                } catch (IOException e) {
                    return false;
                }
            }
        }, "Timed out waiting for message to be sent");
        TestUtils.waitForCondition(new TestCondition() { // from class: org.apache.kafka.common.network.SslTransportLayerTest.3
            @Override // org.apache.kafka.test.TestCondition
            public boolean conditionMet() {
                return SslTransportLayerTest.this.server.numSent() >= 2;
            }
        }, "Timed out waiting for echo server to send message");
        this.selector.poll(1000L);
        Collection completedReceives = this.selector.completedReceives();
        Assert.assertEquals(1L, completedReceives.size());
        Assert.assertEquals(randomString, new String(Utils.toArray(((NetworkReceive) completedReceives.iterator().next()).payload())));
    }

    @Test
    public void testNetReadBufferResize() throws Exception {
        this.server = createEchoServer(SecurityProtocol.SSL);
        createSelector(this.sslClientConfigs, 10, null, null);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(this.selector, "0", 64000, 10);
    }

    @Test
    public void testNetWriteBufferResize() throws Exception {
        this.server = createEchoServer(SecurityProtocol.SSL);
        createSelector(this.sslClientConfigs, null, 10, null);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(this.selector, "0", 64000, 10);
    }

    @Test
    public void testApplicationBufferResize() throws Exception {
        this.server = createEchoServer(SecurityProtocol.SSL);
        createSelector(this.sslClientConfigs, null, null, 10);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(this.selector, "0", 64000, 10);
    }

    @Test
    public void testNetworkIoTimeRecorded() throws Exception {
        this.selector.close();
        this.selector = new Selector(-1, -1L, new Metrics(), Time.SYSTEM, "MetricGroup", new HashMap(), false, true, this.channelBuilder, MemoryPool.NONE, new LogContext());
        this.server = createEchoServer(SecurityProtocol.SSL);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        String randomString = TestUtils.randomString(1048576);
        NetworkTestUtils.waitForChannelReady(this.selector, "0");
        KafkaChannel channel = this.selector.channel("0");
        Assert.assertTrue("SSL handshake time not recorded", channel.networkIoTimeNanos() > 0);
        Assert.assertEquals(0L, channel.writeIoTimeNanos());
        channel.resetNetworkIoTimes();
        Assert.assertEquals("Time not reset", 0L, channel.networkIoTimeNanos());
        this.selector.mute("0");
        this.selector.send(new NetworkSend("0", ByteBuffer.wrap(randomString.getBytes())));
        while (this.selector.completedSends().isEmpty()) {
            this.selector.poll(100L);
        }
        long networkIoTimeNanos = channel.networkIoTimeNanos();
        Assert.assertTrue("Send time not recorded: " + networkIoTimeNanos, networkIoTimeNanos > 0);
        Assert.assertEquals(networkIoTimeNanos, channel.writeIoTimeNanos());
        channel.resetNetworkIoTimes();
        Assert.assertEquals("Time not reset", 0L, channel.networkIoTimeNanos());
        Assert.assertEquals("Write time not reset", 0L, channel.writeIoTimeNanos());
        Assert.assertFalse("Unexpected bytes buffered", channel.hasBytesBuffered());
        Assert.assertEquals(0L, this.selector.completedReceives().size());
        this.selector.unmute("0");
        TestUtils.waitForCondition(new TestCondition() { // from class: org.apache.kafka.common.network.SslTransportLayerTest.4
            @Override // org.apache.kafka.test.TestCondition
            public boolean conditionMet() {
                try {
                    SslTransportLayerTest.this.selector.poll(100L);
                    return !SslTransportLayerTest.this.selector.completedReceives().isEmpty();
                } catch (IOException e) {
                    return false;
                }
            }
        }, "Timed out waiting for a message to receive from echo server");
        long networkIoTimeNanos2 = channel.networkIoTimeNanos();
        Assert.assertTrue("Receive time not recorded: " + networkIoTimeNanos2, networkIoTimeNanos2 > 0);
        Assert.assertEquals(0L, channel.writeIoTimeNanos());
    }

    @Test
    public void testIOExceptionsDuringHandshakeRead() throws Exception {
        this.server = createEchoServer(SecurityProtocol.SSL);
        testIOExceptionsDuringHandshake(FailureAction.THROW_IO_EXCEPTION, FailureAction.NO_OP);
    }

    @Test
    public void testIOExceptionsDuringHandshakeWrite() throws Exception {
        this.server = createEchoServer(SecurityProtocol.SSL);
        testIOExceptionsDuringHandshake(FailureAction.NO_OP, FailureAction.THROW_IO_EXCEPTION);
    }

    @Test
    public void testUngracefulRemoteCloseDuringHandshakeRead() throws Exception {
        this.server = createEchoServer(SecurityProtocol.SSL);
        NioEchoServer nioEchoServer = this.server;
        nioEchoServer.getClass();
        testIOExceptionsDuringHandshake(nioEchoServer::closeSocketChannels, FailureAction.NO_OP);
    }

    @Test
    public void testUngracefulRemoteCloseDuringHandshakeWrite() throws Exception {
        this.server = createEchoServer(SecurityProtocol.SSL);
        FailureAction failureAction = FailureAction.NO_OP;
        NioEchoServer nioEchoServer = this.server;
        nioEchoServer.getClass();
        testIOExceptionsDuringHandshake(failureAction, nioEchoServer::closeSocketChannels);
    }

    @Test
    public void testGracefulRemoteCloseDuringHandshakeRead() throws Exception {
        this.server = createEchoServer(SecurityProtocol.SSL);
        FailureAction failureAction = FailureAction.NO_OP;
        NioEchoServer nioEchoServer = this.server;
        nioEchoServer.getClass();
        testIOExceptionsDuringHandshake(failureAction, nioEchoServer::closeKafkaChannels);
    }

    @Test
    public void testGracefulRemoteCloseDuringHandshakeWrite() throws Exception {
        this.server = createEchoServer(SecurityProtocol.SSL);
        NioEchoServer nioEchoServer = this.server;
        nioEchoServer.getClass();
        testIOExceptionsDuringHandshake(nioEchoServer::closeKafkaChannels, FailureAction.NO_OP);
    }

    /*  JADX ERROR: JadxRuntimeException in pass: InlineMethods
        jadx.core.utils.exceptions.JadxRuntimeException: Failed to process method for inline: org.apache.kafka.common.network.SslTransportLayerTest.TestSslChannelBuilder.access$202(org.apache.kafka.common.network.SslTransportLayerTest$TestSslChannelBuilder, long):long
        	at jadx.core.dex.visitors.InlineMethods.processInvokeInsn(InlineMethods.java:74)
        	at jadx.core.dex.visitors.InlineMethods.visit(InlineMethods.java:49)
        Caused by: jadx.core.utils.exceptions.JadxRuntimeException: Class not yet loaded at codegen stage: org.apache.kafka.common.network.SslTransportLayerTest
        	at jadx.core.dex.nodes.ClassNode.reloadAtCodegenStage(ClassNode.java:883)
        	at jadx.core.dex.visitors.InlineMethods.processInvokeInsn(InlineMethods.java:66)
        	... 1 more
        */
    private void testIOExceptionsDuringHandshake(org.apache.kafka.common.network.SslTransportLayerTest.FailureAction r13, org.apache.kafka.common.network.SslTransportLayerTest.FailureAction r14) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 339
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.kafka.common.network.SslTransportLayerTest.testIOExceptionsDuringHandshake(org.apache.kafka.common.network.SslTransportLayerTest$FailureAction, org.apache.kafka.common.network.SslTransportLayerTest$FailureAction):void");
    }

    @Test
    public void testPeerNotifiedOfHandshakeFailure() throws Exception {
        this.sslServerConfigs = this.serverCertStores.getUntrustingConfig();
        this.sslServerConfigs.putAll(this.sslConfigOverrides);
        this.sslServerConfigs.put("ssl.client.auth", "required");
        for (int i = 0; i < 3; i++) {
            TestSslChannelBuilder testSslChannelBuilder = new TestSslChannelBuilder(Mode.SERVER);
            testSslChannelBuilder.configure(this.sslServerConfigs);
            testSslChannelBuilder.flushDelayCount = i;
            this.server = new NioEchoServer(ListenerName.forSecurityProtocol(SecurityProtocol.SSL), SecurityProtocol.SSL, new TestSecurityConfig(this.sslServerConfigs), "localhost", testSslChannelBuilder, null, time);
            this.server.start();
            createSelector(this.sslClientConfigs);
            this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
            NetworkTestUtils.waitForChannelClose(this.selector, "0", ChannelState.State.AUTHENTICATION_FAILED);
            this.server.close();
            this.selector.close();
        }
    }

    @Test
    public void testCloseSsl() throws Exception {
        testClose(SecurityProtocol.SSL, newClientChannelBuilder());
    }

    @Test
    public void testClosePlaintext() throws Exception {
        testClose(SecurityProtocol.PLAINTEXT, new PlaintextChannelBuilder(Mode.CLIENT, (ListenerName) null));
    }

    private SslChannelBuilder newClientChannelBuilder() {
        return new SslChannelBuilder(Mode.CLIENT, (ListenerName) null, false, new LogContext());
    }

    private void testClose(SecurityProtocol securityProtocol, ChannelBuilder channelBuilder) throws Exception {
        this.server = createEchoServer(securityProtocol);
        channelBuilder.configure(this.sslClientConfigs);
        this.selector = new Selector(5000L, new Metrics(), time, "MetricGroup", channelBuilder, new LogContext());
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.waitForChannelReady(this.selector, "0");
        TestUtils.waitForCondition(() -> {
            return this.server.selector().channels().stream().allMatch((v0) -> {
                return v0.ready();
            });
        }, "Channel not ready");
        final ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        this.server.outputChannel(Channels.newChannel(byteArrayOutputStream));
        this.server.selector().muteAll();
        byte[] bytes = TestUtils.randomString(100).getBytes();
        final int length = 20 * (bytes.length + 4);
        for (int i = 0; i < 20; i++) {
            this.selector.send(new NetworkSend("0", ByteBuffer.wrap(bytes)));
            do {
                this.selector.poll(0L);
            } while (this.selector.completedSends().isEmpty());
        }
        this.server.selector().unmuteAll();
        this.selector.close("0");
        TestUtils.waitForCondition(new TestCondition() { // from class: org.apache.kafka.common.network.SslTransportLayerTest.5
            @Override // org.apache.kafka.test.TestCondition
            public boolean conditionMet() {
                return byteArrayOutputStream.toByteArray().length == length;
            }
        }, 5000L, "All requests sent were not processed");
    }

    @Test
    public void testInterBrokerSslConfigValidation() throws Exception {
        SecurityProtocol securityProtocol = SecurityProtocol.SSL;
        this.sslServerConfigs.put("ssl.client.auth", "required");
        this.sslServerConfigs.put("ssl.endpoint.identification.algorithm", "HTTPS");
        this.sslServerConfigs.putAll(this.serverCertStores.keyStoreProps());
        this.sslServerConfigs.putAll(this.serverCertStores.trustStoreProps());
        this.sslClientConfigs.putAll(this.serverCertStores.keyStoreProps());
        this.sslClientConfigs.putAll(this.serverCertStores.trustStoreProps());
        TestSecurityConfig testSecurityConfig = new TestSecurityConfig(this.sslServerConfigs);
        ListenerName forSecurityProtocol = ListenerName.forSecurityProtocol(securityProtocol);
        this.server = new NioEchoServer(forSecurityProtocol, securityProtocol, testSecurityConfig, "localhost", ChannelBuilders.serverChannelBuilder(forSecurityProtocol, true, securityProtocol, testSecurityConfig, (CredentialCache) null, (DelegationTokenCache) null, time, new LogContext()), null, time);
        this.server.start();
        this.selector = createSelector(this.sslClientConfigs, null, null, null);
        this.selector.connect("0", new InetSocketAddress("localhost", this.server.port()), BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(this.selector, "0", 100, 10);
    }

    @Test(expected = KafkaException.class)
    public void testInterBrokerSslConfigValidationFailure() throws Exception {
        SecurityProtocol securityProtocol = SecurityProtocol.SSL;
        this.sslServerConfigs.put("ssl.client.auth", "required");
        ChannelBuilders.serverChannelBuilder(ListenerName.forSecurityProtocol(securityProtocol), true, securityProtocol, new TestSecurityConfig(this.sslServerConfigs), (CredentialCache) null, (DelegationTokenCache) null, time, new LogContext());
    }

    @Test
    public void testServerKeystoreDynamicUpdate() throws Exception {
        SecurityProtocol securityProtocol = SecurityProtocol.SSL;
        TestSecurityConfig testSecurityConfig = new TestSecurityConfig(this.sslServerConfigs);
        ListenerName forSecurityProtocol = ListenerName.forSecurityProtocol(securityProtocol);
        ChannelBuilder serverChannelBuilder = ChannelBuilders.serverChannelBuilder(forSecurityProtocol, false, securityProtocol, testSecurityConfig, (CredentialCache) null, (DelegationTokenCache) null, time, new LogContext());
        this.server = new NioEchoServer(forSecurityProtocol, securityProtocol, testSecurityConfig, "localhost", serverChannelBuilder, null, time);
        this.server.start();
        InetSocketAddress inetSocketAddress = new InetSocketAddress("localhost", this.server.port());
        Selector createSelector = createSelector(this.sslClientConfigs);
        createSelector.connect("0", inetSocketAddress, BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(this.selector, "0", 100, 10);
        CertStores certStores = new CertStores(true, "server", "localhost");
        Map<String, Object> keyStoreProps = certStores.keyStoreProps();
        Assert.assertTrue("SslChannelBuilder not reconfigurable", serverChannelBuilder instanceof ListenerReconfigurable);
        ListenerReconfigurable listenerReconfigurable = (ListenerReconfigurable) serverChannelBuilder;
        Assert.assertEquals(forSecurityProtocol, listenerReconfigurable.listenerName());
        listenerReconfigurable.validateReconfiguration(keyStoreProps);
        listenerReconfigurable.reconfigure(keyStoreProps);
        createSelector.connect("1", inetSocketAddress, BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.waitForChannelClose(createSelector, "1", ChannelState.State.AUTHENTICATION_FAILED);
        this.sslClientConfigs = getTrustingConfig(this.clientCertStores, certStores);
        Selector createSelector2 = createSelector(this.sslClientConfigs);
        createSelector2.connect("2", inetSocketAddress, BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(createSelector2, "2", 100, 10);
        NetworkTestUtils.checkClientConnection(createSelector, "0", 100, 10);
        verifyInvalidReconfigure(listenerReconfigurable, getTrustingConfig(new CertStores(true, "server", "127.0.0.1"), this.clientCertStores), "keystore with different SubjectAltName");
        HashMap hashMap = new HashMap();
        hashMap.put("ssl.keystore.type", "PKCS12");
        hashMap.put("ssl.keystore.location", "some.keystore.path");
        hashMap.put("ssl.keystore.password", new Password("some.keystore.password"));
        hashMap.put("ssl.key.password", new Password("some.key.password"));
        verifyInvalidReconfigure(listenerReconfigurable, hashMap, "keystore not found");
        createSelector2.connect("3", inetSocketAddress, BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(createSelector2, "3", 100, 10);
    }

    @Test
    public void testServerTruststoreDynamicUpdate() throws Exception {
        SecurityProtocol securityProtocol = SecurityProtocol.SSL;
        this.sslServerConfigs.put("ssl.client.auth", "required");
        TestSecurityConfig testSecurityConfig = new TestSecurityConfig(this.sslServerConfigs);
        ListenerName forSecurityProtocol = ListenerName.forSecurityProtocol(securityProtocol);
        ChannelBuilder serverChannelBuilder = ChannelBuilders.serverChannelBuilder(forSecurityProtocol, false, securityProtocol, testSecurityConfig, (CredentialCache) null, (DelegationTokenCache) null, time, new LogContext());
        this.server = new NioEchoServer(forSecurityProtocol, securityProtocol, testSecurityConfig, "localhost", serverChannelBuilder, null, time);
        this.server.start();
        InetSocketAddress inetSocketAddress = new InetSocketAddress("localhost", this.server.port());
        Selector createSelector = createSelector(this.sslClientConfigs);
        createSelector.connect("0", inetSocketAddress, BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(this.selector, "0", 100, 10);
        CertStores certStores = new CertStores(true, "client", "localhost");
        this.sslClientConfigs = getTrustingConfig(certStores, this.serverCertStores);
        Map<String, Object> trustStoreProps = certStores.trustStoreProps();
        Assert.assertTrue("SslChannelBuilder not reconfigurable", serverChannelBuilder instanceof ListenerReconfigurable);
        ListenerReconfigurable listenerReconfigurable = (ListenerReconfigurable) serverChannelBuilder;
        Assert.assertEquals(forSecurityProtocol, listenerReconfigurable.listenerName());
        listenerReconfigurable.validateReconfiguration(trustStoreProps);
        listenerReconfigurable.reconfigure(trustStoreProps);
        createSelector.connect("1", inetSocketAddress, BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.waitForChannelClose(createSelector, "1", ChannelState.State.AUTHENTICATION_FAILED);
        Selector createSelector2 = createSelector(this.sslClientConfigs);
        createSelector2.connect("2", inetSocketAddress, BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(createSelector2, "2", 100, 10);
        NetworkTestUtils.checkClientConnection(createSelector, "0", 100, 10);
        HashMap hashMap = new HashMap(trustStoreProps);
        hashMap.put("ssl.truststore.type", "INVALID_TYPE");
        verifyInvalidReconfigure(listenerReconfigurable, hashMap, "invalid truststore type");
        HashMap hashMap2 = new HashMap();
        hashMap2.put("ssl.truststore.type", "PKCS12");
        hashMap2.put("ssl.truststore.location", "some.truststore.path");
        hashMap2.put("ssl.truststore.password", new Password("some.truststore.password"));
        verifyInvalidReconfigure(listenerReconfigurable, hashMap2, "truststore not found");
        createSelector2.connect("3", inetSocketAddress, BUFFER_SIZE, BUFFER_SIZE);
        NetworkTestUtils.checkClientConnection(createSelector2, "3", 100, 10);
    }

    private void verifyInvalidReconfigure(ListenerReconfigurable listenerReconfigurable, Map<String, Object> map, String str) {
        try {
            listenerReconfigurable.validateReconfiguration(map);
            Assert.fail("Should have failed validation with an exception: " + str);
        } catch (KafkaException e) {
        }
        try {
            listenerReconfigurable.reconfigure(map);
            Assert.fail("Should have failed to reconfigure: " + str);
        } catch (KafkaException e2) {
        }
    }

    private Selector createSelector(Map<String, Object> map) {
        return createSelector(map, null, null, null);
    }

    private Selector createSelector(Map<String, Object> map, Integer num, Integer num2, Integer num3) {
        TestSslChannelBuilder testSslChannelBuilder = new TestSslChannelBuilder(Mode.CLIENT);
        testSslChannelBuilder.configureBufferSizes(num, num2, num3);
        this.channelBuilder = testSslChannelBuilder;
        this.channelBuilder.configure(map);
        this.selector = new Selector(500000L, new Metrics(), time, "MetricGroup", testSslChannelBuilder, new LogContext());
        return this.selector;
    }

    private NioEchoServer createEchoServer(ListenerName listenerName, SecurityProtocol securityProtocol) throws Exception {
        return NetworkTestUtils.createEchoServer(listenerName, securityProtocol, new TestSecurityConfig(this.sslServerConfigs), null, time);
    }

    private NioEchoServer createEchoServer(SecurityProtocol securityProtocol) throws Exception {
        return createEchoServer(ListenerName.forSecurityProtocol(securityProtocol), securityProtocol);
    }

    private Map<String, Object> getTrustingConfig(CertStores certStores, CertStores certStores2) {
        Map<String, Object> trustingConfig = certStores.getTrustingConfig(certStores2);
        trustingConfig.putAll(this.sslConfigOverrides);
        return trustingConfig;
    }

    static {
    }
}
