package org.apache.pinot.integration.tests;

import com.fasterxml.jackson.databind.JsonNode;
import com.google.common.base.Preconditions;
import groovy.lang.IntRange;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Stream;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.pinot.client.Connection;
import org.apache.pinot.client.ConnectionFactory;
import org.apache.pinot.client.JsonAsyncHttpPinotClientTransportFactory;
import org.apache.pinot.client.Request;
import org.apache.pinot.client.ResultSetGroup;
import org.apache.pinot.common.utils.FileUploadDownloadClient;
import org.apache.pinot.spi.config.table.TableConfig;
import org.apache.pinot.spi.config.table.TableTaskConfig;
import org.apache.pinot.spi.data.Schema;
import org.apache.pinot.spi.env.PinotConfiguration;
import org.apache.pinot.spi.utils.JsonUtils;
import org.apache.pinot.spi.utils.builder.TableNameBuilder;
import org.apache.pinot.util.TestUtils;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/pinot/integration/tests/BasicAuthTlsRealtimeIntegrationTest.class */
public class BasicAuthTlsRealtimeIntegrationTest extends BaseClusterIntegrationTest {
    private final File _tempDirTls = new File(FileUtils.getTempDirectory(), getClass().getSimpleName() + "-cert");
    private final File _tlsStore = this._tempDirTls.toPath().resolve("tlsstore.jks").toFile();

    @BeforeClass
    public void setUp() throws Exception {
        TestUtils.ensureDirectoriesExistAndEmpty(new File[]{this._tempDir});
        TestUtils.ensureDirectoriesExistAndEmpty(new File[]{this._tempDirTls});
        prepareTlsStore();
        startZk();
        startKafka();
        startController();
        startBrokerHttps();
        startServerHttps();
        startMinion();
        List unpackAvroData = unpackAvroData(this._tempDir);
        addSchema(createSchema());
        addTableConfig(createRealtimeTableConfig((File) unpackAvroData.get(0)));
        addTableConfig(createOfflineTableConfig());
        pushAvroIntoKafka(unpackAvroData);
        waitForAllDocsLoaded(600000L);
    }

    @AfterClass(alwaysRun = true)
    public void tearDown() throws Exception {
        dropRealtimeTable(getTableName());
        stopMinion();
        stopServer();
        stopBroker();
        stopController();
        stopKafka();
        stopZk();
        FileUtils.deleteDirectory(this._tempDir);
        FileUtils.deleteDirectory(this._tempDirTls);
    }

    public Map<String, Object> getDefaultControllerConfiguration() {
        Map defaultControllerConfiguration = super.getDefaultControllerConfiguration();
        defaultControllerConfiguration.put("controller.tls.keystore.path", this._tlsStore.getAbsolutePath());
        defaultControllerConfiguration.put("controller.tls.keystore.password", "changeit");
        defaultControllerConfiguration.put("controller.tls.truststore.path", this._tlsStore.getAbsolutePath());
        defaultControllerConfiguration.put("controller.tls.truststore.password", "changeit");
        defaultControllerConfiguration.remove("controller.port");
        defaultControllerConfiguration.put("controller.access.protocols", "https");
        defaultControllerConfiguration.put("controller.access.protocols.https.port", 18998);
        defaultControllerConfiguration.put("controller.broker.protocol", "https");
        defaultControllerConfiguration.put("controller.vip.protocol", "https");
        defaultControllerConfiguration.put("controller.vip.port", 18998);
        return BasicAuthTestUtils.addControllerConfiguration(defaultControllerConfiguration);
    }

    protected PinotConfiguration getDefaultBrokerConfiguration() {
        Map map = super.getDefaultBrokerConfiguration().toMap();
        map.put("pinot.broker.tls.keystore.path", this._tlsStore.getAbsolutePath());
        map.put("pinot.broker.tls.keystore.password", "changeit");
        map.put("pinot.broker.tls.truststore.path", this._tlsStore.getAbsolutePath());
        map.put("pinot.broker.tls.truststore.password", "changeit");
        map.put("pinot.broker.client.access.protocols", "https");
        map.put("pinot.broker.client.access.protocols.https.port", 18099);
        map.put("pinot.broker.nettytls.enabled", "true");
        return BasicAuthTestUtils.addBrokerConfiguration(map);
    }

    protected PinotConfiguration getDefaultServerConfiguration() {
        Map map = super.getDefaultServerConfiguration().toMap();
        map.put("pinot.server.tls.keystore.path", this._tlsStore.getAbsolutePath());
        map.put("pinot.server.tls.keystore.password", "changeit");
        map.put("pinot.server.tls.truststore.path", this._tlsStore.getAbsolutePath());
        map.put("pinot.server.tls.truststore.password", "changeit");
        map.put("pinot.server.adminapi.access.protocols", "https");
        map.put("pinot.server.adminapi.access.protocols.https.port", "7443");
        map.put("pinot.server.netty.enabled", "false");
        map.put("pinot.server.nettytls.enabled", "true");
        map.put("pinot.server.nettytls.port", "8089");
        map.put("pinot.server.segment.uploader.protocol", "https");
        return BasicAuthTestUtils.addServerConfiguration(map);
    }

    protected PinotConfiguration getDefaultMinionConfiguration() {
        Map map = super.getDefaultMinionConfiguration().toMap();
        map.put("pinot.minion.tls.keystore.path", this._tlsStore.getAbsolutePath());
        map.put("pinot.minion.tls.keystore.password", "changeit");
        map.put("pinot.minion.tls.truststore.path", this._tlsStore.getAbsolutePath());
        map.put("pinot.minion.tls.truststore.password", "changeit");
        return BasicAuthTestUtils.addMinionConfiguration(map);
    }

    protected TableTaskConfig getTaskConfig() {
        HashMap hashMap = new HashMap();
        hashMap.put("bucketTimePeriod", "30d");
        return new TableTaskConfig(Collections.singletonMap("RealtimeToOfflineSegmentsTask", hashMap));
    }

    protected boolean useLlc() {
        return true;
    }

    protected void addSchema(Schema schema) throws IOException {
        Assert.assertEquals(sendMultipartPostRequest(this._controllerRequestURLBuilder.forSchemaCreate(), schema.toSingleLineJsonString(), BasicAuthTestUtils.AUTH_HEADER).getStatusCode(), 200);
    }

    protected void addTableConfig(TableConfig tableConfig) throws IOException {
        sendPostRequest(this._controllerRequestURLBuilder.forTableCreate(), tableConfig.toJsonString(), BasicAuthTestUtils.AUTH_HEADER);
    }

    protected Connection getPinotConnection() {
        if (this._pinotConnection == null) {
            JsonAsyncHttpPinotClientTransportFactory jsonAsyncHttpPinotClientTransportFactory = new JsonAsyncHttpPinotClientTransportFactory();
            jsonAsyncHttpPinotClientTransportFactory.setHeaders(BasicAuthTestUtils.AUTH_HEADER);
            jsonAsyncHttpPinotClientTransportFactory.setScheme("https");
            jsonAsyncHttpPinotClientTransportFactory.setSslContext(FileUploadDownloadClient._defaultSSLContext);
            this._pinotConnection = ConnectionFactory.fromZookeeper(getZkUrl() + "/" + getHelixClusterName(), jsonAsyncHttpPinotClientTransportFactory.buildTransport());
        }
        return this._pinotConnection;
    }

    protected void dropRealtimeTable(String str) throws IOException {
        sendDeleteRequest(this._controllerRequestURLBuilder.forTableDelete(TableNameBuilder.REALTIME.tableNameWithType(str)), BasicAuthTestUtils.AUTH_HEADER);
    }

    @Test
    public void testSegmentUploadDownload() throws Exception {
        Request request = new Request("sql", "SELECT count(*) FROM " + getTableName());
        ResultSetGroup execute = getPinotConnection().execute(request);
        Assert.assertTrue(execute.getResultSet(0).getLong(0) > 0);
        Assert.assertNotNull(this._controllerStarter.getTaskManager().scheduleTasks());
        JsonNode jsonNode = (JsonNode) TestUtils.waitForResult(() -> {
            JsonNode stringToJsonNode = JsonUtils.stringToJsonNode(sendGetRequest(this._controllerRequestURLBuilder.forSegmentListAPI(getTableName()), BasicAuthTestUtils.AUTH_HEADER));
            Stream stream = new IntRange(0, stringToJsonNode.size()).stream();
            Objects.requireNonNull(stringToJsonNode);
            JsonNode jsonNode2 = (JsonNode) stream.map((v1) -> {
                return r1.get(v1);
            }).filter(jsonNode3 -> {
                return jsonNode3.has("OFFLINE");
            }).map(jsonNode4 -> {
                return jsonNode4.get("OFFLINE");
            }).findFirst().get();
            Assert.assertFalse(jsonNode2.isEmpty());
            return jsonNode2;
        }, 30000L);
        Assert.assertEquals(execute.getResultSet(0).getLong(0), getPinotConnection().execute(request).getResultSet(0).getLong(0));
        for (int i = 0; i < jsonNode.size(); i++) {
            Assert.assertTrue(sendGetRequest(this._controllerRequestURLBuilder.forSegmentDownload(getTableName(), jsonNode.get(i).asText()), BasicAuthTestUtils.AUTH_HEADER).length() > 200000);
        }
    }

    void prepareTlsStore() throws Exception {
        FileOutputStream fileOutputStream = new FileOutputStream(this._tlsStore);
        try {
            InputStream resourceAsStream = getClass().getResourceAsStream("/tlstest.jks");
            try {
                Preconditions.checkNotNull(resourceAsStream, "tlstest.jks must be on the classpath");
                IOUtils.copy(resourceAsStream, fileOutputStream);
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
                fileOutputStream.close();
            } finally {
            }
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
