package org.apache.pinot.integration.tests;

import com.fasterxml.jackson.databind.JsonNode;
import groovy.lang.IntRange;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.sql.ResultSet;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.configuration2.ex.ConfigurationException;
import org.apache.commons.io.FileUtils;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.classic.methods.HttpPost;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
import org.apache.hc.core5.http.Header;
import org.apache.hc.core5.http.io.entity.StringEntity;
import org.apache.hc.core5.http.message.BasicHeader;
import org.apache.hc.core5.ssl.SSLContextBuilder;
import org.apache.pinot.client.Connection;
import org.apache.pinot.client.ConnectionFactory;
import org.apache.pinot.client.JsonAsyncHttpPinotClientTransportFactory;
import org.apache.pinot.client.PinotDriver;
import org.apache.pinot.client.ResultSetGroup;
import org.apache.pinot.common.helix.ExtraInstanceConfig;
import org.apache.pinot.common.utils.helix.HelixHelper;
import org.apache.pinot.common.utils.tls.TlsUtils;
import org.apache.pinot.controller.ControllerConf;
import org.apache.pinot.controller.helix.core.minion.TaskSchedulingContext;
import org.apache.pinot.integration.tests.access.CertBasedTlsChannelAccessControlFactory;
import org.apache.pinot.spi.config.table.TableConfig;
import org.apache.pinot.spi.config.table.TableTaskConfig;
import org.apache.pinot.spi.data.Schema;
import org.apache.pinot.spi.env.PinotConfiguration;
import org.apache.pinot.spi.utils.JsonUtils;
import org.apache.pinot.spi.utils.NetUtils;
import org.apache.pinot.spi.utils.builder.TableNameBuilder;
import org.apache.pinot.tools.utils.PinotConfigUtils;
import org.apache.pinot.util.TestUtils;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/pinot/integration/tests/TlsIntegrationTest.class */
public class TlsIntegrationTest extends BaseClusterIntegrationTest {
    private static final String PKCS_12 = "PKCS12";
    private static final String JKS = "JKS";
    private int _internalControllerPort;
    private int _externalControllerPort;
    private int _internalBrokerPort;
    private int _externalBrokerPort;
    private static final String PASSWORD = "changeit";
    private static final char[] PASSWORD_CHAR = PASSWORD.toCharArray();
    private static final Header CLIENT_HEADER = new BasicHeader("Authorization", "Basic YWRtaW46dmVyeXNlY3JldA=====");
    private static final URL TLS_STORE_EMPTY_PKCS_12 = TlsIntegrationTest.class.getResource("/empty.p12");
    private static final URL TLS_STORE_EMPTY_JKS = TlsIntegrationTest.class.getResource("/empty.jks");
    private static final URL TLS_STORE_PKCS_12 = TlsIntegrationTest.class.getResource("/tlstest.p12");
    private static final URL TLS_STORE_JKS = TlsIntegrationTest.class.getResource("/tlstest.jks");

    @BeforeClass
    public void setUp() throws Exception {
        TestUtils.ensureDirectoriesExistAndEmpty(new File[]{this._tempDir});
        startZk();
        startController();
        startBroker();
        startServer();
        startMinion();
        startKafka();
        List unpackAvroData = unpackAvroData(this._tempDir);
        addSchema(createSchema());
        addTableConfig(createRealtimeTableConfig((File) unpackAvroData.get(0)));
        addTableConfig(createOfflineTableConfig());
        pushAvroIntoKafka(unpackAvroData);
        waitForAllDocsLoaded(600000L);
    }

    @AfterClass(alwaysRun = true)
    public void tearDown() throws Exception {
        dropRealtimeTable(getTableName());
        stopMinion();
        stopServer();
        stopBroker();
        stopController();
        stopKafka();
        stopZk();
        FileUtils.deleteDirectory(this._tempDir);
    }

    protected void overrideControllerConf(Map<String, Object> map) {
        BasicAuthTestUtils.addControllerConfiguration(map);
        map.put("controller.tls.keystore.path", TLS_STORE_PKCS_12);
        map.put("controller.tls.keystore.password", PASSWORD);
        map.put("controller.tls.keystore.type", PKCS_12);
        map.put("controller.tls.truststore.path", TLS_STORE_PKCS_12);
        map.put("controller.tls.truststore.password", PASSWORD);
        map.put("controller.tls.truststore.type", PKCS_12);
        map.put("controller.access.protocols", "internal,external");
        map.put("controller.access.protocols.internal.protocol", "https");
        this._internalControllerPort = this._controllerPort;
        map.put("controller.access.protocols.internal.port", Integer.valueOf(this._internalControllerPort));
        map.put("controller.access.protocols.internal.tls.client.auth.enabled", "true");
        map.put("controller.access.protocols.external.protocol", "https");
        this._externalControllerPort = NetUtils.findOpenPort(this._internalControllerPort + 1);
        map.put("controller.access.protocols.external.port", Integer.valueOf(this._externalControllerPort));
        this._nextControllerPort = this._externalControllerPort + 1;
        map.put("controller.access.protocols.external.tls.keystore.path", TLS_STORE_JKS);
        map.put("controller.access.protocols.external.tls.keystore.type", JKS);
        map.put("controller.access.protocols.external.tls.truststore.path", TLS_STORE_JKS);
        map.put("controller.access.protocols.external.tls.truststore.type", JKS);
        map.remove("controller.port");
        map.put("controller.vip.protocol", "https");
        map.put("controller.vip.port", Integer.valueOf(this._internalControllerPort));
        map.put("controller.broker.protocol", "https");
    }

    protected void overrideBrokerConf(PinotConfiguration pinotConfiguration) {
        BasicAuthTestUtils.addBrokerConfiguration(pinotConfiguration);
        pinotConfiguration.setProperty("pinot.broker.tls.keystore.path", TLS_STORE_PKCS_12);
        pinotConfiguration.setProperty("pinot.broker.tls.keystore.password", PASSWORD);
        pinotConfiguration.setProperty("pinot.broker.tls.keystore.type", PKCS_12);
        pinotConfiguration.setProperty("pinot.broker.tls.truststore.path", TLS_STORE_PKCS_12);
        pinotConfiguration.setProperty("pinot.broker.tls.truststore.password", PASSWORD);
        pinotConfiguration.setProperty("pinot.broker.tls.truststore.type", PKCS_12);
        pinotConfiguration.setProperty("pinot.broker.client.access.protocols", "internal,external");
        pinotConfiguration.setProperty("pinot.broker.client.access.protocols.internal.protocol", "https");
        this._internalBrokerPort = NetUtils.findOpenPort(this._nextBrokerPort);
        pinotConfiguration.setProperty("pinot.broker.client.access.protocols.internal.port", Integer.valueOf(this._internalBrokerPort));
        this._brokerPorts.add(Integer.valueOf(this._internalBrokerPort));
        pinotConfiguration.setProperty("pinot.broker.client.access.protocols.internal.tls.client.auth.enabled", "true");
        pinotConfiguration.setProperty("pinot.broker.client.access.protocols.external.protocol", "https");
        this._externalBrokerPort = NetUtils.findOpenPort(this._internalBrokerPort + 1);
        pinotConfiguration.setProperty("pinot.broker.client.access.protocols.external.port", Integer.valueOf(this._externalBrokerPort));
        this._brokerPorts.add(Integer.valueOf(this._externalBrokerPort));
        this._brokerBaseApiUrl = "https://localhost:" + this._externalBrokerPort;
        this._nextBrokerPort = this._externalBrokerPort + 1;
        pinotConfiguration.setProperty("pinot.broker.client.access.protocols.external.tls.keystore.path", TLS_STORE_JKS);
        pinotConfiguration.setProperty("pinot.broker.client.access.protocols.external.tls.keystore.type", JKS);
        pinotConfiguration.setProperty("pinot.broker.client.access.protocols.external.tls.truststore.path", TLS_STORE_JKS);
        pinotConfiguration.setProperty("pinot.broker.client.access.protocols.external.tls.truststore.type", JKS);
        pinotConfiguration.clearProperty("pinot.broker.client.queryPort");
        pinotConfiguration.setProperty("pinot.broker.nettytls.enabled", "true");
        pinotConfiguration.setProperty("pinot.multistage.engine.tls.enabled", "true");
    }

    protected void overrideServerConf(PinotConfiguration pinotConfiguration) {
        BasicAuthTestUtils.addServerConfiguration(pinotConfiguration);
        pinotConfiguration.setProperty("pinot.server.tls.keystore.path", TLS_STORE_PKCS_12);
        pinotConfiguration.setProperty("pinot.server.tls.keystore.password", PASSWORD);
        pinotConfiguration.setProperty("pinot.server.tls.keystore.type", PKCS_12);
        pinotConfiguration.setProperty("pinot.server.tls.truststore.path", TLS_STORE_PKCS_12);
        pinotConfiguration.setProperty("pinot.server.tls.truststore.password", PASSWORD);
        pinotConfiguration.setProperty("pinot.server.tls.truststore.type", PKCS_12);
        pinotConfiguration.setProperty("pinot.server.tls.client.auth.enabled", "true");
        pinotConfiguration.setProperty("pinot.server.admin.access.control.factory.class", CertBasedTlsChannelAccessControlFactory.class.getName());
        pinotConfiguration.setProperty("pinot.server.adminapi.access.protocols", "internal");
        pinotConfiguration.setProperty("pinot.server.adminapi.access.protocols.internal.protocol", "https");
        int findOpenPort = NetUtils.findOpenPort(this._nextServerPort);
        pinotConfiguration.setProperty("pinot.server.adminapi.access.protocols.internal.port", Integer.valueOf(findOpenPort));
        pinotConfiguration.setProperty("pinot.server.netty.enabled", "false");
        pinotConfiguration.setProperty("pinot.server.nettytls.enabled", "true");
        int findOpenPort2 = NetUtils.findOpenPort(findOpenPort + 1);
        pinotConfiguration.setProperty("pinot.server.nettytls.port", Integer.valueOf(findOpenPort2));
        this._nextServerPort = findOpenPort2 + 1;
        pinotConfiguration.setProperty("pinot.server.segment.uploader.protocol", "https");
        pinotConfiguration.setProperty("pinot.multistage.engine.tls.enabled", "true");
    }

    protected void overrideMinionConf(PinotConfiguration pinotConfiguration) {
        BasicAuthTestUtils.addMinionConfiguration(pinotConfiguration);
        pinotConfiguration.setProperty("pinot.minion.tls.keystore.path", TLS_STORE_PKCS_12);
        pinotConfiguration.setProperty("pinot.minion.tls.keystore.password", PASSWORD);
        pinotConfiguration.setProperty("pinot.server.tls.keystore.type", PKCS_12);
        pinotConfiguration.setProperty("pinot.minion.tls.truststore.path", TLS_STORE_PKCS_12);
        pinotConfiguration.setProperty("pinot.minion.tls.truststore.password", PASSWORD);
        pinotConfiguration.setProperty("pinot.minion.tls.truststore.type", PKCS_12);
        pinotConfiguration.setProperty("pinot.minion.tls.client.auth.enabled", "true");
    }

    protected TableTaskConfig getTaskConfig() {
        HashMap hashMap = new HashMap();
        hashMap.put("bucketTimePeriod", "30d");
        return new TableTaskConfig(Collections.singletonMap("RealtimeToOfflineSegmentsTask", hashMap));
    }

    public void addSchema(Schema schema) throws IOException {
        Assert.assertEquals(sendMultipartPostRequest(this._controllerRequestURLBuilder.forSchemaCreate(), schema.toSingleLineJsonString(), BasicAuthTestUtils.AUTH_HEADER).getStatusCode(), 200);
    }

    public void addTableConfig(TableConfig tableConfig) throws IOException {
        sendPostRequest(this._controllerRequestURLBuilder.forTableCreate(), tableConfig.toJsonString(), BasicAuthTestUtils.AUTH_HEADER);
    }

    protected Connection getPinotConnection() {
        if (this._pinotConnection == null) {
            JsonAsyncHttpPinotClientTransportFactory jsonAsyncHttpPinotClientTransportFactory = new JsonAsyncHttpPinotClientTransportFactory();
            jsonAsyncHttpPinotClientTransportFactory.setHeaders(BasicAuthTestUtils.AUTH_HEADER);
            jsonAsyncHttpPinotClientTransportFactory.setScheme("https");
            jsonAsyncHttpPinotClientTransportFactory.setSslContext(TlsUtils.getSslContext());
            this._pinotConnection = ConnectionFactory.fromZookeeper(getZkUrl() + "/" + getHelixClusterName(), jsonAsyncHttpPinotClientTransportFactory.buildTransport());
        }
        return this._pinotConnection;
    }

    public void dropRealtimeTable(String str) throws IOException {
        sendDeleteRequest(this._controllerRequestURLBuilder.forTableDelete(TableNameBuilder.REALTIME.tableNameWithType(str)), BasicAuthTestUtils.AUTH_HEADER);
    }

    @Test
    public void testUpdatedBrokerTlsPort() {
        Assert.assertFalse(((List) HelixHelper.getInstanceConfigs(this._helixManager).stream().map(ExtraInstanceConfig::new).filter(extraInstanceConfig -> {
            return extraInstanceConfig.getTlsPort() != null;
        }).collect(Collectors.toList())).isEmpty());
    }

    @Test
    public void testControllerConfigValidation() throws Exception {
        PinotConfigUtils.validateControllerConfig(getControllerConfig());
    }

    @Test
    public void testControllerConfigValidationImplicitProtocol() throws Exception {
        Map map = getControllerConfig().toMap();
        map.put("controller.access.protocols", "https,http");
        map.put("controller.access.protocols.https.port", Integer.valueOf(this._internalControllerPort));
        map.put("controller.access.protocols.http.port", Integer.valueOf(this._externalControllerPort));
        PinotConfigUtils.validateControllerConfig(new ControllerConf(map));
    }

    @Test(expectedExceptions = {ConfigurationException.class})
    public void testControllerConfigValidationNoProtocol() throws Exception {
        Map map = getControllerConfig().toMap();
        map.put("controller.access.protocols", "invalid,http");
        map.put("controller.access.protocols.invalid.port", Integer.valueOf(this._internalControllerPort));
        map.put("controller.access.protocols.http.port", Integer.valueOf(this._externalControllerPort));
        PinotConfigUtils.validateControllerConfig(new ControllerConf(map));
    }

    @Test
    public void testControllerExternalTrustedServer() throws Exception {
        CloseableHttpClient makeClient = makeClient(JKS, TLS_STORE_JKS, TLS_STORE_JKS);
        try {
            CloseableHttpResponse execute = makeClient.execute(makeGetTables(this._externalControllerPort));
            try {
                Assert.assertEquals(execute.getCode(), 200);
                JsonNode jsonNode = JsonUtils.inputStreamToJsonNode(execute.getEntity().getContent()).get("tables");
                Assert.assertEquals(jsonNode.size(), 1);
                Assert.assertEquals(jsonNode.get(0).textValue(), "mytable");
                if (execute != null) {
                    execute.close();
                }
                if (makeClient != null) {
                    makeClient.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (makeClient != null) {
                try {
                    makeClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testControllerExternalUntrustedServer() throws Exception {
        CloseableHttpClient makeClient = makeClient(JKS, TLS_STORE_JKS, TLS_STORE_EMPTY_JKS);
        try {
            makeClient.execute(makeGetTables(this._externalControllerPort));
            Assert.fail("Must not allow connection to untrusted server");
        } catch (IOException e) {
        } catch (Throwable th) {
            if (makeClient != null) {
                try {
                    makeClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
        if (makeClient != null) {
            makeClient.close();
        }
    }

    @Test
    public void testControllerInternalTrustedClient() throws Exception {
        CloseableHttpClient makeClient = makeClient(PKCS_12, TLS_STORE_PKCS_12, TLS_STORE_PKCS_12);
        try {
            CloseableHttpResponse execute = makeClient.execute(makeGetTables(this._internalControllerPort));
            try {
                Assert.assertEquals(execute.getCode(), 200);
                JsonNode jsonNode = JsonUtils.inputStreamToJsonNode(execute.getEntity().getContent()).get("tables");
                Assert.assertEquals(jsonNode.size(), 1);
                Assert.assertEquals(jsonNode.get(0).textValue(), "mytable");
                if (execute != null) {
                    execute.close();
                }
                if (makeClient != null) {
                    makeClient.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (makeClient != null) {
                try {
                    makeClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testControllerInternalUntrustedServer() throws Exception {
        CloseableHttpClient makeClient = makeClient(PKCS_12, TLS_STORE_PKCS_12, TLS_STORE_EMPTY_PKCS_12);
        try {
            makeClient.execute(makeGetTables(this._internalControllerPort));
            Assert.fail("Must not allow connection to untrusted server");
        } catch (IOException e) {
        } catch (Throwable th) {
            if (makeClient != null) {
                try {
                    makeClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
        if (makeClient != null) {
            makeClient.close();
        }
    }

    @Test
    public void testControllerInternalUntrustedClient() throws Exception {
        CloseableHttpClient makeClient = makeClient(PKCS_12, TLS_STORE_EMPTY_PKCS_12, TLS_STORE_PKCS_12);
        try {
            makeClient.execute(makeGetTables(this._internalControllerPort));
            Assert.fail("Must not allow connection from untrusted client");
        } catch (IOException e) {
        } catch (Throwable th) {
            if (makeClient != null) {
                try {
                    makeClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
        if (makeClient != null) {
            makeClient.close();
        }
    }

    @Test
    public void testBrokerExternalTrustedServer() throws Exception {
        CloseableHttpClient makeClient = makeClient(JKS, TLS_STORE_EMPTY_JKS, TLS_STORE_JKS);
        try {
            CloseableHttpResponse execute = makeClient.execute(makeQueryBroker(this._externalBrokerPort));
            try {
                Assert.assertEquals(execute.getCode(), 200);
                Assert.assertTrue(JsonUtils.inputStreamToJsonNode(execute.getEntity().getContent()).get("resultTable").get("rows").get(0).get(0).longValue() > 100000);
                if (execute != null) {
                    execute.close();
                }
                if (makeClient != null) {
                    makeClient.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (makeClient != null) {
                try {
                    makeClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testBrokerExternalUntrustedServer() throws Exception {
        CloseableHttpClient makeClient = makeClient(JKS, TLS_STORE_JKS, TLS_STORE_EMPTY_JKS);
        try {
            makeClient.execute(makeQueryBroker(this._externalBrokerPort));
            Assert.fail("Must not allow connection to untrusted server");
        } catch (Exception e) {
        } catch (Throwable th) {
            if (makeClient != null) {
                try {
                    makeClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
        if (makeClient != null) {
            makeClient.close();
        }
    }

    @Test
    public void testBrokerInternalTrustedServer() throws Exception {
        CloseableHttpClient makeClient = makeClient(PKCS_12, TLS_STORE_PKCS_12, TLS_STORE_PKCS_12);
        try {
            CloseableHttpResponse execute = makeClient.execute(makeQueryBroker(this._internalBrokerPort));
            try {
                Assert.assertEquals(execute.getCode(), 200);
                Assert.assertTrue(JsonUtils.inputStreamToJsonNode(execute.getEntity().getContent()).get("resultTable").get("rows").get(0).get(0).longValue() > 100000);
                if (execute != null) {
                    execute.close();
                }
                if (makeClient != null) {
                    makeClient.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (makeClient != null) {
                try {
                    makeClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testBrokerInternalUntrustedServer() throws Exception {
        CloseableHttpClient makeClient = makeClient(PKCS_12, TLS_STORE_PKCS_12, TLS_STORE_EMPTY_JKS);
        try {
            makeClient.execute(makeQueryBroker(this._internalBrokerPort));
            Assert.fail("Must not allow connection to untrusted server");
        } catch (Exception e) {
        } catch (Throwable th) {
            if (makeClient != null) {
                try {
                    makeClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
        if (makeClient != null) {
            makeClient.close();
        }
    }

    @Test
    public void testBrokerInternalUntrustedClient() throws Exception {
        CloseableHttpClient makeClient = makeClient(PKCS_12, TLS_STORE_EMPTY_PKCS_12, TLS_STORE_PKCS_12);
        try {
            makeClient.execute(makeQueryBroker(this._internalBrokerPort));
            Assert.fail("Must not allow connection from untrusted client");
        } catch (Exception e) {
        } catch (Throwable th) {
            if (makeClient != null) {
                try {
                    makeClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
        if (makeClient != null) {
            makeClient.close();
        }
    }

    @Test
    public void testControllerBrokerQueryForward() throws Exception {
        HttpPost httpPost = new HttpPost("https://localhost:" + this._externalControllerPort + "/sql");
        httpPost.addHeader(CLIENT_HEADER);
        httpPost.setEntity(new StringEntity("{\"sql\":\"SELECT count(*) FROM mytable\"}"));
        CloseableHttpClient makeClient = makeClient(JKS, TLS_STORE_JKS, TLS_STORE_JKS);
        try {
            CloseableHttpResponse execute = makeClient.execute(httpPost);
            try {
                Assert.assertEquals(execute.getCode(), 200);
                Assert.assertTrue(JsonUtils.inputStreamToJsonNode(execute.getEntity().getContent()).get("resultTable").get("rows").get(0).get(0).longValue() > 100000);
                if (execute != null) {
                    execute.close();
                }
                if (makeClient != null) {
                    makeClient.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (makeClient != null) {
                try {
                    makeClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test(expectedExceptions = {IOException.class})
    public void testUnauthenticatedFailure() throws IOException {
        sendDeleteRequest(this._controllerRequestURLBuilder.forTableDelete(TableNameBuilder.REALTIME.tableNameWithType("mytable")));
    }

    @Test
    public void testRealtimeSegmentUploadDownload() throws Exception {
        String str = "SELECT count(*) FROM " + getTableName();
        ResultSetGroup execute = getPinotConnection().execute(str);
        Assert.assertTrue(execute.getResultSet(0).getLong(0) > 0);
        Assert.assertNotNull(this._controllerStarter.getTaskManager().scheduleTasks(new TaskSchedulingContext()));
        JsonNode jsonNode = (JsonNode) TestUtils.waitForResult(() -> {
            JsonNode stringToJsonNode = JsonUtils.stringToJsonNode(sendGetRequest(this._controllerRequestURLBuilder.forSegmentListAPI(getTableName()), BasicAuthTestUtils.AUTH_HEADER));
            Stream stream = new IntRange(0, stringToJsonNode.size()).stream();
            Objects.requireNonNull(stringToJsonNode);
            JsonNode jsonNode2 = (JsonNode) stream.map((v1) -> {
                return r1.get(v1);
            }).filter(jsonNode3 -> {
                return jsonNode3.has("OFFLINE");
            }).map(jsonNode4 -> {
                return jsonNode4.get("OFFLINE");
            }).findFirst().get();
            Assert.assertFalse(jsonNode2.isEmpty());
            return jsonNode2;
        }, 30000L);
        Assert.assertEquals(execute.getResultSet(0).getLong(0), getPinotConnection().execute(str).getResultSet(0).getLong(0));
        for (int i = 0; i < jsonNode.size(); i++) {
            Assert.assertTrue(sendGetRequest(this._controllerRequestURLBuilder.forSegmentDownload(getTableName(), jsonNode.get(i).asText()), BasicAuthTestUtils.AUTH_HEADER).length() > 200000);
        }
    }

    @Test
    public void testJDBCClient() throws Exception {
        String str = "SELECT count(*) FROM " + getTableName();
        ResultSet executeQuery = getValidJDBCConnection(this._internalControllerPort).createStatement().executeQuery(str);
        executeQuery.first();
        Assert.assertTrue(executeQuery.getLong(1) > 0);
        try {
            java.sql.Connection inValidJDBCConnection = getInValidJDBCConnection(this._internalControllerPort);
            try {
                inValidJDBCConnection.createStatement().executeQuery(str);
                Assert.fail("Should not allow queries with invalid TLS configuration");
                if (inValidJDBCConnection != null) {
                    inValidJDBCConnection.close();
                }
            } finally {
            }
        } catch (Exception e) {
        }
    }

    @Test
    public void testComponentUrlWithTlsPort() {
        Assert.assertFalse(((List) HelixHelper.getInstanceConfigs(this._helixManager).stream().map(ExtraInstanceConfig::new).filter(extraInstanceConfig -> {
            return extraInstanceConfig.getTlsPort() != null;
        }).map((v0) -> {
            return v0.getComponentUrl();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList())).isEmpty());
    }

    @Test
    public void testMultiStageEngineWithTlsEnabled() throws Exception {
        CloseableHttpClient makeClient = makeClient(JKS, TLS_STORE_EMPTY_JKS, TLS_STORE_JKS);
        try {
            CloseableHttpResponse execute = makeClient.execute(makeMultiStageQueryBroker(this._externalBrokerPort, "SELECT COUNT(*) FROM (SELECT AirlineID FROM mytable WHERE ArrDelay >= 0 LIMIT 1000000)"));
            try {
                Assert.assertEquals(execute.getCode(), 200);
                Assert.assertTrue(JsonUtils.inputStreamToJsonNode(execute.getEntity().getContent()).get("resultTable").get("rows").get(0).get(0).longValue() > 40000);
                if (execute != null) {
                    execute.close();
                }
                if (makeClient != null) {
                    makeClient.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (makeClient != null) {
                try {
                    makeClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private java.sql.Connection getValidJDBCConnection(int i) throws Exception {
        SSLContextBuilder create = SSLContextBuilder.create();
        create.setKeyStoreType(PKCS_12);
        create.loadKeyMaterial(TLS_STORE_PKCS_12, PASSWORD_CHAR, PASSWORD_CHAR);
        create.loadTrustMaterial(TLS_STORE_PKCS_12, PASSWORD_CHAR);
        PinotDriver pinotDriver = new PinotDriver(create.build());
        Properties properties = new Properties();
        properties.setProperty("scheme", "https");
        properties.setProperty("headers." + CLIENT_HEADER.getName(), CLIENT_HEADER.getValue());
        return pinotDriver.connect("jdbc:pinot://localhost:" + i, properties);
    }

    private java.sql.Connection getInValidJDBCConnection(int i) throws Exception {
        SSLContextBuilder create = SSLContextBuilder.create();
        create.setKeyStoreType(PKCS_12);
        create.loadKeyMaterial(TLS_STORE_EMPTY_PKCS_12, PASSWORD_CHAR, PASSWORD_CHAR);
        create.loadTrustMaterial(TLS_STORE_PKCS_12, PASSWORD_CHAR);
        PinotDriver pinotDriver = new PinotDriver(create.build());
        Properties properties = new Properties();
        properties.setProperty("scheme", "https");
        properties.setProperty("headers." + CLIENT_HEADER.getName(), CLIENT_HEADER.getValue());
        return pinotDriver.connect("jdbc:pinot://localhost:" + i, properties);
    }

    private static CloseableHttpClient makeClient(String str, URL url, URL url2) throws Exception {
        SSLContextBuilder create = SSLContextBuilder.create();
        create.setKeyStoreType(str);
        create.loadKeyMaterial(url, PASSWORD_CHAR, PASSWORD_CHAR);
        create.loadTrustMaterial(url2, PASSWORD_CHAR);
        return HttpClientBuilder.create().setConnectionManager(PoolingHttpClientConnectionManagerBuilder.create().setSSLSocketFactory(new SSLConnectionSocketFactory(create.build())).build()).build();
    }

    private static HttpGet makeGetTables(int i) {
        HttpGet httpGet = new HttpGet("https://localhost:" + i + "/tables");
        httpGet.addHeader(CLIENT_HEADER);
        return httpGet;
    }

    private static HttpPost makeQueryBroker(int i) throws UnsupportedEncodingException {
        HttpPost httpPost = new HttpPost("https://localhost:" + i + "/query/sql");
        httpPost.addHeader(CLIENT_HEADER);
        httpPost.setEntity(new StringEntity("{\"sql\":\"SELECT count(*) FROM mytable\"}"));
        return httpPost;
    }

    private static HttpPost makeMultiStageQueryBroker(int i, String str) {
        HttpPost httpPost = new HttpPost("https://localhost:" + i + "/query/sql");
        httpPost.addHeader(CLIENT_HEADER);
        httpPost.setEntity(new StringEntity("{\"sql\":\"" + str + "\", \"queryOptions\": \"useMultistageEngine=true\"}"));
        return httpPost;
    }
}
