package org.apache.pinot.plugin.stream.kafka;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.util.Date;
import java.util.Enumeration;
import java.util.Properties;
import java.util.UUID;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.encoders.Base64;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/pinot/plugin/stream/kafka/KafkaSSLUtilsTest.class */
public class KafkaSSLUtilsTest {
    private String _trustStorePath;
    private String _keyStorePath;
    private static final String DEFAULT_TRUSTSTORE_PASSWORD = "mytruststorepassword";
    private static final String DEFAULT_KEYSTORE_PASSWORD = "mykeystorepassword";

    @BeforeMethod
    private void setup() {
        this._trustStorePath = "/tmp/" + String.valueOf(UUID.randomUUID()) + "/client.truststore.jks";
        this._keyStorePath = "/tmp/" + String.valueOf(UUID.randomUUID()) + "/client.keystore.p12";
    }

    @AfterMethod
    private void cleanup() {
        try {
            Files.deleteIfExists(Paths.get(this._trustStorePath, new String[0]));
        } catch (IOException e) {
        }
        try {
            Files.deleteIfExists(Paths.get(this._keyStorePath, new String[0]));
        } catch (IOException e2) {
        }
    }

    @Test
    public void testInitTrustStore() throws CertificateException, NoSuchAlgorithmException, OperatorCreationException, NoSuchProviderException, IOException, KeyStoreException {
        Properties properties = new Properties();
        setTrustStoreProps(properties);
        KafkaSSLUtils.initTrustStore(properties);
        validateTrustStoreCertificateCount(1);
    }

    @Test
    public void testInitKeyStore() throws CertificateException, NoSuchAlgorithmException, OperatorCreationException, NoSuchProviderException, IOException, KeyStoreException {
        Properties properties = new Properties();
        setKeyStoreProps(properties);
        KafkaSSLUtils.initKeyStore(properties);
        validateKeyStoreCertificateCount(1);
    }

    @Test
    public void testInitSSLTrustStoreAndKeyStore() throws CertificateException, NoSuchAlgorithmException, OperatorCreationException, NoSuchProviderException, KeyStoreException, IOException {
        Properties properties = new Properties();
        setTrustStoreProps(properties);
        setKeyStoreProps(properties);
        KafkaSSLUtils.initSSL(properties);
        validateTrustStoreCertificateCount(1);
        validateKeyStoreCertificateCount(1);
    }

    @Test
    public void testInitSSLTrustStoreOnly() throws CertificateException, NoSuchAlgorithmException, OperatorCreationException, NoSuchProviderException, IOException, KeyStoreException {
        Properties properties = new Properties();
        setTrustStoreProps(properties);
        KafkaSSLUtils.initSSL(properties);
        validateTrustStoreCertificateCount(1);
    }

    @Test(expectedExceptions = {FileNotFoundException.class})
    public void testInitSSLKeyStoreOnly() throws CertificateException, NoSuchAlgorithmException, OperatorCreationException, NoSuchProviderException, IOException, KeyStoreException {
        Properties properties = new Properties();
        setKeyStoreProps(properties);
        KafkaSSLUtils.initSSL(properties);
        validateTrustStoreCertificateCount(0);
    }

    @Test
    public void testInitSSLAndRenewCertificates() throws CertificateException, NoSuchAlgorithmException, OperatorCreationException, NoSuchProviderException, IOException, KeyStoreException {
        Properties properties = new Properties();
        setTrustStoreProps(properties);
        setKeyStoreProps(properties);
        KafkaSSLUtils.initSSL(properties);
        setTrustStoreProps(properties);
        setKeyStoreProps(properties);
        KafkaSSLUtils.initSSL(properties);
        validateTrustStoreCertificateCount(1);
        validateKeyStoreCertificateCount(1);
    }

    @Test
    public void testInitSSLBackwardsCompatibilityCheck() throws CertificateException, NoSuchAlgorithmException, OperatorCreationException, NoSuchProviderException, IOException, KeyStoreException {
        Properties properties = new Properties();
        setTrustStoreProps(properties);
        setKeyStoreProps(properties);
        KafkaSSLUtils.initSSL(properties);
        validateTrustStoreCertificateCount(1);
        validateKeyStoreCertificateCount(1);
        setTrustStoreProps(properties);
        properties.remove("stream.kafka.ssl.server.certificate");
        setKeyStoreProps(properties);
        properties.remove("stream.kafka.ssl.client.certificate");
        KafkaSSLUtils.initSSL(properties);
        validateTrustStoreCertificateCount(1);
        validateKeyStoreCertificateCount(1);
    }

    private void validateTrustStoreCertificateCount(int i) throws CertificateException, IOException, NoSuchAlgorithmException, KeyStoreException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        FileInputStream fileInputStream = new FileInputStream(this._trustStorePath);
        try {
            keyStore.load(fileInputStream, DEFAULT_TRUSTSTORE_PASSWORD.toCharArray());
            fileInputStream.close();
            int i2 = 0;
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                if (keyStore.isCertificateEntry(aliases.nextElement())) {
                    i2++;
                }
            }
            Assert.assertEquals(i, i2);
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private void validateKeyStoreCertificateCount(int i) throws CertificateException, IOException, NoSuchAlgorithmException, KeyStoreException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        FileInputStream fileInputStream = new FileInputStream(this._keyStorePath);
        try {
            keyStore.load(fileInputStream, DEFAULT_KEYSTORE_PASSWORD.toCharArray());
            fileInputStream.close();
            int i2 = 0;
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                if (keyStore.isKeyEntry(aliases.nextElement())) {
                    i2++;
                }
            }
            Assert.assertEquals(i, i2);
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private void setTrustStoreProps(Properties properties) throws CertificateException, NoSuchAlgorithmException, OperatorCreationException, NoSuchProviderException {
        properties.setProperty("stream.kafka.ssl.server.certificate", generateSelfSignedCertificate()[1]);
        properties.setProperty("stream.kafka.ssl.server.certificate.type", "X.509");
        properties.setProperty("ssl.truststore.type", "jks");
        properties.setProperty("ssl.truststore.location", this._trustStorePath);
        properties.setProperty("ssl.truststore.password", DEFAULT_TRUSTSTORE_PASSWORD);
    }

    private void setKeyStoreProps(Properties properties) throws CertificateException, NoSuchAlgorithmException, OperatorCreationException, NoSuchProviderException {
        String[] generateSelfSignedCertificate = generateSelfSignedCertificate();
        String str = generateSelfSignedCertificate[0];
        String str2 = generateSelfSignedCertificate[1];
        properties.setProperty("ssl.keystore.location", this._keyStorePath);
        properties.setProperty("ssl.keystore.password", DEFAULT_KEYSTORE_PASSWORD);
        properties.setProperty("ssl.keystore.type", "PKCS12");
        properties.setProperty("ssl.key.password", "mykeypwd");
        properties.setProperty("stream.kafka.ssl.certificate.type", "X.509");
        properties.setProperty("stream.kafka.ssl.client.certificate", str2);
        properties.setProperty("stream.kafka.ssl.client.key", str);
        properties.setProperty("stream.kafka.ssl.client.key.algorithm", "RSA");
    }

    private String[] generateSelfSignedCertificate() throws CertificateException, OperatorCreationException, NoSuchAlgorithmException, NoSuchProviderException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(2048, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        Date date = new Date();
        return new String[]{Base64.toBase64String(generateKeyPair.getPrivate().getEncoded()), Base64.toBase64String(new JcaX509CertificateConverter().setProvider("BC").getCertificate(new JcaX509v3CertificateBuilder(new X500Name("CN=Test CA, O=Eng, OU=IT, L=Sunnyvale, ST=CA, C=US"), BigInteger.valueOf(System.currentTimeMillis()), date, new Date(date.getTime() + 604800000), new X500Name("CN=Test User, O=Eng, OU=IT, L=Sunnyvale, ST=CA, C=US"), generateKeyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(generateKeyPair.getPrivate()))).getEncoded())};
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
