package io.quarkus.test.services.containers;

import io.quarkus.test.bootstrap.KafkaService;
import io.quarkus.test.bootstrap.Protocol;
import io.quarkus.test.security.certificate.Certificate;
import io.quarkus.test.services.Certificate;
import io.quarkus.test.services.URILike;
import io.quarkus.test.services.containers.model.KafkaProtocol;
import io.quarkus.test.services.containers.model.KafkaVendor;
import io.quarkus.test.services.containers.strimzi.ExtendedStrimziKafkaContainer;
import io.quarkus.test.utils.DockerUtils;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import org.apache.commons.lang3.StringUtils;
import org.testcontainers.containers.GenericContainer;

/* loaded from: input_file:io/quarkus/test/services/containers/StrimziKafkaContainerManagedResource.class */
public class StrimziKafkaContainerManagedResource extends BaseKafkaContainerManagedResource {
    private static final String STRIMZI_SERVER_SSL = "strimzi-server-ssl";
    private static final String SSL_SERVER_PROPERTIES_DEFAULT = "strimzi-default-server-ssl.properties";
    private static final String DEPRECATED_SSL_SERVER_KEYSTORE = "strimzi-default-server-ssl-keystore.p12";
    private static final String SSL_SERVER_KEYSTORE = "strimzi-server-ssl-keystore.p12";
    private static final String SSL_SERVER_TRUSTSTORE = "strimzi-server-ssl-truststore.p12";
    private static final String SASL_SERVER_PROPERTIES_DEFAULT = "strimzi-default-server-sasl.properties";
    private static final String SASL_SSL_SERVER_PROPERTIES_DEFAULT = "strimzi-default-server-sasl-ssl.properties";
    private static final String SASL_USERNAME_VALUE = "client";
    private static final String SASL_PASSWORD_VALUE = "client-secret12345678912345678912";

    /* JADX INFO: Access modifiers changed from: protected */
    public StrimziKafkaContainerManagedResource(KafkaContainerManagedResourceBuilder kafkaContainerManagedResourceBuilder) {
        super(kafkaContainerManagedResourceBuilder);
    }

    public String getDisplayName() {
        return KafkaVendor.STRIMZI.getImage() + getKafkaVersion();
    }

    public URILike getURI(Protocol protocol) {
        URILike uri = super.getURI(protocol);
        if (this.model.getProtocol() == KafkaProtocol.SSL) {
            uri = uri.withScheme("SSL");
        } else if (this.model.getProtocol() == KafkaProtocol.SASL) {
            uri = uri.withScheme("SASL_PLAINTEXT");
        } else if (this.model.getProtocol() == KafkaProtocol.SASL_SSL) {
            uri = uri.withScheme("SASL_SSL");
        }
        return uri;
    }

    @Override // io.quarkus.test.services.containers.BaseKafkaContainerManagedResource
    protected GenericContainer<?> initKafkaContainer() {
        ExtendedStrimziKafkaContainer enableKraftMode = new ExtendedStrimziKafkaContainer(getKafkaImageName(), getKafkaVersion()).enableKraftMode();
        if (StringUtils.isNotEmpty(getServerProperties())) {
            enableKraftMode.useCustomServerProperties();
        }
        enableKraftMode.withCreateContainerCmdModifier(createContainerCmd -> {
            createContainerCmd.withName(DockerUtils.generateDockerContainerName());
        });
        if (this.model.getProtocol() == KafkaProtocol.SASL_SSL && (this.model.getServerProperties() == null || this.model.getServerProperties().isEmpty())) {
            enableKraftMode.configureScram(SASL_USERNAME_VALUE, SASL_PASSWORD_VALUE);
        }
        return enableKraftMode;
    }

    @Override // io.quarkus.test.services.containers.BaseKafkaContainerManagedResource
    protected GenericContainer<?> initRegistryContainer(GenericContainer<?> genericContainer) {
        GenericContainer<?> genericContainer2 = new GenericContainer<>(getKafkaRegistryImage());
        genericContainer2.withExposedPorts(new Integer[]{Integer.valueOf(getKafkaRegistryPort())});
        genericContainer2.withEnv("APPLICATION_ID", "registry_id");
        genericContainer2.withEnv("APPLICATION_SERVER", "localhost:9000");
        genericContainer2.withEnv("KAFKA_BOOTSTRAP_SERVERS", "PLAINTEXT://localhost:" + getTargetPort());
        genericContainer2.withCreateContainerCmdModifier(createContainerCmd -> {
            createContainerCmd.withName(DockerUtils.generateDockerContainerName());
        });
        return genericContainer2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.quarkus.test.services.containers.BaseKafkaContainerManagedResource
    public String getServerProperties() {
        return StringUtils.isNotEmpty(this.model.getServerProperties()) ? this.model.getServerProperties() : this.model.getProtocol() == KafkaProtocol.SSL ? SSL_SERVER_PROPERTIES_DEFAULT : this.model.getProtocol() == KafkaProtocol.SASL ? SASL_SERVER_PROPERTIES_DEFAULT : this.model.getProtocol() == KafkaProtocol.SASL_SSL ? SASL_SSL_SERVER_PROPERTIES_DEFAULT : super.getServerProperties();
    }

    @Override // io.quarkus.test.services.containers.BaseKafkaContainerManagedResource
    protected String getResourceTargetName(String str) {
        return DEPRECATED_SSL_SERVER_KEYSTORE.equals(str) ? SSL_SERVER_KEYSTORE : str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.quarkus.test.services.containers.BaseKafkaContainerManagedResource
    public String[] getKafkaConfigResources() {
        String str;
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(Arrays.asList(super.getKafkaConfigResources()));
        if (this.model.getProtocol() == KafkaProtocol.SSL || this.model.getProtocol() == KafkaProtocol.SASL_SSL) {
            if (!useDefaultServerProperties()) {
                str = "${custom-kafka-trust-store-location:}";
            } else if (useDefaultTrustStore()) {
                Certificate of = Certificate.of(STRIMZI_SERVER_SSL, Certificate.Format.PKCS12, "top-secret");
                str = (String) Objects.requireNonNull(of.truststorePath());
                arrayList.add(str);
                arrayList.add((String) Objects.requireNonNull(of.keystorePath()));
            } else {
                str = SSL_SERVER_TRUSTSTORE;
                arrayList.add(DEPRECATED_SSL_SERVER_KEYSTORE);
            }
            HashMap hashMap = new HashMap();
            hashMap.put("kafka.ssl.enable", "true");
            hashMap.put("kafka.security.protocol", "SSL");
            if (this.model.getQuarkusTlsRegistryConfigName() == null) {
                hashMap.put("kafka.ssl.truststore.location", str);
                hashMap.put("kafka.ssl.truststore.password", "top-secret");
                hashMap.put("kafka.ssl.truststore.type", "PKCS12");
            } else {
                String formatted = "quarkus.tls.%s.trust-store.p12.".formatted(this.model.getQuarkusTlsRegistryConfigName());
                hashMap.put("kafka.tls-configuration-name", this.model.getQuarkusTlsRegistryConfigName());
                hashMap.put(formatted + "path", str);
                hashMap.put(formatted + "password", "top-secret");
            }
            if (this.model.getProtocol() == KafkaProtocol.SASL_SSL) {
                hashMap = new HashMap(hashMap);
                hashMap.put("kafka.security.protocol", "SASL_SSL");
                hashMap.put("kafka.sasl.mechanism", "SCRAM-SHA-512");
                hashMap.put("kafka.sasl.jaas.config", "org.apache.kafka.common.security.scram.ScramLoginModule required username=\"client\" password=\"client-secret12345678912345678912\";");
                hashMap.put("ssl.endpoint.identification.algorithm", "https");
            }
            this.model.getContext().put(KafkaService.KAFKA_SSL_PROPERTIES, Map.copyOf(hashMap));
        }
        return (String[]) arrayList.toArray(new String[0]);
    }

    private boolean useDefaultTrustStore() {
        return super.getKafkaConfigResources().length == 0;
    }

    private boolean useDefaultServerProperties() {
        return this.model.getServerProperties() == null || this.model.getServerProperties().isEmpty();
    }
}
