package org.apache.pulsar.client.impl;

import com.google.common.collect.Sets;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.apache.pulsar.broker.authentication.AuthenticationProviderTls;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.api.ClientBuilder;
import org.apache.pulsar.client.api.Consumer;
import org.apache.pulsar.client.api.Message;
import org.apache.pulsar.client.api.Producer;
import org.apache.pulsar.client.api.ProducerConsumerBase;
import org.apache.pulsar.client.api.PulsarClient;
import org.apache.pulsar.client.api.SubscriptionType;
import org.apache.pulsar.client.impl.auth.AuthenticationKeyStoreTls;
import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

@Test(groups = {"broker-impl"})
/* loaded from: input_file:org/apache/pulsar/client/impl/KeyStoreTlsProducerConsumerTestWithAuthTest.class */
public class KeyStoreTlsProducerConsumerTestWithAuthTest extends ProducerConsumerBase {
    private static final Logger log = LoggerFactory.getLogger(KeyStoreTlsProducerConsumerTestWithAuthTest.class);
    protected final String BROKER_KEYSTORE_FILE_PATH = "./src/test/resources/authentication/keystoretls/broker.keystore.jks";
    protected final String BROKER_TRUSTSTORE_FILE_PATH = "./src/test/resources/authentication/keystoretls/broker.truststore.jks";
    protected final String BROKER_KEYSTORE_PW = "111111";
    protected final String BROKER_TRUSTSTORE_PW = "111111";
    protected final String CLIENT_KEYSTORE_FILE_PATH = "./src/test/resources/authentication/keystoretls/client.keystore.jks";
    protected final String CLIENT_TRUSTSTORE_FILE_PATH = "./src/test/resources/authentication/keystoretls/client.truststore.jks";
    protected final String CLIENT_KEYSTORE_PW = "111111";
    protected final String CLIENT_TRUSTSTORE_PW = "111111";
    protected final String CLIENT_KEYSTORE_CN = "clientuser";
    protected final String KEYSTORE_TYPE = "JKS";
    private final String clusterName = "use";

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @BeforeMethod
    protected void setup() throws Exception {
        internalSetUpForBroker();
        super.init();
    }

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @AfterMethod(alwaysRun = true)
    protected void cleanup() throws Exception {
        super.internalCleanup();
    }

    protected void internalSetUpForBroker() {
        this.conf.setBrokerServicePortTls(Optional.of(0));
        this.conf.setWebServicePortTls(Optional.of(0));
        this.conf.setTlsEnabledWithKeyStore(true);
        this.conf.setTlsKeyStoreType("JKS");
        this.conf.setTlsKeyStore("./src/test/resources/authentication/keystoretls/broker.keystore.jks");
        this.conf.setTlsKeyStorePassword("111111");
        this.conf.setTlsTrustStoreType("JKS");
        this.conf.setTlsTrustStore("./src/test/resources/authentication/keystoretls/client.truststore.jks");
        this.conf.setTlsTrustStorePassword("111111");
        this.conf.setClusterName("use");
        this.conf.setTlsRequireTrustedClientCertOnConnect(true);
        this.conf.setSuperUserRoles(Sets.newHashSet(new String[]{"clientuser"}));
        this.conf.setAuthenticationEnabled(true);
        this.conf.setAuthorizationEnabled(true);
        HashSet hashSet = new HashSet();
        hashSet.add(AuthenticationProviderTls.class.getName());
        this.conf.setAuthenticationProviders(hashSet);
        this.conf.setNumExecutorThreadPoolSize(5);
    }

    protected void internalSetUpForClient(boolean z, String str) throws Exception {
        if (this.pulsarClient != null) {
            this.pulsarClient.close();
        }
        Set newConcurrentHashSet = Sets.newConcurrentHashSet();
        newConcurrentHashSet.add("TLSv1.3");
        newConcurrentHashSet.add("TLSv1.2");
        ClientBuilder operationTimeout = PulsarClient.builder().serviceUrl(str).enableTls(true).useKeyStoreTls(true).tlsTrustStorePath("./src/test/resources/authentication/keystoretls/broker.truststore.jks").tlsTrustStorePassword("111111").allowTlsInsecureConnection(false).tlsProtocols(newConcurrentHashSet).operationTimeout(1000, TimeUnit.MILLISECONDS);
        if (z) {
            HashMap hashMap = new HashMap();
            hashMap.put("keyStoreType", "JKS");
            hashMap.put("keyStorePath", "./src/test/resources/authentication/keystoretls/client.keystore.jks");
            hashMap.put("keyStorePassword", "111111");
            operationTimeout.authentication(AuthenticationKeyStoreTls.class.getName(), hashMap);
        }
        replacePulsarClient(operationTimeout);
    }

    protected void internalSetUpForNamespace() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("keyStorePath", "./src/test/resources/authentication/keystoretls/client.keystore.jks");
        hashMap.put("keyStorePassword", "111111");
        if (this.admin != null) {
            this.admin.close();
        }
        this.admin = (PulsarAdmin) Mockito.spy(PulsarAdmin.builder().serviceHttpUrl(this.brokerUrlTls.toString()).useKeyStoreTls(true).tlsTrustStorePath("./src/test/resources/authentication/keystoretls/broker.truststore.jks").tlsTrustStorePassword("111111").allowTlsInsecureConnection(false).authentication(AuthenticationKeyStoreTls.class.getName(), hashMap).build());
        this.admin.clusters().createCluster("use", new ClusterData(this.brokerUrl.toString(), this.brokerUrlTls.toString(), this.pulsar.getBrokerServiceUrl(), this.pulsar.getBrokerServiceUrlTls()));
        this.admin.tenants().createTenant("my-property", new TenantInfo(Sets.newHashSet(new String[]{"appid1", "appid2"}), Sets.newHashSet(new String[]{"use"})));
        this.admin.namespaces().createNamespace("my-property/my-ns");
    }

    @Test(timeOut = 30000)
    public void testTlsLargeSizeMessage() throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        log.info("-- message size -- {}", 16385);
        String str = "persistent://my-property/use/my-ns/testTlsLargeSizeMessage" + System.currentTimeMillis();
        internalSetUpForClient(true, this.pulsar.getBrokerServiceUrlTls());
        internalSetUpForNamespace();
        Consumer subscribe = this.pulsarClient.newConsumer().topic(new String[]{str}).subscriptionName("my-subscriber-name").subscribe();
        Producer create = this.pulsarClient.newProducer().topic(str).create();
        for (int i = 0; i < 10; i++) {
            byte[] bArr = new byte[16385];
            Arrays.fill(bArr, (byte) i);
            create.send(bArr);
        }
        Message message = null;
        for (int i2 = 0; i2 < 10; i2++) {
            message = subscribe.receive(5, TimeUnit.SECONDS);
            byte[] bArr2 = new byte[16385];
            Arrays.fill(bArr2, (byte) i2);
            Assert.assertEquals(bArr2, message.getData());
        }
        subscribe.acknowledgeCumulative(message);
        subscribe.close();
        log.info("-- Exiting {} test --", this.methodName);
    }

    @Test
    public void testTlsClientAuthOverBinaryProtocol() throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        log.info("-- message size -- {}", 16385);
        String str = "persistent://my-property/use/my-ns/testTlsClientAuthOverBinaryProtocol" + System.currentTimeMillis();
        internalSetUpForNamespace();
        internalSetUpForClient(false, this.pulsar.getBrokerServiceUrlTls());
        try {
            this.pulsarClient.newConsumer().topic(new String[]{str}).subscriptionName("my-subscriber-name").subscriptionType(SubscriptionType.Exclusive).subscribe();
            Assert.fail("Server should have failed the TLS handshake since client didn't .");
        } catch (Exception e) {
        }
        internalSetUpForClient(true, this.pulsar.getBrokerServiceUrlTls());
        this.pulsarClient.newConsumer().topic(new String[]{str}).subscriptionName("my-subscriber-name").subscriptionType(SubscriptionType.Exclusive).subscribe();
    }

    @Test
    public void testTlsClientAuthOverHTTPProtocol() throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        log.info("-- message size -- {}", 16385);
        String str = "persistent://my-property/use/my-ns/testTlsClientAuthOverHTTPProtocol" + System.currentTimeMillis();
        internalSetUpForNamespace();
        internalSetUpForClient(false, this.pulsar.getWebServiceAddressTls());
        try {
            this.pulsarClient.newConsumer().topic(new String[]{str}).subscriptionName("my-subscriber-name").subscriptionType(SubscriptionType.Exclusive).subscribe();
            Assert.fail("Server should have failed the TLS handshake since client didn't .");
        } catch (Exception e) {
        }
        internalSetUpForClient(true, this.pulsar.getWebServiceAddressTls());
        this.pulsarClient.newConsumer().topic(new String[]{str}).subscriptionName("my-subscriber-name").subscriptionType(SubscriptionType.Exclusive).subscribe();
    }
}
