package org.apache.pulsar.client.api;

import java.util.Collections;
import java.util.HashSet;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.apache.pulsar.broker.authentication.AuthenticationProviderTls;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.admin.PulsarAdminBuilder;
import org.apache.pulsar.client.admin.PulsarAdminException;
import org.apache.pulsar.client.impl.auth.AuthenticationTls;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

@Test(groups = {"broker-api"})
/* loaded from: input_file:org/apache/pulsar/client/api/ClientAuthenticationTlsTest.class */
public class ClientAuthenticationTlsTest extends ProducerConsumerBase {
    private final Authentication authenticationTls = new AuthenticationTls(getTlsFileForClient("admin.cert"), getTlsFileForClient("admin.key-pk8"));

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    public void doInitConf() throws Exception {
        super.doInitConf();
        this.conf.setClusterName(this.configClusterName);
        HashSet hashSet = new HashSet();
        hashSet.add(AuthenticationProviderTls.class.getName());
        this.conf.setAuthenticationProviders(hashSet);
        this.conf.setWebServicePortTls(Optional.of(0));
        this.conf.setBrokerServicePortTls(Optional.of(0));
        this.conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
        this.conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
        this.conf.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
        this.conf.setTlsAllowInsecureConnection(false);
        this.conf.setBrokerClientTlsEnabled(true);
        this.conf.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
        this.conf.setBrokerClientAuthenticationParameters("tlsCertFile:" + getTlsFileForClient("admin.cert") + ",tlsKeyFile:" + getTlsFileForClient("admin.key-pk8"));
        this.conf.setBrokerClientTrustCertsFilePath(CA_CERT_FILE_PATH);
    }

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @BeforeClass(alwaysRun = true)
    protected void setup() throws Exception {
        super.internalSetup();
        setupDefaultTenantAndNamespace();
    }

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @AfterClass(alwaysRun = true)
    protected void cleanup() throws Exception {
        super.internalCleanup();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    public void customizeNewPulsarAdminBuilder(PulsarAdminBuilder pulsarAdminBuilder) {
        super.customizeNewPulsarAdminBuilder(pulsarAdminBuilder);
        pulsarAdminBuilder.authentication(this.authenticationTls);
    }

    @Test
    public void testAdminWithTrustCert() throws PulsarClientException, PulsarAdminException {
        PulsarAdmin build = PulsarAdmin.builder().serviceHttpUrl(getPulsar().getWebServiceAddressTls()).sslProvider("JDK").tlsTrustCertsFilePath(CA_CERT_FILE_PATH).build();
        try {
            build.clusters().getClusters();
        } finally {
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
        }
    }

    @Test
    public void testAdminWithFull() throws PulsarClientException, PulsarAdminException {
        PulsarAdmin build = PulsarAdmin.builder().serviceHttpUrl(getPulsar().getWebServiceAddressTls()).sslProvider("JDK").authentication(this.authenticationTls).tlsTrustCertsFilePath(CA_CERT_FILE_PATH).build();
        try {
            build.clusters().getClusters();
        } finally {
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
        }
    }

    @Test
    public void testAdminWithCertAndKey() throws PulsarClientException, PulsarAdminException {
        PulsarAdmin build = PulsarAdmin.builder().serviceHttpUrl(getPulsar().getWebServiceAddressTls()).sslProvider("JDK").authentication(this.authenticationTls).build();
        try {
            Assert.assertTrue(Assert.expectThrows(PulsarAdminException.class, () -> {
                build.clusters().getClusters();
            }).getMessage().contains("PKIX path"));
        } finally {
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
        }
    }

    @Test
    public void testAdminWithoutTls() throws PulsarClientException, PulsarAdminException {
        PulsarAdmin build = PulsarAdmin.builder().serviceHttpUrl(getPulsar().getWebServiceAddressTls()).sslProvider("JDK").build();
        try {
            Assert.assertTrue(Assert.expectThrows(PulsarAdminException.class, () -> {
                build.clusters().getClusters();
            }).getMessage().contains("PKIX path"));
        } finally {
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
        }
    }

    @Test
    public void testClientWithTrustCert() throws PulsarClientException, PulsarAdminException {
        PulsarClient build = PulsarClient.builder().serviceUrl(getPulsar().getBrokerServiceUrlTls()).sslProvider("JDK").operationTimeout(3, TimeUnit.SECONDS).tlsTrustCertsFilePath(CA_CERT_FILE_PATH).build();
        try {
            Producer create = build.newProducer().topic(UUID.randomUUID().toString()).create();
            if (Collections.singletonList(create).get(0) != null) {
                create.close();
            }
        } finally {
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
        }
    }

    @Test
    public void testClientWithFull() throws PulsarClientException, PulsarAdminException {
        PulsarClient build = PulsarClient.builder().serviceUrl(getPulsar().getBrokerServiceUrlTls()).sslProvider("JDK").operationTimeout(3, TimeUnit.SECONDS).authentication(this.authenticationTls).tlsTrustCertsFilePath(CA_CERT_FILE_PATH).build();
        try {
            Producer create = build.newProducer().topic(UUID.randomUUID().toString()).create();
            if (Collections.singletonList(create).get(0) != null) {
                create.close();
            }
        } finally {
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
        }
    }

    @Test
    public void testClientWithCertAndKey() throws PulsarClientException {
        PulsarClient build = PulsarClient.builder().serviceUrl(getPulsar().getBrokerServiceUrlTls()).sslProvider("JDK").operationTimeout(3, TimeUnit.SECONDS).authentication(this.authenticationTls).build();
        try {
            Assert.assertThrows(PulsarClientException.class, () -> {
                build.newProducer().topic(UUID.randomUUID().toString()).create();
            });
        } finally {
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
        }
    }

    @Test
    public void testClientWithoutTls() throws PulsarClientException, PulsarAdminException {
        PulsarClient build = PulsarClient.builder().serviceUrl(getPulsar().getBrokerServiceUrlTls()).sslProvider("JDK").operationTimeout(3, TimeUnit.SECONDS).build();
        try {
            Assert.assertThrows(PulsarClientException.class, () -> {
                build.newProducer().topic(UUID.randomUUID().toString()).create();
            });
        } finally {
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
        }
    }
}
