package io.confluent.security.integration;

import io.confluent.common.security.SecureTestUtils;
import io.confluent.kafkarest.security.KafkaRestSecurityResourceExtension;
import java.io.File;
import java.io.IOException;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import kafka.security.auth.SimpleAclAuthorizer;
import kafka.utils.TestUtils;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.glassfish.jersey.SslConfigurator;
import scala.Option;
import scala.Option$;

/* loaded from: input_file:io/confluent/security/integration/KafkaRestSslClusterTestHarnessUtil.class */
public class KafkaRestSslClusterTestHarnessUtil {
    public Properties clientSslConfigs;
    public List<X509Certificate> clientCerts = new ArrayList();
    public List<KeyPair> keyPairs = new ArrayList();

    /* JADX INFO: Access modifiers changed from: protected */
    public String getRestConnectString(int i) {
        return String.format("https://localhost:%d", Integer.valueOf(i));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void overrideKafkaRestConfigs(Properties properties) {
        properties.putAll(this.clientSslConfigs);
        for (Map.Entry entry : this.clientSslConfigs.entrySet()) {
            properties.put("client." + entry.getKey(), entry.getValue());
        }
        properties.put("confluent.rest.auth.propagate.method", "SSL");
        properties.put("kafka.rest.resource.extension.class", KafkaRestSecurityResourceExtension.class.getName());
        properties.put("ssl.client.auth", true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Properties getBrokerProperties(int i, String str) {
        try {
            File createTempFile = File.createTempFile("SSLClusterTestHarness-truststore", ".jks");
            Option apply = Option.apply(createTempFile);
            Properties createBrokerConfig = TestUtils.createBrokerConfig(i, str, false, false, TestUtils.RandomPort(), Option.apply(SecurityProtocol.SSL), apply, Option$.MODULE$.empty(), true, false, TestUtils.RandomPort(), true, TestUtils.RandomPort(), false, TestUtils.RandomPort(), Option.empty(), 1);
            try {
                this.clientSslConfigs = SecureTestUtils.clientSslConfigsWithKeyStore(3, createTempFile, (Password) createBrokerConfig.get("ssl.truststore.password"), this.clientCerts, this.keyPairs);
                createBrokerConfig.setProperty("ssl.client.auth", "required");
                createBrokerConfig.setProperty("auto.create.topics.enable", "true");
                createBrokerConfig.setProperty("num.partitions", "1");
                createBrokerConfig.setProperty("authorizer.class.name", SimpleAclAuthorizer.class.getName());
                createBrokerConfig.setProperty("super.users", "User:O=A server,CN=localhost");
                return createBrokerConfig;
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        } catch (IOException e2) {
            throw new RuntimeException("Unable to create temporary file for the truststore.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Client getClient() {
        int size = this.clientCerts.size() - 1;
        return getClient(this.clientCerts.subList(size, size + 1), this.keyPairs.subList(size, size + 1));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Client getClient(List<X509Certificate> list, List<KeyPair> list2) {
        File file = null;
        String value = new Password("Client-KS-Password").value();
        try {
            file = File.createTempFile("client-Keystore", ".jks");
            SecureTestUtils.createKeyStore(file, value, list, list2);
        } catch (Exception e) {
            new RuntimeException(e);
        }
        return ClientBuilder.newBuilder().sslContext(SslConfigurator.newInstance().trustStoreFile(this.clientSslConfigs.getProperty("ssl.truststore.location")).trustStorePassword(this.clientSslConfigs.getProperty("ssl.truststore.password")).keyStoreFile(file.getAbsolutePath()).keyPassword(value).securityProtocol("TLSv1.2").createSSLContext()).build();
    }
}
