package org.apache.kafka.common.network;

import java.net.InetSocketAddress;
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Stream;
import org.apache.kafka.common.metrics.Metrics;
import org.apache.kafka.common.network.ChannelState;
import org.apache.kafka.common.network.SslTransportLayerTest;
import org.apache.kafka.common.security.TestSecurityConfig;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.utils.LogContext;
import org.apache.kafka.common.utils.Time;
import org.apache.kafka.test.TestSslUtils;
import org.apache.kafka.test.TestUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;

/* loaded from: input_file:org/apache/kafka/common/network/SslVersionsTransportLayerTest.class */
public class SslVersionsTransportLayerTest {
    private static final int BUFFER_SIZE = 4096;
    private static final Time TIME = Time.SYSTEM;

    public static Stream<Arguments> parameters() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(Arguments.of(new Object[]{Collections.singletonList("TLSv1.2"), Collections.singletonList("TLSv1.2")}));
        arrayList.add(Arguments.of(new Object[]{Collections.singletonList("TLSv1.2"), Collections.singletonList(TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS)}));
        arrayList.add(Arguments.of(new Object[]{Collections.singletonList(TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS), Collections.singletonList("TLSv1.2")}));
        arrayList.add(Arguments.of(new Object[]{Collections.singletonList(TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS), Collections.singletonList(TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS)}));
        arrayList.add(Arguments.of(new Object[]{Collections.singletonList("TLSv1.2"), Arrays.asList("TLSv1.2", TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS)}));
        arrayList.add(Arguments.of(new Object[]{Collections.singletonList("TLSv1.2"), Arrays.asList(TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS, "TLSv1.2")}));
        arrayList.add(Arguments.of(new Object[]{Collections.singletonList(TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS), Arrays.asList("TLSv1.2", TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS)}));
        arrayList.add(Arguments.of(new Object[]{Collections.singletonList(TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS), Arrays.asList(TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS, "TLSv1.2")}));
        arrayList.add(Arguments.of(new Object[]{Arrays.asList(TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS, "TLSv1.2"), Collections.singletonList(TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS)}));
        arrayList.add(Arguments.of(new Object[]{Arrays.asList(TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS, "TLSv1.2"), Collections.singletonList("TLSv1.2")}));
        arrayList.add(Arguments.of(new Object[]{Arrays.asList(TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS, "TLSv1.2"), Arrays.asList("TLSv1.2", TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS)}));
        arrayList.add(Arguments.of(new Object[]{Arrays.asList(TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS, "TLSv1.2"), Arrays.asList(TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS, "TLSv1.2")}));
        arrayList.add(Arguments.of(new Object[]{Arrays.asList("TLSv1.2", TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS), Collections.singletonList(TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS)}));
        arrayList.add(Arguments.of(new Object[]{Arrays.asList("TLSv1.2", TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS), Collections.singletonList("TLSv1.2")}));
        arrayList.add(Arguments.of(new Object[]{Arrays.asList("TLSv1.2", TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS), Arrays.asList("TLSv1.2", TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS)}));
        arrayList.add(Arguments.of(new Object[]{Arrays.asList("TLSv1.2", TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS), Arrays.asList(TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS, "TLSv1.2")}));
        return arrayList.stream();
    }

    @MethodSource({"parameters"})
    @ParameterizedTest(name = "testTlsDefaults(tlsServerProtocol = {0}, tlsClientProtocol = {1})")
    public void testTlsDefaults(List<String> list, List<String> list2) throws Exception {
        CertStores certStores = new CertStores(true, "server", "localhost");
        CertStores certStores2 = new CertStores(false, "client", "localhost");
        Map<String, Object> trustingConfig = getTrustingConfig(certStores2, certStores, list2);
        NioEchoServer createEchoServer = NetworkTestUtils.createEchoServer(ListenerName.forSecurityProtocol(SecurityProtocol.SSL), SecurityProtocol.SSL, new TestSecurityConfig(getTrustingConfig(certStores, certStores2, list)), null, TIME);
        Selector createClientSelector = createClientSelector(trustingConfig);
        createClientSelector.connect(KafkaChannelTest.CHANNEL_ID, new InetSocketAddress("localhost", createEchoServer.port()), BUFFER_SIZE, BUFFER_SIZE);
        if (isCompatible(list, list2)) {
            NetworkTestUtils.waitForChannelReady(createClientSelector, KafkaChannelTest.CHANNEL_ID);
            createClientSelector.send(new NetworkSend(KafkaChannelTest.CHANNEL_ID, ByteBufferSend.sizePrefixed(ByteBuffer.wrap(TestUtils.randomString(1048576).getBytes()))));
            while (createClientSelector.completedReceives().isEmpty()) {
                createClientSelector.poll(100L);
            }
            int i = 1048576 + 4;
            createEchoServer.waitForMetric("incoming-byte", i);
            createEchoServer.waitForMetric("outgoing-byte", i);
            createEchoServer.waitForMetric("request", 1.0d);
            createEchoServer.waitForMetric("response", 1.0d);
        } else {
            NetworkTestUtils.waitForChannelClose(createClientSelector, KafkaChannelTest.CHANNEL_ID, ChannelState.State.AUTHENTICATION_FAILED);
            createEchoServer.verifyAuthenticationMetrics(0, 1);
        }
        createEchoServer.close();
        createClientSelector.close();
    }

    private boolean isCompatible(List<String> list, List<String> list2) {
        Assertions.assertNotNull(list);
        Assertions.assertFalse(list.isEmpty());
        Assertions.assertNotNull(list2);
        Assertions.assertFalse(list2.isEmpty());
        return list.contains(list2.get(0)) || (list2.get(0).equals(TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS) && !Collections.disjoint(list, list2));
    }

    private static Map<String, Object> getTrustingConfig(CertStores certStores, CertStores certStores2, List<String> list) {
        Map<String, Object> trustingConfig = certStores.getTrustingConfig(certStores2);
        trustingConfig.putAll(sslConfig(list));
        return trustingConfig;
    }

    private static Map<String, Object> sslConfig(List<String> list) {
        HashMap hashMap = new HashMap();
        hashMap.put("ssl.protocol", list.get(0));
        hashMap.put("ssl.enabled.protocols", list);
        return hashMap;
    }

    private Selector createClientSelector(Map<String, Object> map) {
        SslTransportLayerTest.TestSslChannelBuilder testSslChannelBuilder = new SslTransportLayerTest.TestSslChannelBuilder(ConnectionMode.CLIENT);
        testSslChannelBuilder.configureBufferSizes(null, null, null);
        testSslChannelBuilder.configure(map);
        return new Selector(500000L, new Metrics(), TIME, "MetricGroup", testSslChannelBuilder, new LogContext());
    }
}
