package io.confluent.kafka.multitenant;

import java.net.URL;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.PosixFilePermissions;
import java.util.Collections;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.apache.kafka.clients.admin.AdminClient;
import org.apache.kafka.clients.admin.AlterConfigsOptions;
import org.apache.kafka.clients.admin.MockAdminClient;
import org.apache.kafka.common.Node;
import org.apache.kafka.test.TestUtils;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:io/confluent/kafka/multitenant/SslCertificateManagerTest.class */
public class SslCertificateManagerTest {
    private static final String SSL_CERTS_DIR = "mnt/sslcerts/";
    private static final String DATA_DIR = "..data";
    private static final String BROKER_ID = "0";
    private AdminClient mockAdminClient;
    private SslCertificateManager sslCache;
    private Path tempDir;
    private static final long TEST_MAX_WAIT_MS = TimeUnit.SECONDS.toMillis(60);
    private static final URL TEST_SSL_CERTS_MAY = SslCertificateManagerTest.class.getResource("/cert_exp_may");
    private static final URL TEST_SSL_CERTS_AUG = SslCertificateManagerTest.class.getResource("/cert_exp_aug");
    private static final URL TEST_ROOT = SslCertificateManagerTest.class.getResource("/");

    @BeforeEach
    public void setUp() throws Exception {
        this.tempDir = TestUtils.tempDirectory().toPath();
        System.out.println("root resource: " + TEST_ROOT.getPath());
        Node node = new Node(0, MultiTenantRequestContextTest.LOCALHOST, MultiTenantRequestContextTest.KAFKA_PORT);
        String str = this.tempDir.toRealPath(new LinkOption[0]) + "/" + SSL_CERTS_DIR + "spec.json";
        this.mockAdminClient = (AdminClient) Mockito.spy(new MockAdminClient(Collections.singletonList(node), node));
        this.sslCache = new SslCertificateManager(BROKER_ID, str, this.mockAdminClient);
    }

    @AfterEach
    public void teardown() {
        this.sslCache.shutdown();
        this.sslCache.close();
    }

    @Test
    public void testAdminClientInvokedAfterCertificateSync() throws Exception {
        Utils.deleteFiles(this.tempDir, SSL_CERTS_DIR);
        Utils.syncCerts(this.tempDir, TEST_SSL_CERTS_AUG, SSL_CERTS_DIR);
        this.sslCache.loadSslCertFiles();
        ((AdminClient) Mockito.verify(this.mockAdminClient, Mockito.times(1))).incrementalAlterConfigs((Map) ArgumentMatchers.any(), (AlterConfigsOptions) ArgumentMatchers.any());
    }

    @Test
    public void testAdminClientNotInvokedWithoutReadPermissionForCerts() throws Exception {
        Utils.syncCerts(this.tempDir, TEST_SSL_CERTS_AUG, SSL_CERTS_DIR);
        String str = this.tempDir.toRealPath(new LinkOption[0]) + "/" + SSL_CERTS_DIR + "/" + DATA_DIR + "/fullchain.pem";
        String str2 = this.tempDir.toRealPath(new LinkOption[0]) + "/" + SSL_CERTS_DIR + "/" + DATA_DIR + "/privkey.pem";
        Files.setPosixFilePermissions(Paths.get(str, new String[0]), PosixFilePermissions.fromString("-wx-wx-wx"));
        Files.setPosixFilePermissions(Paths.get(str2, new String[0]), PosixFilePermissions.fromString("-wx-wx-wx"));
        this.sslCache.loadSslCertFiles();
        ((AdminClient) Mockito.verify(this.mockAdminClient, Mockito.times(0))).incrementalAlterConfigs((Map) ArgumentMatchers.any(), (AlterConfigsOptions) ArgumentMatchers.any());
    }

    @Test
    public void testAdminClientNotInvokedWithoutSpecFile() throws Exception {
        Utils.moveFile("spec.json", TEST_SSL_CERTS_AUG, TEST_ROOT);
        Utils.deleteFiles(this.tempDir, SSL_CERTS_DIR);
        Utils.syncCerts(this.tempDir, TEST_SSL_CERTS_AUG, SSL_CERTS_DIR);
        this.sslCache.loadSslCertFiles();
        ((AdminClient) Mockito.verify(this.mockAdminClient, Mockito.times(0))).incrementalAlterConfigs((Map) ArgumentMatchers.any(), (AlterConfigsOptions) ArgumentMatchers.any());
        Utils.moveFile("spec.json", TEST_ROOT, TEST_SSL_CERTS_AUG);
    }

    @Test
    public void testAdminClientNotInvokedWithoutPKCSCertificate() throws Exception {
        Utils.moveFile("pkcs.p12", TEST_SSL_CERTS_AUG, TEST_ROOT);
        Utils.deleteFiles(this.tempDir, SSL_CERTS_DIR);
        Utils.syncCerts(this.tempDir, TEST_SSL_CERTS_AUG, SSL_CERTS_DIR);
        this.sslCache.loadSslCertFiles();
        ((AdminClient) Mockito.verify(this.mockAdminClient, Mockito.times(0))).incrementalAlterConfigs((Map) ArgumentMatchers.any(), (AlterConfigsOptions) ArgumentMatchers.any());
        Utils.moveFile("pkcs.p12", TEST_ROOT, TEST_SSL_CERTS_AUG);
    }

    @Test
    public void testAdminClientNotInvokedWithoutPrivkeyPemFile() throws Exception {
        Utils.moveFile("privkey.pem", TEST_SSL_CERTS_AUG, TEST_ROOT);
        Utils.deleteFiles(this.tempDir, SSL_CERTS_DIR);
        Utils.syncCerts(this.tempDir, TEST_ROOT, SSL_CERTS_DIR);
        this.sslCache.loadSslCertFiles();
        ((AdminClient) Mockito.verify(this.mockAdminClient, Mockito.times(0))).incrementalAlterConfigs((Map) ArgumentMatchers.any(), (AlterConfigsOptions) ArgumentMatchers.any());
        Utils.moveFile("privkey.pem", TEST_ROOT, TEST_SSL_CERTS_AUG);
    }

    @Test
    public void testAdminClientNotInvokedWithoutFullchainPemFile() throws Exception {
        Utils.moveFile("fullchain.pem", TEST_SSL_CERTS_AUG, TEST_ROOT);
        Utils.deleteFiles(this.tempDir, SSL_CERTS_DIR);
        Utils.syncCerts(this.tempDir, TEST_SSL_CERTS_AUG, SSL_CERTS_DIR);
        this.sslCache.loadSslCertFiles();
        ((AdminClient) Mockito.verify(this.mockAdminClient, Mockito.times(0))).incrementalAlterConfigs((Map) ArgumentMatchers.any(), (AlterConfigsOptions) ArgumentMatchers.any());
        Utils.moveFile("fullchain.pem", TEST_ROOT, TEST_SSL_CERTS_AUG);
    }

    @Test
    public void testAdminClientInvocationOnIdenticalSslCertsSync() throws Exception {
        Utils.syncCerts(this.tempDir, TEST_SSL_CERTS_MAY, SSL_CERTS_DIR);
        this.sslCache.startWatching();
        this.sslCache.loadSslCertFiles();
        ((AdminClient) Mockito.verify(this.mockAdminClient, Mockito.times(1))).incrementalAlterConfigs((Map) ArgumentMatchers.any(), (AlterConfigsOptions) ArgumentMatchers.any());
        Utils.deleteFiles(this.tempDir, SSL_CERTS_DIR);
        Utils.syncCerts(this.tempDir, TEST_SSL_CERTS_MAY, SSL_CERTS_DIR);
        ((AdminClient) Mockito.verify(this.mockAdminClient, Mockito.timeout(TEST_MAX_WAIT_MS).times(1))).incrementalAlterConfigs((Map) ArgumentMatchers.any(), (AlterConfigsOptions) ArgumentMatchers.any());
    }

    @Test
    public void testAdminClientInvocationOnDifferentSslCertsSync() throws Exception {
        Utils.syncCerts(this.tempDir, TEST_SSL_CERTS_MAY, SSL_CERTS_DIR);
        this.sslCache.startWatching();
        this.sslCache.loadSslCertFiles();
        ((AdminClient) Mockito.verify(this.mockAdminClient, Mockito.timeout(TEST_MAX_WAIT_MS).times(1))).incrementalAlterConfigs((Map) ArgumentMatchers.any(), (AlterConfigsOptions) ArgumentMatchers.any());
        Utils.deleteFiles(this.tempDir, SSL_CERTS_DIR);
        Utils.syncCerts(this.tempDir, TEST_SSL_CERTS_AUG, SSL_CERTS_DIR);
        ((AdminClient) Mockito.verify(this.mockAdminClient, Mockito.timeout(TEST_MAX_WAIT_MS).times(2))).incrementalAlterConfigs((Map) ArgumentMatchers.any(), (AlterConfigsOptions) ArgumentMatchers.any());
        Utils.deleteFiles(this.tempDir, SSL_CERTS_DIR);
        Utils.syncCerts(this.tempDir, TEST_SSL_CERTS_MAY, SSL_CERTS_DIR);
        ((AdminClient) Mockito.verify(this.mockAdminClient, Mockito.timeout(TEST_MAX_WAIT_MS).times(3))).incrementalAlterConfigs((Map) ArgumentMatchers.any(), (AlterConfigsOptions) ArgumentMatchers.any());
    }

    @Test
    public void testWatchServiceDoesNotTerminateOnDirectoryDeletion() throws Exception {
        Utils.syncCerts(this.tempDir, TEST_SSL_CERTS_MAY, SSL_CERTS_DIR);
        this.sslCache.startWatching();
        this.sslCache.loadSslCertFiles();
        ((AdminClient) Mockito.verify(this.mockAdminClient, Mockito.timeout(TEST_MAX_WAIT_MS).times(1))).incrementalAlterConfigs((Map) ArgumentMatchers.any(), (AlterConfigsOptions) ArgumentMatchers.any());
        Utils.deleteFiles(this.tempDir, SSL_CERTS_DIR);
        Utils.syncCerts(this.tempDir, TEST_SSL_CERTS_AUG, SSL_CERTS_DIR);
        ((AdminClient) Mockito.verify(this.mockAdminClient, Mockito.timeout(TEST_MAX_WAIT_MS).times(2))).incrementalAlterConfigs((Map) ArgumentMatchers.any(), (AlterConfigsOptions) ArgumentMatchers.any());
    }
}
