package org.apache.kudu.client;

import com.google.common.base.Joiner;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.util.ArrayList;
import java.util.HashSet;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import org.apache.kudu.test.ClientTestUtil;
import org.apache.kudu.test.KuduTestHarness;
import org.apache.kudu.test.cluster.MiniKuduCluster;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Rule;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/kudu/client/TestNegotiationTLSv13.class */
public class TestNegotiationTLSv13 {
    static final String[] TLS13_CIPHERS = {"TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256"};
    private static final Logger LOG = LoggerFactory.getLogger(TestNegotiation.class);
    private static final String TABLE_NAME = "tls_v_1_3_test_table";
    private static final int NUM_ROWS = 10;
    private final MiniKuduCluster.MiniKuduClusterBuilder clusterBuilder = new MiniKuduCluster.MiniKuduClusterBuilder().numMasterServers(1).numTabletServers(3).enableKerberos();

    @Rule
    public KuduTestHarness harness;
    private boolean isTLSv13Supported;

    private static boolean isTLSv13SupportedByJVM() {
        Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2, RC4, MD5");
        Security.setProperty("jdk.tls.disabledAlgorithms", "SSLv3, RC4, MD5");
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, null, null);
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            createSSLEngine.setUseClientMode(true);
            HashSet newHashSet = Sets.newHashSet(createSSLEngine.getSupportedCipherSuites());
            ArrayList newArrayList = Lists.newArrayList();
            for (String str : TLS13_CIPHERS) {
                if (newHashSet.contains(str)) {
                    newArrayList.add(str);
                }
            }
            if (newArrayList.isEmpty()) {
                LOG.info("client side doesn't support TLSv1.3: no common ciphers");
                return false;
            }
            LOG.debug("enabled TLS protocols: {}", Joiner.on(' ').join(createSSLEngine.getEnabledProtocols()));
            HashSet newHashSet2 = Sets.newHashSet(createSSLEngine.getSupportedProtocols());
            LOG.debug("supported TLS protocols: {}", Joiner.on(' ').join(newHashSet2));
            if (newHashSet2.contains("TLSv1.3")) {
                return true;
            }
            LOG.info("client side doesn't support TLSv1.3: unsupported protocol");
            return false;
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            LOG.info("client side doesn't support TLSv1.3", e);
            return false;
        }
    }

    /* JADX WARN: Finally extract failed */
    private static boolean isTLSv13SupportedByServerSide() {
        try {
            MiniKuduCluster build = new MiniKuduCluster.MiniKuduClusterBuilder().numMasterServers(1).numTabletServers(0).addMasterServerFlag("--time_source=system_unsync").addMasterServerFlag("--rpc_tls_min_protocol=TLSv1.3").build();
            Throwable th = null;
            try {
                try {
                    build.killAllMasterServers();
                    if (build != null) {
                        if (0 != 0) {
                            try {
                                build.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            build.close();
                        }
                    }
                    return true;
                } catch (Throwable th3) {
                    if (build != null) {
                        if (0 != 0) {
                            try {
                                build.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            build.close();
                        }
                    }
                    throw th3;
                }
            } catch (IOException e) {
                LOG.error("unexpected exception:", e);
                Assert.fail("kudu-master didn't actually start");
                if (build != null) {
                    if (0 != 0) {
                        try {
                            build.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        build.close();
                    }
                }
                return false;
            }
        } catch (IOException e2) {
            LOG.info("server side doesn't support TLSv1.3", e2);
            return false;
        }
    }

    public TestNegotiationTLSv13() {
        this.isTLSv13Supported = false;
        this.isTLSv13Supported = isTLSv13SupportedByJVM() && isTLSv13SupportedByServerSide();
        if (this.isTLSv13Supported) {
            this.clusterBuilder.addMasterServerFlag("--rpc_tls_min_protocol=TLSv1.3");
            this.clusterBuilder.addTabletServerFlag("--rpc_tls_min_protocol=TLSv1.3");
        }
        this.harness = new KuduTestHarness(this.clusterBuilder);
    }

    @Test
    @KuduTestHarness.MasterServerConfig(flags = {"--rpc-encryption=required", "--rpc_encrypt_loopback_connections", "--rpc-trace-negotiation"})
    @KuduTestHarness.TabletServerConfig(flags = {"--rpc-encryption=required", "--rpc_encrypt_loopback_connections", "--rpc-trace-negotiation"})
    public void connectionNegotiation() throws Exception {
        Assume.assumeTrue("TLSv1.3 isn't supported by both sides", this.isTLSv13Supported);
        KuduClient client = this.harness.getClient();
        ClientTestUtil.createDefaultTable(client, TABLE_NAME);
        ClientTestUtil.loadDefaultTable(client, TABLE_NAME, NUM_ROWS);
        Assert.assertNotNull(this.harness.getAsyncClient().securityContext.getAuthenticationToken());
    }
}
