package com.linkedin.venice.utils;

import com.linkedin.venice.ConfigConstants;
import com.linkedin.venice.ConfigKeys;
import com.linkedin.venice.exceptions.VeniceException;
import java.util.Arrays;
import java.util.List;
import java.util.Properties;
import kafka.server.KafkaConfig;
import org.apache.kafka.common.protocol.SecurityProtocol;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/linkedin/venice/utils/KafkaSSLUtils.class */
public class KafkaSSLUtils {
    private static final Logger LOGGER = LogManager.getLogger(KafkaSSLUtils.class);
    private static final List<String> KAFKA_SSL_CONFIGS = Arrays.asList(ConfigKeys.KAFKA_SECURITY_PROTOCOL, "ssl.keystore.location", "ssl.keystore.password", "ssl.keystore.type", "ssl.key.password", "ssl.truststore.location", "ssl.truststore.password", "ssl.truststore.type", "ssl.keymanager.algorithm", "ssl.trustmanager.algorithm", "ssl.secure.random.implementation");
    private static final List<String> KAFKA_SSL_MANDATORY_CONFIGS = Arrays.asList(ConfigKeys.KAFKA_SECURITY_PROTOCOL, "ssl.truststore.location", "ssl.truststore.password", "ssl.truststore.type", "ssl.keymanager.algorithm", "ssl.trustmanager.algorithm", "ssl.secure.random.implementation");

    public static Properties getLocalKafkaBrokerSSlConfig(String str, int i, int i2) {
        Properties properties = new Properties();
        properties.put(KafkaConfig.SslProtocolProp(), "TLS");
        properties.put(KafkaConfig.ListenersProp(), "PLAINTEXT://" + str + ":" + i + ",SSL://" + str + ":" + i2);
        properties.putAll(getLocalCommonKafkaSSLConfig());
        properties.put("ssl.context.provider.class", ConfigConstants.DEFAULT_KAFKA_SSL_CONTEXT_PROVIDER_CLASS_NAME);
        return properties;
    }

    public static Properties getLocalCommonKafkaSSLConfig() {
        Properties properties = new Properties();
        String pathForResource = SslUtils.getPathForResource("localhost.jks");
        properties.put("ssl.keystore.location", pathForResource);
        properties.put("ssl.keystore.password", "dev_pass");
        properties.put("ssl.truststore.location", pathForResource);
        properties.put("ssl.truststore.password", "dev_pass");
        properties.put("ssl.keystore.type", "JKS");
        properties.put("ssl.truststore.type", "JKS");
        properties.put("ssl.key.password", "dev_pass");
        properties.put("ssl.secure.random.implementation", "SHA1PRNG");
        properties.put("ssl.trustmanager.algorithm", "SunX509");
        properties.put("ssl.keymanager.algorithm", "SunX509");
        return properties;
    }

    public static Properties getLocalKafkaClientSSLConfig() {
        Properties properties = new Properties();
        properties.put(ConfigKeys.KAFKA_SECURITY_PROTOCOL, SecurityProtocol.SSL.name());
        properties.putAll(getLocalCommonKafkaSSLConfig());
        return properties;
    }

    public static boolean isKafkaProtocolValid(String str) {
        return str.equals(SecurityProtocol.PLAINTEXT.name()) || str.equals(SecurityProtocol.SSL.name()) || str.equals(SecurityProtocol.SASL_PLAINTEXT.name()) || str.equals(SecurityProtocol.SASL_SSL.name());
    }

    public static boolean isKafkaSSLProtocol(String str) {
        return str.equals(SecurityProtocol.SSL.name()) || str.equals(SecurityProtocol.SASL_SSL.name());
    }

    public static boolean isKafkaSSLProtocol(SecurityProtocol securityProtocol) {
        return securityProtocol == SecurityProtocol.SSL || securityProtocol == SecurityProtocol.SASL_SSL;
    }

    public static boolean validateAndCopyKafkaSSLConfig(VeniceProperties veniceProperties, Properties properties) {
        if (!veniceProperties.containsKey(ConfigKeys.KAFKA_SECURITY_PROTOCOL)) {
            return false;
        }
        String string = veniceProperties.getString(ConfigKeys.KAFKA_SECURITY_PROTOCOL);
        if (!isKafkaProtocolValid(string)) {
            throw new VeniceException("Invalid Kafka protocol specified: " + string);
        }
        if (!isKafkaSSLProtocol(string)) {
            return false;
        }
        LOGGER.info("Kafka properties {}", veniceProperties.toProperties());
        KAFKA_SSL_CONFIGS.forEach(str -> {
            if (veniceProperties.containsKey(str)) {
                properties.setProperty(str, veniceProperties.getString(str));
            } else if (KAFKA_SSL_MANDATORY_CONFIGS.contains(str)) {
                throw new VeniceException(str + " is required when Kafka SSL is enabled");
            }
        });
        return true;
    }
}
