package org.apache.flink.runtime.net;

import java.io.File;
import java.io.InputStream;
import java.net.ServerSocket;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import javax.net.ssl.SSLServerSocket;
import org.apache.flink.configuration.Configuration;
import org.apache.flink.configuration.IllegalConfigurationException;
import org.apache.flink.configuration.SecurityOptions;
import org.apache.flink.shaded.netty4.io.netty.buffer.UnpooledByteBufAllocator;
import org.apache.flink.shaded.netty4.io.netty.handler.ssl.ClientAuth;
import org.apache.flink.shaded.netty4.io.netty.handler.ssl.JdkSslContext;
import org.apache.flink.shaded.netty4.io.netty.handler.ssl.OpenSsl;
import org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler;
import org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslProvider;
import org.apache.flink.util.Preconditions;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;

/* loaded from: input_file:org/apache/flink/runtime/net/SSLUtilsTest.class */
public class SSLUtilsTest {
    private static final String TRUST_STORE_PATH = ((URL) Preconditions.checkNotNull(SSLUtilsTest.class.getResource("/local127.truststore"))).getFile();
    private static final String KEY_STORE_PATH = ((URL) Preconditions.checkNotNull(SSLUtilsTest.class.getResource("/local127.keystore"))).getFile();
    private static final String TRUST_STORE_PASSWORD = "password";
    private static final String KEY_STORE_PASSWORD = "password";
    private static final String KEY_PASSWORD = "password";
    public static final List<String> AVAILABLE_SSL_PROVIDERS;

    private static List<String> parameters() {
        return AVAILABLE_SSL_PROVIDERS;
    }

    @Test
    void testSocketFactoriesWhenSslDisabled() {
        Configuration configuration = new Configuration();
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createSSLServerSocketFactory(configuration);
        }).isInstanceOf(IllegalConfigurationException.class);
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createSSLClientSocketFactory(configuration);
        }).isInstanceOf(IllegalConfigurationException.class);
    }

    @MethodSource({"parameters"})
    @ParameterizedTest
    void testRESTClientSSL(String str) throws Exception {
        Assertions.assertThat(SSLUtils.createRestClientSSLEngineFactory(createRestSslConfigWithTrustStore(str))).isNotNull();
    }

    @MethodSource({"parameters"})
    @ParameterizedTest
    void testRESTClientSSLDisabled(String str) {
        Configuration createRestSslConfigWithTrustStore = createRestSslConfigWithTrustStore(str);
        createRestSslConfigWithTrustStore.setBoolean(SecurityOptions.SSL_REST_ENABLED, false);
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createRestClientSSLEngineFactory(createRestSslConfigWithTrustStore);
        }).isInstanceOf(IllegalConfigurationException.class);
    }

    @Test
    void testRESTClientSSLMissingTrustStore() {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_REST_ENABLED, true);
        configuration.setString(SecurityOptions.SSL_REST_TRUSTSTORE_PASSWORD, "some password");
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createRestClientSSLEngineFactory(configuration);
        }).isInstanceOf(IllegalConfigurationException.class);
    }

    @Test
    void testRESTClientSSLMissingPassword() {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_REST_ENABLED, true);
        configuration.setString(SecurityOptions.SSL_REST_TRUSTSTORE, TRUST_STORE_PATH);
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createRestClientSSLEngineFactory(configuration);
        }).isInstanceOf(IllegalConfigurationException.class);
    }

    @MethodSource({"parameters"})
    @ParameterizedTest
    void testRESTClientSSLWrongPassword(String str) {
        Configuration createRestSslConfigWithTrustStore = createRestSslConfigWithTrustStore(str);
        createRestSslConfigWithTrustStore.setString(SecurityOptions.SSL_REST_TRUSTSTORE_PASSWORD, "badpassword");
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createRestClientSSLEngineFactory(createRestSslConfigWithTrustStore);
        }).isInstanceOf(Exception.class);
    }

    @MethodSource({"parameters"})
    @ParameterizedTest
    public void testRESTSSLConfigCipherAlgorithms(String str) throws Exception {
        Configuration createRestSslConfigWithTrustStore = createRestSslConfigWithTrustStore(str);
        createRestSslConfigWithTrustStore.setBoolean(SecurityOptions.SSL_REST_ENABLED, true);
        createRestSslConfigWithTrustStore.setString(SecurityOptions.SSL_ALGORITHMS.key(), "test_algorithm1,test_algorithm2");
        List cipherSuites = ((JdkSslContext) Preconditions.checkNotNull(SSLUtils.createRestNettySSLContext(createRestSslConfigWithTrustStore, true, ClientAuth.NONE, SslProvider.JDK))).cipherSuites();
        Assertions.assertThat(cipherSuites).hasSize(2);
        Assertions.assertThat(cipherSuites).containsExactlyInAnyOrder("test_algorithm1,test_algorithm2".split(","));
    }

    @MethodSource({"parameters"})
    @ParameterizedTest
    void testRESTServerSSL(String str) throws Exception {
        Assertions.assertThat(SSLUtils.createRestServerSSLEngineFactory(createRestSslConfigWithKeyStore(str))).isNotNull();
    }

    @MethodSource({"parameters"})
    @ParameterizedTest
    void testRESTServerSSLDisabled(String str) {
        Configuration createRestSslConfigWithKeyStore = createRestSslConfigWithKeyStore(str);
        createRestSslConfigWithKeyStore.setBoolean(SecurityOptions.SSL_REST_ENABLED, false);
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createRestServerSSLEngineFactory(createRestSslConfigWithKeyStore);
        }).isInstanceOf(IllegalConfigurationException.class);
    }

    @MethodSource({"parameters"})
    @ParameterizedTest
    void testRESTServerSSLBadKeystorePassword(String str) {
        Configuration createRestSslConfigWithKeyStore = createRestSslConfigWithKeyStore(str);
        createRestSslConfigWithKeyStore.setString(SecurityOptions.SSL_REST_KEYSTORE_PASSWORD, "badpassword");
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createRestServerSSLEngineFactory(createRestSslConfigWithKeyStore);
        }).isInstanceOf(Exception.class);
    }

    @MethodSource({"parameters"})
    @ParameterizedTest
    void testRESTServerSSLBadKeyPassword(String str) {
        Configuration createRestSslConfigWithKeyStore = createRestSslConfigWithKeyStore(str);
        createRestSslConfigWithKeyStore.setString(SecurityOptions.SSL_REST_KEY_PASSWORD, "badpassword");
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createRestServerSSLEngineFactory(createRestSslConfigWithKeyStore);
        }).isInstanceOf(Exception.class);
    }

    @MethodSource({"parameters"})
    @ParameterizedTest
    void testInternalSSL(String str) throws Exception {
        Configuration createInternalSslConfigWithKeyAndTrustStores = createInternalSslConfigWithKeyAndTrustStores(str);
        Assertions.assertThat(SSLUtils.createInternalServerSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores)).isNotNull();
        Assertions.assertThat(SSLUtils.createInternalClientSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores)).isNotNull();
    }

    @MethodSource({"parameters"})
    @ParameterizedTest
    void testInternalSSLWithSSLPinning(String str) throws Exception {
        Configuration createInternalSslConfigWithKeyAndTrustStores = createInternalSslConfigWithKeyAndTrustStores(str);
        createInternalSslConfigWithKeyAndTrustStores.setString(SecurityOptions.SSL_INTERNAL_CERT_FINGERPRINT, getCertificateFingerprint(createInternalSslConfigWithKeyAndTrustStores, "flink.test"));
        Assertions.assertThat(SSLUtils.createInternalServerSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores)).isNotNull();
        Assertions.assertThat(SSLUtils.createInternalClientSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores)).isNotNull();
    }

    @MethodSource({"parameters"})
    @ParameterizedTest
    void testInternalSSLDisables(String str) {
        Configuration createInternalSslConfigWithKeyAndTrustStores = createInternalSslConfigWithKeyAndTrustStores(str);
        createInternalSslConfigWithKeyAndTrustStores.setBoolean(SecurityOptions.SSL_INTERNAL_ENABLED, false);
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createInternalServerSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores);
        }).isInstanceOf(Exception.class);
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createInternalClientSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores);
        }).isInstanceOf(Exception.class);
    }

    @MethodSource({"parameters"})
    @ParameterizedTest
    void testInternalSSLKeyStoreOnly(String str) {
        Configuration createInternalSslConfigWithKeyStore = createInternalSslConfigWithKeyStore(str);
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createInternalServerSSLEngineFactory(createInternalSslConfigWithKeyStore);
        }).isInstanceOf(Exception.class);
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createInternalClientSSLEngineFactory(createInternalSslConfigWithKeyStore);
        }).isInstanceOf(Exception.class);
    }

    @MethodSource({"parameters"})
    @ParameterizedTest
    void testInternalSSLTrustStoreOnly(String str) {
        Configuration createInternalSslConfigWithTrustStore = createInternalSslConfigWithTrustStore(str);
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createInternalServerSSLEngineFactory(createInternalSslConfigWithTrustStore);
        }).isInstanceOf(Exception.class);
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createInternalClientSSLEngineFactory(createInternalSslConfigWithTrustStore);
        }).isInstanceOf(Exception.class);
    }

    @MethodSource({"parameters"})
    @ParameterizedTest
    void testInternalSSLWrongKeystorePassword(String str) {
        Configuration createInternalSslConfigWithKeyAndTrustStores = createInternalSslConfigWithKeyAndTrustStores(str);
        createInternalSslConfigWithKeyAndTrustStores.setString(SecurityOptions.SSL_INTERNAL_KEYSTORE_PASSWORD, "badpw");
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createInternalServerSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores);
        }).isInstanceOf(Exception.class);
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createInternalClientSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores);
        }).isInstanceOf(Exception.class);
    }

    @MethodSource({"parameters"})
    @ParameterizedTest
    void testInternalSSLWrongTruststorePassword(String str) {
        Configuration createInternalSslConfigWithKeyAndTrustStores = createInternalSslConfigWithKeyAndTrustStores(str);
        createInternalSslConfigWithKeyAndTrustStores.setString(SecurityOptions.SSL_INTERNAL_TRUSTSTORE_PASSWORD, "badpw");
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createInternalServerSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores);
        }).isInstanceOf(Exception.class);
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createInternalClientSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores);
        }).isInstanceOf(Exception.class);
    }

    @MethodSource({"parameters"})
    @ParameterizedTest
    void testInternalSSLWrongKeyPassword(String str) {
        Configuration createInternalSslConfigWithKeyAndTrustStores = createInternalSslConfigWithKeyAndTrustStores(str);
        createInternalSslConfigWithKeyAndTrustStores.setString(SecurityOptions.SSL_INTERNAL_KEY_PASSWORD, "badpw");
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createInternalServerSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores);
        }).isInstanceOf(Exception.class);
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createInternalClientSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores);
        }).isInstanceOf(Exception.class);
    }

    @MethodSource({"parameters"})
    @ParameterizedTest
    void testSetSSLVersionAndCipherSuitesForSSLServerSocket(String str) throws Exception {
        Configuration createInternalSslConfigWithKeyAndTrustStores = createInternalSslConfigWithKeyAndTrustStores(str);
        createInternalSslConfigWithKeyAndTrustStores.setString(SecurityOptions.SSL_PROTOCOL, "TLSv1.1");
        createInternalSslConfigWithKeyAndTrustStores.setString(SecurityOptions.SSL_ALGORITHMS, "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256");
        ServerSocket createServerSocket = SSLUtils.createSSLServerSocketFactory(createInternalSslConfigWithKeyAndTrustStores).createServerSocket(0);
        Throwable th = null;
        try {
            try {
                Assertions.assertThat(createServerSocket).isInstanceOf(SSLServerSocket.class);
                SSLServerSocket sSLServerSocket = (SSLServerSocket) createServerSocket;
                String[] enabledProtocols = sSLServerSocket.getEnabledProtocols();
                String[] enabledCipherSuites = sSLServerSocket.getEnabledCipherSuites();
                Assertions.assertThat(enabledProtocols).hasSize(1);
                Assertions.assertThat(enabledProtocols[0]).isEqualTo("TLSv1.1");
                Assertions.assertThat(enabledCipherSuites).hasSize(2);
                Assertions.assertThat(enabledCipherSuites).contains(new String[]{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256"});
                if (createServerSocket != null) {
                    if (0 == 0) {
                        createServerSocket.close();
                        return;
                    }
                    try {
                        createServerSocket.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (createServerSocket != null) {
                if (th != null) {
                    try {
                        createServerSocket.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    createServerSocket.close();
                }
            }
            throw th4;
        }
    }

    @MethodSource({"parameters"})
    @ParameterizedTest
    void testCreateSSLEngineFactory(String str) throws Exception {
        String[] strArr;
        String[] strArr2;
        Configuration createInternalSslConfigWithKeyAndTrustStores = createInternalSslConfigWithKeyAndTrustStores(str);
        if (str.equalsIgnoreCase("OPENSSL")) {
            strArr = new String[]{"TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384"};
            strArr2 = new String[]{"SSLv2Hello", "TLSv1"};
        } else {
            strArr = new String[]{"TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"};
            strArr2 = new String[]{"TLSv1"};
        }
        createInternalSslConfigWithKeyAndTrustStores.setString(SecurityOptions.SSL_PROTOCOL, "TLSv1");
        createInternalSslConfigWithKeyAndTrustStores.setString(SecurityOptions.SSL_ALGORITHMS, String.join(",", strArr));
        SslHandler createNettySSLHandler = SSLUtils.createInternalServerSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores).createNettySSLHandler(UnpooledByteBufAllocator.DEFAULT);
        Assertions.assertThat(createNettySSLHandler.engine().getEnabledProtocols()).hasSameSizeAs(strArr2);
        Assertions.assertThat(createNettySSLHandler.engine().getEnabledProtocols()).contains(strArr2);
        Assertions.assertThat(createNettySSLHandler.engine().getEnabledCipherSuites()).hasSameSizeAs(strArr);
        Assertions.assertThat(createNettySSLHandler.engine().getEnabledCipherSuites()).contains(strArr);
    }

    @MethodSource({"parameters"})
    @ParameterizedTest
    void testInvalidFingerprintParsing(String str) throws Exception {
        Configuration createInternalSslConfigWithKeyAndTrustStores = createInternalSslConfigWithKeyAndTrustStores(str);
        String certificateFingerprint = getCertificateFingerprint(createInternalSslConfigWithKeyAndTrustStores, "flink.test");
        createInternalSslConfigWithKeyAndTrustStores.setString(SecurityOptions.SSL_INTERNAL_CERT_FINGERPRINT, certificateFingerprint.substring(0, certificateFingerprint.length() - 3));
        Assertions.assertThatThrownBy(() -> {
            SSLUtils.createInternalServerSSLEngineFactory(createInternalSslConfigWithKeyAndTrustStores);
        }).isInstanceOf(IllegalArgumentException.class);
    }

    private Configuration createRestSslConfigWithKeyStore(String str) {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_REST_ENABLED, true);
        addSslProviderConfig(configuration, str);
        addRestKeyStoreConfig(configuration);
        return configuration;
    }

    private Configuration createRestSslConfigWithTrustStore(String str) {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_REST_ENABLED, true);
        addSslProviderConfig(configuration, str);
        addRestTrustStoreConfig(configuration);
        return configuration;
    }

    public static Configuration createRestSslConfigWithKeyAndTrustStores(String str) {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_REST_ENABLED, true);
        addSslProviderConfig(configuration, str);
        addRestKeyStoreConfig(configuration);
        addRestTrustStoreConfig(configuration);
        return configuration;
    }

    private Configuration createInternalSslConfigWithKeyStore(String str) {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_INTERNAL_ENABLED, true);
        addSslProviderConfig(configuration, str);
        addInternalKeyStoreConfig(configuration);
        return configuration;
    }

    private Configuration createInternalSslConfigWithTrustStore(String str) {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_INTERNAL_ENABLED, true);
        addSslProviderConfig(configuration, str);
        addInternalTrustStoreConfig(configuration);
        return configuration;
    }

    public static Configuration createInternalSslConfigWithKeyAndTrustStores(String str) {
        Configuration configuration = new Configuration();
        configuration.setBoolean(SecurityOptions.SSL_INTERNAL_ENABLED, true);
        addSslProviderConfig(configuration, str);
        addInternalKeyStoreConfig(configuration);
        addInternalTrustStoreConfig(configuration);
        return configuration;
    }

    public static String getCertificateFingerprint(Configuration configuration, String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        InputStream newInputStream = Files.newInputStream(new File(configuration.getString(SecurityOptions.SSL_INTERNAL_KEYSTORE)).toPath(), new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                keyStore.load(newInputStream, configuration.getString(SecurityOptions.SSL_INTERNAL_KEYSTORE_PASSWORD).toCharArray());
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                return getSha1Fingerprint(keyStore.getCertificate(str));
            } finally {
            }
        } catch (Throwable th3) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th3;
        }
    }

    public static String getRestCertificateFingerprint(Configuration configuration, String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        InputStream newInputStream = Files.newInputStream(new File(configuration.getString(SecurityOptions.SSL_REST_KEYSTORE)).toPath(), new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                keyStore.load(newInputStream, configuration.getString(SecurityOptions.SSL_REST_KEYSTORE_PASSWORD).toCharArray());
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                return getSha1Fingerprint(keyStore.getCertificate(str));
            } finally {
            }
        } catch (Throwable th3) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th3;
        }
    }

    private static void addSslProviderConfig(Configuration configuration, String str) {
        if (str.equalsIgnoreCase("OPENSSL")) {
            OpenSsl.ensureAvailability();
            configuration.setString(SecurityOptions.SSL_ALGORITHMS, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
        }
        configuration.setString(SecurityOptions.SSL_PROVIDER, str);
    }

    private static void addRestKeyStoreConfig(Configuration configuration) {
        configuration.setString(SecurityOptions.SSL_REST_KEYSTORE, KEY_STORE_PATH);
        configuration.setString(SecurityOptions.SSL_REST_KEYSTORE_PASSWORD, "password");
        configuration.setString(SecurityOptions.SSL_REST_KEY_PASSWORD, "password");
    }

    private static void addRestTrustStoreConfig(Configuration configuration) {
        configuration.setString(SecurityOptions.SSL_REST_TRUSTSTORE, TRUST_STORE_PATH);
        configuration.setString(SecurityOptions.SSL_REST_TRUSTSTORE_PASSWORD, "password");
    }

    private static void addInternalKeyStoreConfig(Configuration configuration) {
        configuration.setString(SecurityOptions.SSL_INTERNAL_KEYSTORE, KEY_STORE_PATH);
        configuration.setString(SecurityOptions.SSL_INTERNAL_KEYSTORE_PASSWORD, "password");
        configuration.setString(SecurityOptions.SSL_INTERNAL_KEY_PASSWORD, "password");
    }

    private static void addInternalTrustStoreConfig(Configuration configuration) {
        configuration.setString(SecurityOptions.SSL_INTERNAL_TRUSTSTORE, TRUST_STORE_PATH);
        configuration.setString(SecurityOptions.SSL_INTERNAL_TRUSTSTORE_PASSWORD, "password");
    }

    private static String getSha1Fingerprint(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            return toHexadecimalString(MessageDigest.getInstance("SHA1").digest(certificate.getEncoded()));
        } catch (NoSuchAlgorithmException | CertificateEncodingException e) {
            return null;
        }
    }

    private static String toHexadecimalString(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        int length = bArr.length;
        for (int i = 0; i < length; i++) {
            int i2 = bArr[i] & 255;
            if (i2 < 16) {
                sb.append('0');
            }
            sb.append(Integer.toHexString(i2));
            if (i < length - 1) {
                sb.append(':');
            }
        }
        return sb.toString().toUpperCase(Locale.US);
    }

    static {
        if (System.getProperty("flink.tests.with-openssl") == null) {
            AVAILABLE_SSL_PROVIDERS = Collections.singletonList("JDK");
        } else {
            Assertions.assertThat(OpenSsl.isAvailable()).isTrue();
            AVAILABLE_SSL_PROVIDERS = Arrays.asList("JDK", "OPENSSL");
        }
    }
}
