package io.confluent.kafka.server.plugins.auth;

import io.confluent.kafka.multitenant.MultiTenantPrincipal;
import io.confluent.kafka.server.plugins.auth.stats.AuthenticationStats;
import org.apache.kafka.common.errors.SaslAuthenticationException;
import org.apache.kafka.common.security.JaasContext;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
import org.mockito.Mockito;

/* loaded from: input_file:io/confluent/kafka/server/plugins/auth/FileBasedPlainSaslAuthenticatorTest.class */
public class FileBasedPlainSaslAuthenticatorTest {
    private JaasContext mockJaasCtxt;
    private SaslAuthenticator saslAuth;
    private final String bcryptPassword = "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe";

    @Rule
    public TemporaryFolder tempFolder = new TemporaryFolder();

    @Before
    public void setUp() throws Exception {
        String file = FileBasedPlainSaslAuthenticatorTest.class.getResource("/apikeys.json").getFile();
        this.mockJaasCtxt = (JaasContext) Mockito.mock(JaasContext.class);
        Mockito.when(this.mockJaasCtxt.configEntryOption("config_path", FileBasedLoginModule.class.getName())).thenReturn(file);
        Mockito.when(this.mockJaasCtxt.configEntryOption("refresh_ms", FileBasedLoginModule.class.getName())).thenReturn("1000");
        this.saslAuth = new FileBasedPlainSaslAuthenticator();
        this.saslAuth.initialize(this.mockJaasCtxt);
        AuthenticationStats.getInstance().reset();
    }

    @Test
    public void testHashedPasswordAuth() throws Exception {
        MultiTenantPrincipal authenticate = this.saslAuth.authenticate("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe");
        Assert.assertEquals("23", authenticate.getName());
        Assert.assertEquals("rufus", authenticate.tenantMetadata().tenantName);
        Assert.assertEquals("rufus", authenticate.tenantMetadata().clusterId);
    }

    @Test
    public void testPlainPasswordAuth() throws Exception {
        MultiTenantPrincipal authenticate = this.saslAuth.authenticate("pkey", "no hash");
        Assert.assertEquals("7", authenticate.getName());
        Assert.assertEquals("confluent", authenticate.tenantMetadata().tenantName);
        Assert.assertEquals("confluent", authenticate.tenantMetadata().clusterId);
    }

    @Test
    public void testInvalidUser() throws Exception {
        try {
            this.saslAuth.authenticate("no_user", "blah");
            Assert.fail();
        } catch (SaslAuthenticationException e) {
            Assert.assertEquals("Authentication failed: Invalid username or password", e.getMessage());
        }
    }

    @Test
    public void testInvalidHashedPassword() throws Exception {
        try {
            this.saslAuth.authenticate("bkey", "not right");
            Assert.fail();
        } catch (SaslAuthenticationException e) {
            Assert.assertEquals("Authentication failed: Invalid username or password", e.getMessage());
        }
    }

    @Test
    public void testInvalidPlainPassword() throws Exception {
        try {
            this.saslAuth.authenticate("pkey", "not right");
            Assert.fail();
        } catch (SaslAuthenticationException e) {
            Assert.assertEquals("Authentication failed: Invalid username or password", e.getMessage());
        }
    }
}
