package io.confluent.kafka.server.plugins.auth;

import io.confluent.kafka.multitenant.MultiTenantPrincipal;
import io.confluent.kafka.server.plugins.auth.stats.AuthenticationStats;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.sasl.SaslException;
import org.apache.kafka.common.errors.SaslAuthenticationException;
import org.apache.kafka.common.security.plain.internals.PlainServerCallbackHandler;
import org.apache.kafka.common.utils.Time;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
import org.mindrot.jbcrypt.BCrypt;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/kafka/server/plugins/auth/FileBasedPlainSaslAuthenticatorTest.class */
public class FileBasedPlainSaslAuthenticatorTest {
    private static final Logger log = LoggerFactory.getLogger(FileBasedPlainSaslAuthenticatorTest.class);
    private List<AppConfigurationEntry> jaasEntries;
    private SaslAuthenticator saslAuth;
    private final String bcryptPassword = "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe";

    @Rule
    public TemporaryFolder tempFolder = new TemporaryFolder();

    @Before
    public void setUp() throws Exception {
        String file = FileBasedPlainSaslAuthenticatorTest.class.getResource("/apikeys.json").getFile();
        HashMap hashMap = new HashMap();
        hashMap.put("config_path", file);
        hashMap.put("refresh_ms", "1000");
        this.jaasEntries = Collections.singletonList(new AppConfigurationEntry(FileBasedLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap));
        this.saslAuth = new FileBasedPlainSaslAuthenticator();
        this.saslAuth.initialize(this.jaasEntries);
        AuthenticationStats.getInstance().reset();
    }

    @Test
    public void testHashedPasswordAuth() throws Exception {
        MultiTenantPrincipal authenticate = this.saslAuth.authenticate("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe");
        Assert.assertEquals("23", authenticate.getName());
        Assert.assertEquals("rufus", authenticate.tenantMetadata().tenantName);
        Assert.assertEquals("rufus", authenticate.tenantMetadata().clusterId);
    }

    @Test
    public void testPlainPasswordAuth() throws Exception {
        for (int i = 0; i < 3; i++) {
            MultiTenantPrincipal authenticate = this.saslAuth.authenticate("pkey", "no hash");
            Assert.assertEquals("7", authenticate.getName());
            Assert.assertEquals("confluent", authenticate.tenantMetadata().tenantName);
            Assert.assertEquals("confluent", authenticate.tenantMetadata().clusterId);
        }
    }

    @Test
    public void testInvalidUser() throws Exception {
        for (int i = 0; i < 3; i++) {
            try {
                this.saslAuth.authenticate("no_user", "blah");
                Assert.fail();
            } catch (SaslAuthenticationException e) {
                Assert.assertEquals("Authentication failed: Invalid username or password", e.getMessage());
            }
        }
    }

    @Test
    public void testInvalidHashedPassword() throws Exception {
        for (int i = 0; i < 3; i++) {
            try {
                this.saslAuth.authenticate("bkey", "not right");
                Assert.fail();
            } catch (SaslAuthenticationException e) {
                Assert.assertEquals("Authentication failed: Invalid username or password", e.getMessage());
            }
        }
    }

    @Test
    public void testInvalidPlainPassword() throws Exception {
        try {
            this.saslAuth.authenticate("pkey", "not right");
            Assert.fail();
        } catch (SaslAuthenticationException e) {
            Assert.assertEquals("Authentication failed: Invalid username or password", e.getMessage());
        }
    }

    @Test
    public void testCheckpwPerSecond() throws Exception {
        Map.Entry entry = (Map.Entry) new SecretsLoader(FileBasedPlainSaslAuthenticator.configEntryOption(this.jaasEntries, "config_path", FileBasedLoginModule.class.getName()), 100000000L).get().entrySet().iterator().next();
        long j = 0;
        long milliseconds = Time.SYSTEM.milliseconds() + 1000;
        do {
            BCrypt.checkpw(((KeyConfigEntry) entry.getValue()).userId, ((KeyConfigEntry) entry.getValue()).hashedSecret);
            j++;
        } while (Time.SYSTEM.milliseconds() < milliseconds);
        double d = (milliseconds - r0) / 1000.0d;
        log.info("testCheckpwPerSecond: performed {} operations in {} seconds.  Average sec/op = {}", new Object[]{Long.valueOf(j), Double.valueOf(d), Double.valueOf(d / j)});
    }

    @Test
    public void testServerFactory() throws SaslException {
        FileBasedSaslServerFactory fileBasedSaslServerFactory = new FileBasedSaslServerFactory();
        PlainServerCallbackHandler plainServerCallbackHandler = new PlainServerCallbackHandler();
        Map emptyMap = Collections.emptyMap();
        plainServerCallbackHandler.configure(emptyMap, "PLAIN", this.jaasEntries);
        Assert.assertNotNull("Server not created", fileBasedSaslServerFactory.createSaslServer("PLAIN", "", "", emptyMap, plainServerCallbackHandler));
    }
}
