package io.confluent.kafka.server.plugins.auth;

import io.confluent.kafka.multitenant.MultiTenantPrincipal;
import io.confluent.kafka.multitenant.TenantMetadata;
import io.confluent.kafka.server.plugins.auth.stats.AuthenticationStats;
import java.lang.management.ManagementFactory;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Set;
import javax.management.MBeanAttributeInfo;
import javax.management.MBeanInfo;
import javax.management.MBeanServer;
import javax.management.ObjectInstance;
import javax.management.ObjectName;
import javax.management.QueryExp;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.sasl.SaslException;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;

/* loaded from: input_file:io/confluent/kafka/server/plugins/auth/PlainSaslServerTest.class */
public class PlainSaslServerTest {
    private List<AppConfigurationEntry> jaasEntries;
    private SaslAuthenticator mockSaslAuth;
    private PlainSaslServer saslServer;
    private static AuthenticationStats stats = AuthenticationStats.getInstance();

    @Before
    public void setUp() throws Exception {
        this.jaasEntries = Collections.emptyList();
        this.mockSaslAuth = (SaslAuthenticator) Mockito.mock(SaslAuthenticator.class);
        this.saslServer = new PlainSaslServer(this.jaasEntries, this.mockSaslAuth);
        stats.reset();
    }

    @Test
    public void shouldNotAllowImpersonation() throws Exception {
        try {
            this.saslServer.evaluateResponse("impersonating��foo��bar".getBytes());
            Assert.fail();
        } catch (SaslException e) {
            Assert.assertTrue(e.getMessage().contains("Impersonation is not allowed"));
        }
    }

    @Test
    public void authSucceedsWithMetrics() throws Exception {
        configureUser("foo", "bar", "tenant1");
        this.saslServer.evaluateResponse("��foo��bar".getBytes());
        Assert.assertEquals(1L, stats.getSucceeded());
        Assert.assertEquals(0L, stats.getFailed());
        Assert.assertEquals(1L, stats.getTotal());
    }

    @Test
    public void authFailsWithMetrics() throws Exception {
        ((SaslAuthenticator) Mockito.doThrow(new SaslException("Top level msg", new Exception("Detailed cause"))).when(this.mockSaslAuth)).authenticate("foo", "bar");
        try {
            this.saslServer.evaluateResponse("��foo��bar".getBytes());
            Assert.fail();
        } catch (SaslException e) {
        }
        Assert.assertEquals(0L, stats.getSucceeded());
        Assert.assertEquals(1L, stats.getFailed());
        Assert.assertEquals(1L, stats.getTotal());
    }

    @Test
    public void nullCauseIsOK() throws Exception {
        ((SaslAuthenticator) Mockito.doThrow(new SaslException("Top level msg", (Throwable) null)).when(this.mockSaslAuth)).authenticate("foo", "bar");
        try {
            this.saslServer.evaluateResponse("��foo��bar".getBytes());
            Assert.fail();
        } catch (SaslException e) {
        }
        Assert.assertEquals(0L, stats.getSucceeded());
        Assert.assertEquals(1L, stats.getFailed());
        Assert.assertEquals(1L, stats.getTotal());
    }

    @Test
    public void parseFailsWithMetrics() throws Exception {
        try {
            this.saslServer.evaluateResponse("garbage".getBytes());
            Assert.fail();
        } catch (SaslException e) {
        }
        Assert.assertEquals(0L, stats.getSucceeded());
        Assert.assertEquals(1L, stats.getFailed());
        Assert.assertEquals(1L, stats.getTotal());
    }

    @Test
    public void metricsInJMX() throws Exception {
        configureUser("foo", "bar", "tenant1");
        for (int i = 0; i < 7; i++) {
            this.saslServer.evaluateResponse("��foo��bar".getBytes());
        }
        MBeanServer platformMBeanServer = ManagementFactory.getPlatformMBeanServer();
        Set queryMBeans = platformMBeanServer.queryMBeans(new ObjectName("io.confluent.kafka.server.plugins:type=Authentication"), (QueryExp) null);
        Assert.assertEquals(1L, queryMBeans.size());
        ObjectInstance objectInstance = (ObjectInstance) queryMBeans.toArray()[0];
        MBeanInfo mBeanInfo = platformMBeanServer.getMBeanInfo(objectInstance.getObjectName());
        HashMap hashMap = new HashMap();
        for (MBeanAttributeInfo mBeanAttributeInfo : mBeanInfo.getAttributes()) {
            hashMap.put(mBeanAttributeInfo.getName(), platformMBeanServer.getAttribute(objectInstance.getObjectName(), mBeanAttributeInfo.getName()));
        }
        Assert.assertEquals(7L, hashMap.get("Succeeded"));
        Assert.assertEquals(0L, hashMap.get("Failed"));
        Assert.assertEquals(7L, hashMap.get("Total"));
    }

    private void configureUser(final String str, String str2, final String str3) throws SaslException {
        ((SaslAuthenticator) Mockito.doAnswer(new Answer<MultiTenantPrincipal>() { // from class: io.confluent.kafka.server.plugins.auth.PlainSaslServerTest.1
            /* renamed from: answer, reason: merged with bridge method [inline-methods] */
            public MultiTenantPrincipal m2answer(InvocationOnMock invocationOnMock) throws Throwable {
                return new MultiTenantPrincipal(str, new TenantMetadata(str3, str3));
            }
        }).when(this.mockSaslAuth)).authenticate(str, str2);
    }
}
