package io.confluent.security.integration;

import io.confluent.common.security.SecureTestUtils;
import io.confluent.kafkarest.integration.ClusterTestHarness;
import java.util.Properties;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Response;
import kafka.utils.TestUtils;
import org.apache.kafka.common.acl.AclOperation;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:io/confluent/security/integration/SslTopicResourceTest.class */
public class SslTopicResourceTest extends ClusterTestHarness {
    private static final String TOPIC = "topic-1";
    private final KafkaRestSslClusterTestHarnessUtil sslUtil = new KafkaRestSslClusterTestHarnessUtil();

    public void setUp() throws Exception {
        super.setUp();
        TestUtils.waitUntilTrue(() -> {
            return Boolean.valueOf(request("/topics").get().getStatus() != 402);
        }, () -> {
            return "Fail to fetch a valid license";
        }, 5000L, 100L);
    }

    protected String getRestConnectString(int i) {
        return this.sslUtil.getRestConnectString(i);
    }

    protected void overrideKafkaRestConfigs(Properties properties) {
        this.sslUtil.overrideKafkaRestConfigs(properties);
        properties.put("bootstrap.servers", this.brokerList);
        properties.setProperty("confluent.license.bootstrap.servers", this.plaintextBrokerList);
        properties.setProperty("confluent.license.security.protocol", "PLAINTEXT");
    }

    protected Properties getBrokerProperties(int i) {
        return this.sslUtil.getBrokerProperties(i, this.zkConnect);
    }

    public Properties overrideBrokerProperties(int i, Properties properties) {
        properties.put("delete.topic.enable", true);
        return properties;
    }

    protected Client getClient() {
        return this.sslUtil.getClient();
    }

    protected SecurityProtocol getBrokerSecurityProtocol() {
        return SecurityProtocol.SSL;
    }

    protected void setupAcls() {
        SecureTestUtils.addClusterACLs(this.zkConnect, this.sslUtil.clientCerts.get(2).getSubjectX500Principal().getName(), new AclOperation[]{AclOperation.ALL});
        SecureTestUtils.addTopicACLs(this.zkConnect, "*", this.sslUtil.clientCerts.get(2).getSubjectX500Principal().getName(), new AclOperation[]{AclOperation.DESCRIBE});
        SecureTestUtils.addTopicACLs(this.zkConnect, "*", this.sslUtil.clientCerts.get(2).getSubjectX500Principal().getName(), new AclOperation[]{AclOperation.DELETE});
        SecureTestUtils.setProduceACls(this.zkConnect, "_confluent-command", KafkaPrincipal.ANONYMOUS.getName());
        SecureTestUtils.setConsumerACls(this.zkConnect, "_confluent-command", KafkaPrincipal.ANONYMOUS.getName(), "*");
    }

    @Test
    public void listTopics_returnsTopic() {
        String clusterId = getClusterId();
        createTopic(TOPIC, 1, (short) 1);
        Response response = request("/v3/clusters/" + clusterId + "/topics").accept(new String[]{"application/json"}).get();
        Assert.assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
        Assert.assertTrue(((String) response.readEntity(String.class)).contains("\"topic_name\":\"topic-1\""));
    }

    @Test
    public void listTopics_unauthorized_doesNotReturnTopic() {
        String clusterId = getClusterId();
        createTopic(TOPIC, 1, (short) 1);
        Response response = this.sslUtil.getClient(this.sslUtil.clientCerts.subList(0, 1), this.sslUtil.keyPairs.subList(0, 1)).target(this.restConnect).path("/v3/clusters/" + clusterId + "/topics").request().accept(new String[]{"application/json"}).get();
        Assert.assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
        Assert.assertFalse(((String) response.readEntity(String.class)).contains(TOPIC));
        Response response2 = this.sslUtil.getClient(this.sslUtil.clientCerts.subList(2, 3), this.sslUtil.keyPairs.subList(2, 3)).target(this.restConnect).path("/v3/clusters/" + clusterId + "/topics").request().accept(new String[]{"application/json"}).get();
        Assert.assertEquals(Response.Status.OK.getStatusCode(), response2.getStatus());
        Assert.assertTrue(((String) response2.readEntity(String.class)).contains(TOPIC));
    }

    @Test
    public void getTopic_returnsTopic() {
        String clusterId = getClusterId();
        createTopic(TOPIC, 1, (short) 1);
        Response response = request("/v3/clusters/" + clusterId + "/topics/" + TOPIC).accept(new String[]{"application/json"}).get();
        Assert.assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
        Assert.assertTrue(((String) response.readEntity(String.class)).contains("\"topic_name\":\"topic-1\""));
    }

    @Test
    public void createTopic_createsTopic() {
        Assert.assertEquals(Response.Status.CREATED.getStatusCode(), request("/v3/clusters/" + getClusterId() + "/topics").accept(new String[]{"application/json"}).post(Entity.entity("{\"topic_name\":\"topic-1\",\"partitions_count\":1,\"replication_factor\":1}", "application/json")).getStatus());
        Assert.assertTrue(getTopicNames().contains(TOPIC));
    }

    @Test
    public void deleteTopic_deletesTopic() {
        String clusterId = getClusterId();
        createTopic(TOPIC, 1, (short) 1);
        Response delete = request("/v3/clusters/" + clusterId + "/topics/" + TOPIC).accept(new String[]{"application/json"}).delete();
        Assert.assertEquals(Response.Status.NO_CONTENT.getStatusCode(), delete.getStatus());
        Assert.assertTrue(((String) delete.readEntity(String.class)).isEmpty());
        Assert.assertFalse(getTopicNames().contains(TOPIC));
    }
}
