package io.confluent.kafka.schemaregistry.security.authorizer.rbac;

import com.amazonaws.util.Base64;
import io.confluent.security.auth.client.provider.HttpCredentialProvider;
import io.confluent.security.auth.client.rest.RestClient;
import java.util.Collections;
import java.util.Set;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.kafka.common.errors.AuthenticationException;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerToken;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.runners.MockitoJUnitRunner;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:io/confluent/kafka/schemaregistry/security/authorizer/rbac/MdsBasicAuthProviderTest.class */
public class MdsBasicAuthProviderTest {
    protected static final String USER_INFO = "srUser:srPassword";
    protected static final String encodedUserInfo = Base64.encodeAsString(USER_INFO.getBytes());
    protected static final long TOKEN_DURATION_MS = 2000;
    protected static final long FAILED_TOKEN_REFRESH_RETRY_DELAY_MS = 10000;
    protected MdsBasicAuthProvider mdsBasicAuthProvider;

    @Mock
    protected RestClient restClient;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/confluent/kafka/schemaregistry/security/authorizer/rbac/MdsBasicAuthProviderTest$TestToken.class */
    public static class TestToken implements OAuthBearerToken {
        private final long lifetimeMs;
        private final Long startTimeMs;
        private final String value;

        public TestToken(String str, long j) {
            this(str, Long.valueOf(System.currentTimeMillis()), j);
        }

        public TestToken(String str, Long l, long j) {
            this.value = str;
            this.startTimeMs = l;
            this.lifetimeMs = l.longValue() + j;
        }

        public String value() {
            return this.value;
        }

        public Set<String> scope() {
            return Collections.emptySet();
        }

        public long lifetimeMs() {
            return this.lifetimeMs;
        }

        public String principalName() {
            return "mockPrincipalName";
        }

        public Long startTimeMs() {
            return this.startTimeMs;
        }
    }

    @Before
    public void setUp() {
        Mockito.reset(new RestClient[]{this.restClient});
        this.mdsBasicAuthProvider = new MdsBasicAuthProvider(this.restClient);
    }

    @Test
    public void testSuccessfulTokenRefresh() throws InterruptedException {
        AtomicInteger atomicInteger = new AtomicInteger();
        Mockito.when(this.restClient.login()).then(invocationOnMock -> {
            return new TestToken("token" + atomicInteger.incrementAndGet(), TOKEN_DURATION_MS);
        });
        this.mdsBasicAuthProvider.configure(Collections.singletonMap("confluent.metadata.basic.auth.user.info", USER_INFO));
        Assert.assertEquals(this.mdsBasicAuthProvider.getUserInfo(), encodedUserInfo);
        waitForInitialToken(this.mdsBasicAuthProvider);
        HttpCredentialProvider credentialProvider = this.mdsBasicAuthProvider.getCredentialProvider();
        Assert.assertEquals("Bearer", credentialProvider.getScheme());
        Assert.assertEquals("token1", credentialProvider.getCredentials());
        Thread.sleep(TOKEN_DURATION_MS);
        HttpCredentialProvider credentialProvider2 = this.mdsBasicAuthProvider.getCredentialProvider();
        Assert.assertEquals("Bearer", credentialProvider2.getScheme());
        Assert.assertEquals("token2", credentialProvider2.getCredentials());
        ((RestClient) Mockito.verify(this.restClient, Mockito.times(2))).login();
        this.mdsBasicAuthProvider.close();
        ((RestClient) Mockito.verify(this.restClient)).close();
    }

    @Test
    public void testLoginFail() throws InterruptedException {
        Mockito.when(this.restClient.login()).thenThrow(new Throwable[]{new AuthenticationException("Failed to authenticate")});
        this.mdsBasicAuthProvider.configure(Collections.singletonMap("confluent.metadata.basic.auth.user.info", USER_INFO));
        waitForInitialToken(this.mdsBasicAuthProvider);
        ((RestClient) Mockito.verify(this.restClient, Mockito.times(1))).login();
        HttpCredentialProvider credentialProvider = this.mdsBasicAuthProvider.getCredentialProvider();
        Assert.assertEquals("Basic", credentialProvider.getScheme());
        Assert.assertEquals(encodedUserInfo, credentialProvider.getCredentials());
    }

    @Test
    public void testLoginSucceedThenFailThenSucceed() throws InterruptedException {
        Mockito.when(this.restClient.login()).thenReturn(new TestToken("token1", TOKEN_DURATION_MS)).thenThrow(new Throwable[]{new AuthenticationException("Failed to authenticate")}).then(invocationOnMock -> {
            return new TestToken("token2", TOKEN_DURATION_MS);
        });
        this.mdsBasicAuthProvider.configure(Collections.singletonMap("confluent.metadata.basic.auth.user.info", USER_INFO));
        waitForInitialToken(this.mdsBasicAuthProvider);
        HttpCredentialProvider credentialProvider = this.mdsBasicAuthProvider.getCredentialProvider();
        Assert.assertEquals("Bearer", credentialProvider.getScheme());
        Assert.assertEquals("token1", credentialProvider.getCredentials());
        Thread.sleep(TOKEN_DURATION_MS);
        HttpCredentialProvider credentialProvider2 = this.mdsBasicAuthProvider.getCredentialProvider();
        Assert.assertEquals("Basic", credentialProvider2.getScheme());
        Assert.assertEquals(encodedUserInfo, credentialProvider2.getCredentials());
        Thread.sleep(FAILED_TOKEN_REFRESH_RETRY_DELAY_MS);
        HttpCredentialProvider credentialProvider3 = this.mdsBasicAuthProvider.getCredentialProvider();
        Assert.assertEquals("Bearer", credentialProvider3.getScheme());
        Assert.assertEquals("token2", credentialProvider3.getCredentials());
        ((RestClient) Mockito.verify(this.restClient, Mockito.times(3))).login();
    }

    static void waitForInitialToken(MdsBasicAuthProvider mdsBasicAuthProvider) throws InterruptedException {
        String bearerToken = mdsBasicAuthProvider.getBearerToken();
        for (int i = 0; i < 4 && bearerToken == null; i++) {
            Thread.sleep(500L);
            bearerToken = mdsBasicAuthProvider.getBearerToken();
        }
    }
}
