package io.confluent.kafka.schemaregistry.security.tools;

import io.confluent.kafka.schemaregistry.ClusterTestHarness;
import io.confluent.kafka.schemaregistry.security.authorizer.SchemaRegistryResourceOperation;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:io/confluent/kafka/schemaregistry/security/tools/SchemaRegistryAclCommandTest.class */
public class SchemaRegistryAclCommandTest extends ClusterTestHarness {
    private static final Map<String, Set<SchemaRegistryResourceOperation>> EMPTY_MAP = new HashMap();
    private static final Set<SchemaRegistryResourceOperation> EMPTY_SET = EnumSet.noneOf(SchemaRegistryResourceOperation.class);
    private String configFile;

    @Before
    public void setup() throws IOException {
        Properties properties = new Properties();
        properties.put("kafkastore.bootstrap.servers", this.bootstrapServers);
        File createTempFile = File.createTempFile("config", ".properties");
        createTempFile.deleteOnExit();
        properties.store(new FileOutputStream(createTempFile), "");
        this.configFile = createTempFile.getAbsolutePath();
    }

    @Test
    public void testAddAclForSubjectOperations() throws Exception {
        SchemaRegistryAclCommand schemaRegistryAclCommand = new SchemaRegistryAclCommand();
        processCommand(schemaRegistryAclCommand, new String[]{"--add", "--config", this.configFile, "--principal", "user1", "--operation", "SUBJECT_READ", "--subject", "subject1"});
        assertSubjectOperation(schemaRegistryAclCommand.subjectAllowedOperations, "user1", "subject1", SchemaRegistryResourceOperation.SUBJECT_READ, true);
        assertSubjectOperation(schemaRegistryAclCommand.subjectAllowedOperations, "user1", "subject1", SchemaRegistryResourceOperation.SUBJECT_WRITE, false);
        processCommand(schemaRegistryAclCommand, new String[]{"--add", "--config", this.configFile, "--principal", "user1", "--operation", "SUBJECT_WRITE", "--subject", "subject1"});
        assertSubjectOperation(schemaRegistryAclCommand.subjectAllowedOperations, "user1", "subject1", SchemaRegistryResourceOperation.SUBJECT_READ, true);
        assertSubjectOperation(schemaRegistryAclCommand.subjectAllowedOperations, "user1", "subject1", SchemaRegistryResourceOperation.SUBJECT_WRITE, true);
        processCommand(schemaRegistryAclCommand, new String[]{"--add", "--config", this.configFile, "--principal", "user2", "--operation", "SUBJECT_READ", "--subject", "*"});
        assertSubjectOperation(schemaRegistryAclCommand.subjectAllowedOperations, "user2", "*", SchemaRegistryResourceOperation.SUBJECT_READ, true);
        processCommand(schemaRegistryAclCommand, new String[]{"--add", "--config", this.configFile, "--principal", "*", "--operation", "SUBJECT_READ", "--subject", "subject3"});
        assertSubjectOperation(schemaRegistryAclCommand.subjectAllowedOperations, "*", "subject3", SchemaRegistryResourceOperation.SUBJECT_READ, true);
        processCommand(schemaRegistryAclCommand, new String[]{"--add", "--config", this.configFile, "--principal", "*", "--operation", "SUBJECT_DELETE", "--subject", "*"});
        assertSubjectOperation(schemaRegistryAclCommand.subjectAllowedOperations, "*", "*", SchemaRegistryResourceOperation.SUBJECT_DELETE, true);
    }

    @Test
    public void testAddAclForGlobalOperations() throws Exception {
        SchemaRegistryAclCommand schemaRegistryAclCommand = new SchemaRegistryAclCommand();
        processCommand(schemaRegistryAclCommand, new String[]{"--add", "--config", this.configFile, "--principal", "user1", "--operation", "GLOBAL_COMPATIBILITY_WRITE"});
        assertGlobalOperation(schemaRegistryAclCommand.globalAllowedOperations, "user1", SchemaRegistryResourceOperation.GLOBAL_COMPATIBILITY_WRITE, true);
        assertGlobalOperation(schemaRegistryAclCommand.globalAllowedOperations, "user2", SchemaRegistryResourceOperation.GLOBAL_COMPATIBILITY_WRITE, false);
        processCommand(schemaRegistryAclCommand, new String[]{"--add", "--config", this.configFile, "--principal", "user2", "--operation", "GLOBAL_COMPATIBILITY_WRITE"});
        assertGlobalOperation(schemaRegistryAclCommand.globalAllowedOperations, "user2", SchemaRegistryResourceOperation.GLOBAL_COMPATIBILITY_WRITE, true);
        processCommand(schemaRegistryAclCommand, new String[]{"--add", "--config", this.configFile, "--principal", "*", "--operation", "GLOBAL_COMPATIBILITY_READ"});
        assertGlobalOperation(schemaRegistryAclCommand.globalAllowedOperations, "*", SchemaRegistryResourceOperation.GLOBAL_COMPATIBILITY_READ, true);
    }

    @Test
    public void testAddAclForAllOperations() throws Exception {
        SchemaRegistryAclCommand schemaRegistryAclCommand = new SchemaRegistryAclCommand();
        processCommand(schemaRegistryAclCommand, new String[]{"--add", "--config", this.configFile, "--principal", "user1", "--operation", "*", "--subject", "subject1"});
        Iterator it = SchemaRegistryResourceOperation.SUBJECT_RESOURCE_OPERATIONS.iterator();
        while (it.hasNext()) {
            assertSubjectOperation(schemaRegistryAclCommand.subjectAllowedOperations, "user1", "subject1", (SchemaRegistryResourceOperation) it.next(), true);
        }
        Iterator it2 = SchemaRegistryResourceOperation.GLOBAL_RESOURCE_OPERATIONS.iterator();
        while (it2.hasNext()) {
            assertGlobalOperation(schemaRegistryAclCommand.globalAllowedOperations, "user1", (SchemaRegistryResourceOperation) it2.next(), true);
        }
    }

    @Test
    public void testRemoveAclForSubjectOperations() throws Exception {
        SchemaRegistryAclCommand schemaRegistryAclCommand = new SchemaRegistryAclCommand();
        processCommand(schemaRegistryAclCommand, new String[]{"--add", "--config", this.configFile, "--principal", "user1", "--principal", "user2", "--principal", "user3", "--operation", "SUBJECT_READ", "--subject", "subject1"});
        processCommand(schemaRegistryAclCommand, new String[]{"--remove", "--config", this.configFile, "--principal", "user1", "--operation", "SUBJECT_READ", "--subject", "subject1"});
        assertSubjectOperation(schemaRegistryAclCommand.subjectAllowedOperations, "user1", "subject1", SchemaRegistryResourceOperation.SUBJECT_READ, false);
        assertSubjectOperation(schemaRegistryAclCommand.subjectAllowedOperations, "user2", "subject1", SchemaRegistryResourceOperation.SUBJECT_READ, true);
        assertSubjectOperation(schemaRegistryAclCommand.subjectAllowedOperations, "user3", "subject1", SchemaRegistryResourceOperation.SUBJECT_READ, true);
        processCommand(schemaRegistryAclCommand, new String[]{"--remove", "--config", this.configFile, "--principal", "user2", "--operation", "SUBJECT_READ", "--subject", "subject1"});
        assertSubjectOperation(schemaRegistryAclCommand.subjectAllowedOperations, "user2", "subject1", SchemaRegistryResourceOperation.SUBJECT_READ, false);
        assertSubjectOperation(schemaRegistryAclCommand.subjectAllowedOperations, "user3", "subject1", SchemaRegistryResourceOperation.SUBJECT_READ, true);
    }

    @Test
    public void testRemoveAclForGlobalOperations() throws Exception {
        SchemaRegistryAclCommand schemaRegistryAclCommand = new SchemaRegistryAclCommand();
        processCommand(schemaRegistryAclCommand, new String[]{"--add", "--config", this.configFile, "--principal", "user1", "--principal", "user2", "--operation", "GLOBAL_COMPATIBILITY_WRITE"});
        processCommand(schemaRegistryAclCommand, new String[]{"--remove", "--config", this.configFile, "--principal", "user2", "--operation", "GLOBAL_COMPATIBILITY_WRITE"});
        assertGlobalOperation(schemaRegistryAclCommand.globalAllowedOperations, "user1", SchemaRegistryResourceOperation.GLOBAL_COMPATIBILITY_WRITE, true);
        assertGlobalOperation(schemaRegistryAclCommand.globalAllowedOperations, "user2", SchemaRegistryResourceOperation.GLOBAL_COMPATIBILITY_WRITE, false);
    }

    private void processCommand(SchemaRegistryAclCommand schemaRegistryAclCommand, String[] strArr) throws Exception {
        SchemaRegistryAclCommandOptions schemaRegistryAclCommandOptions = new SchemaRegistryAclCommandOptions(strArr);
        schemaRegistryAclCommandOptions.parseAndValidateArgs();
        schemaRegistryAclCommand.processCommand(schemaRegistryAclCommandOptions);
    }

    private void assertSubjectOperation(Map<String, Map<String, Set<SchemaRegistryResourceOperation>>> map, String str, String str2, SchemaRegistryResourceOperation schemaRegistryResourceOperation, boolean z) {
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(((Set) getOrDefault((Map) getOrDefault(map, str, EMPTY_MAP), str2, EMPTY_SET)).contains(schemaRegistryResourceOperation)));
    }

    private void assertGlobalOperation(Map<String, Set<SchemaRegistryResourceOperation>> map, String str, SchemaRegistryResourceOperation schemaRegistryResourceOperation, boolean z) {
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(((Set) getOrDefault(map, str, EMPTY_SET)).contains(schemaRegistryResourceOperation)));
    }

    private <T> T getOrDefault(Map<String, T> map, String str, T t) {
        return map.containsKey(str) ? map.get(str) : t;
    }
}
