package io.confluent.kafka.schemaregistry.security.permissions;

import io.confluent.kafka.schemaregistry.security.authorizer.AbstractSchemaRegistryAuthorizer;
import io.confluent.kafka.schemaregistry.security.authorizer.AuthorizeRequest;
import io.confluent.kafka.schemaregistry.security.authorizer.SchemaRegistryResourceOperation;
import io.confluent.kafka.schemaregistry.security.authorizer.rbac.SchemaRegistryOperations;
import io.confluent.kafka.schemaregistry.security.permissions.entities.Permissions;
import io.confluent.kafka.schemaregistry.security.permissions.entities.PermittedOperations;
import io.confluent.security.authorizer.Scope;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.container.ContainerRequestContext;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:io/confluent/kafka/schemaregistry/security/permissions/PermissionsBuilderTest.class */
public class PermissionsBuilderTest {
    protected static final Principal PRINCIPAL = new KafkaPrincipal("User", "Michael Galluzo");
    protected static final Scope DUMMY_SCOPE = new Scope.Builder(new String[0]).withKafkaCluster("kafka6").withCluster("schema-registry-cluster", "schema-registry9").build();

    /* loaded from: input_file:io/confluent/kafka/schemaregistry/security/permissions/PermissionsBuilderTest$MockAuthorizer.class */
    private static class MockAuthorizer extends AbstractSchemaRegistryAuthorizer {
        private final Map<String, Set<SchemaRegistryResourceOperation>> permittedSubjectOperations;
        private final Map<String, Set<SchemaRegistryResourceOperation>> permittedKekOperations;
        private final Set<SchemaRegistryResourceOperation> permittedGlobalOperations;

        private MockAuthorizer() {
            this.permittedSubjectOperations = new HashMap();
            this.permittedKekOperations = new HashMap();
            this.permittedGlobalOperations = new HashSet();
        }

        public void allowSubjectOperations(String str, Collection<SchemaRegistryResourceOperation> collection) {
            this.permittedSubjectOperations.computeIfAbsent(str, str2 -> {
                return new HashSet();
            }).addAll(collection);
        }

        public void allowSubjectOperations(String str, SchemaRegistryResourceOperation... schemaRegistryResourceOperationArr) {
            allowSubjectOperations(str, Arrays.asList(schemaRegistryResourceOperationArr));
        }

        public void allowKekOperations(String str, Collection<SchemaRegistryResourceOperation> collection) {
            this.permittedKekOperations.computeIfAbsent(str, str2 -> {
                return new HashSet();
            }).addAll(collection);
        }

        public void allowKekOperations(String str, SchemaRegistryResourceOperation... schemaRegistryResourceOperationArr) {
            allowKekOperations(str, Arrays.asList(schemaRegistryResourceOperationArr));
        }

        public void allowGlobalOperations(Collection<SchemaRegistryResourceOperation> collection) {
            this.permittedGlobalOperations.addAll(collection);
        }

        public void allowGlobalOperations(SchemaRegistryResourceOperation... schemaRegistryResourceOperationArr) {
            allowGlobalOperations(Arrays.asList(schemaRegistryResourceOperationArr));
        }

        public boolean authorizeGlobalOperation(String str, SchemaRegistryResourceOperation schemaRegistryResourceOperation, AuthorizeRequest authorizeRequest) {
            return this.permittedGlobalOperations.contains(schemaRegistryResourceOperation);
        }

        public boolean authorizeSubjectOperation(String str, String str2, SchemaRegistryResourceOperation schemaRegistryResourceOperation, AuthorizeRequest authorizeRequest) {
            return this.permittedSubjectOperations.getOrDefault(str2, Collections.emptySet()).contains(schemaRegistryResourceOperation);
        }

        public boolean authorizeKekOperation(String str, String str2, SchemaRegistryResourceOperation schemaRegistryResourceOperation, AuthorizeRequest authorizeRequest) {
            return this.permittedKekOperations.getOrDefault(str2, Collections.emptySet()).contains(schemaRegistryResourceOperation);
        }
    }

    @Test
    public void ensureRequestsAreAuthorizedInCorrectOrder() throws Exception {
        PermissionsBuilder permissionsBuilder = new PermissionsBuilder(PRINCIPAL);
        HashSet<String> hashSet = new HashSet(Arrays.asList("music", "math", "history", "physical education"));
        MockAuthorizer mockAuthorizer = new MockAuthorizer();
        mockAuthorizer.allowSubjectOperations("music", SchemaRegistryResourceOperation.SUBJECT_READ, SchemaRegistryResourceOperation.SUBJECT_WRITE, SchemaRegistryResourceOperation.SUBJECT_DELETE, SchemaRegistryResourceOperation.SUBJECT_COMPATIBILITY_READ, SchemaRegistryResourceOperation.SUBJECT_COMPATIBILITY_WRITE);
        mockAuthorizer.allowSubjectOperations("math", SchemaRegistryResourceOperation.SUBJECT_COMPATIBILITY_READ, SchemaRegistryResourceOperation.SUBJECT_COMPATIBILITY_WRITE);
        mockAuthorizer.allowSubjectOperations("history", SchemaRegistryResourceOperation.SUBJECT_READ, SchemaRegistryResourceOperation.SUBJECT_WRITE);
        mockAuthorizer.allowGlobalOperations(SchemaRegistryResourceOperation.GLOBAL_COMPATIBILITY_READ);
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap2.put("music", new PermittedOperations(new String[]{SchemaRegistryOperations.READ.toString(), SchemaRegistryOperations.WRITE.toString(), SchemaRegistryOperations.DELETE.toString(), SchemaRegistryOperations.READ_COMPATIBILITY.toString(), SchemaRegistryOperations.WRITE_COMPATIBILITY.toString()}));
        hashMap2.put("math", new PermittedOperations(new String[]{SchemaRegistryOperations.READ_COMPATIBILITY.toString(), SchemaRegistryOperations.WRITE_COMPATIBILITY.toString()}));
        hashMap2.put("history", new PermittedOperations(new String[]{SchemaRegistryOperations.READ.toString(), SchemaRegistryOperations.WRITE.toString()}));
        hashMap2.put("__GLOBAL", new PermittedOperations(new String[]{SchemaRegistryOperations.READ_COMPATIBILITY.toString()}));
        hashMap.put(SchemaRegistryOperations.SUBJECT_RESOURCE, hashMap2);
        Permissions permissions = new Permissions(hashMap, DUMMY_SCOPE);
        for (String str : hashSet) {
            permissionsBuilder.withRequests(SchemaRegistryOperations.SUBJECT_RESOURCE, str, (List) SchemaRegistryResourceOperation.SUBJECT_RESOURCE_OPERATIONS.stream().map(schemaRegistryResourceOperation -> {
                return subjectRequest(str, schemaRegistryResourceOperation);
            }).collect(Collectors.toList()));
        }
        permissionsBuilder.withRequests(SchemaRegistryOperations.SUBJECT_RESOURCE, "__GLOBAL", (List) Stream.of((Object[]) new SchemaRegistryResourceOperation[]{SchemaRegistryResourceOperation.GLOBAL_COMPATIBILITY_READ, SchemaRegistryResourceOperation.GLOBAL_COMPATIBILITY_WRITE}).map(PermissionsBuilderTest::globalRequest).collect(Collectors.toList()));
        Permissions build = permissionsBuilder.withAuthorizer(mockAuthorizer).withScope(DUMMY_SCOPE).build();
        Assert.assertEquals(permissions, build);
        Assert.assertEquals(DUMMY_SCOPE, build.getScope());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static AuthorizeRequest subjectRequest(String str, SchemaRegistryResourceOperation schemaRegistryResourceOperation) {
        return new AuthorizeRequest(PRINCIPAL, str, schemaRegistryResourceOperation, (ContainerRequestContext) null, (HttpServletRequest) null);
    }

    private static AuthorizeRequest globalRequest(SchemaRegistryResourceOperation schemaRegistryResourceOperation) {
        return new AuthorizeRequest(PRINCIPAL, (String) null, schemaRegistryResourceOperation, (ContainerRequestContext) null, (HttpServletRequest) null);
    }
}
