package io.confluent.common.security.jetty;

import io.confluent.common.security.auth.CertificatePrincipal;
import io.confluent.common.security.auth.JwtPrincipal;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.Set;
import java.util.stream.Stream;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerToken;
import org.easymock.EasyMock;
import org.easymock.EasyMockSupport;
import org.eclipse.jetty.security.IdentityService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.server.UserIdentity;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:io/confluent/common/security/jetty/CompositeLoginServiceTest.class */
public class CompositeLoginServiceTest extends EasyMockSupport {
    private static final OAuthBearerToken TOKEN = new OAuthBearerToken() { // from class: io.confluent.common.security.jetty.CompositeLoginServiceTest.1
        public String value() {
            return "test-token";
        }

        public Long startTimeMs() {
            return null;
        }

        public Set<String> scope() {
            return Collections.emptySet();
        }

        public String principalName() {
            return "test";
        }

        public long lifetimeMs() {
            return 0L;
        }
    };
    private IdentityService mockIdentityService;
    private UserIdentity mockIdentity;
    private HttpServletRequest mockRequest;
    private HttpServletResponse mockResponse;
    private LoginService mockHttpLoginService;
    private LoginService mockX509LoginService;
    private CompositeLoginService loginService;

    @Before
    public void setup() {
        this.mockIdentityService = (IdentityService) createMock(IdentityService.class);
        this.mockIdentity = (UserIdentity) createMock(UserIdentity.class);
        this.mockRequest = (HttpServletRequest) createMock(HttpServletRequest.class);
        this.mockResponse = (HttpServletResponse) createMock(HttpServletResponse.class);
        this.mockHttpLoginService = (LoginService) createMock(LoginService.class);
        this.mockHttpLoginService.setIdentityService((IdentityService) EasyMock.anyObject());
        this.mockX509LoginService = (LoginService) createMock(LoginService.class);
        this.mockX509LoginService.setIdentityService((IdentityService) EasyMock.anyObject());
        this.loginService = new CompositeLoginService(this.mockHttpLoginService, this.mockX509LoginService);
    }

    @Test
    public void testJwtLogin() throws Exception {
        Subject subject = new Subject();
        subject.getPrincipals().add(new JwtPrincipal(TOKEN));
        EasyMock.expect(this.mockIdentity.getSubject()).andReturn(subject).anyTimes();
        EasyMock.expect(this.mockHttpLoginService.login("test", "test-token", this.mockRequest)).andReturn(this.mockIdentity).once();
        EasyMock.expect(Boolean.valueOf(this.mockHttpLoginService.validate(this.mockIdentity))).andReturn(true).once();
        this.mockHttpLoginService.logout(this.mockIdentity);
        EasyMock.expectLastCall().once();
        replayAll();
        this.loginService.setIdentityService(this.mockIdentityService);
        UserIdentity login = this.loginService.login("test", "test-token", this.mockRequest);
        Assert.assertEquals(this.mockIdentity, login);
        this.loginService.validate(login);
        this.loginService.logout(login);
        verifyAll();
    }

    @Test
    public void testCertificateLogin() throws Exception {
        X509Certificate x509Certificate = loadCertificateChain("/certificates/test.p12", "changeit", "test")[0];
        Subject subject = new Subject();
        subject.getPrincipals().add(new CertificatePrincipal("test", x509Certificate));
        EasyMock.expect(this.mockIdentity.getSubject()).andReturn(subject).anyTimes();
        EasyMock.expect(this.mockX509LoginService.login("CN=Test,O=Confluent,C=US", x509Certificate, this.mockRequest)).andReturn(this.mockIdentity).once();
        EasyMock.expect(Boolean.valueOf(this.mockX509LoginService.validate(this.mockIdentity))).andReturn(true).once();
        this.mockX509LoginService.logout(this.mockIdentity);
        EasyMock.expectLastCall().once();
        replayAll();
        this.loginService.setIdentityService(this.mockIdentityService);
        UserIdentity login = this.loginService.login("CN=Test,O=Confluent,C=US", x509Certificate, this.mockRequest);
        Assert.assertEquals(this.mockIdentity, login);
        this.loginService.validate(login);
        this.loginService.logout(login);
        verifyAll();
    }

    private X509Certificate[] loadCertificateChain(String str, String str2, String str3) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("pkcs12");
        keyStore.load(getClass().getResourceAsStream(str), str2.toCharArray());
        Stream stream = Arrays.stream(keyStore.getCertificateChain(str3));
        Class<X509Certificate> cls = X509Certificate.class;
        X509Certificate.class.getClass();
        return (X509Certificate[]) stream.map((v1) -> {
            return r1.cast(v1);
        }).toArray(i -> {
            return new X509Certificate[i];
        });
    }
}
