package io.confluent.common.security.auth;

import java.security.Principal;
import java.security.cert.X509Certificate;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.SecurityContext;
import org.apache.kafka.test.TestSslUtils;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:io/confluent/common/security/auth/JettyAuthenticationModuleTest.class */
public class JettyAuthenticationModuleTest {
    private static final String distinguishedName = "CN=restproxy/localhost@EXAMPLE.COM";
    private static X509Certificate CLIENT_CERT;

    @BeforeClass
    public static void generateCert() throws Exception {
        CLIENT_CERT = TestSslUtils.generateCertificate(distinguishedName, TestSslUtils.generateKeyPair("RSA"), 30, "SHA1withRSA");
    }

    @Test
    public void testReturnsCertificatePrincipal() {
        JettyAuthenticationModule jettyAuthenticationModule = new JettyAuthenticationModule();
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) Mockito.mock(ContainerRequestContext.class);
        Mockito.when(containerRequestContext.getSecurityContext()).thenReturn(new SecurityContext() { // from class: io.confluent.common.security.auth.JettyAuthenticationModuleTest.1
            public Principal getUserPrincipal() {
                return new CertificatePrincipal("testUser", new X509Certificate[]{JettyAuthenticationModuleTest.CLIENT_CERT}[0]);
            }

            public boolean isUserInRole(String str) {
                return false;
            }

            public boolean isSecure() {
                return false;
            }

            public String getAuthenticationScheme() {
                return "JETTY";
            }
        });
        Principal authenticate = jettyAuthenticationModule.authenticate(containerRequestContext);
        Assert.assertEquals("testUser", authenticate.getName());
        Assert.assertEquals(CertificatePrincipal.class, authenticate.getClass());
    }

    @Test
    public void testReturnsRestUserPrincipal() {
        JettyAuthenticationModule jettyAuthenticationModule = new JettyAuthenticationModule();
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) Mockito.mock(ContainerRequestContext.class);
        final JwtPrincipal jwtPrincipal = (JwtPrincipal) Mockito.mock(JwtPrincipal.class);
        Mockito.when(containerRequestContext.getSecurityContext()).thenReturn(new SecurityContext() { // from class: io.confluent.common.security.auth.JettyAuthenticationModuleTest.2
            public Principal getUserPrincipal() {
                return jwtPrincipal;
            }

            public boolean isUserInRole(String str) {
                return false;
            }

            public boolean isSecure() {
                return false;
            }

            public String getAuthenticationScheme() {
                return "JETTY";
            }
        });
        ((JwtPrincipal) Mockito.doReturn("testTokenUser").when(jwtPrincipal)).getName();
        Principal authenticate = jettyAuthenticationModule.authenticate(containerRequestContext);
        Assert.assertEquals("testTokenUser", authenticate.getName());
        Assert.assertEquals(RestUserPrincipal.class, authenticate.getClass());
    }
}
