package io.confluent.kafka.clients.plugins.auth.token;

import io.confluent.kafka.common.multitenant.oauth.OAuthBearerJwsToken;
import io.confluent.security.auth.client.rest.RestClient;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import org.apache.kafka.common.config.ConfigException;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.security.JaasContext;
import org.apache.kafka.common.security.auth.SaslExtensionsCallback;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerToken;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback;
import org.easymock.EasyMock;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.powermock.api.easymock.PowerMock;
import org.powermock.core.classloader.annotations.PrepareForTest;
import org.powermock.modules.junit4.PowerMockRunner;

@PrepareForTest({TokenUserLoginCallbackHandler.class})
@RunWith(PowerMockRunner.class)
/* loaded from: input_file:io/confluent/kafka/clients/plugins/auth/token/TokenUserBearerLoginCallbackHandlerTest.class */
public class TokenUserBearerLoginCallbackHandlerTest {
    private TokenUserLoginCallbackHandler callbackHandler;
    private OAuthBearerToken token;

    @Before
    public void setUp() {
        this.token = new OAuthBearerJwsToken("Token", Collections.emptySet(), -1L, "", -1L);
        this.callbackHandler = new TokenUserLoginCallbackHandler();
    }

    @Test(expected = IllegalStateException.class)
    public void testHandleRaisesExceptionIfNotConfigured() throws Exception {
        this.callbackHandler.handle(new Callback[]{new SaslExtensionsCallback()});
    }

    @Test(expected = ConfigException.class)
    public void testAttachesAuthTokenToCallback() throws Exception {
        RestClient restClient = (RestClient) EasyMock.createNiceMock(RestClient.class);
        PowerMock.expectNew(RestClient.class, new Object[]{EasyMock.anyObject(HashMap.class)}).andReturn(restClient);
        EasyMock.expect(restClient.login()).andReturn(this.token);
        PowerMock.replay(new Object[]{RestClient.class, restClient});
        Callback oAuthBearerTokenCallback = new OAuthBearerTokenCallback();
        Map<String, Object> buildClientJassConfigText = buildClientJassConfigText("Token", "http://url1.com");
        this.callbackHandler.configure(buildClientJassConfigText, "OAUTHBEARER", JaasContext.loadClientContext(buildClientJassConfigText).configurationEntries());
        this.callbackHandler.handle(new Callback[]{oAuthBearerTokenCallback});
        Assert.assertEquals("Token", oAuthBearerTokenCallback.token().value());
    }

    @Test
    public void testAttachesAuthUserInfoToCallback() throws Exception {
        RestClient restClient = (RestClient) EasyMock.createNiceMock(RestClient.class);
        PowerMock.expectNew(RestClient.class, new Object[]{EasyMock.anyObject(HashMap.class)}).andReturn(restClient);
        EasyMock.expect(restClient.login()).andReturn(this.token);
        PowerMock.replay(new Object[]{RestClient.class, restClient});
        Callback oAuthBearerTokenCallback = new OAuthBearerTokenCallback();
        Map<String, Object> buildClientJassConfigText = buildClientJassConfigText("user", "password", "http://url1.com");
        this.callbackHandler.configure(buildClientJassConfigText, "OAUTHBEARER", JaasContext.loadClientContext(buildClientJassConfigText).configurationEntries());
        this.callbackHandler.handle(new Callback[]{oAuthBearerTokenCallback});
        Assert.assertEquals("Token", oAuthBearerTokenCallback.token().value());
    }

    @Test(expected = ConfigException.class)
    public void testConfigureRaisesExceptionOnMissingAuthServiceConfig() {
        Map<String, Object> buildClientJassConfigText = buildClientJassConfigText("Token", "");
        this.callbackHandler.configure(buildClientJassConfigText, "OAUTHBEARER", JaasContext.loadClientContext(buildClientJassConfigText).configurationEntries());
    }

    @Test(expected = ConfigException.class)
    public void testConfigureRaisesExceptionOnMissingCredentialsConfig() {
        Map<String, Object> buildClientJassConfigText = buildClientJassConfigText(null, "http://url2.com");
        this.callbackHandler.configure(buildClientJassConfigText, "OAUTHBEARER", JaasContext.loadClientContext(buildClientJassConfigText).configurationEntries());
    }

    private Map<String, Object> buildClientJassConfigText(String str, String str2, String str3) {
        String str4 = "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule Required";
        if (str != null && !str.isEmpty()) {
            str4 = str4 + " username=\"" + this.token + "\"";
        }
        if (str2 != null && !str2.isEmpty()) {
            str4 = str4 + " password=\"" + this.token + "\"";
        }
        if (str3 != null && !str3.isEmpty()) {
            str4 = str4 + " metadataServerUrls=\"" + str3 + '\"';
        }
        HashMap hashMap = new HashMap();
        hashMap.put("sasl.jaas.config", new Password(str4 + ";"));
        return Collections.unmodifiableMap(hashMap);
    }

    private Map<String, Object> buildClientJassConfigText(String str, String str2) {
        String str3 = "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule Required";
        if (str != null && !str.isEmpty()) {
            str3 = str3 + " authenticationToken=\"" + str + "\"";
        }
        if (str2 != null && !str2.isEmpty()) {
            str3 = str3 + " metadataServerUrls=\"" + str2 + '\"';
        }
        HashMap hashMap = new HashMap();
        hashMap.put("sasl.jaas.config", new Password(str3 + ";"));
        return Collections.unmodifiableMap(hashMap);
    }
}
