package io.confluent.kafka.security.config.provider;

import java.io.IOException;
import java.io.Reader;
import java.io.StringReader;
import java.util.Collections;
import java.util.HashMap;
import java.util.Properties;
import org.apache.kafka.common.config.ConfigData;
import org.apache.kafka.common.config.ConfigException;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:io/confluent/kafka/security/config/provider/SecurePassConfigProviderTest.class */
public class SecurePassConfigProviderTest {
    private SecurePassConfigProvider configProvider;

    /* loaded from: input_file:io/confluent/kafka/security/config/provider/SecurePassConfigProviderTest$TestSecureConfigProviderCBC.class */
    public static class TestSecureConfigProviderCBC extends SecurePassConfigProvider {
        protected DecryptionEngine initializeDecryptionEngine(Properties properties) {
            try {
                String property = properties.getProperty("_metadata.symmetric_key.0.enc");
                properties.getProperty("_metadata.symmetric_key.0.envvar");
                return new MockDecryptionEngine("AES/CBC", property, properties.getProperty("_metadata.symmetric_key.0.length"));
            } catch (Exception e) {
                throw new ConfigException("Failed to initialize the decryption engine.");
            }
        }

        protected Reader reader(String str) throws IOException {
            return new StringReader("ssl.keystore.password=ENC[AES/CBC/PKCS5Padding,data:5yaZ8P0OeUEK6ht/yFl6Sw==,iv:tL5YpVVS7exMKwFKePskSQ==,type:str]\ntruststore.keystore.password=ENC[AES/CBC/PKCS5Padding,data:XkFJY46HRrtbhl90b3pseQ==,iv:BVwV0+8Nt1j/qBr95gVQmA==,type:str]\n_metadata.symmetric_key.0.enc=ENC[AES/CBC/PKCS5Padding,data:S6ekfn3mHjGMLLqWfHninW6ZUzzS0VdUxmTtENiBZjiPXmF4EHnaSAc1axTDz8ur,iv:Imh6Ce3gy99dqX8A4YAtQg==,type:str]\n_metadata.symmetric_key.0.envvar=CONFLUENT_SECURITY_MASTER_KEY\n_metadata.symmetric_key.0.length=32\ninvalid.pattern=xxxxENC[AES/CBC/PKCS5Padding,data:hjj,iv:BV,type:str]yyyy\nplainTextPassword=password");
        }
    }

    /* loaded from: input_file:io/confluent/kafka/security/config/provider/SecurePassConfigProviderTest$TestSecureConfigProviderGCM.class */
    public static class TestSecureConfigProviderGCM extends SecurePassConfigProvider {
        protected DecryptionEngine initializeDecryptionEngine(Properties properties) {
            try {
                String property = properties.getProperty("_metadata.symmetric_key.0.enc");
                properties.getProperty("_metadata.symmetric_key.0.envvar");
                return new MockDecryptionEngine("AES/GCM", property, properties.getProperty("_metadata.symmetric_key.0.length"));
            } catch (Exception e) {
                throw new ConfigException("Failed to initialize the decryption engine.");
            }
        }

        protected Reader reader(String str) throws IOException {
            return new StringReader("ssl.keystore.password = ENC[AES/GCM/NoPadding,data:phGtCmAgCKnPLxWk+Dcs6YpU8Myd1Mc=,iv:w3F8n9dZX2zFwL2K,type:str]\ntruststore.keystore.password = ENC[AES/GCM/NoPadding,data:Tm67EvO0N8d/oNUOW6lOZoK+PsKQBkLfu/XpFQ==,iv:jwguCzD0azPM9+Rc,type:str]\n_metadata.symmetric_key.0.enc=ENC[AES/GCM/NoPadding,data:SvU5r8pkF2TySEgRCpENJAcLhsiwkfa6m4xSsH2hgVszlRJbWYUvOxIhWQEvLFd6atrXnIQe7KxkQNKs,iv:JFTxcrXBzGmlLFFo,type:str]\n_metadata.symmetric_key.0.envvar=CONFLUENT_SECURITY_MASTER_KEY\n_metadata.symmetric_key.0.length=32\ninvalid.pattern=xxxxENC[AES/GCM/NoPadding,data:hjj,iv:BV,type:str]yyyy\nplainTextPassword=password");
        }
    }

    @Test
    public void testGetAllKeysAtPath() throws Exception {
        this.configProvider = new TestSecureConfigProviderCBC();
        ConfigData configData = this.configProvider.get("test");
        HashMap hashMap = new HashMap();
        hashMap.put("ssl.keystore.password", "sslPass");
        hashMap.put("truststore.keystore.password", "keystorePass");
        hashMap.put("plainTextPassword", "password");
        hashMap.put("invalid.pattern", "xxxxENC[AES/CBC/PKCS5Padding,data:hjj,iv:BV,type:str]yyyy");
        Assert.assertEquals(hashMap, configData.data());
        Assert.assertEquals((Object) null, configData.ttl());
    }

    @Test
    public void testGetOneKeyAtPathWithPlainTextValue() throws Exception {
        this.configProvider = new TestSecureConfigProviderCBC();
        ConfigData configData = this.configProvider.get("test", Collections.singleton("plainTextPassword"));
        HashMap hashMap = new HashMap();
        hashMap.put("plainTextPassword", "password");
        Assert.assertEquals(hashMap, configData.data());
        Assert.assertEquals((Object) null, configData.ttl());
    }

    @Test
    public void testGetOneKeyAtPathWithEncryptedValue() throws Exception {
        this.configProvider = new TestSecureConfigProviderCBC();
        ConfigData configData = this.configProvider.get("test", Collections.singleton("ssl.keystore.password"));
        HashMap hashMap = new HashMap();
        hashMap.put("ssl.keystore.password", "sslPass");
        Assert.assertEquals(hashMap, configData.data());
        Assert.assertEquals((Object) null, configData.ttl());
    }

    @Test
    public void testEmptyPath() throws Exception {
        this.configProvider = new TestSecureConfigProviderCBC();
        ConfigData configData = this.configProvider.get("", Collections.singleton("demoPassword"));
        Assert.assertTrue(configData.data().isEmpty());
        Assert.assertEquals((Object) null, configData.ttl());
    }

    @Test
    public void testInvalidKey() throws Exception {
        this.configProvider = new TestSecureConfigProviderCBC();
        ConfigData configData = this.configProvider.get("test", Collections.singleton("invalidKey"));
        Assert.assertTrue(configData.data().isEmpty());
        Assert.assertEquals((Object) null, configData.ttl());
    }

    @Test
    public void testInvalidCipherPattern() throws Exception {
        this.configProvider = new TestSecureConfigProviderCBC();
        ConfigData configData = this.configProvider.get("test", Collections.singleton("invalid.pattern"));
        HashMap hashMap = new HashMap();
        hashMap.put("invalid.pattern", "xxxxENC[AES/CBC/PKCS5Padding,data:hjj,iv:BV,type:str]yyyy");
        Assert.assertEquals(hashMap, configData.data());
    }

    @Test
    public void testGetAllKeysAtPathGCM() throws Exception {
        this.configProvider = new TestSecureConfigProviderGCM();
        ConfigData configData = this.configProvider.get("test");
        HashMap hashMap = new HashMap();
        hashMap.put("ssl.keystore.password", "sslPass");
        hashMap.put("truststore.keystore.password", "keystorePass");
        hashMap.put("plainTextPassword", "password");
        hashMap.put("invalid.pattern", "xxxxENC[AES/GCM/NoPadding,data:hjj,iv:BV,type:str]yyyy");
        Assert.assertEquals(hashMap, configData.data());
        Assert.assertEquals((Object) null, configData.ttl());
    }

    @Test
    public void testGetOneKeyAtPathWithPlainTextValueGCM() throws Exception {
        this.configProvider = new TestSecureConfigProviderGCM();
        ConfigData configData = this.configProvider.get("test", Collections.singleton("plainTextPassword"));
        HashMap hashMap = new HashMap();
        hashMap.put("plainTextPassword", "password");
        Assert.assertEquals(hashMap, configData.data());
        Assert.assertEquals((Object) null, configData.ttl());
    }

    @Test
    public void testGetOneKeyAtPathWithEncryptedValueGCM() throws Exception {
        this.configProvider = new TestSecureConfigProviderGCM();
        ConfigData configData = this.configProvider.get("test", Collections.singleton("ssl.keystore.password"));
        HashMap hashMap = new HashMap();
        hashMap.put("ssl.keystore.password", "sslPass");
        Assert.assertEquals(hashMap, configData.data());
        Assert.assertEquals((Object) null, configData.ttl());
    }

    @Test
    public void testEmptyPathGCM() throws Exception {
        this.configProvider = new TestSecureConfigProviderGCM();
        ConfigData configData = this.configProvider.get("", Collections.singleton("demoPassword"));
        Assert.assertTrue(configData.data().isEmpty());
        Assert.assertEquals((Object) null, configData.ttl());
    }

    @Test
    public void testInvalidKeyGCM() throws Exception {
        this.configProvider = new TestSecureConfigProviderGCM();
        ConfigData configData = this.configProvider.get("test", Collections.singleton("invalidKey"));
        Assert.assertTrue(configData.data().isEmpty());
        Assert.assertEquals((Object) null, configData.ttl());
    }

    @Test
    public void testInvalidCipherPatternGCM() throws Exception {
        this.configProvider = new TestSecureConfigProviderGCM();
        ConfigData configData = this.configProvider.get("test", Collections.singleton("invalid.pattern"));
        HashMap hashMap = new HashMap();
        hashMap.put("invalid.pattern", "xxxxENC[AES/GCM/NoPadding,data:hjj,iv:BV,type:str]yyyy");
        Assert.assertEquals(hashMap, configData.data());
    }
}
