package integration.rbacapi.configuration;

import io.confluent.common.utils.IntegrationTest;
import io.confluent.kafka.test.utils.KafkaTestUtils;
import io.confluent.kafka.test.utils.SecurityTestUtils;
import io.confluent.rbacapi.retrofit.RbacRestApi;
import io.confluent.rbacapi.retrofit.RbacRetrofitFactory;
import io.confluent.security.test.utils.RbacClusters;
import io.confluent.testing.ldap.cli.util.CliExecutionUtil;
import java.net.ConnectException;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.awaitility.Awaitility;
import org.hamcrest.core.StringContains;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import retrofit2.Response;
import utils.MdsConfigUtil;

@Category({IntegrationTest.class})
/* loaded from: input_file:integration/rbacapi/configuration/MiniKdcCrudTest.class */
public class MiniKdcCrudTest {
    private static final String BROKER_USER = "kafka";
    private static RbacClusters rbacClusters;
    private static String ldapPort;

    @BeforeClass
    public static void setUp() throws Exception {
        RbacClusters.Config withLdapGroups = new RbacClusters.Config().users(BROKER_USER, Collections.emptyList()).withLdapGroups();
        withLdapGroups.overrideMetadataBrokerConfig("confluent.metadata.server.token.auth.enable", "false");
        withLdapGroups.overrideMetadataBrokerConfig("confluent.metadata.server.authentication.method", "BASIC");
        withLdapGroups.overrideMetadataBrokerConfig("confluent.metadata.server.listeners", MdsConfigUtil.DEFAULT_HTTP_LISTENER);
        withLdapGroups.overrideMetadataBrokerConfig("confluent.metadata.server.advertised.listeners", MdsConfigUtil.DEFAULT_HTTP_ADVERTISED_LISTENER);
        rbacClusters = new RbacClusters(withLdapGroups);
        rbacClusters.miniKdcWithLdapService.createPrincipal("alice", "alice");
        rbacClusters.miniKdcWithLdapService.createPrincipal("bob", "bob");
        rbacClusters.miniKdcWithLdapService.createGroup("group1", new String[]{"alice", "bob"});
        ldapPort = Integer.toString(rbacClusters.miniKdcWithLdapService.ldapPort());
    }

    @AfterClass
    public static void tearDown() {
        try {
            if (rbacClusters != null) {
                rbacClusters.shutdown();
            }
            SecurityTestUtils.clearSecurityConfigs();
            KafkaTestUtils.verifyThreadCleanup();
        } catch (Throwable th) {
            SecurityTestUtils.clearSecurityConfigs();
            KafkaTestUtils.verifyThreadCleanup();
            throw th;
        }
    }

    @Test
    public void canReadExisting() {
        Assert.assertThat(CliExecutionUtil.runCli(new String[]{"--port", ldapPort, "users"}), StringContains.containsString("alice"));
        Assert.assertThat(CliExecutionUtil.runCli(new String[]{"--port", ldapPort, "users"}), StringContains.containsString("bob"));
        Assert.assertThat(CliExecutionUtil.runCli(new String[]{"--port", ldapPort, "groups"}), StringContains.containsString("group1"));
        Assert.assertThat(CliExecutionUtil.runCli(new String[]{"--port", ldapPort, "user", "alice", "authenticate"}), StringContains.containsString("Authenticated"));
    }

    @Test
    public void canAddRemoveNew() {
        CliExecutionUtil.runCli(new String[]{"--port", ldapPort, "user", "carol", "create"});
        CliExecutionUtil.runCli(new String[]{"--port", ldapPort, "group", "group2", "create"});
        Assert.assertThat(CliExecutionUtil.runCli(new String[]{"--port", ldapPort, "users"}), StringContains.containsString("carol"));
        Assert.assertThat(CliExecutionUtil.runCli(new String[]{"--port", ldapPort, "groups"}), StringContains.containsString("group2"));
        Assert.assertThat(CliExecutionUtil.runCli(new String[]{"--port", ldapPort, "user", "carol", "authenticate"}), StringContains.containsString("Authenticated"));
        Assert.assertThat(CliExecutionUtil.runCli(new String[]{"--port", ldapPort, "user", "carol", "delete"}), StringContains.containsString("Deleted"));
        Assert.assertThat(CliExecutionUtil.runCli(new String[]{"--port", ldapPort, "user", "carol", "authenticate"}), StringContains.containsString("Failed to authenticate"));
        Assert.assertThat(CliExecutionUtil.runCli(new String[]{"--port", ldapPort, "group", "group2", "delete"}), StringContains.containsString("Deleted"));
        String runCli = CliExecutionUtil.runCli(new String[]{"--port", ldapPort, "users"});
        Assert.assertFalse("carol should not be a user anymore", runCli.contains("carol"));
        CliExecutionUtil.runCli(new String[]{"--port", ldapPort, "groups"});
        Assert.assertFalse("group2 should not exist anymore", runCli.contains("group2"));
    }

    @Test
    public void newUserCanMakeRbacHttpCalls() throws Exception {
        CliExecutionUtil.runCli(new String[]{"--port", ldapPort, "user", "dave", "create"});
        RbacRestApi build = RbacRetrofitFactory.build(MdsConfigUtil.DEFAULT_HTTP_ADVERTISED_LISTENER, "dave", "dave");
        Awaitility.given().ignoreException(ConnectException.class).await().atMost(60L, TimeUnit.SECONDS).untilAsserted(() -> {
            Assert.assertEquals("User can call MDS and get a happy response code", 200L, build.getRoleNames().execute().code());
        });
        Response execute = build.getRoleNames().execute();
        Assert.assertEquals(200L, execute.code());
        List list = (List) execute.body();
        Assert.assertNotNull(list);
        Assert.assertTrue(list.size() > 3);
    }
}
