package integration.rbacapi.api.v1;

import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.retrofit.v1.V1RbacRestApi;
import io.confluent.rbacapi.retrofit.v1.V1RbacRetrofitFactory;
import io.confluent.security.test.utils.RbacClusters;
import io.confluent.testing.ldap.client.ExampleComLdapCrud;
import io.confluent.testing.ldap.server.LdapServer;
import io.confluent.tokenapi.entities.AuthenticationResponse;
import java.io.IOException;
import java.net.ConnectException;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.awaitility.Awaitility;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.hamcrest.core.Is;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import retrofit2.Response;
import utils.KafkaConfigTool;
import utils.MdsTestUtil;
import utils.ScopeBuilder;

@Test(groups = {"tokenTests"})
/* loaded from: input_file:integration/rbacapi/api/v1/RbacCaseSensitivityTest.class */
public class RbacCaseSensitivityTest {
    private LdapServer ldapServer;
    private RbacClusters rbacClusters;
    private static int actualMdsPort;
    public static final String SUPER_USER = "mds";
    private static V1RbacRestApi brokerSuperUserClient;

    @BeforeClass
    public void setUp() throws Throwable {
        this.ldapServer = LdapServer.defaultServerNoUsers().start();
        int actualPort = this.ldapServer.actualPort();
        ExampleComLdapCrud exampleComLdapCrud = new ExampleComLdapCrud(actualPort);
        exampleComLdapCrud.createUsers(new String[]{"mds", "alice", "bob", "carol"});
        exampleComLdapCrud.addUserToGroup("alice", "UserAdmins_1");
        exampleComLdapCrud.addUserToGroup("alice", "UserAdmins_2");
        this.rbacClusters = new RbacClusters(KafkaConfigTool.ldapWithTokens(actualPort, "mds"));
        actualMdsPort = MdsTestUtil.lookupActualMdsPort(this.rbacClusters);
        brokerSuperUserClient = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, "mds");
        Awaitility.given().ignoreException(ConnectException.class).await().atMost(30L, TimeUnit.SECONDS).until(() -> {
            return Boolean.valueOf(brokerSuperUserClient.getRoleNames().execute().isSuccessful());
        });
    }

    @AfterClass
    public void tearDown() {
        this.ldapServer.stop();
        this.rbacClusters.shutdown();
        MdsTestUtil.releasePort(actualMdsPort);
    }

    @Test
    public void ldapAuthenticationSanityTest() throws IOException {
        MatcherAssert.assertThat(((AuthenticationResponse) V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, "alice", "alice").issueToken().execute().body()).authenticationToken(), Is.is(CoreMatchers.notNullValue()));
        MatcherAssert.assertThat(((AuthenticationResponse) V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, "ALicE", "alice").issueToken().execute().body()).authenticationToken(), Is.is(CoreMatchers.notNullValue()));
        MatcherAssert.assertThat(Integer.valueOf(V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, "alice", "ALicE").issueToken().execute().code()), Is.is(401));
    }

    @Test
    public void case1_badUserCasing_goodGroupCasingTest() throws IOException {
        MdsScope build = ScopeBuilder.withKafka("ldapTestCase_1").build();
        MatcherAssert.assertThat(Integer.valueOf(brokerSuperUserClient.addClusterRoleForPrincipal("Group:UserAdmins_1", "UserAdmin", build).execute().code()), Is.is(204));
        Response execute = brokerSuperUserClient.getRoleNamesForPrincipal("User:alice", build).execute();
        MatcherAssert.assertThat(Integer.valueOf(execute.code()), Is.is(200));
        List list = (List) execute.body();
        MatcherAssert.assertThat(Integer.valueOf(list.size()), Is.is(1));
        MatcherAssert.assertThat(list.get(0), Is.is("UserAdmin"));
        MatcherAssert.assertThat(Integer.valueOf(V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, "alice", "alice").addClusterRoleForPrincipal("User:bob", "SecurityAdmin", build).execute().code()), Is.is(204));
        Response execute2 = brokerSuperUserClient.getRoleNamesForPrincipal("User:ALicE", build).execute();
        MatcherAssert.assertThat(Integer.valueOf(execute2.code()), Is.is(200));
        MatcherAssert.assertThat(Integer.valueOf(((List) execute2.body()).size()), Is.is(0));
        Response execute3 = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, "ALicE", "alice").addClusterRoleForPrincipal("User:carol", "SecurityAdmin", build).execute();
        MatcherAssert.assertThat(Boolean.valueOf(execute3.isSuccessful()), Is.is(false));
        MatcherAssert.assertThat(Integer.valueOf(execute3.code()), Is.is(403));
    }

    @Test
    public void case2_goodUserCasing_badGroupCasingTest() throws IOException {
        MdsScope build = ScopeBuilder.withKafka("ldapTestCase_2").build();
        MatcherAssert.assertThat(Integer.valueOf(brokerSuperUserClient.addClusterRoleForPrincipal("Group:USERadmins_2", "UserAdmin", build).execute().code()), Is.is(204));
        Response execute = brokerSuperUserClient.getRoleNamesForPrincipal("User:alice", build).execute();
        MatcherAssert.assertThat(Integer.valueOf(execute.code()), Is.is(200));
        MatcherAssert.assertThat(Integer.valueOf(((List) execute.body()).size()), Is.is(0));
        Response execute2 = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, "alice", "alice").addClusterRoleForPrincipal("User:bob", "SecurityAdmin", build).execute();
        MatcherAssert.assertThat(Boolean.valueOf(execute2.isSuccessful()), Is.is(false));
        MatcherAssert.assertThat(Integer.valueOf(execute2.code()), Is.is(403));
    }

    @Test
    public void case3_badUserCasing_goodUserRolebinding() throws IOException {
        MdsScope build = ScopeBuilder.withKafka("ldapTestCase_3").build();
        MatcherAssert.assertThat(Integer.valueOf(brokerSuperUserClient.addClusterRoleForPrincipal("User:alice", "UserAdmin", build).execute().code()), Is.is(204));
        Response execute = brokerSuperUserClient.getRoleNamesForPrincipal("User:ALicE", build).execute();
        MatcherAssert.assertThat(Integer.valueOf(execute.code()), Is.is(200));
        MatcherAssert.assertThat(Integer.valueOf(((List) execute.body()).size()), Is.is(0));
        Response execute2 = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, "ALicE", "alice").addClusterRoleForPrincipal("User:carol", "SecurityAdmin", build).execute();
        MatcherAssert.assertThat(Boolean.valueOf(execute2.isSuccessful()), Is.is(false));
        MatcherAssert.assertThat(Integer.valueOf(execute2.code()), Is.is(403));
    }

    @Test
    public void case4_goodUserCasing_badUserRolebinding() throws IOException {
        MdsScope build = ScopeBuilder.withKafka("ldapTestCase_4").build();
        MatcherAssert.assertThat(Integer.valueOf(brokerSuperUserClient.addClusterRoleForPrincipal("User:ALicE", "UserAdmin", build).execute().code()), Is.is(204));
        Response execute = brokerSuperUserClient.getRoleNamesForPrincipal("User:alice", build).execute();
        MatcherAssert.assertThat(Integer.valueOf(execute.code()), Is.is(200));
        MatcherAssert.assertThat(Integer.valueOf(((List) execute.body()).size()), Is.is(0));
        Response execute2 = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, "alice", "alice").addClusterRoleForPrincipal("User:bob", "SecurityAdmin", build).execute();
        MatcherAssert.assertThat(Boolean.valueOf(execute2.isSuccessful()), Is.is(false));
        MatcherAssert.assertThat(Integer.valueOf(execute2.code()), Is.is(403));
    }
}
