package integration.rbacapi.api.v1;

import com.google.common.collect.Lists;
import io.confluent.rbacapi.entities.AuthorizeRequest;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.entities.VisibilityRequest;
import io.confluent.rbacapi.entities.VisibilityResponse;
import io.confluent.rbacapi.retrofit.v1.V1RbacRestApi;
import io.confluent.rbacapi.retrofit.v1.V1RbacRetrofitFactory;
import io.confluent.security.authorizer.Action;
import io.confluent.security.authorizer.AuthorizeResult;
import io.confluent.security.authorizer.Operation;
import io.confluent.security.authorizer.ResourceType;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.test.utils.RbacClusters;
import io.confluent.testing.ldap.client.ExampleComLdapCrud;
import io.confluent.testing.ldap.client.LdapCrud;
import io.confluent.testing.ldap.server.LdapServer;
import java.net.ConnectException;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.awaitility.Awaitility;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import retrofit2.Response;
import utils.KafkaConfigTool;
import utils.MdsTestUtil;

@Test(groups = {"classParallelTests"})
/* loaded from: input_file:integration/rbacapi/api/v1/CrappyNamesTest.class */
public class CrappyNamesTest {
    private RbacClusters rbacClusters;
    private static int actualMdsPort;
    private String mdsClusterId;
    private LdapServer ldapServer;
    private LdapCrud ldapCrud;
    public static final String SUPER_USER = "mds";
    private MdsScope testScope;
    private static V1RbacRestApi brokerSuperUserClient;

    @BeforeClass
    public void setUp() throws Throwable {
        this.ldapServer = LdapServer.defaultServerNoUsers().start();
        int actualPort = this.ldapServer.actualPort();
        this.ldapCrud = new ExampleComLdapCrud(actualPort);
        this.ldapCrud.createUser("mds");
        this.rbacClusters = new RbacClusters(KafkaConfigTool.justLDAPv1(actualPort, "mds"));
        this.mdsClusterId = this.rbacClusters.metadataClusterId();
        this.testScope = new MdsScope(Scope.kafkaClusterScope(this.mdsClusterId));
        actualMdsPort = MdsTestUtil.lookupActualMdsPort(this.rbacClusters);
        brokerSuperUserClient = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, "mds");
        Awaitility.given().ignoreException(ConnectException.class).await().atMost(30L, TimeUnit.SECONDS).until(() -> {
            return Boolean.valueOf(brokerSuperUserClient.getRoleNames().execute().isSuccessful());
        });
    }

    @AfterClass
    public void tearDown() {
        this.ldapServer.stop();
        this.rbacClusters.shutdown();
        MdsTestUtil.releasePort(actualMdsPort);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public Object[][] crappyNames() {
        return new Object[]{new Object[]{"bad apple"}, new Object[]{"bad*apple"}, new Object[]{"TestUser_\\_..+/"}, new Object[]{"kafka/kafka-1.confluent.test@CONFLUENT.TEST"}};
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public Object[][] badCrappyNames() {
        return new Object[]{new Object[]{"kafka/kafka-1.confluent.test@CONFLUENT.TEST"}, new Object[]{"bad+apple"}, new Object[]{"Test\\User"}, new Object[]{"Test/User"}};
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public Object[][] sketchyButOkNames() {
        return new Object[]{new Object[]{"Test=User"}, new Object[]{"Test_User"}, new Object[]{"Test..User"}, new Object[]{"Test@User"}, new Object[]{"bad apple"}, new Object[]{"bad*apple"}, new Object[]{"(Test User"}, new Object[]{"Test User)"}, new Object[]{"(Test User)"}, new Object[]{"Confluent (Plataforma de Eventos Asíncronos) - Desarrollo"}};
    }

    @Test(dataProvider = "badCrappyNames", expectedExceptions = {RuntimeException.class})
    public void crappyNameBreakLdap(String str) {
        this.ldapCrud.createUser(str, "password");
    }

    @Test(dataProvider = "sketchyButOkNames")
    public void testLdap_sketchyButOkNames(String str) throws Exception {
        this.ldapCrud.createUser(str);
        String str2 = "User:" + str;
        V1RbacRestApi build = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, str);
        Assert.assertTrue(build.getRoleNames().execute().isSuccessful());
        Assert.assertEquals(204, brokerSuperUserClient.addClusterRoleForPrincipal(str2, "Operator", this.testScope).execute().code());
        Response execute = build.authorize(new AuthorizeRequest(str2, Lists.newArrayList(new Action[]{new Action(this.testScope.scope(), new ResourceType("Topic"), "foo", new Operation("Describe"))}))).execute();
        Assert.assertTrue(execute.isSuccessful(), "User able to make authorize request");
        Assert.assertEquals(AuthorizeResult.ALLOWED, ((List) execute.body()).get(0));
        Assert.assertTrue(((VisibilityResponse) ((List) build.getVisibilityForPrincipal("User:" + str, Collections.singletonList(new VisibilityRequest(this.mdsClusterId, Collections.emptyList(), Collections.emptyList(), Collections.emptyList()))).execute().body()).get(0)).kafkaCluster.visible);
    }
}
