package integration.rbacapi.api.v1;

import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.entities.ResourcesRequest;
import io.confluent.rbacapi.retrofit.v1.V1RbacRestApi;
import io.confluent.rbacapi.retrofit.v1.V1RbacRetrofitFactory;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.test.utils.RbacClusters;
import io.confluent.testing.TestIndependenceUtil;
import io.confluent.testing.ldap.client.ExampleComLdapCrud;
import io.confluent.testing.ldap.client.LdapCrud;
import io.confluent.testing.ldap.server.LdapServer;
import java.util.Arrays;
import java.util.Collections;
import java.util.Random;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import utils.KafkaConfigTool;
import utils.MdsTestUtil;
import utils.ScopeBuilder;

@Test(groups = {"classParallelTests"})
/* loaded from: input_file:integration/rbacapi/api/v1/ClusterResourcePatternTest.class */
public class ClusterResourcePatternTest {
    private static final String BROKER_USER = "kafka";
    private static RbacClusters rbacClusters;
    private static LdapServer ldapServer;
    private static LdapCrud ldapCrud;
    private static final String USER_ADMIN = "user-admin";
    private static V1RbacRestApi userAdminClient;
    private static int actualMdsPort;

    @BeforeClass
    public static void setUp() throws Exception {
        ldapServer = LdapServer.defaultServerNoUsers().start();
        int actualPort = ldapServer.actualPort();
        ldapCrud = new ExampleComLdapCrud(actualPort);
        ldapCrud.createUser(USER_ADMIN);
        rbacClusters = new RbacClusters(KafkaConfigTool.justLDAPv1(actualPort, "kafka"));
        actualMdsPort = MdsTestUtil.lookupActualMdsPort(rbacClusters);
        userAdminClient = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, USER_ADMIN, USER_ADMIN);
    }

    @AfterClass
    public static void tearDown() {
        ldapServer.stop();
        rbacClusters.shutdown();
        MdsTestUtil.releasePort(actualMdsPort);
    }

    @Test
    public void kafkaClusterValidResourcePatternTest() throws Throwable {
        MdsScope build = ScopeBuilder.withKafka("kafka-" + TestIndependenceUtil.getUniqueInteger()).build();
        rbacClusters.assignRole("User", USER_ADMIN, "UserAdmin", build.scope(), Collections.emptySet());
        KafkaPrincipal userPrincipal = userPrincipal("testUser-" + TestIndependenceUtil.getUniqueInteger());
        ldapCrud.createUser(userPrincipal.getName());
        Assert.assertEquals(204, userAdminClient.addRoleResourcesForPrincipal(userPrincipal.toString(), "ResourceOwner", new ResourcesRequest(build, Arrays.asList(new ResourcePattern("Topic", "topic-A", PatternType.LITERAL)))).execute().code());
    }

    @Test
    public void kafkaClusterInvalidResourcePatternNameTest() throws Throwable {
        String generateRandomString = generateRandomString(1000);
        MdsScope build = ScopeBuilder.withKafka("kafka-" + TestIndependenceUtil.getUniqueInteger()).build();
        rbacClusters.assignRole("User", USER_ADMIN, "UserAdmin", build.scope(), Collections.emptySet());
        KafkaPrincipal userPrincipal = userPrincipal("testUser-" + TestIndependenceUtil.getUniqueInteger());
        ldapCrud.createUser(userPrincipal.getName());
        Assert.assertEquals(400, userAdminClient.addRoleResourcesForPrincipal(userPrincipal.toString(), "ResourceOwner", new ResourcesRequest(build, Arrays.asList(new ResourcePattern("Topic", generateRandomString, PatternType.LITERAL)))).execute().code());
    }

    @Test
    public void kafkaClusterValidResourcePatternTypeButLiteralPrefixedTest() throws Throwable {
        MdsScope build = ScopeBuilder.withKafka("kafka-" + TestIndependenceUtil.getUniqueInteger()).build();
        rbacClusters.assignRole("User", USER_ADMIN, "UserAdmin", build.scope(), Collections.emptySet());
        KafkaPrincipal userPrincipal = userPrincipal("testUser-" + TestIndependenceUtil.getUniqueInteger());
        ldapCrud.createUser(userPrincipal.getName());
        Assert.assertEquals(400, userAdminClient.addRoleResourcesForPrincipal(userPrincipal.toString(), "ResourceOwner", new ResourcesRequest(build, Arrays.asList(new ResourcePattern("Topic", "topic-A", PatternType.CONFLUENT_ALL_TENANT_LITERAL)))).execute().code());
    }

    private static String generateRandomString(int i) {
        Random random = new Random();
        StringBuilder sb = new StringBuilder(i);
        for (int i2 = 0; i2 < i; i2++) {
            sb.append("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz".charAt(random.nextInt("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz".length())));
        }
        return sb.toString();
    }

    private static KafkaPrincipal userPrincipal(String str) {
        return new KafkaPrincipal("User", str);
    }
}
