package integration.rbacapi.api.v1;

import com.google.common.collect.Lists;
import io.confluent.rbacapi.entities.AuthorizeRequest;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.retrofit.v1.V1RbacRestApi;
import io.confluent.rbacapi.retrofit.v1.V1RbacRetrofitFactory;
import io.confluent.security.auth.client.rest.entities.CreateAclRequest;
import io.confluent.security.authorizer.Action;
import io.confluent.security.authorizer.AuthorizeResult;
import io.confluent.security.authorizer.Operation;
import io.confluent.security.authorizer.PermissionType;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.authorizer.ResourceType;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.authorizer.acl.AclRule;
import io.confluent.security.test.utils.RbacClusters;
import io.confluent.testing.TestIndependenceUtil;
import io.confluent.testing.ldap.client.ExampleComLdapCrud;
import io.confluent.testing.ldap.client.LdapCrud;
import io.confluent.testing.ldap.server.LdapServer;
import java.io.IOException;
import java.net.ConnectException;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.apache.kafka.common.acl.AclBinding;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.awaitility.Awaitility;
import org.testng.Assert;
import retrofit2.Response;
import utils.KafkaConfigTool;
import utils.MdsTestUtil;

/* loaded from: input_file:integration/rbacapi/api/v1/TestBaseForLdapCaseSensitivityForAuth.class */
public class TestBaseForLdapCaseSensitivityForAuth {
    private RbacClusters rbacClusters;
    private int actualMdsPort;
    private String mdsClusterId;
    private LdapServer ldapServer;
    private LdapCrud ldapCrud;
    public static final String SUPER_USER = "mds";
    private MdsScope testScope;
    private V1RbacRestApi brokerSuperUserClient;
    public int actualLdapPort;
    public String mdsPortConfig;
    public String testAdminPrincipal;
    public V1RbacRestApi adminUserClient;

    public void setUpWithConfig(String str) throws Throwable {
        this.mdsPortConfig = MdsTestUtil.acquirePort(8090);
        this.ldapServer = LdapServer.defaultServerNoUsers().start();
        this.actualLdapPort = this.ldapServer.actualPort();
        this.ldapCrud = new ExampleComLdapCrud(this.actualLdapPort);
        this.ldapCrud.createUser("mds", "mds");
        setUpCluster(KafkaConfigTool.justLDAPv1(this.actualLdapPort, "mds").overrideMetadataBrokerConfig("ldap.principal.mapping", str).overrideMetadataBrokerConfig("confluent.metadata.server.listeners", MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST + ":" + this.mdsPortConfig).overrideMetadataBrokerConfig("confluent.schema.registry.url", "http://localhost:8070"));
        registerLdapUsers();
        setupClusterAdminAndGrantPermissionsToUsers();
    }

    void setUpCluster(RbacClusters.Config config) throws Exception {
        this.rbacClusters = new RbacClusters(config);
        this.mdsClusterId = this.rbacClusters.metadataClusterId();
        this.testScope = new MdsScope(Scope.kafkaClusterScope(this.mdsClusterId));
        this.actualMdsPort = MdsTestUtil.lookupActualMdsPort(this.rbacClusters);
        this.brokerSuperUserClient = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, "mds");
        Awaitility.given().ignoreException(ConnectException.class).await().atMost(30000000L, TimeUnit.SECONDS).until(() -> {
            return Boolean.valueOf(this.brokerSuperUserClient.getRoleNames().execute().isSuccessful());
        });
    }

    public void tearDown() {
        this.ldapServer.stop();
        this.rbacClusters.shutdown();
        MdsTestUtil.releasePort(this.actualMdsPort);
    }

    public void AssertCRUDEndPointsForPrincipal(List<String> list, int i, List<String> list2) throws Throwable {
        Assert.assertEquals((List) this.adminUserClient.getRoleNamesForPrincipal("User:ram", this.testScope).execute().body(), list);
        Assert.assertEquals(i, this.adminUserClient.removeRoleForPrincipal("User:ram", "Operator", this.testScope).execute().code());
        Assert.assertEquals(list2, (List) this.adminUserClient.getRoleNamesForPrincipal("User:ram", this.testScope).execute().body());
    }

    public void testAuthorizeEndPointForPrincipal(int i, List<AuthorizeResult> list) throws IOException {
        Response execute = this.adminUserClient.authorize(new AuthorizeRequest(this.testAdminPrincipal, Lists.newArrayList(new Action[]{new Action(this.testScope.scope(), new ResourceType("DelegationToken"), "foo", new Operation("Describe"))}))).execute();
        Assert.assertEquals(i, execute.code());
        Assert.assertEquals(list, (Collection) execute.body());
    }

    public void testAclEndPoints(int i, List<AuthorizeResult> list, int i2, List<AuthorizeResult> list2) throws Throwable {
        KafkaPrincipal kafkaPrincipal = new KafkaPrincipal("User", "TestUser-" + TestIndependenceUtil.getUniqueInteger());
        Scope kafkaClusterScope = Scope.kafkaClusterScope(this.mdsClusterId);
        AuthorizeRequest authorizeRequest = new AuthorizeRequest(kafkaPrincipal.toString(), "192.168.9.1", Collections.singletonList(new Action(Scope.kafkaClusterScope(this.mdsClusterId), new ResourceType("Cluster"), "kafka-cluster", new Operation("Describe"))));
        Response execute = this.adminUserClient.authorize(authorizeRequest).execute();
        Assert.assertEquals(execute.code(), i);
        Assert.assertEquals((Collection) execute.body(), list);
        int code = this.adminUserClient.createAcls(new CreateAclRequest(kafkaClusterScope, new AclBinding(ResourcePattern.to(new ResourcePattern(new ResourceType("Cluster"), "kafka-cluster", PatternType.LITERAL)), new AclRule(kafkaPrincipal, PermissionType.ALLOW, "192.168.9.1", new Operation("Describe")).toAccessControlEntry()))).execute().code();
        Response execute2 = this.adminUserClient.authorize(authorizeRequest).execute();
        Assert.assertEquals(code, i2);
        Assert.assertEquals((Collection) execute2.body(), list2);
    }

    private void grantClusterRolesToPrincipals(V1RbacRestApi v1RbacRestApi) throws IOException {
        v1RbacRestApi.addClusterRoleForPrincipal("User:ram", "Operator", this.testScope).execute();
        v1RbacRestApi.addClusterRoleForPrincipal("User:shyaam", "Operator", this.testScope).execute();
        v1RbacRestApi.addClusterRoleForPrincipal("User:ram", "UserAdmin", this.testScope).execute();
    }

    public void registerLdapUsers() {
        this.ldapCrud.createUser("ALICE", "alice");
        this.ldapCrud.createUser("ram", "ram");
    }

    public void setupClusterAdminAndGrantPermissionsToUsers() throws IOException {
        this.testAdminPrincipal = "User:ALICE";
        this.brokerSuperUserClient.addClusterRoleForPrincipal(this.testAdminPrincipal, "UserAdmin", this.testScope).execute();
        this.adminUserClient = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, "aLiCE", "alice");
        grantClusterRolesToPrincipals(this.adminUserClient);
    }
}
