package integration.rbacapi.api.v1;

import io.confluent.rbacapi.retrofit.v1.V1RbacRetrofitFactory;
import io.confluent.security.test.utils.RbacClusters;
import io.confluent.testing.ldap.client.ExampleComLdapCrud;
import io.confluent.testing.ldap.server.LdapServer;
import io.confluent.tokenapi.entities.AuthenticationResponse;
import io.confluent.tokenapi.entities.SanitizeTokenRequest;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import org.hamcrest.MatcherAssert;
import org.hamcrest.core.Is;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.jwt.consumer.JwtConsumer;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import utils.KafkaConfigTool;
import utils.MdsTestUtil;

@Test(groups = {"tokenTests"})
/* loaded from: input_file:integration/rbacapi/api/v1/SanitizeTokenTest.class */
public class SanitizeTokenTest {
    private LdapServer ldapServer;
    private RbacClusters rbacClusters;
    private int actualMdsPort;
    private String validAuthToken;
    private JwtConsumer jwtReader;

    @BeforeClass
    public void setUp() throws Throwable {
        this.ldapServer = LdapServer.defaultServerNoUsers().start();
        int actualPort = this.ldapServer.actualPort();
        new ExampleComLdapCrud(actualPort).createUser("mds");
        this.rbacClusters = new RbacClusters(KafkaConfigTool.ldapWithTokens(actualPort, "mds"));
        this.actualMdsPort = MdsTestUtil.lookupActualMdsPort(this.rbacClusters);
        HashMap hashMap = new HashMap();
        hashMap.put("X-C3-Token-Max-Life", String.valueOf("60000"));
        this.validAuthToken = ((AuthenticationResponse) V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, "mds", "mds", hashMap).issueToken().execute().body()).authenticationToken();
        this.jwtReader = new JwtConsumerBuilder().setSkipSignatureVerification().setDisableRequireSignature().setSkipAllValidators().build();
    }

    @AfterClass
    public void tearDown() {
        this.ldapServer.stop();
        this.rbacClusters.shutdown();
        MdsTestUtil.releasePort(this.actualMdsPort);
    }

    @Test
    public void testTokenSanitizationHappyPath() throws InvalidJwtException, IOException {
        MatcherAssert.assertThat(Boolean.valueOf(this.jwtReader.processToClaims(this.validAuthToken).hasClaim("mex")), Is.is(true));
        ArrayList arrayList = new ArrayList();
        arrayList.add("mex");
        MatcherAssert.assertThat(Boolean.valueOf(this.jwtReader.processToClaims(((AuthenticationResponse) V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, "mds").sanitizeToken(new SanitizeTokenRequest(this.validAuthToken, arrayList)).execute().body()).authenticationToken()).hasClaim("mex")), Is.is(false));
    }

    @Test
    public void testTokenSanitizationWithInvalidClaims() throws InvalidJwtException, IOException {
        JwtClaims processToClaims = this.jwtReader.processToClaims(this.validAuthToken);
        long size = processToClaims.getClaimsMap().size();
        String str = (String) processToClaims.getClaimValue("sub");
        ArrayList arrayList = new ArrayList();
        arrayList.add("some-invalid-claim");
        JwtClaims processToClaims2 = this.jwtReader.processToClaims(((AuthenticationResponse) V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, "mds").sanitizeToken(new SanitizeTokenRequest(this.validAuthToken, arrayList)).execute().body()).authenticationToken());
        long size2 = processToClaims2.getClaimsMap().size();
        String str2 = (String) processToClaims2.getClaimValue("sub");
        MatcherAssert.assertThat(Long.valueOf(size), Is.is(Long.valueOf(size2)));
        MatcherAssert.assertThat(str, Is.is(str2));
    }
}
