package org.apache.kafka.connect.rest.basic.auth.extension;

import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.ChoiceCallback;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriInfo;
import org.apache.kafka.common.security.authenticator.TestJaasConfig;
import org.apache.kafka.connect.errors.ConnectException;
import org.apache.kafka.connect.rest.basic.auth.extension.JaasBasicAuthFilter;
import org.apache.kafka.test.TestUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/kafka/connect/rest/basic/auth/extension/JaasBasicAuthFilterTest.class */
public class JaasBasicAuthFilterTest {
    private static final String LOGIN_MODULE = "org.apache.kafka.connect.rest.basic.auth.extension.PropertyFileLoginModule";

    @Test
    public void testSuccess() throws IOException {
        JaasBasicAuthFilter jaasBasicAuthFilter = setupJaasFilter("KafkaConnect", setupPropertyLoginFile(true).getPath());
        ContainerRequestContext mock = setMock("Basic", "user", "password");
        jaasBasicAuthFilter.filter(mock);
        ((ContainerRequestContext) Mockito.verify(mock, Mockito.atLeastOnce())).getMethod();
        ((ContainerRequestContext) Mockito.verify(mock)).getHeaderString("Authorization");
    }

    @Test
    public void testEmptyCredentialsFile() throws IOException {
        JaasBasicAuthFilter jaasBasicAuthFilter = setupJaasFilter("KafkaConnect", setupPropertyLoginFile(false).getPath());
        ContainerRequestContext mock = setMock("Basic", "user", "password");
        jaasBasicAuthFilter.filter(mock);
        ((ContainerRequestContext) Mockito.verify(mock, Mockito.atLeastOnce())).getMethod();
        ((ContainerRequestContext) Mockito.verify(mock)).getHeaderString("Authorization");
    }

    @Test
    public void testBadCredential() throws IOException {
        JaasBasicAuthFilter jaasBasicAuthFilter = setupJaasFilter("KafkaConnect", setupPropertyLoginFile(true).getPath());
        ContainerRequestContext mock = setMock("Basic", "user1", "password");
        jaasBasicAuthFilter.filter(mock);
        ((ContainerRequestContext) Mockito.verify(mock)).abortWith((Response) ArgumentMatchers.any(Response.class));
        ((ContainerRequestContext) Mockito.verify(mock, Mockito.atLeastOnce())).getMethod();
        ((ContainerRequestContext) Mockito.verify(mock)).getHeaderString("Authorization");
    }

    @Test
    public void testBadPassword() throws IOException {
        JaasBasicAuthFilter jaasBasicAuthFilter = setupJaasFilter("KafkaConnect", setupPropertyLoginFile(true).getPath());
        ContainerRequestContext mock = setMock("Basic", "user", "password1");
        jaasBasicAuthFilter.filter(mock);
        ((ContainerRequestContext) Mockito.verify(mock)).abortWith((Response) ArgumentMatchers.any(Response.class));
        ((ContainerRequestContext) Mockito.verify(mock, Mockito.atLeastOnce())).getMethod();
        ((ContainerRequestContext) Mockito.verify(mock)).getHeaderString("Authorization");
    }

    @Test
    public void testUnknownBearer() throws IOException {
        JaasBasicAuthFilter jaasBasicAuthFilter = setupJaasFilter("KafkaConnect", setupPropertyLoginFile(true).getPath());
        ContainerRequestContext mock = setMock("Unknown", "user", "password");
        jaasBasicAuthFilter.filter(mock);
        ((ContainerRequestContext) Mockito.verify(mock)).abortWith((Response) ArgumentMatchers.any(Response.class));
        ((ContainerRequestContext) Mockito.verify(mock, Mockito.atLeastOnce())).getMethod();
        ((ContainerRequestContext) Mockito.verify(mock)).getHeaderString("Authorization");
    }

    @Test
    public void testUnknownLoginModule() throws IOException {
        JaasBasicAuthFilter jaasBasicAuthFilter = setupJaasFilter("KafkaConnect1", setupPropertyLoginFile(true).getPath());
        ContainerRequestContext mock = setMock("Basic", "user", "password");
        jaasBasicAuthFilter.filter(mock);
        ((ContainerRequestContext) Mockito.verify(mock)).abortWith((Response) ArgumentMatchers.any(Response.class));
        ((ContainerRequestContext) Mockito.verify(mock, Mockito.atLeastOnce())).getMethod();
        ((ContainerRequestContext) Mockito.verify(mock)).getHeaderString("Authorization");
    }

    @Test
    public void testUnknownCredentialsFile() throws IOException {
        JaasBasicAuthFilter jaasBasicAuthFilter = setupJaasFilter("KafkaConnect", "/tmp/testcrednetial");
        ContainerRequestContext mock = setMock("Basic", "user", "password");
        jaasBasicAuthFilter.filter(mock);
        ((ContainerRequestContext) Mockito.verify(mock)).abortWith((Response) ArgumentMatchers.any(Response.class));
        ((ContainerRequestContext) Mockito.verify(mock, Mockito.atLeastOnce())).getMethod();
        ((ContainerRequestContext) Mockito.verify(mock)).getHeaderString("Authorization");
    }

    @Test
    public void testNoFileOption() throws IOException {
        JaasBasicAuthFilter jaasBasicAuthFilter = setupJaasFilter("KafkaConnect", null);
        ContainerRequestContext mock = setMock("Basic", "user", "password");
        jaasBasicAuthFilter.filter(mock);
        ((ContainerRequestContext) Mockito.verify(mock)).abortWith((Response) ArgumentMatchers.any(Response.class));
        ((ContainerRequestContext) Mockito.verify(mock, Mockito.atLeastOnce())).getMethod();
        ((ContainerRequestContext) Mockito.verify(mock)).getHeaderString("Authorization");
    }

    @Test
    public void testInternalTaskConfigEndpointSkipped() throws IOException {
        testInternalEndpointSkipped("POST", "connectors/connName/tasks");
    }

    @Test
    public void testInternalZombieFencingEndpointSkipped() throws IOException {
        testInternalEndpointSkipped("PUT", "connectors/connName/fence");
    }

    private void testInternalEndpointSkipped(String str, String str2) throws IOException {
        UriInfo uriInfo = (UriInfo) Mockito.mock(UriInfo.class);
        Mockito.when(uriInfo.getPath()).thenReturn(str2);
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) Mockito.mock(ContainerRequestContext.class);
        Mockito.when(containerRequestContext.getMethod()).thenReturn(str);
        Mockito.when(containerRequestContext.getUriInfo()).thenReturn(uriInfo);
        setupJaasFilter("KafkaConnect1", setupPropertyLoginFile(true).getPath()).filter(containerRequestContext);
        ((UriInfo) Mockito.verify(uriInfo)).getPath();
        ((ContainerRequestContext) Mockito.verify(containerRequestContext, Mockito.atLeastOnce())).getMethod();
        ((ContainerRequestContext) Mockito.verify(containerRequestContext)).getUriInfo();
        Mockito.verifyNoMoreInteractions(new Object[]{containerRequestContext});
    }

    @Test
    public void testPostNotChangingConnectorTask() throws IOException {
        UriInfo uriInfo = (UriInfo) Mockito.mock(UriInfo.class);
        Mockito.when(uriInfo.getPath()).thenReturn("local:randomport/connectors/connName");
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) Mockito.mock(ContainerRequestContext.class);
        Mockito.when(containerRequestContext.getMethod()).thenReturn("POST");
        Mockito.when(containerRequestContext.getUriInfo()).thenReturn(uriInfo);
        Mockito.when(containerRequestContext.getHeaderString("Authorization")).thenReturn("Basic" + Base64.getEncoder().encodeToString("user:password".getBytes()));
        setupJaasFilter("KafkaConnect", setupPropertyLoginFile(true).getPath()).filter(containerRequestContext);
        ((ContainerRequestContext) Mockito.verify(containerRequestContext)).abortWith((Response) ArgumentMatchers.any(Response.class));
        ((ContainerRequestContext) Mockito.verify(containerRequestContext)).getUriInfo();
        ((ContainerRequestContext) Mockito.verify(containerRequestContext)).getUriInfo();
    }

    @Test
    public void testUnsupportedCallback() {
        JaasBasicAuthFilter.BasicAuthCallBackHandler basicAuthCallBackHandler = new JaasBasicAuthFilter.BasicAuthCallBackHandler(new JaasBasicAuthFilter.BasicAuthCredentials(authHeader("basic", "user", "pwd")));
        ChoiceCallback choiceCallback = new ChoiceCallback("You take the blue pill... the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill... you stay in Wonderland, and I show you how deep the rabbit hole goes.", new String[]{"blue pill", "red pill"}, 1, true);
        Assertions.assertThrows(ConnectException.class, () -> {
            basicAuthCallBackHandler.handle(new Callback[]{choiceCallback});
        });
    }

    @Test
    public void testSecurityContextSet() throws IOException, URISyntaxException {
        JaasBasicAuthFilter jaasBasicAuthFilter = setupJaasFilter("KafkaConnect", setupPropertyLoginFile(true).getPath());
        ContainerRequestContext mock = setMock("Basic", "user1", "password1");
        Mockito.when(mock.getUriInfo()).thenReturn(Mockito.mock(UriInfo.class));
        Mockito.when(mock.getUriInfo().getRequestUri()).thenReturn(new URI("https://foo.bar"));
        jaasBasicAuthFilter.filter(mock);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(SecurityContext.class);
        ((ContainerRequestContext) Mockito.verify(mock)).setSecurityContext((SecurityContext) forClass.capture());
        Assertions.assertEquals("user1", ((SecurityContext) forClass.getValue()).getUserPrincipal().getName());
        Assertions.assertEquals(true, Boolean.valueOf(((SecurityContext) forClass.getValue()).isSecure()));
    }

    private String authHeader(String str, String str2, String str3) {
        return str + " " + Base64.getEncoder().encodeToString((str2 + ":" + str3).getBytes());
    }

    private ContainerRequestContext setMock(String str, String str2, String str3) {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) Mockito.mock(ContainerRequestContext.class);
        Mockito.when(containerRequestContext.getMethod()).thenReturn("GET");
        Mockito.when(containerRequestContext.getHeaderString("Authorization")).thenReturn(authHeader(str, str2, str3));
        return containerRequestContext;
    }

    private File setupPropertyLoginFile(boolean z) throws IOException {
        File tempFile = TestUtils.tempFile("credential", ".properties");
        if (z) {
            ArrayList arrayList = new ArrayList();
            arrayList.add("user=password");
            arrayList.add("user1=password1");
            Files.write(tempFile.toPath(), arrayList, StandardCharsets.UTF_8, new OpenOption[0]);
        }
        return tempFile;
    }

    private JaasBasicAuthFilter setupJaasFilter(String str, String str2) {
        TestJaasConfig testJaasConfig = new TestJaasConfig();
        testJaasConfig.addEntry(str, LOGIN_MODULE, str2 != null ? Collections.singletonMap("file", str2) : Collections.emptyMap());
        return new JaasBasicAuthFilter(testJaasConfig);
    }
}
