package org.apache.kafka.connect.rest.basic.auth.extension;

import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.util.ArrayList;
import java.util.Base64;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.ChoiceCallback;
import javax.security.auth.login.Configuration;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.apache.kafka.connect.errors.ConnectException;
import org.apache.kafka.connect.rest.basic.auth.extension.JaasBasicAuthFilter;
import org.easymock.EasyMock;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.powermock.api.easymock.PowerMock;
import org.powermock.api.easymock.annotation.MockStrict;
import org.powermock.core.classloader.annotations.PowerMockIgnore;
import org.powermock.modules.junit4.PowerMockRunner;

@RunWith(PowerMockRunner.class)
@PowerMockIgnore({"javax.*"})
/* loaded from: input_file:org/apache/kafka/connect/rest/basic/auth/extension/JaasBasicAuthFilterTest.class */
public class JaasBasicAuthFilterTest {

    @MockStrict
    private ContainerRequestContext requestContext;
    private JaasBasicAuthFilter jaasBasicAuthFilter = new JaasBasicAuthFilter();
    private String previousJaasConfig;
    private Configuration previousConfiguration;

    @MockStrict
    private UriInfo uriInfo;

    @Before
    public void setup() {
        EasyMock.reset(new Object[]{this.requestContext});
    }

    @After
    public void tearDown() {
        if (this.previousJaasConfig != null) {
            System.setProperty("java.security.auth.login.config", this.previousJaasConfig);
        }
        Configuration.setConfiguration(this.previousConfiguration);
    }

    @Test
    public void testSuccess() throws IOException {
        File createTempFile = File.createTempFile("credential", ".properties");
        createTempFile.deleteOnExit();
        ArrayList arrayList = new ArrayList();
        arrayList.add("user=password");
        arrayList.add("user1=password1");
        Files.write(createTempFile.toPath(), arrayList, StandardCharsets.UTF_8, new OpenOption[0]);
        setupJaasConfig("KafkaConnect", createTempFile.getPath(), true);
        setMock("Basic", "user", "password", false);
        this.jaasBasicAuthFilter.filter(this.requestContext);
    }

    @Test
    public void testBadCredential() throws IOException {
        setMock("Basic", "user1", "password", true);
        this.jaasBasicAuthFilter.filter(this.requestContext);
    }

    @Test
    public void testBadPassword() throws IOException {
        setMock("Basic", "user", "password1", true);
        this.jaasBasicAuthFilter.filter(this.requestContext);
    }

    @Test
    public void testUnknownBearer() throws IOException {
        setMock("Unknown", "user", "password", true);
        this.jaasBasicAuthFilter.filter(this.requestContext);
    }

    @Test
    public void testUnknownLoginModule() throws IOException {
        setupJaasConfig("KafkaConnect1", "/tmp/testcrednetial", true);
        Configuration.setConfiguration((Configuration) null);
        setMock("Basic", "user", "password", true);
        this.jaasBasicAuthFilter.filter(this.requestContext);
    }

    @Test
    public void testUnknownCredentialsFile() throws IOException {
        setupJaasConfig("KafkaConnect", "/tmp/testcrednetial", true);
        Configuration.setConfiguration((Configuration) null);
        setMock("Basic", "user", "password", true);
        this.jaasBasicAuthFilter.filter(this.requestContext);
    }

    @Test
    public void testEmptyCredentialsFile() throws IOException {
        File createTempFile = File.createTempFile("ks-jaas-", ".conf");
        createTempFile.deleteOnExit();
        System.setProperty("java.security.auth.login.config", createTempFile.getPath());
        setupJaasConfig("KafkaConnect", "", true);
        Configuration.setConfiguration((Configuration) null);
        setMock("Basic", "user", "password", true);
        this.jaasBasicAuthFilter.filter(this.requestContext);
    }

    @Test
    public void testNoFileOption() throws IOException {
        File createTempFile = File.createTempFile("ks-jaas-", ".conf");
        createTempFile.deleteOnExit();
        System.setProperty("java.security.auth.login.config", createTempFile.getPath());
        setupJaasConfig("KafkaConnect", "", false);
        Configuration.setConfiguration((Configuration) null);
        setMock("Basic", "user", "password", true);
        this.jaasBasicAuthFilter.filter(this.requestContext);
    }

    @Test
    public void testPostWithoutAppropriateCredential() throws IOException {
        EasyMock.expect(this.requestContext.getMethod()).andReturn("POST");
        EasyMock.expect(this.requestContext.getUriInfo()).andReturn(this.uriInfo);
        EasyMock.expect(this.uriInfo.getPath()).andReturn("connectors/connName/tasks");
        PowerMock.replayAll(new Object[0]);
        this.jaasBasicAuthFilter.filter(this.requestContext);
        EasyMock.verify(new Object[]{this.requestContext});
    }

    @Test
    public void testPostNotChangingConnectorTask() throws IOException {
        EasyMock.expect(this.requestContext.getMethod()).andReturn("POST");
        EasyMock.expect(this.requestContext.getUriInfo()).andReturn(this.uriInfo);
        EasyMock.expect(this.uriInfo.getPath()).andReturn("local:randomport/connectors/connName");
        EasyMock.expect(this.requestContext.getHeaderString("Authorization")).andReturn("Basic" + Base64.getEncoder().encodeToString("user:password".getBytes()));
        this.requestContext.abortWith((Response) EasyMock.anyObject(Response.class));
        EasyMock.expectLastCall();
        PowerMock.replayAll(new Object[0]);
        this.jaasBasicAuthFilter.filter(this.requestContext);
        EasyMock.verify(new Object[]{this.requestContext});
    }

    @Test(expected = ConnectException.class)
    public void testUnsupportedCallback() throws Exception {
        new JaasBasicAuthFilter.BasicAuthCallBackHandler(authHeader("basic", "user", "pwd")).handle(new Callback[]{new ChoiceCallback("You take the blue pill... the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill... you stay in Wonderland, and I show you how deep the rabbit hole goes.", new String[]{"blue pill", "red pill"}, 1, true)});
    }

    private String authHeader(String str, String str2, String str3) {
        return str + " " + Base64.getEncoder().encodeToString((str2 + ":" + str3).getBytes());
    }

    private void setMock(String str, String str2, String str3, boolean z) {
        EasyMock.expect(this.requestContext.getMethod()).andReturn("GET");
        EasyMock.expect(this.requestContext.getHeaderString("Authorization")).andReturn(authHeader(str, str2, str3));
        if (z) {
            this.requestContext.abortWith((Response) EasyMock.anyObject(Response.class));
            EasyMock.expectLastCall();
        }
        PowerMock.replayAll(new Object[0]);
    }

    private void setupJaasConfig(String str, String str2, boolean z) throws IOException {
        File createTempFile = File.createTempFile("ks-jaas-", ".conf");
        createTempFile.deleteOnExit();
        this.previousJaasConfig = System.setProperty("java.security.auth.login.config", createTempFile.getPath());
        ArrayList arrayList = new ArrayList();
        arrayList.add(str + " { org.apache.kafka.connect.rest.basic.auth.extension.PropertyFileLoginModule required ");
        if (z) {
            arrayList.add("file=\"" + str2 + "\"");
        }
        arrayList.add(";};");
        Files.write(createTempFile.toPath(), arrayList, StandardCharsets.UTF_8, new OpenOption[0]);
        this.previousConfiguration = Configuration.getConfiguration();
        Configuration.setConfiguration((Configuration) null);
    }
}
