package io.confluent.kafka.security.auth.plain;

import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.security.JaasContext;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:io/confluent/kafka/security/auth/plain/DynamicPlainLoginModuleTest.class */
public class DynamicPlainLoginModuleTest {
    private final Subject subject = new Subject();
    private final DynamicPlainLoginCallbackHandler loginCallbackHandler = new DynamicPlainLoginCallbackHandler();
    private final DynamicPlainLoginModule loginModule = new DynamicPlainLoginModule();
    private DynamicPlainCredential credential = credential("alice", "alice-password");
    private JaasContext jaasContext;

    @BeforeEach
    public void setup() {
        this.jaasContext = JaasContext.loadClientContext(Collections.singletonMap("sasl.jaas.config", new Password("io.confluent.kafka.security.auth.plain.DynamicPlainLoginModule required username_config=\"test.username\" password_config=\"test.password\";")));
        this.loginCallbackHandler.configure(credentialConfigs(this.credential), "PLAIN", this.jaasContext.configurationEntries());
    }

    @Test
    public void testLoginSequence() throws Exception {
        DynamicPlainLoginModule dynamicPlainLoginModule = this.loginModule;
        dynamicPlainLoginModule.getClass();
        Assertions.assertThrows(IllegalStateException.class, dynamicPlainLoginModule::login);
        DynamicPlainLoginModule dynamicPlainLoginModule2 = this.loginModule;
        dynamicPlainLoginModule2.getClass();
        Assertions.assertThrows(IllegalStateException.class, dynamicPlainLoginModule2::commit);
        Assertions.assertEquals(Collections.emptySet(), this.subject.getPrivateCredentials());
        DynamicPlainLoginModule dynamicPlainLoginModule3 = this.loginModule;
        dynamicPlainLoginModule3.getClass();
        Assertions.assertTrue(dynamicPlainLoginModule3::logout);
        Assertions.assertTrue(this.loginModule.abort());
        Map<String, ?> jaasOptions = jaasOptions();
        this.loginModule.initialize(this.subject, this.loginCallbackHandler, Collections.emptyMap(), jaasOptions);
        Assertions.assertEquals(Collections.emptySet(), this.subject.getPrivateCredentials());
        Assertions.assertThrows(IllegalStateException.class, () -> {
            this.loginModule.initialize(this.subject, this.loginCallbackHandler, Collections.emptyMap(), jaasOptions);
        });
        this.loginModule.login();
        Assertions.assertEquals(Collections.emptySet(), this.subject.getPrivateCredentials());
        DynamicPlainLoginModule dynamicPlainLoginModule4 = this.loginModule;
        dynamicPlainLoginModule4.getClass();
        Assertions.assertThrows(IllegalStateException.class, dynamicPlainLoginModule4::login);
        this.loginModule.commit();
        verifyCredential(this.credential);
        DynamicPlainLoginModule dynamicPlainLoginModule5 = this.loginModule;
        dynamicPlainLoginModule5.getClass();
        Assertions.assertThrows(IllegalStateException.class, dynamicPlainLoginModule5::commit);
        DynamicPlainLoginModule dynamicPlainLoginModule6 = this.loginModule;
        dynamicPlainLoginModule6.getClass();
        Assertions.assertThrows(IllegalStateException.class, dynamicPlainLoginModule6::login);
        Assertions.assertTrue(this.loginModule.abort());
        this.loginModule.logout();
        DynamicPlainLoginModule dynamicPlainLoginModule7 = this.loginModule;
        dynamicPlainLoginModule7.getClass();
        Assertions.assertTrue(dynamicPlainLoginModule7::logout);
        Assertions.assertTrue(this.loginModule.abort());
        DynamicPlainLoginModule dynamicPlainLoginModule8 = this.loginModule;
        dynamicPlainLoginModule8.getClass();
        Assertions.assertThrows(IllegalStateException.class, dynamicPlainLoginModule8::commit);
        verifyCredential(this.credential);
        this.loginModule.login();
        verifyCredential(this.credential);
        this.loginModule.abort();
        verifyCredential(this.credential);
        DynamicPlainLoginModule dynamicPlainLoginModule9 = this.loginModule;
        dynamicPlainLoginModule9.getClass();
        Assertions.assertThrows(IllegalStateException.class, dynamicPlainLoginModule9::commit);
        this.loginModule.login();
        this.loginModule.commit();
        verifyCredential(this.credential);
    }

    @Test
    public void testCredentialRotation() throws Exception {
        this.loginModule.initialize(this.subject, this.loginCallbackHandler, Collections.emptyMap(), jaasOptions());
        this.loginModule.login();
        this.loginModule.commit();
        verifyCredential(this.credential);
        DynamicPlainCredential dynamicPlainCredential = this.credential;
        this.credential = credential("bob", "bob-password");
        this.loginCallbackHandler.reconfigure(credentialConfigs(this.credential));
        this.loginModule.logout();
        verifyCredential(dynamicPlainCredential);
        this.loginModule.login();
        verifyCredential(dynamicPlainCredential);
        this.loginModule.commit();
        verifyCredential(this.credential);
    }

    private void verifyCredential(DynamicPlainCredential dynamicPlainCredential) {
        Assertions.assertEquals(Collections.emptySet(), this.subject.getPublicCredentials());
        Assertions.assertEquals(Collections.singleton(dynamicPlainCredential), this.subject.getPrivateCredentials());
        Assertions.assertEquals(Collections.singleton(dynamicPlainCredential), this.subject.getPrivateCredentials(DynamicPlainCredential.class));
    }

    private Map<String, ?> jaasOptions() {
        return ((AppConfigurationEntry) this.jaasContext.configurationEntries().get(0)).getOptions();
    }

    private Map<String, String> credentialConfigs(DynamicPlainCredential dynamicPlainCredential) {
        HashMap hashMap = new HashMap(2);
        hashMap.put("test.username", dynamicPlainCredential.username());
        hashMap.put("test.password", new String(dynamicPlainCredential.password()));
        return hashMap;
    }

    private DynamicPlainCredential credential(String str, String str2) {
        return new DynamicPlainCredential(str, str2.toCharArray());
    }
}
