package kafka.api;

import java.io.File;
import java.security.AccessController;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.net.ssl.SSLSession;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import kafka.server.KafkaConfig$;
import kafka.utils.JaasTestUtils;
import kafka.utils.JaasTestUtils$;
import kafka.utils.JaasTestUtils$PlainLoginModule$;
import kafka.utils.TestUtils$;
import org.apache.kafka.common.network.Mode;
import org.apache.kafka.common.security.auth.AuthenticateCallbackHandler;
import org.apache.kafka.common.security.auth.AuthenticationContext;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.KafkaPrincipalBuilder;
import org.apache.kafka.common.security.auth.SaslAuthenticationContext;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.security.plain.PlainAuthenticateCallback;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import scala.Option;
import scala.Predef$;
import scala.Some;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.collection.mutable.ArrayOps;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.runtime.ObjectRef;

/* compiled from: SaslPlainSslEndToEndAuthorizationTest.scala */
@ScalaSignature(bytes = "\u0006\u0001\t}q!\u0002\u0013&\u0011\u0003Qc!\u0002\u0017&\u0011\u0003i\u0003\"\u0002\u001b\u0002\t\u0003)d\u0001\u0002\u001c\u0002\u0001]BQ\u0001N\u0002\u0005\u0002=CQAU\u0002\u0005BM;Q\u0001X\u0001\t\u0002u3QAX\u0001\t\u0002}CQ\u0001N\u0004\u0005\u0002\u0001Dq!Y\u0004C\u0002\u0013\u0005!\r\u0003\u0004o\u000f\u0001\u0006Ia\u0019\u0004\u0005_\u0006\u0001\u0001\u000fC\u00035\u0017\u0011\u0005A\u000fC\u0003w\u0017\u0011\u0005q\u000fC\u0004\u0002T-!\t!!\u0016\t\u000f\u000554\u0002\"\u0001\u0002p\u00191\u0011\u0011O\u0001\u0001\u0003gBa\u0001\u000e\t\u0005\u0002\u0005U\u0004B\u0002<\u0011\t\u0003\tI\bC\u0004\u0002TA!\t!a#\t\u000f\u00055\u0004\u0003\"\u0001\u0002p\u0019)A&\n\u0001\u0002\u0010\"1A'\u0006C\u0001\u0003/C\u0011\"a'\u0016\u0005\u0004%\t!!(\t\u000f\u0005}U\u0003)A\u0005W\"I\u0011\u0011U\u000bC\u0002\u0013%\u00111\u0015\u0005\t\u0003K+\u0002\u0015!\u0003\u0002\b!9\u0011qU\u000b\u0005R\u0005u\u0005bBAU+\u0011E\u00131\u0016\u0005\n\u0003c+\"\u0019!C!\u0003gCq!!.\u0016A\u0003%A\u000bC\u0005\u00028V\u0011\r\u0011\"\u0011\u00024\"9\u0011\u0011X\u000b!\u0002\u0013!\u0006bBA^+\u0011\u0005\u0013Q\u0018\u0005\b\u0003w,B\u0011IA\u007f\u0011\u001d\u0011I!\u0006C\u0001\u0003_\nQeU1tYBc\u0017-\u001b8Tg2,e\u000e\u001a+p\u000b:$\u0017)\u001e;i_JL'0\u0019;j_:$Vm\u001d;\u000b\u0005\u0019:\u0013aA1qS*\t\u0001&A\u0003lC\u001a\\\u0017m\u0001\u0001\u0011\u0005-\nQ\"A\u0013\u0003KM\u000b7\u000f\u001c)mC&t7k\u001d7F]\u0012$v.\u00128e\u0003V$\bn\u001c:ju\u0006$\u0018n\u001c8UKN$8CA\u0001/!\ty#'D\u00011\u0015\u0005\t\u0014!B:dC2\f\u0017BA\u001a1\u0005\u0019\te.\u001f*fM\u00061A(\u001b8jiz\"\u0012A\u000b\u0002\u0015)\u0016\u001cH\u000f\u0015:j]\u000eL\u0007/\u00197Ck&dG-\u001a:\u0014\u0007\rA\u0004\t\u0005\u0002:}5\t!H\u0003\u0002<y\u0005!A.\u00198h\u0015\u0005i\u0014\u0001\u00026bm\u0006L!a\u0010\u001e\u0003\r=\u0013'.Z2u!\t\tU*D\u0001C\u0015\t\u0019E)\u0001\u0003bkRD'BA#G\u0003!\u0019XmY;sSRL(BA$I\u0003\u0019\u0019w.\\7p]*\u0011\u0001&\u0013\u0006\u0003\u0015.\u000ba!\u00199bG\",'\"\u0001'\u0002\u0007=\u0014x-\u0003\u0002O\u0005\n)2*\u00194lCB\u0013\u0018N\\2ja\u0006d')^5mI\u0016\u0014H#\u0001)\u0011\u0005E\u001bQ\"A\u0001\u0002\u000b\t,\u0018\u000e\u001c3\u0015\u0005Q;\u0006CA!V\u0013\t1&I\u0001\bLC\u001a\\\u0017\r\u0015:j]\u000eL\u0007/\u00197\t\u000ba+\u0001\u0019A-\u0002\u000f\r|g\u000e^3yiB\u0011\u0011IW\u0005\u00037\n\u0013Q#Q;uQ\u0016tG/[2bi&|gnQ8oi\u0016DH/A\u0006De\u0016$WM\u001c;jC2\u001c\bCA)\b\u0005-\u0019%/\u001a3f]RL\u0017\r\\:\u0014\u0005\u001dqC#A/\u0002\u0011\u0005dG.V:feN,\u0012a\u0019\t\u0005I&\\7.D\u0001f\u0015\t1w-A\u0005j[6,H/\u00192mK*\u0011\u0001\u000eM\u0001\u000bG>dG.Z2uS>t\u0017B\u00016f\u0005\ri\u0015\r\u001d\t\u0003s1L!!\u001c\u001e\u0003\rM#(/\u001b8h\u0003%\tG\u000e\\+tKJ\u001c\bEA\rUKN$8+\u001a:wKJ\u001c\u0015\r\u001c7cC\u000e\\\u0007*\u00198eY\u0016\u00148cA\u00069cB\u0011\u0011I]\u0005\u0003g\n\u00131$Q;uQ\u0016tG/[2bi\u0016\u001c\u0015\r\u001c7cC\u000e\\\u0007*\u00198eY\u0016\u0014H#A;\u0011\u0005E[\u0011!C2p]\u001aLw-\u001e:f)\u0019A80!\r\u00026A\u0011q&_\u0005\u0003uB\u0012A!\u00168ji\")A0\u0004a\u0001{\u000691m\u001c8gS\u001e\u001c\bg\u0001@\u0002 A9q0!\u0002\u0002\b\u0005mQBAA\u0001\u0015\r\t\u0019\u0001P\u0001\u0005kRLG.C\u0002k\u0003\u0003\u0001B!!\u0003\u0002\u00189!\u00111BA\n!\r\ti\u0001M\u0007\u0003\u0003\u001fQ1!!\u0005*\u0003\u0019a$o\\8u}%\u0019\u0011Q\u0003\u0019\u0002\rA\u0013X\rZ3g\u0013\ri\u0017\u0011\u0004\u0006\u0004\u0003+\u0001\u0004\u0003BA\u000f\u0003?a\u0001\u0001B\u0006\u0002\"m\f\t\u0011!A\u0003\u0002\u0005\r\"aA0%cE!\u0011QEA\u0016!\ry\u0013qE\u0005\u0004\u0003S\u0001$a\u0002(pi\"Lgn\u001a\t\u0004_\u00055\u0012bAA\u0018a\t\u0019\u0011I\\=\t\u000f\u0005MR\u00021\u0001\u0002\b\u0005i1/Y:m\u001b\u0016\u001c\u0007.\u00198jg6Dq!a\u000e\u000e\u0001\u0004\tI$A\tkC\u0006\u001c8i\u001c8gS\u001e,e\u000e\u001e:jKN\u0004Ra`A\u001e\u0003\u007fIA!!\u0010\u0002\u0002\t!A*[:u!\u0011\t\t%a\u0014\u000e\u0005\u0005\r#\u0002BA#\u0003\u000f\nQ\u0001\\8hS:T1aQA%\u0015\r)\u00151\n\u0006\u0003\u0003\u001b\nQA[1wCbLA!!\u0015\u0002D\t)\u0012\t\u001d9D_:4\u0017nZ;sCRLwN\\#oiJL\u0018A\u00025b]\u0012dW\rF\u0002y\u0003/Bq!!\u0017\u000f\u0001\u0004\tY&A\u0005dC2d'-Y2lgB)q&!\u0018\u0002b%\u0019\u0011q\f\u0019\u0003\u000b\u0005\u0013(/Y=\u0011\t\u0005\r\u0014\u0011N\u0007\u0003\u0003KRA!a\u001a\u0002H\u0005A1-\u00197mE\u0006\u001c7.\u0003\u0003\u0002l\u0005\u0015$\u0001C\"bY2\u0014\u0017mY6\u0002\u000b\rdwn]3\u0015\u0003a\u0014\u0011\u0004V3ti\u000ec\u0017.\u001a8u\u0007\u0006dGNY1dW\"\u000bg\u000e\u001a7feN\u0019\u0001\u0003O9\u0015\u0005\u0005]\u0004CA)\u0011)\u001dA\u00181PAD\u0003\u0013Ca\u0001 \nA\u0002\u0005u\u0004\u0007BA@\u0003\u0007\u0003ra`A\u0003\u0003\u000f\t\t\t\u0005\u0003\u0002\u001e\u0005\rE\u0001DAC\u0003w\n\t\u0011!A\u0003\u0002\u0005\r\"aA0%e!9\u00111\u0007\nA\u0002\u0005\u001d\u0001bBA\u001c%\u0001\u0007\u0011\u0011\b\u000b\u0004q\u00065\u0005bBA-'\u0001\u0007\u00111L\n\u0004+\u0005E\u0005cA\u0016\u0002\u0014&\u0019\u0011QS\u0013\u0003;M\u000b7\u000f\\#oIR{WI\u001c3BkRDwN]5{CRLwN\u001c+fgR$\"!!'\u0011\u0005-*\u0012aD7fG\"\fg.[:n!J,g-\u001b=\u0016\u0003-\f\u0001#\\3dQ\u0006t\u0017n]7Qe\u00164\u0017\u000e\u001f\u0011\u0002\u0015Ad\u0017-\u001b8M_\u001eLg.\u0006\u0002\u0002\b\u0005Y\u0001\u000f\\1j]2{w-\u001b8!\u0003aY\u0017MZ6b\u00072LWM\u001c;TCNdW*Z2iC:L7/\\\u0001\u001aW\u000647.Y*feZ,'oU1tY6+7\r[1oSNl7/\u0006\u0002\u0002.B!A-a,l\u0013\r\ti$Z\u0001\u0010G2LWM\u001c;Qe&t7-\u001b9bYV\tA+\u0001\tdY&,g\u000e\u001e)sS:\u001c\u0017\u000e]1mA\u0005q1.\u00194lCB\u0013\u0018N\\2ja\u0006d\u0017aD6bM.\f\u0007K]5oG&\u0004\u0018\r\u001c\u0011\u0002\u0019)\f\u0017m]*fGRLwN\\:\u0015\u0015\u0005}\u0016\u0011]As\u0003[\f9\u0010\u0005\u0004\u0002B\u0006\r\u0017qY\u0007\u0002O&\u0019\u0011QY4\u0003\u0007M+\u0017\u000f\u0005\u0003\u0002J\u0006mg\u0002BAf\u0003+tA!!4\u0002R:!\u0011QBAh\u0013\u0005A\u0013bAAjO\u0005)Q\u000f^5mg&!\u0011q[Am\u00035Q\u0015-Y:UKN$X\u000b^5mg*\u0019\u00111[\u0014\n\t\u0005u\u0017q\u001c\u0002\f\u0015\u0006\f7oU3di&|gN\u0003\u0003\u0002X\u0006e\u0007bBAUC\u0001\u0007\u00111\u001d\t\u0007\u0003\u0003\f\u0019-a\u0002\t\u000f\u0005\u001d\u0016\u00051\u0001\u0002hB)q&!;\u0002\b%\u0019\u00111\u001e\u0019\u0003\r=\u0003H/[8o\u0011%\ty/\tI\u0001\u0002\u0004\t\t0\u0001\u0003n_\u0012,\u0007cA\u0016\u0002t&\u0019\u0011Q_\u0013\u0003\u001bM\u000b7\u000f\\*fiV\u0004Xj\u001c3f\u0011%\tI0\tI\u0001\u0002\u0004\t9!\u0001\u000blC\u001a\\\u0017mU3sm\u0016\u0014XI\u001c;ss:\u000bW.Z\u0001\u0014G2LWM\u001c;TK\u000e,(/\u001b;z!J|\u0007o\u001d\u000b\u0005\u0003\u007f\u0014)\u0001E\u0002��\u0005\u0003IAAa\u0001\u0002\u0002\tQ\u0001K]8qKJ$\u0018.Z:\t\u000f\t\u001d!\u00051\u0001\u0002\b\u0005I1-\u001a:u\u00032L\u0017m]\u0001\ti\u0016\u001cH/Q2mg\"\u001a1E!\u0004\u0011\t\t=!1D\u0007\u0003\u0005#Q1A\nB\n\u0015\u0011\u0011)Ba\u0006\u0002\u000f),\b/\u001b;fe*\u0019!\u0011D&\u0002\u000b),h.\u001b;\n\t\tu!\u0011\u0003\u0002\u0005)\u0016\u001cH\u000f")
/* loaded from: input_file:kafka/api/SaslPlainSslEndToEndAuthorizationTest.class */
public class SaslPlainSslEndToEndAuthorizationTest extends SaslEndToEndAuthorizationTest {
    private final String mechanismPrefix;
    private final String plainLogin;
    private final KafkaPrincipal clientPrincipal;
    private final KafkaPrincipal kafkaPrincipal;

    /* compiled from: SaslPlainSslEndToEndAuthorizationTest.scala */
    /* loaded from: input_file:kafka/api/SaslPlainSslEndToEndAuthorizationTest$TestClientCallbackHandler.class */
    public static class TestClientCallbackHandler implements AuthenticateCallbackHandler {
        public void configure(Map<String, ?> map, String str, List<AppConfigurationEntry> list) {
        }

        public void handle(Callback[] callbackArr) {
            String str = (String) Subject.getSubject(AccessController.getContext()).getPublicCredentials(String.class).iterator().next();
            new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(callbackArr)).foreach(callback -> {
                $anonfun$handle$2(str, callback);
                return BoxedUnit.UNIT;
            });
        }

        public void close() {
        }

        public static final /* synthetic */ void $anonfun$handle$2(String str, Callback callback) {
            if (callback instanceof NameCallback) {
                ((NameCallback) callback).setName(str);
                return;
            }
            if (!(callback instanceof PasswordCallback)) {
                throw new UnsupportedCallbackException(callback);
            }
            String KafkaPlainUser = JaasTestUtils$.MODULE$.KafkaPlainUser();
            if (str != null ? !str.equals(KafkaPlainUser) : KafkaPlainUser != null) {
                String KafkaPlainAdmin = JaasTestUtils$.MODULE$.KafkaPlainAdmin();
                if (str == null) {
                    if (KafkaPlainAdmin != null) {
                        return;
                    }
                } else if (!str.equals(KafkaPlainAdmin)) {
                    return;
                }
            }
            ((PasswordCallback) callback).setPassword(((String) SaslPlainSslEndToEndAuthorizationTest$Credentials$.MODULE$.allUsers().apply(str)).toCharArray());
        }
    }

    /* compiled from: SaslPlainSslEndToEndAuthorizationTest.scala */
    /* loaded from: input_file:kafka/api/SaslPlainSslEndToEndAuthorizationTest$TestPrincipalBuilder.class */
    public static class TestPrincipalBuilder implements KafkaPrincipalBuilder {
        public KafkaPrincipal build(AuthenticationContext authenticationContext) {
            KafkaPrincipal kafkaPrincipal;
            SaslAuthenticationContext saslAuthenticationContext = (SaslAuthenticationContext) authenticationContext;
            String name = ((SSLSession) saslAuthenticationContext.sslSession().get()).getPeerPrincipal().getName();
            Assertions.assertTrue(name.endsWith(new StringBuilder(3).append("CN=").append(TestUtils$.MODULE$.SslCertificateCn()).toString()), new StringBuilder(25).append("Unexpected SSL principal ").append(name).toString());
            String authorizationID = saslAuthenticationContext.server().getAuthorizationID();
            String KafkaPlainAdmin = JaasTestUtils$.MODULE$.KafkaPlainAdmin();
            if (KafkaPlainAdmin != null ? !KafkaPlainAdmin.equals(authorizationID) : authorizationID != null) {
                String KafkaPlainUser = JaasTestUtils$.MODULE$.KafkaPlainUser();
                kafkaPrincipal = (KafkaPlainUser != null ? !KafkaPlainUser.equals(authorizationID) : authorizationID != null) ? KafkaPrincipal.ANONYMOUS : new KafkaPrincipal("User", "user");
            } else {
                kafkaPrincipal = new KafkaPrincipal("User", "admin");
            }
            return kafkaPrincipal;
        }
    }

    /* compiled from: SaslPlainSslEndToEndAuthorizationTest.scala */
    /* loaded from: input_file:kafka/api/SaslPlainSslEndToEndAuthorizationTest$TestServerCallbackHandler.class */
    public static class TestServerCallbackHandler implements AuthenticateCallbackHandler {
        public void configure(Map<String, ?> map, String str, List<AppConfigurationEntry> list) {
        }

        public void handle(Callback[] callbackArr) {
            ObjectRef create = ObjectRef.create((Object) null);
            new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(callbackArr)).foreach(callback -> {
                $anonfun$handle$1(create, callback);
                return BoxedUnit.UNIT;
            });
        }

        public void close() {
        }

        public static final /* synthetic */ void $anonfun$handle$1(ObjectRef objectRef, Callback callback) {
            if (callback instanceof NameCallback) {
                objectRef.elem = ((NameCallback) callback).getDefaultName();
            } else {
                if (!(callback instanceof PlainAuthenticateCallback)) {
                    throw new UnsupportedCallbackException(callback);
                }
                PlainAuthenticateCallback plainAuthenticateCallback = (PlainAuthenticateCallback) callback;
                Object apply = SaslPlainSslEndToEndAuthorizationTest$Credentials$.MODULE$.allUsers().apply((String) objectRef.elem);
                plainAuthenticateCallback.authenticated(apply != null && apply.equals(new String(plainAuthenticateCallback.password())));
            }
        }
    }

    public String mechanismPrefix() {
        return this.mechanismPrefix;
    }

    private String plainLogin() {
        return this.plainLogin;
    }

    @Override // kafka.api.SaslEndToEndAuthorizationTest
    public String kafkaClientSaslMechanism() {
        return "PLAIN";
    }

    @Override // kafka.api.SaslEndToEndAuthorizationTest
    public scala.collection.immutable.List<String> kafkaServerSaslMechanisms() {
        return new $colon.colon("PLAIN", Nil$.MODULE$);
    }

    @Override // kafka.api.EndToEndAuthorizationTest
    public KafkaPrincipal clientPrincipal() {
        return this.clientPrincipal;
    }

    @Override // kafka.api.EndToEndAuthorizationTest
    public KafkaPrincipal kafkaPrincipal() {
        return this.kafkaPrincipal;
    }

    @Override // kafka.api.EndToEndAuthorizationTest, kafka.api.SaslSetup
    public Seq<JaasTestUtils.JaasSection> jaasSections(Seq<String> seq, Option<String> option, SaslSetupMode saslSetupMode, String str) {
        return (Seq) new $colon.colon(new JaasTestUtils.JaasSection(str, new $colon.colon(new JaasTestUtils.PlainLoginModule(JaasTestUtils$.MODULE$.KafkaPlainAdmin(), "", JaasTestUtils$PlainLoginModule$.MODULE$.apply$default$3(), JaasTestUtils$PlainLoginModule$.MODULE$.apply$default$4()), Nil$.MODULE$)), new $colon.colon(new JaasTestUtils.JaasSection(JaasTestUtils$.MODULE$.KafkaClientContextName(), new $colon.colon(new JaasTestUtils.PlainLoginModule(JaasTestUtils$.MODULE$.KafkaPlainUser2(), JaasTestUtils$.MODULE$.KafkaPlainPassword2(), JaasTestUtils$PlainLoginModule$.MODULE$.apply$default$3(), JaasTestUtils$PlainLoginModule$.MODULE$.apply$default$4()), Nil$.MODULE$)), Nil$.MODULE$)).$plus$plus(JaasTestUtils$.MODULE$.zkSections(), Seq$.MODULE$.canBuildFrom());
    }

    @Override // kafka.api.IntegrationTestHarness
    public Properties clientSecurityProps(String str) {
        Mode mode = Mode.CLIENT;
        SecurityProtocol securityProtocol = securityProtocol();
        Option<File> trustStoreFile = mo24trustStoreFile();
        String SslCertificateCn = TestUtils$.MODULE$.SslCertificateCn();
        Option<Properties> clientSaslProperties = mo11clientSaslProperties();
        Option<Object> some = new Some<>(BoxesRunTime.boxToBoolean(true));
        return TestUtils$.MODULE$.securityConfigs(mode, securityProtocol, trustStoreFile, str, SslCertificateCn, clientSaslProperties, TestUtils$.MODULE$.securityConfigs$default$7(), some);
    }

    @Test
    public void testAcls() {
        TestUtils$.MODULE$.verifySecureZkAcls(zkClient(), 1);
    }

    public SaslPlainSslEndToEndAuthorizationTest() {
        serverConfig().setProperty(new StringBuilder(0).append(listenerName().configPrefix()).append(KafkaConfig$.MODULE$.SslClientAuthProp()).toString(), "required");
        serverConfig().setProperty("principal.builder.class", TestPrincipalBuilder.class.getName());
        serverConfig().put(KafkaConfig$.MODULE$.SaslClientCallbackHandlerClassProp(), TestClientCallbackHandler.class.getName());
        this.mechanismPrefix = listenerName().saslMechanismConfigPrefix("PLAIN");
        serverConfig().put(new StringBuilder(0).append(mechanismPrefix()).append(KafkaConfig$.MODULE$.SaslServerCallbackHandlerClassProp()).toString(), TestServerCallbackHandler.class.getName());
        producerConfig().put("sasl.client.callback.handler.class", TestClientCallbackHandler.class.getName());
        consumerConfig().put("sasl.client.callback.handler.class", TestClientCallbackHandler.class.getName());
        adminClientConfig().put("sasl.client.callback.handler.class", TestClientCallbackHandler.class.getName());
        this.plainLogin = new StringBuilder(75).append("org.apache.kafka.common.security.plain.PlainLoginModule username=").append(JaasTestUtils$.MODULE$.KafkaPlainUser()).append(" required;").toString();
        producerConfig().put("sasl.jaas.config", plainLogin());
        consumerConfig().put("sasl.jaas.config", plainLogin());
        adminClientConfig().put("sasl.jaas.config", plainLogin());
        this.clientPrincipal = new KafkaPrincipal("User", "user");
        this.kafkaPrincipal = new KafkaPrincipal("User", "admin");
    }
}
