package kafka.security.authorizer;

import java.net.InetAddress;
import java.util.Properties;
import java.util.UUID;
import kafka.security.auth.SimpleAclAuthorizer;
import kafka.security.auth.SimpleAclAuthorizer$;
import kafka.server.KafkaConfig;
import kafka.server.KafkaConfig$;
import kafka.utils.TestUtils$;
import kafka.zk.ZooKeeperTestHarness;
import kafka.zookeeper.ZooKeeperClient;
import org.apache.kafka.common.acl.AccessControlEntry;
import org.apache.kafka.common.acl.AclOperation;
import org.apache.kafka.common.acl.AclPermissionType;
import org.apache.kafka.common.protocol.ApiKeys;
import org.apache.kafka.common.requests.RequestContext;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.resource.ResourcePattern;
import org.apache.kafka.common.resource.ResourceType;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.utils.Time;
import org.apache.kafka.server.authorizer.Authorizer;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import scala.None$;
import scala.Predef$;
import scala.collection.immutable.Set;
import scala.package$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.ScalaRunTime$;
import scala.runtime.Statics;

/* compiled from: AuthorizerWrapperTest.scala */
@ScalaSignature(bytes = "\u0006\u0005a3A\u0001D\u0007\u0001)!)q\u0004\u0001C\u0001A!9!\u0005\u0001b\u0001\n\u0013\u0019\u0003BB\u0014\u0001A\u0003%A\u0005C\u0004)\u0001\t\u0007I\u0011B\u0012\t\r%\u0002\u0001\u0015!\u0003%\u0011\u0015q\u0001\u0001\"\u0011+\u0011\u00159\u0004\u0001\"\u00119\u0011\u0015Q\u0005\u0001\"\u00119\u0011\u0015y\u0005\u0001\"\u00019\u0011\u0015y\u0005\u0001\"\u0003U\u0011\u00151\u0006\u0001\"\u00019\u0005U\tU\u000f\u001e5pe&TXM],sCB\u0004XM\u001d+fgRT!AD\b\u0002\u0015\u0005,H\u000f[8sSj,'O\u0003\u0002\u0011#\u0005A1/Z2ve&$\u0018PC\u0001\u0013\u0003\u0015Y\u0017MZ6b\u0007\u0001\u00192\u0001A\u000b\u001c!\t1\u0012$D\u0001\u0018\u0015\tA\u0012#\u0001\u0002{W&\u0011!d\u0006\u0002\u00155>|7*Z3qKJ$Vm\u001d;ICJtWm]:\u0011\u0005qiR\"A\u0007\n\u0005yi!A\u0005\"bg\u0016\fU\u000f\u001e5pe&TXM\u001d+fgR\fa\u0001P5oSRtD#A\u0011\u0011\u0005q\u0001\u0011aF<sCB\u0004X\rZ*j[BdW-Q;uQ>\u0014\u0018N_3s+\u0005!\u0003C\u0001\u000f&\u0013\t1SBA\tBkRDwN]5{KJ<&/\u00199qKJ\f\u0001d\u001e:baB,GmU5na2,\u0017)\u001e;i_JL'0\u001a:!\u0003\u0011:(/\u00199qK\u0012\u001c\u0016.\u001c9mK\u0006+H\u000f[8sSj,'/\u00117m_^,e/\u001a:z_:,\u0017!J<sCB\u0004X\rZ*j[BdW-Q;uQ>\u0014\u0018N_3s\u00032dwn^#wKJLxN\\3!+\u0005Y\u0003C\u0001\u00176\u001b\u0005i#B\u0001\b/\u0015\ty\u0003'\u0001\u0004tKJ4XM\u001d\u0006\u0003%ER!AM\u001a\u0002\r\u0005\u0004\u0018m\u00195f\u0015\u0005!\u0014aA8sO&\u0011a'\f\u0002\u000b\u0003V$\bn\u001c:ju\u0016\u0014\u0018!B:fiV\u0003H#A\u001d\u0011\u0005ijT\"A\u001e\u000b\u0003q\nQa]2bY\u0006L!AP\u001e\u0003\tUs\u0017\u000e\u001e\u0015\u0003\u000f\u0001\u0003\"!\u0011%\u000e\u0003\tS!a\u0011#\u0002\u0007\u0005\u0004\u0018N\u0003\u0002F\r\u00069!.\u001e9ji\u0016\u0014(BA$4\u0003\u0015QWO\\5u\u0013\tI%I\u0001\u0006CK\u001a|'/Z#bG\"\f\u0001\u0002^3be\u0012{wO\u001c\u0015\u0003\u00111\u0003\"!Q'\n\u00059\u0013%!C!gi\u0016\u0014X)Y2i\u00039\"Xm\u001d;BkRDwN]5{K\nK(+Z:pkJ\u001cW\rV=qK\u0016s\u0017M\u00197f\u00032dwn^#wKJLxJ\\3)\u0005%\t\u0006CA!S\u0013\t\u0019&I\u0001\u0003UKN$HCA\u001dV\u0011\u0015q!\u00021\u0001,\u0003]\"Xm\u001d;BkRDwN]5{K\nK(+Z:pkJ\u001cW\rV=qK\u0012K7/\u00192mK\u0006cGn\\<Fm\u0016\u0014\u0018p\u001c8f\u001fZ,'O]5eK\"\u00121\"\u0015")
/* loaded from: input_file:kafka/security/authorizer/AuthorizerWrapperTest.class */
public class AuthorizerWrapperTest extends ZooKeeperTestHarness implements BaseAuthorizerTest {
    private final AuthorizerWrapper wrappedSimpleAuthorizer;
    private final AuthorizerWrapper wrappedSimpleAuthorizerAllowEveryone;
    private String superUsers;
    private String username;
    private KafkaPrincipal principal;
    private RequestContext requestContext;
    private String superUserName;
    private KafkaConfig config;
    private ZooKeeperClient zooKeeperClient;
    private ResourcePattern resource;

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    @Test
    public void testAuthorizeByResourceTypeMultipleAddAndRemove() {
        testAuthorizeByResourceTypeMultipleAddAndRemove();
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    @Test
    public void testAuthorizeByResourceTypeIsolationUnrelatedDenyWontDominateAllow() {
        testAuthorizeByResourceTypeIsolationUnrelatedDenyWontDominateAllow();
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    @Test
    public void testAuthorizeByResourceTypeDenyTakesPrecedence() {
        testAuthorizeByResourceTypeDenyTakesPrecedence();
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    @Test
    public void testAuthorizeByResourceTypePrefixedResourceDenyDominate() {
        testAuthorizeByResourceTypePrefixedResourceDenyDominate();
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    @Test
    public void testAuthorizeByResourceTypeWildcardResourceDenyDominate() {
        testAuthorizeByResourceTypeWildcardResourceDenyDominate();
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    @Test
    public void testAuthorizeByResourceTypeWithAllOperationAce() {
        testAuthorizeByResourceTypeWithAllOperationAce();
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    @Test
    public void testAuthorizeByResourceTypeWithAllHostAce() {
        testAuthorizeByResourceTypeWithAllHostAce();
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    @Test
    public void testAuthorizeByResourceTypeWithAllPrincipalAce() {
        testAuthorizeByResourceTypeWithAllPrincipalAce();
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    @Test
    public void testAuthorzeByResourceTypeSuperUserHasAccess() {
        testAuthorzeByResourceTypeSuperUserHasAccess();
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public RequestContext newRequestContext(KafkaPrincipal kafkaPrincipal, InetAddress inetAddress, ApiKeys apiKeys) {
        RequestContext newRequestContext;
        newRequestContext = newRequestContext(kafkaPrincipal, inetAddress, apiKeys);
        return newRequestContext;
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public ApiKeys newRequestContext$default$3() {
        ApiKeys newRequestContext$default$3;
        newRequestContext$default$3 = newRequestContext$default$3();
        return newRequestContext$default$3;
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public boolean authorizeByResourceType(Authorizer authorizer, RequestContext requestContext, AclOperation aclOperation, ResourceType resourceType) {
        boolean authorizeByResourceType;
        authorizeByResourceType = authorizeByResourceType(authorizer, requestContext, aclOperation, resourceType);
        return authorizeByResourceType;
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public void addAcls(Authorizer authorizer, Set<AccessControlEntry> set, ResourcePattern resourcePattern) {
        addAcls(authorizer, set, resourcePattern);
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public boolean removeAcls(Authorizer authorizer, Set<AccessControlEntry> set, ResourcePattern resourcePattern) {
        boolean removeAcls;
        removeAcls = removeAcls(authorizer, set, resourcePattern);
        return removeAcls;
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public String superUsers() {
        return this.superUsers;
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public String username() {
        return this.username;
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public KafkaPrincipal principal() {
        return this.principal;
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public RequestContext requestContext() {
        return this.requestContext;
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public String superUserName() {
        return this.superUserName;
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public KafkaConfig config() {
        return this.config;
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public void config_$eq(KafkaConfig kafkaConfig) {
        this.config = kafkaConfig;
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public ZooKeeperClient zooKeeperClient() {
        return this.zooKeeperClient;
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public void zooKeeperClient_$eq(ZooKeeperClient zooKeeperClient) {
        this.zooKeeperClient = zooKeeperClient;
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public ResourcePattern resource() {
        return this.resource;
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public void resource_$eq(ResourcePattern resourcePattern) {
        this.resource = resourcePattern;
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public void kafka$security$authorizer$BaseAuthorizerTest$_setter_$superUsers_$eq(String str) {
        this.superUsers = str;
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public void kafka$security$authorizer$BaseAuthorizerTest$_setter_$username_$eq(String str) {
        this.username = str;
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public void kafka$security$authorizer$BaseAuthorizerTest$_setter_$principal_$eq(KafkaPrincipal kafkaPrincipal) {
        this.principal = kafkaPrincipal;
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public void kafka$security$authorizer$BaseAuthorizerTest$_setter_$requestContext_$eq(RequestContext requestContext) {
        this.requestContext = requestContext;
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public void kafka$security$authorizer$BaseAuthorizerTest$_setter_$superUserName_$eq(String str) {
        this.superUserName = str;
    }

    private AuthorizerWrapper wrappedSimpleAuthorizer() {
        return this.wrappedSimpleAuthorizer;
    }

    private AuthorizerWrapper wrappedSimpleAuthorizerAllowEveryone() {
        return this.wrappedSimpleAuthorizerAllowEveryone;
    }

    @Override // kafka.security.authorizer.BaseAuthorizerTest
    public Authorizer authorizer() {
        return wrappedSimpleAuthorizer();
    }

    @Override // kafka.zk.ZooKeeperTestHarness
    @BeforeEach
    public void setUp() {
        super.setUp();
        TestUtils$ testUtils$ = TestUtils$.MODULE$;
        String zkConnect = zkConnect();
        TestUtils$ testUtils$2 = TestUtils$.MODULE$;
        TestUtils$ testUtils$3 = TestUtils$.MODULE$;
        int RandomPort = TestUtils$.MODULE$.RandomPort();
        TestUtils$ testUtils$4 = TestUtils$.MODULE$;
        None$ none$ = None$.MODULE$;
        TestUtils$ testUtils$5 = TestUtils$.MODULE$;
        None$ none$2 = None$.MODULE$;
        TestUtils$ testUtils$6 = TestUtils$.MODULE$;
        None$ none$3 = None$.MODULE$;
        TestUtils$ testUtils$7 = TestUtils$.MODULE$;
        TestUtils$ testUtils$8 = TestUtils$.MODULE$;
        int RandomPort2 = TestUtils$.MODULE$.RandomPort();
        TestUtils$ testUtils$9 = TestUtils$.MODULE$;
        int RandomPort3 = TestUtils$.MODULE$.RandomPort();
        TestUtils$ testUtils$10 = TestUtils$.MODULE$;
        int RandomPort4 = TestUtils$.MODULE$.RandomPort();
        TestUtils$ testUtils$11 = TestUtils$.MODULE$;
        None$ none$4 = None$.MODULE$;
        TestUtils$ testUtils$12 = TestUtils$.MODULE$;
        TestUtils$ testUtils$13 = TestUtils$.MODULE$;
        TestUtils$ testUtils$14 = TestUtils$.MODULE$;
        TestUtils$ testUtils$15 = TestUtils$.MODULE$;
        Properties createBrokerConfig = testUtils$.createBrokerConfig(0, zkConnect, true, true, RandomPort, none$, none$2, none$3, true, false, RandomPort2, false, RandomPort3, false, RandomPort4, none$4, 1, false, 1, (short) 1);
        createBrokerConfig.put(AclAuthorizer$.MODULE$.SuperUsersProp(), superUsers());
        config_$eq(KafkaConfig$.MODULE$.fromProps(createBrokerConfig));
        wrappedSimpleAuthorizer().configure(config().originals());
        createBrokerConfig.put(SimpleAclAuthorizer$.MODULE$.AllowEveryoneIfNoAclIsFoundProp(), "true");
        config_$eq(KafkaConfig$.MODULE$.fromProps(createBrokerConfig));
        wrappedSimpleAuthorizerAllowEveryone().configure(config().originals());
        resource_$eq(new ResourcePattern(ResourceType.TOPIC, new StringBuilder(4).append("foo-").append(UUID.randomUUID()).toString(), PatternType.LITERAL));
        zooKeeperClient_$eq(new ZooKeeperClient(zkConnect(), zkSessionTimeout(), zkConnectionTimeout(), zkMaxInFlightRequests(), Time.SYSTEM, "kafka.test", "AuthorizerWrapperTest"));
    }

    @Override // kafka.zk.ZooKeeperTestHarness
    @AfterEach
    public void tearDown() {
        package$.MODULE$.Seq().apply(ScalaRunTime$.MODULE$.wrapRefArray(new AuthorizerWrapper[]{wrappedSimpleAuthorizer(), wrappedSimpleAuthorizerAllowEveryone()})).foreach(authorizerWrapper -> {
            authorizerWrapper.close();
            return BoxedUnit.UNIT;
        });
        zooKeeperClient().close();
        super.tearDown();
    }

    @Test
    public void testAuthorizeByResourceTypeEnableAllowEveryOne() {
        testAuthorizeByResourceTypeEnableAllowEveryOne(wrappedSimpleAuthorizer());
    }

    private void testAuthorizeByResourceTypeEnableAllowEveryOne(Authorizer authorizer) {
        Assertions.assertTrue(authorizeByResourceType(wrappedSimpleAuthorizerAllowEveryone(), requestContext(), AclOperation.READ, resource().resourceType()), "If allow.everyone.if.no.acl.found = true, caller should have read access to at least one topic");
        AccessControlEntry accessControlEntry = new AccessControlEntry(AclEntry$.MODULE$.WildcardPrincipalString(), AclEntry$.MODULE$.WildcardHost(), AclOperation.ALL, AclPermissionType.DENY);
        ResourcePattern resourcePattern = new ResourcePattern(resource().resourceType(), AclEntry$.MODULE$.WildcardResource(), PatternType.LITERAL);
        addAcls(wrappedSimpleAuthorizerAllowEveryone(), (Set) Predef$.MODULE$.Set().apply(ScalaRunTime$.MODULE$.wrapRefArray(new AccessControlEntry[]{accessControlEntry})), resource());
        Assertions.assertTrue(authorizeByResourceType(wrappedSimpleAuthorizerAllowEveryone(), requestContext(), AclOperation.READ, resource().resourceType()), "Should still allow since the deny only apply on the specific resource");
        addAcls(wrappedSimpleAuthorizerAllowEveryone(), (Set) Predef$.MODULE$.Set().apply(ScalaRunTime$.MODULE$.wrapRefArray(new AccessControlEntry[]{accessControlEntry})), resourcePattern);
        Assertions.assertFalse(authorizeByResourceType(wrappedSimpleAuthorizerAllowEveryone(), requestContext(), AclOperation.READ, resource().resourceType()), "When an ACL binding which can deny all users and hosts exists, even if allow.everyone.if.no.acl.found = true, caller shouldn't have read access any topic");
    }

    @Test
    public void testAuthorizeByResourceTypeDisableAllowEveryoneOverride() {
        Assertions.assertFalse(authorizeByResourceType(wrappedSimpleAuthorizer(), requestContext(), AclOperation.READ, resource().resourceType()), "If allow.everyone.if.no.acl.found = false, caller shouldn't have read access to any topic");
    }

    public AuthorizerWrapperTest() {
        BaseAuthorizerTest.$init$(this);
        this.wrappedSimpleAuthorizer = new AuthorizerWrapper(new SimpleAclAuthorizer());
        this.wrappedSimpleAuthorizerAllowEveryone = new AuthorizerWrapper(new SimpleAclAuthorizer());
        Statics.releaseFence();
    }
}
