package kafka.api;

import java.io.File;
import java.security.AccessController;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.net.ssl.SSLSession;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import kafka.server.KafkaConfig$;
import kafka.utils.JaasTestUtils;
import kafka.utils.JaasTestUtils$;
import kafka.utils.JaasTestUtils$PlainLoginModule$;
import kafka.utils.TestUtils$;
import org.apache.kafka.common.network.Mode;
import org.apache.kafka.common.security.auth.AuthenticateCallbackHandler;
import org.apache.kafka.common.security.auth.AuthenticationContext;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.KafkaPrincipalBuilder;
import org.apache.kafka.common.security.auth.SaslAuthenticationContext;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.security.plain.PlainAuthenticateCallback;
import org.apache.kafka.test.TestSslUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import scala.Option;
import scala.Predef$;
import scala.Some;
import scala.collection.ArrayOps$;
import scala.collection.Seq;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.runtime.ObjectRef;

/* compiled from: SaslPlainSslEndToEndAuthorizationTest.scala */
@ScalaSignature(bytes = "\u0006\u0005\tuq!\u0002\u0013&\u0011\u0003Qc!\u0002\u0017&\u0011\u0003i\u0003\"\u0002\u001b\u0002\t\u0003)d\u0001\u0002\u001c\u0002\u0001]BQ\u0001N\u0002\u0005\u0002=CQAU\u0002\u0005BM;Q\u0001X\u0001\t\u0002u3QAX\u0001\t\u0002}CQ\u0001N\u0004\u0005\u0002\u0001Dq!Y\u0004C\u0002\u0013\u0005!\r\u0003\u0004o\u000f\u0001\u0006Ia\u0019\u0004\u0005_\u0006\u0001\u0001\u000fC\u00035\u0017\u0011\u0005A\u000fC\u0003w\u0017\u0011\u0005q\u000fC\u0004\u0002T-!\t!!\u0016\t\u000f\u000554\u0002\"\u0001\u0002p\u00191\u0011\u0011O\u0001\u0001\u0003gBa\u0001\u000e\t\u0005\u0002\u0005U\u0004B\u0002<\u0011\t\u0003\tI\bC\u0004\u0002TA!\t!a#\t\u000f\u00055\u0004\u0003\"\u0001\u0002p\u0019)A&\n\u0001\u0002\u0010\"1A'\u0006C\u0001\u0003/C\u0011\"a'\u0016\u0005\u0004%\t!!(\t\u000f\u0005}U\u0003)A\u0005W\"I\u0011\u0011U\u000bC\u0002\u0013%\u0011Q\u0014\u0005\b\u0003G+\u0002\u0015!\u0003l\u0011\u001d\t)+\u0006C)\u0003;Cq!a*\u0016\t#\nI\u000bC\u0005\u00020V\u0011\r\u0011\"\u0011\u00022\"9\u00111W\u000b!\u0002\u0013!\u0006\"CA[+\t\u0007I\u0011IAY\u0011\u001d\t9,\u0006Q\u0001\nQCq!!/\u0016\t\u0003\nY\fC\u0004\u0002zV!\t%a?\t\u000f\t\u001dQ\u0003\"\u0001\u0002p\u0005)3+Y:m!2\f\u0017N\\*tY\u0016sG\rV8F]\u0012\fU\u000f\u001e5pe&T\u0018\r^5p]R+7\u000f\u001e\u0006\u0003M\u001d\n1!\u00199j\u0015\u0005A\u0013!B6bM.\f7\u0001\u0001\t\u0003W\u0005i\u0011!\n\u0002&'\u0006\u001cH\u000e\u00157bS:\u001c6\u000f\\#oIR{WI\u001c3BkRDwN]5{CRLwN\u001c+fgR\u001c\"!\u0001\u0018\u0011\u0005=\u0012T\"\u0001\u0019\u000b\u0003E\nQa]2bY\u0006L!a\r\u0019\u0003\r\u0005s\u0017PU3g\u0003\u0019a\u0014N\\5u}Q\t!F\u0001\u000bUKN$\bK]5oG&\u0004\u0018\r\u001c\"vS2$WM]\n\u0004\u0007a\u0002\u0005CA\u001d?\u001b\u0005Q$BA\u001e=\u0003\u0011a\u0017M\\4\u000b\u0003u\nAA[1wC&\u0011qH\u000f\u0002\u0007\u001f\nTWm\u0019;\u0011\u0005\u0005kU\"\u0001\"\u000b\u0005\r#\u0015\u0001B1vi\"T!!\u0012$\u0002\u0011M,7-\u001e:jifT!a\u0012%\u0002\r\r|W.\\8o\u0015\tA\u0013J\u0003\u0002K\u0017\u00061\u0011\r]1dQ\u0016T\u0011\u0001T\u0001\u0004_J<\u0017B\u0001(C\u0005UY\u0015MZ6b!JLgnY5qC2\u0014U/\u001b7eKJ$\u0012\u0001\u0015\t\u0003#\u000ei\u0011!A\u0001\u0006EVLG\u000e\u001a\u000b\u0003)^\u0003\"!Q+\n\u0005Y\u0013%AD&bM.\f\u0007K]5oG&\u0004\u0018\r\u001c\u0005\u00061\u0016\u0001\r!W\u0001\bG>tG/\u001a=u!\t\t%,\u0003\u0002\\\u0005\n)\u0012)\u001e;iK:$\u0018nY1uS>t7i\u001c8uKb$\u0018aC\"sK\u0012,g\u000e^5bYN\u0004\"!U\u0004\u0003\u0017\r\u0013X\rZ3oi&\fGn]\n\u0003\u000f9\"\u0012!X\u0001\tC2dWk]3sgV\t1\r\u0005\u0003eS.\\W\"A3\u000b\u0005\u0019<\u0017!C5n[V$\u0018M\u00197f\u0015\tA\u0007'\u0001\u0006d_2dWm\u0019;j_:L!A[3\u0003\u00075\u000b\u0007\u000f\u0005\u0002:Y&\u0011QN\u000f\u0002\u0007'R\u0014\u0018N\\4\u0002\u0013\u0005dG.V:feN\u0004#!\u0007+fgR\u001cVM\u001d<fe\u000e\u000bG\u000e\u001c2bG.D\u0015M\u001c3mKJ\u001c2a\u0003\u001dr!\t\t%/\u0003\u0002t\u0005\nY\u0012)\u001e;iK:$\u0018nY1uK\u000e\u000bG\u000e\u001c2bG.D\u0015M\u001c3mKJ$\u0012!\u001e\t\u0003#.\t\u0011bY8oM&<WO]3\u0015\ra\\\u0018\u0011GA\u001b!\ty\u00130\u0003\u0002{a\t!QK\\5u\u0011\u0015aX\u00021\u0001~\u0003\u001d\u0019wN\u001c4jON\u00044A`A\u0010!\u001dy\u0018QAA\u0004\u00037i!!!\u0001\u000b\u0007\u0005\rA(\u0001\u0003vi&d\u0017b\u00016\u0002\u0002A!\u0011\u0011BA\f\u001d\u0011\tY!a\u0005\u0011\u0007\u00055\u0001'\u0004\u0002\u0002\u0010)\u0019\u0011\u0011C\u0015\u0002\rq\u0012xn\u001c;?\u0013\r\t)\u0002M\u0001\u0007!J,G-\u001a4\n\u00075\fIBC\u0002\u0002\u0016A\u0002B!!\b\u0002 1\u0001AaCA\u0011w\u0006\u0005\t\u0011!B\u0001\u0003G\u00111a\u0018\u00132#\u0011\t)#a\u000b\u0011\u0007=\n9#C\u0002\u0002*A\u0012qAT8uQ&tw\rE\u00020\u0003[I1!a\f1\u0005\r\te.\u001f\u0005\b\u0003gi\u0001\u0019AA\u0004\u00035\u0019\u0018m\u001d7NK\u000eD\u0017M\\5t[\"9\u0011qG\u0007A\u0002\u0005e\u0012!\u00056bCN\u001cuN\u001c4jO\u0016sGO]5fgB)q0a\u000f\u0002@%!\u0011QHA\u0001\u0005\u0011a\u0015n\u001d;\u0011\t\u0005\u0005\u0013qJ\u0007\u0003\u0003\u0007RA!!\u0012\u0002H\u0005)An\\4j]*\u00191)!\u0013\u000b\u0007\u0015\u000bYE\u0003\u0002\u0002N\u0005)!.\u0019<bq&!\u0011\u0011KA\"\u0005U\t\u0005\u000f]\"p]\u001aLw-\u001e:bi&|g.\u00128uef\fa\u0001[1oI2,Gc\u0001=\u0002X!9\u0011\u0011\f\bA\u0002\u0005m\u0013!C2bY2\u0014\u0017mY6t!\u0015y\u0013QLA1\u0013\r\ty\u0006\r\u0002\u0006\u0003J\u0014\u0018-\u001f\t\u0005\u0003G\nI'\u0004\u0002\u0002f)!\u0011qMA$\u0003!\u0019\u0017\r\u001c7cC\u000e\\\u0017\u0002BA6\u0003K\u0012\u0001bQ1mY\n\f7m[\u0001\u0006G2|7/\u001a\u000b\u0002q\nIB+Z:u\u00072LWM\u001c;DC2d'-Y2l\u0011\u0006tG\r\\3s'\r\u0001\u0002(\u001d\u000b\u0003\u0003o\u0002\"!\u0015\t\u0015\u000fa\fY(a\"\u0002\n\"1AP\u0005a\u0001\u0003{\u0002D!a \u0002\u0004B9q0!\u0002\u0002\b\u0005\u0005\u0005\u0003BA\u000f\u0003\u0007#A\"!\"\u0002|\u0005\u0005\t\u0011!B\u0001\u0003G\u00111a\u0018\u00133\u0011\u001d\t\u0019D\u0005a\u0001\u0003\u000fAq!a\u000e\u0013\u0001\u0004\tI\u0004F\u0002y\u0003\u001bCq!!\u0017\u0014\u0001\u0004\tYfE\u0002\u0016\u0003#\u00032aKAJ\u0013\r\t)*\n\u0002\u001e'\u0006\u001cH.\u00128e)>,e\u000eZ!vi\"|'/\u001b>bi&|g\u000eV3tiR\u0011\u0011\u0011\u0014\t\u0003WU\tq\"\\3dQ\u0006t\u0017n]7Qe\u00164\u0017\u000e_\u000b\u0002W\u0006\u0001R.Z2iC:L7/\u001c)sK\u001aL\u0007\u0010I\u0001\u000ba2\f\u0017N\u001c'pO&t\u0017a\u00039mC&tGj\\4j]\u0002\n\u0001d[1gW\u0006\u001cE.[3oiN\u000b7\u000f\\'fG\"\fg.[:n\u0003eY\u0017MZ6b'\u0016\u0014h/\u001a:TCNdW*Z2iC:L7/\\:\u0016\u0005\u0005-\u0006\u0003\u00023\u0002..L1!!\u0010f\u0003=\u0019G.[3oiB\u0013\u0018N\\2ja\u0006dW#\u0001+\u0002!\rd\u0017.\u001a8u!JLgnY5qC2\u0004\u0013AD6bM.\f\u0007K]5oG&\u0004\u0018\r\\\u0001\u0010W\u000647.\u0019)sS:\u001c\u0017\u000e]1mA\u0005a!.Y1t'\u0016\u001cG/[8ogRQ\u0011QXAp\u0003G\fY/!>\u0011\r\u0005}\u0016\u0011YAc\u001b\u00059\u0017bAAbO\n\u00191+Z9\u0011\t\u0005\u001d\u0017\u0011\u001c\b\u0005\u0003\u0013\f\u0019N\u0004\u0003\u0002L\u0006=g\u0002BA\u0007\u0003\u001bL\u0011\u0001K\u0005\u0004\u0003#<\u0013!B;uS2\u001c\u0018\u0002BAk\u0003/\fQBS1bgR+7\u000f^+uS2\u001c(bAAiO%!\u00111\\Ao\u0005-Q\u0015-Y:TK\u000e$\u0018n\u001c8\u000b\t\u0005U\u0017q\u001b\u0005\b\u0003O\u000b\u0003\u0019AAq!\u0019\ty,!1\u0002\b!9\u0011QU\u0011A\u0002\u0005\u0015\b#B\u0018\u0002h\u0006\u001d\u0011bAAua\t1q\n\u001d;j_:D\u0011\"!<\"!\u0003\u0005\r!a<\u0002\t5|G-\u001a\t\u0004W\u0005E\u0018bAAzK\ti1+Y:m'\u0016$X\u000f]'pI\u0016D\u0011\"a>\"!\u0003\u0005\r!a\u0002\u0002)-\fgm[1TKJ4XM]#oiJLh*Y7f\u0003M\u0019G.[3oiN+7-\u001e:jif\u0004&o\u001c9t)\u0011\tiPa\u0001\u0011\u0007}\fy0\u0003\u0003\u0003\u0002\u0005\u0005!A\u0003)s_B,'\u000f^5fg\"9!Q\u0001\u0012A\u0002\u0005\u001d\u0011!C2feR\fE.[1t\u0003!!Xm\u001d;BG2\u001c\bfA\u0012\u0003\fA!!Q\u0002B\r\u001b\t\u0011yAC\u0002'\u0005#QAAa\u0005\u0003\u0016\u00059!.\u001e9ji\u0016\u0014(b\u0001B\f\u0017\u0006)!.\u001e8ji&!!1\u0004B\b\u0005\u0011!Vm\u001d;")
/* loaded from: input_file:kafka/api/SaslPlainSslEndToEndAuthorizationTest.class */
public class SaslPlainSslEndToEndAuthorizationTest extends SaslEndToEndAuthorizationTest {
    private final String mechanismPrefix;
    private final String plainLogin;
    private final KafkaPrincipal clientPrincipal;
    private final KafkaPrincipal kafkaPrincipal;

    /* compiled from: SaslPlainSslEndToEndAuthorizationTest.scala */
    /* loaded from: input_file:kafka/api/SaslPlainSslEndToEndAuthorizationTest$TestClientCallbackHandler.class */
    public static class TestClientCallbackHandler implements AuthenticateCallbackHandler {
        public void configure(Map<String, ?> map, String str, List<AppConfigurationEntry> list) {
        }

        public void handle(Callback[] callbackArr) {
            String str = (String) Subject.getSubject(AccessController.getContext()).getPublicCredentials(String.class).iterator().next();
            ArrayOps$.MODULE$.foreach$extension(Predef$.MODULE$.refArrayOps(callbackArr), callback -> {
                $anonfun$handle$2(str, callback);
                return BoxedUnit.UNIT;
            });
        }

        public void close() {
        }

        public static final /* synthetic */ void $anonfun$handle$2(String str, Callback callback) {
            if (callback instanceof NameCallback) {
                ((NameCallback) callback).setName(str);
                return;
            }
            if (!(callback instanceof PasswordCallback)) {
                throw new UnsupportedCallbackException(callback);
            }
            String KafkaPlainUser = JaasTestUtils$.MODULE$.KafkaPlainUser();
            if (str != null ? !str.equals(KafkaPlainUser) : KafkaPlainUser != null) {
                String KafkaPlainAdmin = JaasTestUtils$.MODULE$.KafkaPlainAdmin();
                if (str == null) {
                    if (KafkaPlainAdmin != null) {
                        return;
                    }
                } else if (!str.equals(KafkaPlainAdmin)) {
                    return;
                }
            }
            ((PasswordCallback) callback).setPassword(((String) SaslPlainSslEndToEndAuthorizationTest$Credentials$.MODULE$.allUsers().apply(str)).toCharArray());
        }
    }

    /* compiled from: SaslPlainSslEndToEndAuthorizationTest.scala */
    /* loaded from: input_file:kafka/api/SaslPlainSslEndToEndAuthorizationTest$TestPrincipalBuilder.class */
    public static class TestPrincipalBuilder implements KafkaPrincipalBuilder {
        public KafkaPrincipal build(AuthenticationContext authenticationContext) {
            SaslAuthenticationContext saslAuthenticationContext = (SaslAuthenticationContext) authenticationContext;
            String name = ((SSLSession) saslAuthenticationContext.sslSession().get()).getPeerPrincipal().getName();
            Assertions.assertTrue(name.endsWith(new StringBuilder(3).append("CN=").append(TestUtils$.MODULE$.SslCertificateCn()).toString()), new StringBuilder(25).append("Unexpected SSL principal ").append(name).toString());
            String authorizationID = saslAuthenticationContext.server().getAuthorizationID();
            String KafkaPlainAdmin = JaasTestUtils$.MODULE$.KafkaPlainAdmin();
            if (KafkaPlainAdmin != null ? KafkaPlainAdmin.equals(authorizationID) : authorizationID == null) {
                return new KafkaPrincipal("User", "admin");
            }
            String KafkaPlainUser = JaasTestUtils$.MODULE$.KafkaPlainUser();
            return (KafkaPlainUser != null ? !KafkaPlainUser.equals(authorizationID) : authorizationID != null) ? KafkaPrincipal.ANONYMOUS : new KafkaPrincipal("User", "user");
        }
    }

    /* compiled from: SaslPlainSslEndToEndAuthorizationTest.scala */
    /* loaded from: input_file:kafka/api/SaslPlainSslEndToEndAuthorizationTest$TestServerCallbackHandler.class */
    public static class TestServerCallbackHandler implements AuthenticateCallbackHandler {
        public void configure(Map<String, ?> map, String str, List<AppConfigurationEntry> list) {
        }

        public void handle(Callback[] callbackArr) {
            ObjectRef create = ObjectRef.create((Object) null);
            ArrayOps$.MODULE$.foreach$extension(Predef$.MODULE$.refArrayOps(callbackArr), callback -> {
                $anonfun$handle$1(create, callback);
                return BoxedUnit.UNIT;
            });
        }

        public void close() {
        }

        public static final /* synthetic */ void $anonfun$handle$1(ObjectRef objectRef, Callback callback) {
            if (callback instanceof NameCallback) {
                objectRef.elem = ((NameCallback) callback).getDefaultName();
            } else {
                if (!(callback instanceof PlainAuthenticateCallback)) {
                    throw new UnsupportedCallbackException(callback);
                }
                PlainAuthenticateCallback plainAuthenticateCallback = (PlainAuthenticateCallback) callback;
                Object apply = SaslPlainSslEndToEndAuthorizationTest$Credentials$.MODULE$.allUsers().apply((String) objectRef.elem);
                plainAuthenticateCallback.authenticated(apply != null && apply.equals(new String(plainAuthenticateCallback.password())));
            }
        }
    }

    public String mechanismPrefix() {
        return this.mechanismPrefix;
    }

    private String plainLogin() {
        return this.plainLogin;
    }

    @Override // kafka.api.SaslEndToEndAuthorizationTest
    public String kafkaClientSaslMechanism() {
        return "PLAIN";
    }

    @Override // kafka.api.SaslEndToEndAuthorizationTest
    public scala.collection.immutable.List<String> kafkaServerSaslMechanisms() {
        return new $colon.colon("PLAIN", Nil$.MODULE$);
    }

    @Override // kafka.api.EndToEndAuthorizationTest
    public KafkaPrincipal clientPrincipal() {
        return this.clientPrincipal;
    }

    @Override // kafka.api.EndToEndAuthorizationTest
    public KafkaPrincipal kafkaPrincipal() {
        return this.kafkaPrincipal;
    }

    @Override // kafka.api.EndToEndAuthorizationTest, kafka.api.SaslSetup
    public Seq<JaasTestUtils.JaasSection> jaasSections(Seq<String> seq, Option<String> option, SaslSetupMode saslSetupMode, String str) {
        String KafkaPlainAdmin = JaasTestUtils$.MODULE$.KafkaPlainAdmin();
        JaasTestUtils$PlainLoginModule$ jaasTestUtils$PlainLoginModule$ = JaasTestUtils$PlainLoginModule$.MODULE$;
        JaasTestUtils.PlainLoginModule plainLoginModule = new JaasTestUtils.PlainLoginModule(KafkaPlainAdmin, "", false, JaasTestUtils$PlainLoginModule$.MODULE$.apply$default$4());
        String KafkaPlainUser2 = JaasTestUtils$.MODULE$.KafkaPlainUser2();
        String KafkaPlainPassword2 = JaasTestUtils$.MODULE$.KafkaPlainPassword2();
        JaasTestUtils$PlainLoginModule$ jaasTestUtils$PlainLoginModule$2 = JaasTestUtils$PlainLoginModule$.MODULE$;
        return (Seq) new $colon.colon(new JaasTestUtils.JaasSection(str, new $colon.colon(plainLoginModule, Nil$.MODULE$)), new $colon.colon(new JaasTestUtils.JaasSection(JaasTestUtils$.MODULE$.KafkaClientContextName(), new $colon.colon(new JaasTestUtils.PlainLoginModule(KafkaPlainUser2, KafkaPlainPassword2, false, JaasTestUtils$PlainLoginModule$.MODULE$.apply$default$4()), Nil$.MODULE$)), Nil$.MODULE$)).$plus$plus(JaasTestUtils$.MODULE$.zkSections());
    }

    @Override // kafka.api.IntegrationTestHarness
    public Properties clientSecurityProps(String str) {
        Mode mode = Mode.CLIENT;
        SecurityProtocol securityProtocol = securityProtocol();
        Option<File> trustStoreFile = mo24trustStoreFile();
        String SslCertificateCn = TestUtils$.MODULE$.SslCertificateCn();
        Option<Properties> clientSaslProperties = mo11clientSaslProperties();
        Option<Object> some = new Some<>(BoxesRunTime.boxToBoolean(true));
        TestUtils$ testUtils$ = TestUtils$.MODULE$;
        return TestUtils$.MODULE$.securityConfigs(Mode.CLIENT, securityProtocol, trustStoreFile, str, SslCertificateCn, clientSaslProperties, TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS, some);
    }

    @Test
    public void testAcls() {
        TestUtils$.MODULE$.verifySecureZkAcls(zkClient(), 1);
    }

    public SaslPlainSslEndToEndAuthorizationTest() {
        serverConfig().setProperty(new StringBuilder(0).append(listenerName().configPrefix()).append(KafkaConfig$.MODULE$.SslClientAuthProp()).toString(), "required");
        serverConfig().setProperty("principal.builder.class", TestPrincipalBuilder.class.getName());
        serverConfig().put(KafkaConfig$.MODULE$.SaslClientCallbackHandlerClassProp(), TestClientCallbackHandler.class.getName());
        this.mechanismPrefix = listenerName().saslMechanismConfigPrefix("PLAIN");
        serverConfig().put(new StringBuilder(0).append(mechanismPrefix()).append(KafkaConfig$.MODULE$.SaslServerCallbackHandlerClassProp()).toString(), TestServerCallbackHandler.class.getName());
        producerConfig().put("sasl.client.callback.handler.class", TestClientCallbackHandler.class.getName());
        consumerConfig().put("sasl.client.callback.handler.class", TestClientCallbackHandler.class.getName());
        adminClientConfig().put("sasl.client.callback.handler.class", TestClientCallbackHandler.class.getName());
        this.plainLogin = new StringBuilder(75).append("org.apache.kafka.common.security.plain.PlainLoginModule username=").append(JaasTestUtils$.MODULE$.KafkaPlainUser()).append(" required;").toString();
        producerConfig().put("sasl.jaas.config", plainLogin());
        consumerConfig().put("sasl.jaas.config", plainLogin());
        adminClientConfig().put("sasl.jaas.config", plainLogin());
        this.clientPrincipal = new KafkaPrincipal("User", "user");
        this.kafkaPrincipal = new KafkaPrincipal("User", "admin");
    }
}
