package kafka.api;

import java.io.File;
import java.util.Properties;
import kafka.utils.TestUtils$;
import org.apache.kafka.common.network.Mode;
import org.apache.kafka.common.security.auth.AuthenticationContext;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.security.auth.SslAuthenticationContext;
import org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder;
import org.apache.kafka.common.security.kerberos.KerberosShortNamer;
import org.apache.kafka.common.security.ssl.SslPrincipalMapper;
import org.apache.kafka.common.utils.Java;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.TestInfo;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Some;
import scala.collection.LinearSeqOps;
import scala.collection.StringOps$;
import scala.collection.immutable.List;
import scala.package$;
import scala.reflect.ScalaSignature;
import scala.util.matching.Regex;

/* compiled from: SslEndToEndAuthorizationTest.scala */
@ScalaSignature(bytes = "\u0006\u0005\u0005=r!B\u000b\u0017\u0011\u0003Yb!B\u000f\u0017\u0011\u0003q\u0002\"B\u0013\u0002\t\u00031c\u0001B\u0014\u0002\u0001!BQ!J\u0002\u0005\u0002aBqaO\u0002C\u0002\u0013%A\b\u0003\u0004F\u0007\u0001\u0006I!\u0010\u0005\u0006\r\u000e!\te\u0012\u0004\u0005;Y\u00011\u000bC\u0003&\u0011\u0011\u0005q\u000bC\u0003Z\u0011\u0011E#\fC\u0004_\u0011\t\u0007I\u0011B0\t\r!D\u0001\u0015!\u0003a\u0011\u001dI\u0007B1A\u0005\n}CaA\u001b\u0005!\u0002\u0013\u0001\u0007bB6\t\u0005\u0004%\t\u0005\u001c\u0005\u0007[\"\u0001\u000b\u0011\u0002%\t\u000f9D!\u0019!C!Y\"1q\u000e\u0003Q\u0001\n!CQ\u0001\u001d\u0005\u0005BEDq!!\u0003\t\t\u0003\nY!\u0001\u000fTg2,e\u000e\u001a+p\u000b:$\u0017)\u001e;i_JL'0\u0019;j_:$Vm\u001d;\u000b\u0005]A\u0012aA1qS*\t\u0011$A\u0003lC\u001a\\\u0017m\u0001\u0001\u0011\u0005q\tQ\"\u0001\f\u00039M\u001bH.\u00128e)>,e\u000eZ!vi\"|'/\u001b>bi&|g\u000eV3tiN\u0011\u0011a\b\t\u0003A\rj\u0011!\t\u0006\u0002E\u0005)1oY1mC&\u0011A%\t\u0002\u0007\u0003:L(+\u001a4\u0002\rqJg.\u001b;?)\u0005Y\"\u0001\u0006+fgR\u0004&/\u001b8dSB\fGNQ;jY\u0012,'o\u0005\u0002\u0004SA\u0011!FN\u0007\u0002W)\u0011A&L\u0001\u000eCV$\b.\u001a8uS\u000e\fGo\u001c:\u000b\u00059z\u0013\u0001C:fGV\u0014\u0018\u000e^=\u000b\u0005A\n\u0014AB2p[6|gN\u0003\u0002\u001ae)\u00111\u0007N\u0001\u0007CB\f7\r[3\u000b\u0003U\n1a\u001c:h\u0013\t94F\u0001\u000fEK\u001a\fW\u000f\u001c;LC\u001a\\\u0017\r\u0015:j]\u000eL\u0007/\u00197Ck&dG-\u001a:\u0015\u0003e\u0002\"AO\u0002\u000e\u0003\u0005\tq\u0001U1ui\u0016\u0014h.F\u0001>!\tq4)D\u0001@\u0015\t\u0001\u0015)\u0001\u0005nCR\u001c\u0007.\u001b8h\u0015\t\u0011\u0015%\u0001\u0003vi&d\u0017B\u0001#@\u0005\u0015\u0011VmZ3y\u0003!\u0001\u0016\r\u001e;fe:\u0004\u0013!\u00022vS2$GC\u0001%O!\tIE*D\u0001K\u0015\tYU&\u0001\u0003bkRD\u0017BA'K\u00059Y\u0015MZ6b!JLgnY5qC2DQaT\u0004A\u0002A\u000bqaY8oi\u0016DH\u000f\u0005\u0002J#&\u0011!K\u0013\u0002\u0016\u0003V$\b.\u001a8uS\u000e\fG/[8o\u0007>tG/\u001a=u'\tAA\u000b\u0005\u0002\u001d+&\u0011aK\u0006\u0002\u001a\u000b:$Gk\\#oI\u0006+H\u000f[8sSj\fG/[8o)\u0016\u001cH\u000fF\u0001Y!\ta\u0002\"\u0001\ttK\u000e,(/\u001b;z!J|Go\\2pYV\t1\f\u0005\u0002J9&\u0011QL\u0013\u0002\u0011'\u0016\u001cWO]5usB\u0013x\u000e^8d_2\f1\u0002\u001e7t!J|Go\\2pYV\t\u0001\r\u0005\u0002bM6\t!M\u0003\u0002dI\u0006!A.\u00198h\u0015\u0005)\u0017\u0001\u00026bm\u0006L!a\u001a2\u0003\rM#(/\u001b8h\u00031!Hn\u001d)s_R|7m\u001c7!\u0003!\u0019G.[3oi\u000es\u0017!C2mS\u0016tGo\u00118!\u0003=\u0019G.[3oiB\u0013\u0018N\\2ja\u0006dW#\u0001%\u0002!\rd\u0017.\u001a8u!JLgnY5qC2\u0004\u0013AD6bM.\f\u0007K]5oG&\u0004\u0018\r\\\u0001\u0010W\u000647.\u0019)sS:\u001c\u0017\u000e]1mA\u0005)1/\u001a;VaR\u0011!/\u001e\t\u0003AML!\u0001^\u0011\u0003\tUs\u0017\u000e\u001e\u0005\u0006mN\u0001\ra^\u0001\ti\u0016\u001cH/\u00138g_B\u0011\u0001P`\u0007\u0002s*\u0011qC\u001f\u0006\u0003wr\fqA[;qSR,'O\u0003\u0002~i\u0005)!.\u001e8ji&\u0011q0\u001f\u0002\t)\u0016\u001cH/\u00138g_\"\u001a1#a\u0001\u0011\u0007a\f)!C\u0002\u0002\be\u0014!BQ3g_J,W)Y2i\u0003M\u0019G.[3oiN+7-\u001e:jif\u0004&o\u001c9t)\u0011\ti!a\u0006\u0011\t\u0005=\u00111C\u0007\u0003\u0003#Q!A\u00113\n\t\u0005U\u0011\u0011\u0003\u0002\u000b!J|\u0007/\u001a:uS\u0016\u001c\bbBA\r)\u0001\u0007\u00111D\u0001\nG\u0016\u0014H/\u00117jCN\u0004B!!\b\u0002,9!\u0011qDA\u0014!\r\t\t#I\u0007\u0003\u0003GQ1!!\n\u001b\u0003\u0019a$o\\8u}%\u0019\u0011\u0011F\u0011\u0002\rA\u0013X\rZ3g\u0013\r9\u0017Q\u0006\u0006\u0004\u0003S\t\u0003")
/* loaded from: input_file:kafka/api/SslEndToEndAuthorizationTest.class */
public class SslEndToEndAuthorizationTest extends EndToEndAuthorizationTest {
    private final String tlsProtocol;
    private final String clientCn;
    private final KafkaPrincipal clientPrincipal;
    private final KafkaPrincipal kafkaPrincipal;

    /* compiled from: SslEndToEndAuthorizationTest.scala */
    /* loaded from: input_file:kafka/api/SslEndToEndAuthorizationTest$TestPrincipalBuilder.class */
    public static class TestPrincipalBuilder extends DefaultKafkaPrincipalBuilder {
        private final Regex Pattern;

        private Regex Pattern() {
            return this.Pattern;
        }

        public KafkaPrincipal build(AuthenticationContext authenticationContext) {
            String name = ((SslAuthenticationContext) authenticationContext).session().getPeerPrincipal().getName();
            if (name != null) {
                Option unapplySeq = Pattern().unapplySeq(name);
                if (!unapplySeq.isEmpty() && unapplySeq.get() != null && ((List) unapplySeq.get()).lengthCompare(2) == 0) {
                    String str = (String) ((LinearSeqOps) unapplySeq.get()).apply(0);
                    return new KafkaPrincipal("User", (str != null && str.equals("server")) ? str : name);
                }
            }
            return KafkaPrincipal.ANONYMOUS;
        }

        public TestPrincipalBuilder() {
            super((KerberosShortNamer) null, (SslPrincipalMapper) null);
            this.Pattern = StringOps$.MODULE$.r$extension(Predef$.MODULE$.augmentString("O=A (.*?),CN=(.*?)"));
        }
    }

    @Override // kafka.integration.KafkaServerTestHarness
    public SecurityProtocol securityProtocol() {
        return SecurityProtocol.SSL;
    }

    private String tlsProtocol() {
        return this.tlsProtocol;
    }

    private String clientCn() {
        return this.clientCn;
    }

    @Override // kafka.api.EndToEndAuthorizationTest
    public KafkaPrincipal clientPrincipal() {
        return this.clientPrincipal;
    }

    @Override // kafka.api.EndToEndAuthorizationTest
    public KafkaPrincipal kafkaPrincipal() {
        return this.kafkaPrincipal;
    }

    @Override // kafka.api.EndToEndAuthorizationTest, kafka.api.IntegrationTestHarness, kafka.integration.KafkaServerTestHarness, kafka.server.QuorumTestHarness
    @BeforeEach
    public void setUp(TestInfo testInfo) {
        startSasl(jaasSections(package$.MODULE$.List().empty(), None$.MODULE$, ZkSasl$.MODULE$, jaasSections$default$4()));
        super.setUp(testInfo);
    }

    @Override // kafka.api.IntegrationTestHarness
    public Properties clientSecurityProps(String str) {
        TestUtils$ testUtils$ = TestUtils$.MODULE$;
        Mode mode = Mode.CLIENT;
        SecurityProtocol securityProtocol = securityProtocol();
        Some<File> trustStoreFile = mo23trustStoreFile();
        String clientCn = clientCn();
        Option<Properties> clientSaslProperties = mo10clientSaslProperties();
        String tlsProtocol = tlsProtocol();
        TestUtils$ testUtils$2 = TestUtils$.MODULE$;
        Properties securityConfigs = testUtils$.securityConfigs(mode, securityProtocol, trustStoreFile, str, clientCn, clientSaslProperties, tlsProtocol, None$.MODULE$);
        securityConfigs.remove("ssl.endpoint.identification.algorithm");
        return securityConfigs;
    }

    public SslEndToEndAuthorizationTest() {
        this.tlsProtocol = Java.IS_JAVA11_COMPATIBLE ? "TLSv1.3" : "TLSv1.2";
        serverConfig().setProperty("ssl.client.auth", "required");
        serverConfig().setProperty("principal.builder.class", TestPrincipalBuilder.class.getName());
        serverConfig().setProperty("ssl.protocol", tlsProtocol());
        serverConfig().setProperty("ssl.enabled.protocols", tlsProtocol());
        this.clientCn = "\\#A client with special chars in CN : (\\, \\+ \\\" \\\\ \\< \\> \\; ')";
        this.clientPrincipal = new KafkaPrincipal("User", new StringBuilder(14).append("O=A client,CN=").append(clientCn()).toString());
        this.kafkaPrincipal = new KafkaPrincipal("User", "server");
    }
}
