package io.confluent.rest;

import io.confluent.common.metrics.KafkaMetric;
import io.confluent.rest.annotations.PerformanceMetric;
import java.io.File;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.StandardOpenOption;
import java.util.Arrays;
import java.util.Collections;
import java.util.Map;
import java.util.Properties;
import javax.security.auth.login.Configuration;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Configurable;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/rest/SaslTest.class */
public class SaslTest {
    private static final Logger log = LoggerFactory.getLogger(SaslTest.class);
    private File jaasFile;
    private File loginPropertiesFile;
    private String previousAuthConfig;
    private SaslTestApplication app;
    private CloseableHttpClient httpclient;
    String httpUri = "http://localhost:8080";

    /* loaded from: input_file:io/confluent/rest/SaslTest$SaslTestApplication.class */
    private static class SaslTestApplication extends Application<TestRestConfig> {
        public SaslTestApplication(TestRestConfig testRestConfig) {
            super(testRestConfig);
        }

        public void setupResources(Configurable<?> configurable, TestRestConfig testRestConfig) {
            configurable.register(new SaslTestResource());
        }

        public Map<String, String> getMetricsTags() {
            return Collections.singletonMap("instance-id", "1");
        }

        public /* bridge */ /* synthetic */ void setupResources(Configurable configurable, RestConfig restConfig) {
            setupResources((Configurable<?>) configurable, (TestRestConfig) restConfig);
        }
    }

    @Produces({"text/plain"})
    @Path("/")
    /* loaded from: input_file:io/confluent/rest/SaslTest$SaslTestResource.class */
    public static class SaslTestResource {
        @GET
        @Path("/principal")
        @PerformanceMetric("principal")
        public String principal(@Context SecurityContext securityContext) {
            return securityContext.getUserPrincipal().getName();
        }

        @GET
        @Path("/role/{role}")
        @PerformanceMetric("role")
        public boolean hello(@PathParam("role") String str, @Context SecurityContext securityContext) {
            return securityContext.isUserInRole(str);
        }
    }

    @Before
    public void setUp() throws Exception {
        this.jaasFile = File.createTempFile("jaas", ".config");
        this.loginPropertiesFile = File.createTempFile("login", ".properties");
        Files.write(this.jaasFile.toPath(), ("c3 {\n  org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required\n  debug=\"true\"\n  file=\"" + this.loginPropertiesFile.getAbsolutePath() + "\";\n};\n").getBytes(StandardCharsets.UTF_8), StandardOpenOption.TRUNCATE_EXISTING);
        Files.write(this.loginPropertiesFile.toPath(), "jay: kafka,Administrators\nneha: akfak,Administrators\njun: kafka-\n".getBytes(StandardCharsets.UTF_8), StandardOpenOption.TRUNCATE_EXISTING);
        this.previousAuthConfig = System.getProperty("java.security.auth.login.config");
        Configuration.setConfiguration((Configuration) null);
        System.setProperty("java.security.auth.login.config", this.jaasFile.getAbsolutePath());
        this.httpclient = HttpClients.createDefault();
        TestMetricsReporter.reset();
        Properties properties = new Properties();
        properties.put("listeners", this.httpUri);
        properties.put("metric.reporters", "io.confluent.rest.TestMetricsReporter");
        configBasic(properties);
        this.app = new SaslTestApplication(new TestRestConfig(properties));
        this.app.start();
    }

    @After
    public void cleanup() throws Exception {
        Configuration.setConfiguration((Configuration) null);
        if (this.previousAuthConfig != null) {
            System.setProperty("java.security.auth.login.config", this.previousAuthConfig);
        }
        this.httpclient.close();
        this.app.stop();
    }

    private void configBasic(Properties properties) {
        properties.put("authentication.method", "BASIC");
        properties.put("authentication.realm", "c3");
        properties.put("authentication.roles", Arrays.asList("Administrators"));
    }

    @Test
    public void testNoAuthAttempt() throws Exception {
        Assert.assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), makeGetRequest(this.httpUri + "/test").getStatusLine().getStatusCode());
        assertMetricsCollected();
    }

    @Test
    public void testBadLoginAttempt() throws Exception {
        Assert.assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), makeGetRequest(this.httpUri + "/test", "this shouldnt work").getStatusLine().getStatusCode());
        assertMetricsCollected();
    }

    @Test
    public void testAuthorizedAttempt() throws Exception {
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            CloseableHttpResponse makeGetRequest = makeGetRequest(this.httpUri + "/principal", "bmVoYTpha2Zhaw==");
            Assert.assertEquals(Response.Status.OK.getStatusCode(), makeGetRequest.getStatusLine().getStatusCode());
            Assert.assertEquals("neha", EntityUtils.toString(makeGetRequest.getEntity()));
            makeGetRequest.close();
            CloseableHttpResponse makeGetRequest2 = makeGetRequest(this.httpUri + "/role/Administrators", "bmVoYTpha2Zhaw==");
            Assert.assertEquals(Response.Status.OK.getStatusCode(), makeGetRequest2.getStatusLine().getStatusCode());
            Assert.assertEquals("true", EntityUtils.toString(makeGetRequest2.getEntity()));
            makeGetRequest2.close();
            closeableHttpResponse = makeGetRequest(this.httpUri + "/role/blah", "bmVoYTpha2Zhaw==");
            Assert.assertEquals(Response.Status.OK.getStatusCode(), closeableHttpResponse.getStatusLine().getStatusCode());
            Assert.assertEquals("false", EntityUtils.toString(closeableHttpResponse.getEntity()));
            closeableHttpResponse.close();
            assertMetricsCollected();
            if (closeableHttpResponse != null) {
                closeableHttpResponse.close();
            }
        } catch (Throwable th) {
            if (closeableHttpResponse != null) {
                closeableHttpResponse.close();
            }
            throw th;
        }
    }

    public void testUnauthorizedAttempt() throws Exception {
        Assert.assertEquals(Response.Status.FORBIDDEN.getStatusCode(), makeGetRequest(this.httpUri + "/principal", "anVuOmthZmthLQ==").getStatusLine().getStatusCode());
        assertMetricsCollected();
    }

    private void assertMetricsCollected() {
        Assert.assertNotEquals("Expected to have metrics.", 0L, TestMetricsReporter.getMetricTimeseries().size());
        for (KafkaMetric kafkaMetric : TestMetricsReporter.getMetricTimeseries()) {
            if (kafkaMetric.metricName().name().equals("request-latency-max")) {
                Assert.assertTrue("Metrics should be collected (max latency shouldn't be 0)", kafkaMetric.value() != 0.0d);
            }
        }
    }

    private CloseableHttpResponse makeGetRequest(String str, String str2) throws Exception {
        log.debug("Making GET " + str);
        HttpGet httpGet = new HttpGet(str);
        if (str2 != null) {
            httpGet.setHeader("Authorization", "Basic " + str2);
        }
        return this.httpclient.execute(httpGet);
    }

    private HttpResponse makeGetRequest(String str) throws Exception {
        return makeGetRequest(str, null);
    }
}
