package org.apache.kafka.common.security.auth;

import java.net.InetAddress;
import java.security.Principal;
import javax.net.ssl.SSLSession;
import javax.security.sasl.SaslServer;
import org.apache.kafka.common.network.Authenticator;
import org.apache.kafka.common.network.TransportLayer;
import org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder;
import org.apache.kafka.common.security.kerberos.KerberosName;
import org.apache.kafka.common.security.kerberos.KerberosShortNamer;
import org.apache.kafka.common.security.scram.ScramMechanism;
import org.easymock.EasyMock;
import org.easymock.EasyMockSupport;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/kafka/common/security/auth/DefaultKafkaPrincipalBuilderTest.class */
public class DefaultKafkaPrincipalBuilderTest extends EasyMockSupport {

    /* loaded from: input_file:org/apache/kafka/common/security/auth/DefaultKafkaPrincipalBuilderTest$DummyPrincipal.class */
    private static class DummyPrincipal implements Principal {
        private final String name;

        private DummyPrincipal(String str) {
            this.name = str;
        }

        @Override // java.security.Principal
        public String getName() {
            return this.name;
        }
    }

    @Test
    public void testUseOldPrincipalBuilderForPlaintextIfProvided() throws Exception {
        TransportLayer transportLayer = (TransportLayer) mock(TransportLayer.class);
        Authenticator authenticator = (Authenticator) mock(Authenticator.class);
        PrincipalBuilder principalBuilder = (PrincipalBuilder) mock(PrincipalBuilder.class);
        EasyMock.expect(principalBuilder.buildPrincipal(transportLayer, authenticator)).andReturn(new DummyPrincipal("foo"));
        principalBuilder.close();
        EasyMock.expectLastCall();
        replayAll();
        DefaultKafkaPrincipalBuilder fromOldPrincipalBuilder = DefaultKafkaPrincipalBuilder.fromOldPrincipalBuilder(authenticator, transportLayer, principalBuilder, (KerberosShortNamer) null);
        KafkaPrincipal build = fromOldPrincipalBuilder.build(new PlaintextAuthenticationContext(InetAddress.getLocalHost()));
        Assert.assertEquals("User", build.getPrincipalType());
        Assert.assertEquals("foo", build.getName());
        fromOldPrincipalBuilder.close();
        verifyAll();
    }

    @Test
    public void testReturnAnonymousPrincipalForPlaintext() throws Exception {
        Assert.assertEquals(KafkaPrincipal.ANONYMOUS, new DefaultKafkaPrincipalBuilder((KerberosShortNamer) null).build(new PlaintextAuthenticationContext(InetAddress.getLocalHost())));
    }

    @Test
    public void testUseOldPrincipalBuilderForSslIfProvided() throws Exception {
        TransportLayer transportLayer = (TransportLayer) mock(TransportLayer.class);
        Authenticator authenticator = (Authenticator) mock(Authenticator.class);
        PrincipalBuilder principalBuilder = (PrincipalBuilder) mock(PrincipalBuilder.class);
        SSLSession sSLSession = (SSLSession) mock(SSLSession.class);
        EasyMock.expect(principalBuilder.buildPrincipal(transportLayer, authenticator)).andReturn(new DummyPrincipal("foo"));
        principalBuilder.close();
        EasyMock.expectLastCall();
        replayAll();
        DefaultKafkaPrincipalBuilder fromOldPrincipalBuilder = DefaultKafkaPrincipalBuilder.fromOldPrincipalBuilder(authenticator, transportLayer, principalBuilder, (KerberosShortNamer) null);
        KafkaPrincipal build = fromOldPrincipalBuilder.build(new SslAuthenticationContext(sSLSession, InetAddress.getLocalHost()));
        Assert.assertEquals("User", build.getPrincipalType());
        Assert.assertEquals("foo", build.getName());
        fromOldPrincipalBuilder.close();
        verifyAll();
    }

    @Test
    public void testUseSessionPeerPrincipalForSsl() throws Exception {
        SSLSession sSLSession = (SSLSession) mock(SSLSession.class);
        EasyMock.expect(sSLSession.getPeerPrincipal()).andReturn(new DummyPrincipal("foo"));
        replayAll();
        KafkaPrincipal build = new DefaultKafkaPrincipalBuilder((KerberosShortNamer) null).build(new SslAuthenticationContext(sSLSession, InetAddress.getLocalHost()));
        Assert.assertEquals("User", build.getPrincipalType());
        Assert.assertEquals("foo", build.getName());
        verifyAll();
    }

    @Test
    public void testPrincipalBuilderScram() throws Exception {
        SaslServer saslServer = (SaslServer) mock(SaslServer.class);
        EasyMock.expect(saslServer.getMechanismName()).andReturn(ScramMechanism.SCRAM_SHA_256.mechanismName());
        EasyMock.expect(saslServer.getAuthorizationID()).andReturn("foo");
        replayAll();
        KafkaPrincipal build = new DefaultKafkaPrincipalBuilder((KerberosShortNamer) null).build(new SaslAuthenticationContext(saslServer, SecurityProtocol.SASL_PLAINTEXT, InetAddress.getLocalHost()));
        Assert.assertEquals("User", build.getPrincipalType());
        Assert.assertEquals("foo", build.getName());
        verifyAll();
    }

    @Test
    public void testPrincipalBuilderGssapi() throws Exception {
        SaslServer saslServer = (SaslServer) mock(SaslServer.class);
        KerberosShortNamer kerberosShortNamer = (KerberosShortNamer) mock(KerberosShortNamer.class);
        EasyMock.expect(saslServer.getMechanismName()).andReturn("GSSAPI");
        EasyMock.expect(saslServer.getAuthorizationID()).andReturn("foo/host@REALM.COM");
        EasyMock.expect(kerberosShortNamer.shortName((KerberosName) EasyMock.anyObject(KerberosName.class))).andReturn("foo");
        replayAll();
        KafkaPrincipal build = new DefaultKafkaPrincipalBuilder(kerberosShortNamer).build(new SaslAuthenticationContext(saslServer, SecurityProtocol.SASL_PLAINTEXT, InetAddress.getLocalHost()));
        Assert.assertEquals("User", build.getPrincipalType());
        Assert.assertEquals("foo", build.getName());
        verifyAll();
    }
}
