package kafka.api;

import java.util.Properties;
import kafka.utils.TestUtils$;
import org.apache.kafka.common.network.Mode;
import org.apache.kafka.common.security.auth.AuthenticationContext;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.KafkaPrincipalBuilder;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.security.auth.SslAuthenticationContext;
import org.apache.kafka.common.utils.Java;
import org.junit.Before;
import scala.None$;
import scala.Option;
import scala.collection.LinearSeqOps;
import scala.collection.immutable.List;
import scala.collection.immutable.Nil$;
import scala.package$;
import scala.reflect.ScalaSignature;
import scala.util.matching.Regex;

/* compiled from: SslEndToEndAuthorizationTest.scala */
@ScalaSignature(bytes = "\u0006\u0005\u0005}q!B\u000b\u0017\u0011\u0003Yb!B\u000f\u0017\u0011\u0003q\u0002\"B\u0013\u0002\t\u00031c\u0001B\u0014\u0002\u0001!BQ!J\u0002\u0005\u0002\u0001CqaQ\u0002C\u0002\u0013%A\t\u0003\u0004N\u0007\u0001\u0006I!\u0012\u0005\u0006\u001d\u000e!\te\u0014\u0004\u0005;Y\u0001\u0001\fC\u0003&\u0011\u0011\u0005A\fC\u0003_\u0011\u0011Es\fC\u0004d\u0011\t\u0007I\u0011\u00023\t\r!D\u0001\u0015!\u0003f\u0011\u001dI\u0007B1A\u0005\n\u0011DaA\u001b\u0005!\u0002\u0013)\u0007bB6\t\u0005\u0004%\t\u0005\u001c\u0005\u0007[\"\u0001\u000b\u0011\u0002)\t\u000f9D!\u0019!C!Y\"1q\u000e\u0003Q\u0001\nACQ\u0001\u001d\u0005\u0005BEDQ\u0001 \u0005\u0005Bu\fAdU:m\u000b:$Gk\\#oI\u0006+H\u000f[8sSj\fG/[8o)\u0016\u001cHO\u0003\u0002\u00181\u0005\u0019\u0011\r]5\u000b\u0003e\tQa[1gW\u0006\u001c\u0001\u0001\u0005\u0002\u001d\u00035\taC\u0001\u000fTg2,e\u000e\u001a+p\u000b:$\u0017)\u001e;i_JL'0\u0019;j_:$Vm\u001d;\u0014\u0005\u0005y\u0002C\u0001\u0011$\u001b\u0005\t#\"\u0001\u0012\u0002\u000bM\u001c\u0017\r\\1\n\u0005\u0011\n#AB!osJ+g-\u0001\u0004=S:LGO\u0010\u000b\u00027\t!B+Z:u!JLgnY5qC2\u0014U/\u001b7eKJ\u001c2aA\u00152!\tQs&D\u0001,\u0015\taS&\u0001\u0003mC:<'\"\u0001\u0018\u0002\t)\fg/Y\u0005\u0003a-\u0012aa\u00142kK\u000e$\bC\u0001\u001a?\u001b\u0005\u0019$B\u0001\u001b6\u0003\u0011\tW\u000f\u001e5\u000b\u0005Y:\u0014\u0001C:fGV\u0014\u0018\u000e^=\u000b\u0005aJ\u0014AB2p[6|gN\u0003\u0002\u001au)\u00111\bP\u0001\u0007CB\f7\r[3\u000b\u0003u\n1a\u001c:h\u0013\ty4GA\u000bLC\u001a\\\u0017\r\u0015:j]\u000eL\u0007/\u00197Ck&dG-\u001a:\u0015\u0003\u0005\u0003\"AQ\u0002\u000e\u0003\u0005\tq\u0001U1ui\u0016\u0014h.F\u0001F!\t15*D\u0001H\u0015\tA\u0015*\u0001\u0005nCR\u001c\u0007.\u001b8h\u0015\tQ\u0015%\u0001\u0003vi&d\u0017B\u0001'H\u0005\u0015\u0011VmZ3y\u0003!\u0001\u0016\r\u001e;fe:\u0004\u0013!\u00022vS2$GC\u0001)T!\t\u0011\u0014+\u0003\u0002Sg\tq1*\u00194lCB\u0013\u0018N\\2ja\u0006d\u0007\"\u0002+\b\u0001\u0004)\u0016aB2p]R,\u0007\u0010\u001e\t\u0003eYK!aV\u001a\u0003+\u0005+H\u000f[3oi&\u001c\u0017\r^5p]\u000e{g\u000e^3yiN\u0011\u0001\"\u0017\t\u00039iK!a\u0017\f\u00033\u0015sG\rV8F]\u0012\fU\u000f\u001e5pe&T\u0018\r^5p]R+7\u000f\u001e\u000b\u0002;B\u0011A\u0004C\u0001\u0011g\u0016\u001cWO]5usB\u0013x\u000e^8d_2,\u0012\u0001\u0019\t\u0003e\u0005L!AY\u001a\u0003!M+7-\u001e:jif\u0004&o\u001c;pG>d\u0017a\u0003;mgB\u0013x\u000e^8d_2,\u0012!\u001a\t\u0003U\u0019L!aZ\u0016\u0003\rM#(/\u001b8h\u00031!Hn\u001d)s_R|7m\u001c7!\u0003!\u0019G.[3oi\u000es\u0017!C2mS\u0016tGo\u00118!\u0003=\u0019G.[3oiB\u0013\u0018N\\2ja\u0006dW#\u0001)\u0002!\rd\u0017.\u001a8u!JLgnY5qC2\u0004\u0013AD6bM.\f\u0007K]5oG&\u0004\u0018\r\\\u0001\u0010W\u000647.\u0019)sS:\u001c\u0017\u000e]1mA\u0005)1/\u001a;VaR\t!\u000f\u0005\u0002!g&\u0011A/\t\u0002\u0005+:LG\u000f\u000b\u0002\u0014mB\u0011qO_\u0007\u0002q*\u0011\u0011\u0010P\u0001\u0006UVt\u0017\u000e^\u0005\u0003wb\u0014aAQ3g_J,\u0017aE2mS\u0016tGoU3dkJLG/\u001f)s_B\u001cHc\u0001@\u0002\bA\u0019q0a\u0001\u000e\u0005\u0005\u0005!B\u0001&.\u0013\u0011\t)!!\u0001\u0003\u0015A\u0013x\u000e]3si&,7\u000fC\u0004\u0002\nQ\u0001\r!a\u0003\u0002\u0013\r,'\u000f^!mS\u0006\u001c\b\u0003BA\u0007\u00037qA!a\u0004\u0002\u0018A\u0019\u0011\u0011C\u0011\u000e\u0005\u0005M!bAA\u000b5\u00051AH]8pizJ1!!\u0007\"\u0003\u0019\u0001&/\u001a3fM&\u0019q-!\b\u000b\u0007\u0005e\u0011\u0005")
/* loaded from: input_file:kafka/api/SslEndToEndAuthorizationTest.class */
public class SslEndToEndAuthorizationTest extends EndToEndAuthorizationTest {
    private final String tlsProtocol;
    private final String clientCn;
    private final KafkaPrincipal clientPrincipal;
    private final KafkaPrincipal kafkaPrincipal;

    /* compiled from: SslEndToEndAuthorizationTest.scala */
    /* loaded from: input_file:kafka/api/SslEndToEndAuthorizationTest$TestPrincipalBuilder.class */
    public static class TestPrincipalBuilder implements KafkaPrincipalBuilder {
        private final Regex Pattern = new Regex("O=A (.*?),CN=(.*?)", Nil$.MODULE$);

        private Regex Pattern() {
            return this.Pattern;
        }

        public KafkaPrincipal build(AuthenticationContext authenticationContext) {
            String name = ((SslAuthenticationContext) authenticationContext).session().getPeerPrincipal().getName();
            if (name != null) {
                Option unapplySeq = Pattern().unapplySeq(name);
                if (!unapplySeq.isEmpty() && unapplySeq.get() != null && ((List) unapplySeq.get()).lengthCompare(2) == 0) {
                    String str = (String) ((LinearSeqOps) unapplySeq.get()).apply(0);
                    return new KafkaPrincipal("User", (str != null && str.equals("server")) ? str : name);
                }
            }
            return KafkaPrincipal.ANONYMOUS;
        }
    }

    @Override // kafka.integration.KafkaServerTestHarness
    public SecurityProtocol securityProtocol() {
        return SecurityProtocol.SSL;
    }

    private String tlsProtocol() {
        return this.tlsProtocol;
    }

    private String clientCn() {
        return this.clientCn;
    }

    @Override // kafka.api.EndToEndAuthorizationTest
    public KafkaPrincipal clientPrincipal() {
        return this.clientPrincipal;
    }

    @Override // kafka.api.EndToEndAuthorizationTest
    public KafkaPrincipal kafkaPrincipal() {
        return this.kafkaPrincipal;
    }

    @Override // kafka.api.EndToEndAuthorizationTest, kafka.api.IntegrationTestHarness, kafka.integration.KafkaServerTestHarness, kafka.zk.ZooKeeperTestHarness
    @Before
    public void setUp() {
        if (package$.MODULE$.List() == null) {
            throw null;
        }
        startSasl(jaasSections(Nil$.MODULE$, None$.MODULE$, ZkSasl$.MODULE$, jaasSections$default$4()));
        super.setUp();
    }

    @Override // kafka.api.IntegrationTestHarness
    public Properties clientSecurityProps(String str) {
        Properties securityConfigs = TestUtils$.MODULE$.securityConfigs(Mode.CLIENT, securityProtocol(), mo21trustStoreFile(), str, clientCn(), mo10clientSaslProperties(), tlsProtocol());
        securityConfigs.remove("ssl.endpoint.identification.algorithm");
        return securityConfigs;
    }

    public SslEndToEndAuthorizationTest() {
        this.tlsProtocol = Java.IS_JAVA11_COMPATIBLE ? "TLSv1.3" : "TLSv1.2";
        serverConfig().setProperty("ssl.client.auth", "required");
        serverConfig().setProperty("principal.builder.class", TestPrincipalBuilder.class.getName());
        serverConfig().setProperty("ssl.protocol", tlsProtocol());
        serverConfig().setProperty("ssl.enabled.protocols", tlsProtocol());
        this.clientCn = "\\#A client with special chars in CN : (\\, \\+ \\\" \\\\ \\< \\> \\; ')";
        this.clientPrincipal = new KafkaPrincipal("User", new StringBuilder(14).append("O=A client,CN=").append(clientCn()).toString());
        this.kafkaPrincipal = new KafkaPrincipal("User", "server");
    }
}
