package io.confluent.kafkarest.testing;

import io.confluent.common.utils.IntegrationTest;
import io.confluent.kafka.multitenant.PhysicalClusterMetadata;
import io.confluent.kafka.multitenant.Utils;
import io.confluent.kafka.server.plugins.auth.oauth.OAuthBearerServerLoginCallbackHandler;
import io.confluent.kafka.server.plugins.auth.oauth.OAuthBearerValidatorCallbackHandler;
import io.confluent.kafkarest.CloudKafkaRestResourceExtension;
import io.confluent.kafkarest.integration.ClusterTestHarness;
import java.io.File;
import java.util.Map;
import java.util.Properties;
import java.util.stream.Collectors;
import javax.ws.rs.client.Invocation;
import kafka.server.KafkaConfig;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.network.CertStores;
import org.junit.Before;
import org.junit.Rule;
import org.junit.experimental.categories.Category;
import org.junit.rules.TemporaryFolder;

@Category({IntegrationTest.class})
/* loaded from: input_file:io/confluent/kafkarest/testing/CloudClusterTestHarness.class */
public class CloudClusterTestHarness extends ClusterTestHarness {
    public static final String LKC = Utils.LC_META_ABC.logicalClusterId();
    private JwtProvider jwtProvider;
    public static int[] tokenPorts;
    private CertStores serverCertStores;

    @Rule
    public final TemporaryFolder tempFolder;

    public CloudClusterTestHarness() {
        this.tempFolder = new TemporaryFolder();
        tokenPorts = choosePorts(1);
    }

    public CloudClusterTestHarness(int i, boolean z) {
        super(i, z);
        this.tempFolder = new TemporaryFolder();
        tokenPorts = choosePorts(i);
    }

    @Before
    public void setUp() throws Exception {
        Utils.createLogicalClusterFile(Utils.LC_META_ABC, this.tempFolder);
        this.jwtProvider = new JwtProvider();
        this.serverCertStores = new CertStores(true, "localhost");
        super.setUp();
    }

    public String newIDToken(String str) throws Exception {
        return newIDToken("Confluent", str);
    }

    public String newIDToken(String str, String str2) throws Exception {
        return this.jwtProvider.jws(100000, "Confluent", str, new String[]{str2}).getJwsToken();
    }

    public String newIDToken(String str, String str2, Integer num) throws Exception {
        return this.jwtProvider.jws(num, "Confluent", str, new String[]{str2}).getJwsToken();
    }

    public Properties overrideBrokerProperties(int i, Properties properties) {
        properties.put("multitenant.metadata.dir", this.tempFolder.getRoot().getAbsolutePath());
        properties.put("multitenant.metadata.class", PhysicalClusterMetadata.class.getName());
        properties.put("listeners", String.format("PLAINTEXT://localhost:0, SASL_SSL://localhost:%d", Integer.valueOf(tokenPorts[i])));
        attachServerOAuthConfigs(properties, this.jwtProvider.publicFile());
        Map map = (Map) this.serverCertStores.keyStoreProps().entrySet().stream().filter(entry -> {
            return entry.getValue() != null;
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
        Map map2 = (Map) this.serverCertStores.trustStoreProps().entrySet().stream().filter(entry2 -> {
            return entry2.getValue() != null;
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
        properties.put(KafkaConfig.FailedAuthenticationDelayMsProp(), 0);
        properties.putAll(map);
        properties.putAll(map2);
        return properties;
    }

    protected void overrideKafkaRestConfigs(Properties properties) {
        properties.put("kafka.rest.resource.extension.class", CloudKafkaRestResourceExtension.class.getName());
        properties.put("bootstrap.servers", String.format("SASL_SSL://127.0.0.1:%d", Integer.valueOf(tokenPorts[0])));
        Map trustingConfig = this.serverCertStores.getTrustingConfig(this.serverCertStores);
        properties.put("client.ssl.truststore.location", trustingConfig.get("ssl.truststore.location"));
        properties.put("client.ssl.endpoint.identification.algorithm", "");
        properties.put("client.ssl.truststore.password", ((Password) trustingConfig.get("ssl.truststore.password")).value());
    }

    public static void attachServerOAuthConfigs(Properties properties, File file) {
        properties.put("listener.name.sasl_ssl.sasl.enabled.mechanisms", "OAUTHBEARER");
        properties.put("listener.name.sasl_ssl.oauthbearer.sasl.login.callback.handler.class", OAuthBearerServerLoginCallbackHandler.class.getName());
        properties.put("listener.name.sasl_ssl.oauthbearer.sasl.server.callback.handler.class", OAuthBearerValidatorCallbackHandler.class.getName());
        properties.put("listener.name.sasl_ssl.oauthbearer.sasl.jaas.config", "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath=\"" + file.toPath() + "\";");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Invocation.Builder authenticatedRequest(String str, String str2) {
        return authenticatedRequest(str, null, null, null, str2);
    }

    protected Invocation.Builder authenticatedRequest(String str, Map<String, String> map, String str2) {
        return authenticatedRequest(str, null, null, map, str2);
    }

    protected Invocation.Builder authenticatedRequest(String str, String str2, Object obj, String str3) {
        return authenticatedRequest(str, str2, obj, null, str3);
    }

    protected Invocation.Builder authenticatedRequest(String str, String str2, Object obj, Map<String, String> map, String str3) {
        return withAuth(super.request(str, str2, obj, map), str3);
    }

    private Invocation.Builder withAuth(Invocation.Builder builder, String str) {
        return builder.header("Authorization", String.format("Bearer %s", str));
    }
}
