package io.confluent.kafkarest.integration;

import com.google.common.collect.ImmutableList;
import io.confluent.kafka.multitenant.MultiTenantPrincipalBuilder;
import io.confluent.kafka.multitenant.PhysicalClusterMetadata;
import io.confluent.kafka.multitenant.Utils;
import io.confluent.kafka.server.plugins.auth.MultiTenantSaslConfigEntry;
import io.confluent.kafka.server.plugins.auth.MultiTenantSaslSecrets;
import io.confluent.kafka.server.plugins.auth.MultiTenantSaslSecretsStore;
import io.confluent.kafkarest.CloudKafkaRestResourceExtension;
import io.confluent.kafkarest.KafkaRestConfig;
import io.confluent.kafkarest.extension.RestResourceExtension;
import java.io.File;
import java.io.FileWriter;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import java.util.stream.Collectors;
import javax.ws.rs.client.Invocation;
import javax.ws.rs.core.Configurable;
import kafka.server.KafkaConfig;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.network.CertStores;
import org.easymock.EasyMock;
import org.easymock.Mock;
import org.glassfish.hk2.utilities.binding.AbstractBinder;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.TestInfo;
import org.junit.jupiter.api.io.TempDir;

/* loaded from: input_file:io/confluent/kafkarest/integration/CloudApiKeyIntegrationTestBase.class */
public class CloudApiKeyIntegrationTestBase extends CloudClusterTestHarness {
    protected static final String MAIN_API_KEY = "api_key";
    protected static final String MAIN_API_KEY_2 = "api_key-2";
    protected static final String MAIN_API_KEY_3 = "api_key-3";
    protected static final String MAIN_API_SECRET = "api_secret";
    protected static final String OTHER_API_KEY = "other_api_key";
    protected static final String OTHER_API_SECRET = "other_api_secret";

    @Mock
    protected static MultiTenantSaslSecretsStore mockSecretsStore;

    @TempDir
    Path tempFolder;
    private File apiKeys;
    private CertStores serverCertStores;
    private int brokerPort;
    private final boolean setupSecretsStore;
    protected static final String MAIN_LKC = Utils.LC_META_ABC.logicalClusterId();
    protected static final String OTHER_LKC = Utils.LC_META_1.logicalClusterId();

    /* loaded from: input_file:io/confluent/kafkarest/integration/CloudApiKeyIntegrationTestBase$MockSecretsStoreExtension.class */
    public static final class MockSecretsStoreExtension implements RestResourceExtension {
        public void register(Configurable<?> configurable, KafkaRestConfig kafkaRestConfig) {
            configurable.register(SecretsStoreModule.class);
        }

        public void clean() {
        }
    }

    /* loaded from: input_file:io/confluent/kafkarest/integration/CloudApiKeyIntegrationTestBase$SecretsStoreModule.class */
    private static final class SecretsStoreModule extends AbstractBinder {
        private SecretsStoreModule() {
        }

        protected void configure() {
            bind(CloudApiKeyIntegrationTestBase.mockSecretsStore).to(MultiTenantSaslSecretsStore.class);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CloudApiKeyIntegrationTestBase() {
        this(true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CloudApiKeyIntegrationTestBase(boolean z) {
        super(1, false);
        this.setupSecretsStore = z;
    }

    protected void setupSecretsStore() {
        MultiTenantSaslConfigEntry multiTenantSaslConfigEntry = (MultiTenantSaslConfigEntry) EasyMock.mock(MultiTenantSaslConfigEntry.class);
        EasyMock.expect(multiTenantSaslConfigEntry.logicalClusterId()).andReturn(MAIN_LKC).anyTimes();
        MultiTenantSaslConfigEntry multiTenantSaslConfigEntry2 = (MultiTenantSaslConfigEntry) EasyMock.mock(MultiTenantSaslConfigEntry.class);
        EasyMock.expect(multiTenantSaslConfigEntry2.logicalClusterId()).andReturn(OTHER_LKC).anyTimes();
        EasyMock.expect(((MultiTenantSaslConfigEntry) EasyMock.mock(MultiTenantSaslConfigEntry.class)).logicalClusterId()).andReturn(Utils.LC_META_DED.logicalClusterId()).anyTimes();
        EasyMock.expect(((MultiTenantSaslConfigEntry) EasyMock.mock(MultiTenantSaslConfigEntry.class)).logicalClusterId()).andReturn(Utils.LC_META_MEH.logicalClusterId()).anyTimes();
        MultiTenantSaslSecrets multiTenantSaslSecrets = (MultiTenantSaslSecrets) EasyMock.mock(MultiTenantSaslSecrets.class);
        HashMap hashMap = new HashMap();
        hashMap.put(MAIN_API_KEY, multiTenantSaslConfigEntry);
        hashMap.put(OTHER_API_KEY, multiTenantSaslConfigEntry2);
        hashMap.put(MAIN_API_KEY_2, multiTenantSaslConfigEntry);
        hashMap.put(MAIN_API_KEY_3, multiTenantSaslConfigEntry);
        EasyMock.expect(multiTenantSaslSecrets.entries()).andReturn(hashMap).anyTimes();
        mockSecretsStore = (MultiTenantSaslSecretsStore) EasyMock.mock(MultiTenantSaslSecretsStore.class);
        EasyMock.expect(mockSecretsStore.load()).andReturn(multiTenantSaslSecrets).anyTimes();
        EasyMock.replay(new Object[]{multiTenantSaslConfigEntry, multiTenantSaslConfigEntry2, multiTenantSaslSecrets, mockSecretsStore});
    }

    @BeforeEach
    public void setUp(TestInfo testInfo) throws Exception {
        if (this.setupSecretsStore) {
            setupSecretsStore();
        }
        Utils.createLogicalClusterFile(Utils.LC_META_ABC, this.tempFolder);
        this.serverCertStores = new CertStores(true, "localhost");
        this.brokerPort = choosePorts(1)[0];
        this.apiKeys = this.tempFolder.resolve(RandomStringUtils.random(1, true, true)).toFile();
        FileWriter fileWriter = new FileWriter(this.apiKeys);
        fileWriter.write("{  \"keys\": {    \"api_key\": {      \"sasl_mechanism\": \"PLAIN\",      \"hashed_secret\": \"api_secret\",      \"hash_function\": \"none\",      \"user_id\": \"1\",      \"logical_cluster_id\": \"" + MAIN_LKC + "\",      \"service_account\": \"false\"    },    \"" + MAIN_API_KEY_2 + "\": {      \"sasl_mechanism\": \"PLAIN\",      \"hashed_secret\": \"" + MAIN_API_SECRET + "\",      \"hash_function\": \"none\",      \"user_id\": \"1\",      \"logical_cluster_id\": \"" + MAIN_LKC + "\",      \"service_account\": \"false\"    },    \"" + MAIN_API_KEY_3 + "\": {      \"sasl_mechanism\": \"PLAIN\",      \"hashed_secret\": \"" + MAIN_API_SECRET + "\",      \"hash_function\": \"none\",      \"user_id\": \"1\",      \"logical_cluster_id\": \"" + MAIN_LKC + "\",      \"service_account\": \"false\"    }  }}");
        fileWriter.flush();
        fileWriter.close();
        super.setUp(testInfo);
    }

    public Properties overrideBrokerProperties(int i, Properties properties) {
        properties.put("multitenant.metadata.dir", this.tempFolder.getRoot().toAbsolutePath().toString());
        properties.put("multitenant.metadata.class", PhysicalClusterMetadata.class);
        properties.put("listeners", String.format("PLAINTEXT://localhost:0, SASL_SSL://localhost:%d", Integer.valueOf(this.brokerPort)));
        properties.put("listener.name.sasl_ssl.sasl.enabled.mechanisms", "PLAIN");
        properties.put("listener.name.sasl_ssl.principal.builder.class", MultiTenantPrincipalBuilder.class.getName());
        properties.put("listener.name.sasl_ssl.plain.sasl.jaas.config", "io.confluent.kafka.server.plugins.auth.FileBasedLoginModule required config_path=\"" + this.apiKeys.getPath() + "\" refresh_ms=\"1000\";");
        Map map = (Map) this.serverCertStores.keyStoreProps().entrySet().stream().filter(entry -> {
            return entry.getValue() != null;
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
        Map map2 = (Map) this.serverCertStores.trustStoreProps().entrySet().stream().filter(entry2 -> {
            return entry2.getValue() != null;
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
        properties.put(KafkaConfig.FailedAuthenticationDelayMsProp(), 0);
        properties.putAll(map);
        properties.putAll(map2);
        return properties;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void overrideKafkaRestConfigs(Properties properties) {
        properties.put("kafka.rest.resource.extension.class", this.setupSecretsStore ? ImmutableList.of(CloudKafkaRestResourceExtension.class.getName(), MockSecretsStoreExtension.class.getName()) : Collections.singletonList(CloudKafkaRestResourceExtension.class.getName()));
        properties.put("bootstrap.servers", String.format("SASL_SSL://127.0.0.1:%d", Integer.valueOf(this.brokerPort)));
        Map trustingConfig = this.serverCertStores.getTrustingConfig(this.serverCertStores);
        properties.put("client.ssl.truststore.location", trustingConfig.get("ssl.truststore.location"));
        properties.put("client.ssl.endpoint.identification.algorithm", "");
        properties.put("client.ssl.truststore.password", ((Password) trustingConfig.get("ssl.truststore.password")).value());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Invocation.Builder authenticatedRequest(String str) {
        return authenticatedRequest(str, MAIN_API_KEY, MAIN_API_SECRET);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Invocation.Builder authenticatedRequest(String str, String str2, String str3) {
        return request(str).header("Authorization", String.format("Basic %s", Base64.getEncoder().encodeToString((str2 + ":" + str3).getBytes(StandardCharsets.ISO_8859_1))));
    }
}
