package io.confluent.kafkarest.auth;

import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import org.apache.kafka.common.config.ConfigException;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.security.JaasContext;
import org.apache.kafka.common.security.auth.SaslExtensionsCallback;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:io/confluent/kafkarest/auth/OAuthBearerLoginWithIdentityPoolCallbackHandlerTest.class */
public class OAuthBearerLoginWithIdentityPoolCallbackHandlerTest {
    private static final String JWT_TOKEN = "eyJraWQiOiJKSndtMlNrN1JzeHJKY2xHdVVmUE42Y2pCUXQtaWJDLUVWVE9YTVZId21FIiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULkpMR0RnSDVCRXNZNHdRdHN1a1FLSWhHZHNjMVJWSUdiWjkwak5KSzQ0d0EiLCJpc3MiOiJodHRwczovL2Rldi01MzE1MzQub2t0YS5jb20vb2F1dGgyL2F1czF6NTVldmNhWTNzUVY3NHg3IiwiYXVkIjoiY29uZmx1ZW50IiwiaWF0IjoxNjY4NjE4MjQzLCJleHAiOjE2Njg2MjE4NDMsImNpZCI6IjBvYTN0cTM5b2wzT0xyblFqNHg3Iiwic2NwIjpbImtpcmstc2NvcGUiXSwic3ViIjoiMG9hM3RxMzlvbDNPTHJuUWo0eDciLCJhIjoiMSIsImIiOiIzIiwiYyI6IjkiLCJkIjoiMyIsImUiOiI0IiwiZiI6WyI0Il0sImciOiI2NCIsImgiOiI0NSIsImNsYWltOSI6InZhbHVlOSIsImNsYWltOCI6InZhbHVlOCIsImNsYWltNyI6InZhbHVlNyIsImNsYWltNiI6InZhbHVlNiIsImNsYWltNSI6InZhbHVlNSIsImNsYWltNCI6InZhbHVlNCIsImNsYWltMyI6InZhbHVlMyIsImNsYWltMiI6InZhbHVlMiIsImNsYWltMSI6InZhbHVlMSJ9.oVSuXknQ2sJUg-I2CN4RfW89qfe4Fom9Gt_BGLNEU1gRU_CA1SvgEX68ALr_5X-mUrH6H_4y7Bt6enfeU7BUc2-AEcnXsHEJn7iqbKg-dI8vLa0IduKPoCSENkoShwvwXsVotmH6Pp_i-Tm5OrUE9yzP74Fzzmy1ZR5cTBEGzxCWe6Bedshh-B13d-hDoe0x3GFPKxmI1prU1cJu8BYvmAcoJe2_Y5hPMhqd9dKRfKPjOywaJd5hSvx9LbXp7EDE7kRYuW63cXhO9lGrrqVC8ZkPKgXyKDfNJGwQTp49Ba49NGHlCcV_KORqyP-EW-rArggSmmN_Vqn1DMuFdJuNCQ";
    private OAuthBearerLoginWithIdentityPoolCallbackHandler callbackHandler;

    @BeforeEach
    public void setUp() {
        this.callbackHandler = new OAuthBearerLoginWithIdentityPoolCallbackHandler();
    }

    @Test
    public void testHandleRaisesExceptionIfNotConfigured() {
        Assertions.assertThrows(IllegalStateException.class, () -> {
            this.callbackHandler.handle(new Callback[]{new SaslExtensionsCallback()});
        });
    }

    @Test
    public void testHandleDoesntThrowForTokenWithMissingIAt() {
        OAuthBearerTokenCallback oAuthBearerTokenCallback = new OAuthBearerTokenCallback();
        Map<String, Object> buildClientJassConfigText = buildClientJassConfigText("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJGb28gQnVpbGRlciIsImlhdCI6bnVsbCwiZXhwIjoxNzExNTYxNjE0LCJhdWQiOiIiLCJzdWIiOiJmb29AYmFyLmNvbSJ9.avOxzINOCOQOC9aMIWtpzmpSoFlVdllhpKe-eDuxU2o", "Cluster1", "poolId");
        this.callbackHandler.configure(buildClientJassConfigText, "OAUTHBEARER", JaasContext.loadClientContext(buildClientJassConfigText).configurationEntries());
        Assertions.assertDoesNotThrow(() -> {
            this.callbackHandler.handle(new Callback[]{oAuthBearerTokenCallback});
        });
    }

    @Test
    public void testAttachesAuthTokenToCallback() throws Exception {
        Callback oAuthBearerTokenCallback = new OAuthBearerTokenCallback();
        Map<String, Object> buildClientJassConfigText = buildClientJassConfigText(JWT_TOKEN, "Cluster1", "poolId");
        this.callbackHandler.configure(buildClientJassConfigText, "OAUTHBEARER", JaasContext.loadClientContext(buildClientJassConfigText).configurationEntries());
        this.callbackHandler.handle(new Callback[]{oAuthBearerTokenCallback});
        Assertions.assertEquals(JWT_TOKEN, oAuthBearerTokenCallback.token().value());
    }

    @Test
    public void testAttachesClusterToExtensionCallback() throws Exception {
        Callback saslExtensionsCallback = new SaslExtensionsCallback();
        Map<String, Object> buildClientJassConfigText = buildClientJassConfigText("Token", "Cluster1", "poolId");
        this.callbackHandler.configure(buildClientJassConfigText, "OAUTHBEARER", JaasContext.loadClientContext(buildClientJassConfigText).configurationEntries());
        this.callbackHandler.handle(new Callback[]{saslExtensionsCallback});
        Assertions.assertEquals("Cluster1", saslExtensionsCallback.extensions().map().get("logicalCluster"));
    }

    @Test
    public void testConfigureDoesntRaiseIfAllTokenAndClusterAndPoolIdProvided() {
        Map<String, Object> buildClientJassConfigText = buildClientJassConfigText(JWT_TOKEN, "Cluster1", "poolId");
        Assertions.assertDoesNotThrow(() -> {
            this.callbackHandler.configure(buildClientJassConfigText, "OAUTHBEARER", JaasContext.loadClientContext(buildClientJassConfigText).configurationEntries());
        });
    }

    @Test
    public void testConfigureRaisesExceptionOnMissingClusterConfig() {
        Map<String, Object> buildClientJassConfigText = buildClientJassConfigText(JWT_TOKEN, null, "poolId");
        Assertions.assertThrows(ConfigException.class, () -> {
            this.callbackHandler.configure(buildClientJassConfigText, "OAUTHBEARER", JaasContext.loadClientContext(buildClientJassConfigText).configurationEntries());
        });
    }

    @Test
    public void testConfigureRaisesExceptionOnMissingTokenConfig() {
        Map<String, Object> buildClientJassConfigText = buildClientJassConfigText(null, "Cluster", "poolId");
        Assertions.assertThrows(ConfigException.class, () -> {
            this.callbackHandler.configure(buildClientJassConfigText, "OAUTHBEARER", JaasContext.loadClientContext(buildClientJassConfigText).configurationEntries());
        });
    }

    @Test
    public void testConfigureRaisesExceptionOnMissingPoolIdConfig() {
        Map<String, Object> buildClientJassConfigText = buildClientJassConfigText(JWT_TOKEN, "Cluster", null);
        Assertions.assertThrows(ConfigException.class, () -> {
            this.callbackHandler.configure(buildClientJassConfigText, "OAUTHBEARER", JaasContext.loadClientContext(buildClientJassConfigText).configurationEntries());
        });
    }

    private Map<String, Object> buildClientJassConfigText(String str, String str2, String str3) {
        String str4 = "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule Required";
        if (str != null && !str.isEmpty()) {
            str4 = str4 + " token=\"" + str + "\"";
        }
        if (str2 != null && !str2.isEmpty()) {
            str4 = str4 + " logicalCluster=\"" + str2 + '\"';
        }
        if (str3 != null && !str3.isEmpty()) {
            str4 = str4 + " identityPoolId=\"" + str3 + '\"';
        }
        HashMap hashMap = new HashMap();
        hashMap.put("sasl.jaas.config", new Password(str4 + ";"));
        return Collections.unmodifiableMap(hashMap);
    }
}
