package io.confluent.kafkarest.auth;

import io.confluent.kafka.server.plugins.auth.MultiTenantSaslSecretsStore;
import io.confluent.kafkarest.CeKafkaRestConfig;
import io.confluent.kafkarest.KafkaRestConfig;
import io.confluent.rest.entities.ErrorMessage;
import java.io.IOException;
import java.lang.reflect.Method;
import java.net.URI;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import javax.inject.Provider;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.easymock.EasyMock;
import org.easymock.IArgumentMatcher;
import org.easymock.Mock;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInfo;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.ValueSource;

/* loaded from: input_file:io/confluent/kafkarest/auth/CloudExtensionsAuthFilterTest.class */
class CloudExtensionsAuthFilterTest {
    private static final String BASIC_TOKEN = "dXNlcm5hbWU6cGFzc3dvcmQ=";

    @Mock
    private Provider<KafkaRestConfig> configProvider = (Provider) EasyMock.mock(Provider.class);

    @Mock
    private Provider<MultiTenantSaslSecretsStore> secretsStoreProvider = (Provider) EasyMock.mock(Provider.class);

    CloudExtensionsAuthFilterTest() {
    }

    @BeforeEach
    void setUp(TestInfo testInfo) {
        String name = testInfo.getTestMethod().isPresent() ? ((Method) testInfo.getTestMethod().get()).getName() : "";
        setUpConfiguration(name.contains("ValidateClusterIdEnabled"), name.contains("MetricsRateLimitTenantLevelEnabled"));
    }

    @Test
    void testFilter_ExceptionWhenGettingPathParams_Fail() throws IOException {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) EasyMock.mock(ContainerRequestContext.class);
        UriInfo uriInfo = (UriInfo) EasyMock.mock(UriInfo.class);
        EasyMock.expect(containerRequestContext.getUriInfo()).andReturn(uriInfo).once();
        EasyMock.expect(uriInfo.getPathParameters(true)).andThrow(new IllegalStateException("Illegal"));
        containerRequestContext.abortWith(responseMatcher(400, Optional.of("Malformed url, undefined cluster id in request path.")));
        EasyMock.expectLastCall().once();
        EasyMock.replay(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
        new CloudExtensionsAuthFilter(this.configProvider, this.secretsStoreProvider).filter(containerRequestContext);
        EasyMock.verify(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
    }

    @Test
    void testFilter_NoClusterIdInPath_Fail() throws IOException {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) EasyMock.mock(ContainerRequestContext.class);
        UriInfo uriInfo = (UriInfo) EasyMock.mock(UriInfo.class);
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        EasyMock.expect(containerRequestContext.getUriInfo()).andReturn(uriInfo).once();
        EasyMock.expect(uriInfo.getPathParameters(true)).andReturn(multivaluedHashMap).once();
        containerRequestContext.abortWith(responseMatcher(400, Optional.of("Malformed url, undefined cluster id in request path.")));
        EasyMock.expectLastCall().once();
        EasyMock.replay(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
        new CloudExtensionsAuthFilter(this.configProvider, this.secretsStoreProvider).filter(containerRequestContext);
        EasyMock.verify(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
    }

    @Test
    void testFilter_NoAuthz_Fail() throws IOException {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) EasyMock.mock(ContainerRequestContext.class);
        UriInfo uriInfo = (UriInfo) EasyMock.mock(UriInfo.class);
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("clusterId", "lkc-clusterid");
        EasyMock.expect(containerRequestContext.getUriInfo()).andReturn(uriInfo).once();
        EasyMock.expect(uriInfo.getPathParameters(true)).andReturn(multivaluedHashMap).once();
        EasyMock.expect(containerRequestContext.getHeaders()).andReturn(new MultivaluedHashMap()).once();
        containerRequestContext.abortWith(responseMatcher(401, Optional.of("Authentication failed.")));
        EasyMock.expectLastCall().once();
        EasyMock.replay(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
        new CloudExtensionsAuthFilter(this.configProvider, this.secretsStoreProvider).filter(containerRequestContext);
        EasyMock.verify(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
    }

    @Test
    void testFilter_InvalidAuthz_Fail() throws IOException {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) EasyMock.mock(ContainerRequestContext.class);
        UriInfo uriInfo = (UriInfo) EasyMock.mock(UriInfo.class);
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("Authorization", "InvalidScheme tokenValue");
        MultivaluedHashMap multivaluedHashMap2 = new MultivaluedHashMap();
        multivaluedHashMap2.putSingle("clusterId", "lkc-clusterid");
        EasyMock.expect(containerRequestContext.getUriInfo()).andReturn(uriInfo).once();
        EasyMock.expect(uriInfo.getPathParameters(true)).andReturn(multivaluedHashMap2).once();
        EasyMock.expect(containerRequestContext.getHeaders()).andReturn(multivaluedHashMap).once();
        containerRequestContext.abortWith(responseMatcher(401, Optional.of("Authentication failed.")));
        EasyMock.expectLastCall().once();
        EasyMock.replay(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
        new CloudExtensionsAuthFilter(this.configProvider, this.secretsStoreProvider).filter(containerRequestContext);
        EasyMock.verify(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
    }

    @Test
    void testFilter_NullHostAndValidAuthz_Pass() throws IOException {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) EasyMock.mock(ContainerRequestContext.class);
        UriInfo uriInfo = (UriInfo) EasyMock.mock(UriInfo.class);
        URI create = URI.create("/null-host-uri");
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ=");
        MultivaluedHashMap multivaluedHashMap2 = new MultivaluedHashMap();
        multivaluedHashMap2.putSingle("clusterId", "lkc-clusterid");
        EasyMock.expect(containerRequestContext.getUriInfo()).andReturn(uriInfo).times(2);
        EasyMock.expect(uriInfo.getPathParameters(true)).andReturn(multivaluedHashMap2).once();
        EasyMock.expect(uriInfo.getRequestUri()).andReturn(create).once();
        EasyMock.expect(containerRequestContext.getHeaders()).andReturn(multivaluedHashMap).times(2);
        containerRequestContext.setSecurityContext(securityContextMatcher("lkc-clusterid"));
        EasyMock.expectLastCall().once();
        EasyMock.replay(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
        new CloudExtensionsAuthFilter(this.configProvider, this.secretsStoreProvider).filter(containerRequestContext);
        EasyMock.verify(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
    }

    @Test
    void testFilter_ValidateClusterIdEnabled_NullHostAndValidAuthz_Fail() throws IOException {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) EasyMock.mock(ContainerRequestContext.class);
        UriInfo uriInfo = (UriInfo) EasyMock.mock(UriInfo.class);
        URI create = URI.create("/null-host-uri");
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ=");
        MultivaluedHashMap multivaluedHashMap2 = new MultivaluedHashMap();
        multivaluedHashMap2.putSingle("clusterId", "lkc-id");
        EasyMock.expect(containerRequestContext.getUriInfo()).andReturn(uriInfo).times(2);
        EasyMock.expect(uriInfo.getPathParameters(true)).andReturn(multivaluedHashMap2).once();
        EasyMock.expect(containerRequestContext.getHeaders()).andReturn(multivaluedHashMap).times(2);
        EasyMock.expect(uriInfo.getBaseUri()).andReturn(create);
        containerRequestContext.abortWith(responseMatcher(400, Optional.of("Invalid request url")));
        EasyMock.expectLastCall().once();
        EasyMock.replay(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
        new CloudExtensionsAuthFilter(this.configProvider, this.secretsStoreProvider).filter(containerRequestContext);
        EasyMock.verify(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
    }

    @ValueSource(strings = {"lkc-.confluent.io", "lkc--abc.stag.cloud.dev", "lkc-CAPCASENOTGOOD.stag.cloud.dev"})
    @ParameterizedTest
    void testFilter_InvalidClusterIdInHost_Pass(String str) throws IOException {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) EasyMock.mock(ContainerRequestContext.class);
        UriInfo uriInfo = (UriInfo) EasyMock.mock(UriInfo.class);
        URI create = URI.create("https://" + str + "/kafka/v3/clusters/lkc-abcd/topics");
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ=");
        MultivaluedHashMap multivaluedHashMap2 = new MultivaluedHashMap();
        multivaluedHashMap2.putSingle("clusterId", "lkc-clusterid");
        EasyMock.expect(containerRequestContext.getUriInfo()).andReturn(uriInfo).times(2);
        EasyMock.expect(uriInfo.getPathParameters(true)).andReturn(multivaluedHashMap2).once();
        EasyMock.expect(uriInfo.getRequestUri()).andReturn(create).once();
        EasyMock.expect(containerRequestContext.getHeaders()).andReturn(multivaluedHashMap).times(2);
        containerRequestContext.setSecurityContext(securityContextMatcher("lkc-clusterid"));
        EasyMock.expectLastCall().once();
        EasyMock.replay(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
        new CloudExtensionsAuthFilter(this.configProvider, this.secretsStoreProvider).filter(containerRequestContext);
        EasyMock.verify(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
    }

    @ValueSource(strings = {"lkc-.confluent.io", "lkc--abc.stag.cloud.dev", "lkc-CAPCASENOTGOOD.stag.cloud.dev"})
    @ParameterizedTest
    void testFilter_ValidateClusterIdEnabled_InvalidClusterIdInHost_Fail(String str) throws IOException {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) EasyMock.mock(ContainerRequestContext.class);
        UriInfo uriInfo = (UriInfo) EasyMock.mock(UriInfo.class);
        URI create = URI.create("https://" + str + "/kafka/v3/clusters/lkc-abcd/topics");
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ=");
        MultivaluedHashMap multivaluedHashMap2 = new MultivaluedHashMap();
        multivaluedHashMap2.putSingle("clusterId", "lkc-id");
        EasyMock.expect(containerRequestContext.getUriInfo()).andReturn(uriInfo).times(2);
        EasyMock.expect(uriInfo.getBaseUri()).andReturn(create).once();
        EasyMock.expect(uriInfo.getPathParameters(true)).andReturn(multivaluedHashMap2).once();
        EasyMock.expect(containerRequestContext.getHeaders()).andReturn(multivaluedHashMap).times(2);
        containerRequestContext.abortWith(responseMatcher(400, Optional.of("Invalid request url")));
        EasyMock.expectLastCall().once();
        EasyMock.replay(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
        new CloudExtensionsAuthFilter(this.configProvider, this.secretsStoreProvider).filter(containerRequestContext);
        EasyMock.verify(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
    }

    @ValueSource(strings = {"pkc-abc.ccloud.dev", "127.0.0.1", "localhost", "pkc-abcd0.us-east-1.aws.confluent.cloud"})
    @ParameterizedTest
    void testFilter_ClusterIdNotPresentInHost_Pass(String str) throws IOException {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) EasyMock.mock(ContainerRequestContext.class);
        UriInfo uriInfo = (UriInfo) EasyMock.mock(UriInfo.class);
        URI create = URI.create("https://" + str + ":443/kafka/v3/clusters/lkc-clusterid/topics");
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ=");
        MultivaluedHashMap multivaluedHashMap2 = new MultivaluedHashMap();
        multivaluedHashMap2.putSingle("clusterId", "lkc-clusterid");
        EasyMock.expect(containerRequestContext.getUriInfo()).andReturn(uriInfo).times(2);
        EasyMock.expect(uriInfo.getPathParameters(true)).andReturn(multivaluedHashMap2).once();
        EasyMock.expect(uriInfo.getRequestUri()).andReturn(create).once();
        EasyMock.expect(containerRequestContext.getHeaders()).andReturn(multivaluedHashMap).times(2);
        containerRequestContext.setSecurityContext(securityContextMatcher("lkc-clusterid"));
        EasyMock.expectLastCall();
        EasyMock.replay(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
        new CloudExtensionsAuthFilter(this.configProvider, this.secretsStoreProvider).filter(containerRequestContext);
        EasyMock.verify(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
    }

    @ValueSource(strings = {"pkc-abc.ccloud.dev", "127.0.0.1", "localhost", "pkc-abcd0.us-east-1.aws.confluent.cloud"})
    @ParameterizedTest
    void testFilter_ValidateClusterIdEnabled_ClusterIdNotPresentInHost_Pass(String str) throws IOException {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) EasyMock.mock(ContainerRequestContext.class);
        UriInfo uriInfo = (UriInfo) EasyMock.mock(UriInfo.class);
        URI create = URI.create("https://" + str + ":443/kafka/v3/clusters/lkc-clusterid/topics");
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ=");
        MultivaluedHashMap multivaluedHashMap2 = new MultivaluedHashMap();
        multivaluedHashMap2.putSingle("clusterId", "lkc-clusterid");
        EasyMock.expect(containerRequestContext.getUriInfo()).andReturn(uriInfo).times(3);
        EasyMock.expect(uriInfo.getBaseUri()).andReturn(create);
        EasyMock.expect(uriInfo.getPathParameters(true)).andReturn(multivaluedHashMap2).once();
        EasyMock.expect(uriInfo.getRequestUri()).andReturn(create).once();
        EasyMock.expect(containerRequestContext.getHeaders()).andReturn(multivaluedHashMap).times(2);
        containerRequestContext.setSecurityContext(securityContextMatcher("lkc-clusterid"));
        EasyMock.expectLastCall();
        EasyMock.replay(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
        new CloudExtensionsAuthFilter(this.configProvider, this.secretsStoreProvider).filter(containerRequestContext);
        EasyMock.verify(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
    }

    @ValueSource(strings = {"lkc-abcd0-lg1y3.us-west-1.aws.glb.confluent.cloud", "lkc-abcd0.domz6wj0p.us-west-1.aws.confluent.cloud", "lkc-abcd0-lg1y3.us-west-1.aws.glb.confluent.cloud", "lkc-abcd0-lg1y3.us-west-1.aws.glb.confluent.cloud", "lkc-abcd0-envxyz456.us-west-2.aws.private.glb.confluent.cloud"})
    @ParameterizedTest
    void testFilter_ClusterIdDifferenceInHostAndPathParam_Pass(String str) throws IOException {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) EasyMock.mock(ContainerRequestContext.class);
        UriInfo uriInfo = (UriInfo) EasyMock.mock(UriInfo.class);
        URI create = URI.create("https://" + str + ":443/kafka/v3/clusters/lkc-other/topics");
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ=");
        MultivaluedHashMap multivaluedHashMap2 = new MultivaluedHashMap();
        multivaluedHashMap2.putSingle("clusterId", "lkc-other");
        EasyMock.expect(containerRequestContext.getUriInfo()).andReturn(uriInfo).times(2);
        EasyMock.expect(uriInfo.getPathParameters(true)).andReturn(multivaluedHashMap2).once();
        EasyMock.expect(uriInfo.getRequestUri()).andReturn(create).once();
        EasyMock.expect(containerRequestContext.getHeaders()).andReturn(multivaluedHashMap).times(2);
        containerRequestContext.setSecurityContext(securityContextMatcher("lkc-other"));
        EasyMock.expectLastCall().once();
        EasyMock.replay(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
        new CloudExtensionsAuthFilter(this.configProvider, this.secretsStoreProvider).filter(containerRequestContext);
        EasyMock.verify(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
    }

    @ValueSource(strings = {"lkc-abcd0-lg1y3.us-west-1.aws.glb.confluent.cloud", "lkc-abcd0.domz6wj0p.us-west-1.aws.confluent.cloud", "lkc-abcd0-lg1y3.us-west-1.aws.glb.confluent.cloud", "lkc-abcd0-lg1y3.us-west-1.aws.glb.confluent.cloud", "lkc-abcd0-envxyz456.us-west-2.aws.private.glb.confluent.cloud"})
    @ParameterizedTest
    void testFilter_ValidateClusterIdEnabled_ClusterIdDifferenceInHostAndPathParam_Fail(String str) throws IOException {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) EasyMock.mock(ContainerRequestContext.class);
        UriInfo uriInfo = (UriInfo) EasyMock.mock(UriInfo.class);
        URI create = URI.create("https://" + str + ":443/kafka/v3/clusters/lkc-other/topics");
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ=");
        MultivaluedHashMap multivaluedHashMap2 = new MultivaluedHashMap();
        multivaluedHashMap2.putSingle("clusterId", "lkc-other");
        EasyMock.expect(containerRequestContext.getUriInfo()).andReturn(uriInfo).times(2);
        EasyMock.expect(uriInfo.getBaseUri()).andReturn(create).once();
        EasyMock.expect(uriInfo.getPathParameters(true)).andReturn(multivaluedHashMap2).once();
        EasyMock.expect(containerRequestContext.getHeaders()).andReturn(multivaluedHashMap).times(2);
        containerRequestContext.abortWith(responseMatcher(400, Optional.of("Cluster id mismatched between host and path parameter")));
        EasyMock.expectLastCall().once();
        EasyMock.replay(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
        new CloudExtensionsAuthFilter(this.configProvider, this.secretsStoreProvider).filter(containerRequestContext);
        EasyMock.verify(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
    }

    @ValueSource(strings = {"lkc-abcd0-lg1y3.us-west-1.aws.glb.confluent.cloud", "lkc-abcd0.domz6wj0p.us-west-1.aws.confluent.cloud", "lkc-abcd0-lg1y3.us-west-1.aws.glb.confluent.cloud", "lkc-abcd0-lg1y3.us-west-1.aws.glb.confluent.cloud", "lkc-abcd0-envxyz456.us-west-2.aws.private.glb.confluent.cloud"})
    @ParameterizedTest
    void testFilter_ClusterIdSameInHostAndPathParam_Pass(String str) throws IOException {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) EasyMock.mock(ContainerRequestContext.class);
        UriInfo uriInfo = (UriInfo) EasyMock.mock(UriInfo.class);
        URI create = URI.create("https://" + str + ":443/kafka/v3/clusters/lkc-abcd0/topics");
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ=");
        MultivaluedHashMap multivaluedHashMap2 = new MultivaluedHashMap();
        multivaluedHashMap2.putSingle("clusterId", "lkc-abcd0");
        EasyMock.expect(containerRequestContext.getUriInfo()).andReturn(uriInfo).times(2);
        EasyMock.expect(uriInfo.getPathParameters(true)).andReturn(multivaluedHashMap2).once();
        EasyMock.expect(uriInfo.getRequestUri()).andReturn(create).once();
        EasyMock.expect(containerRequestContext.getHeaders()).andReturn(multivaluedHashMap).times(2);
        containerRequestContext.setSecurityContext(securityContextMatcher("lkc-abcd0"));
        EasyMock.expectLastCall().once();
        EasyMock.replay(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
        new CloudExtensionsAuthFilter(this.configProvider, this.secretsStoreProvider).filter(containerRequestContext);
        EasyMock.verify(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
    }

    @ValueSource(strings = {"lkc-abcd0-lg1y3.us-west-1.aws.glb.confluent.cloud", "lkc-abcd0.domz6wj0p.us-west-1.aws.confluent.cloud", "lkc-abcd0-lg1y3.us-west-1.aws.glb.confluent.cloud", "lkc-abcd0-lg1y3.us-west-1.aws.glb.confluent.cloud", "lkc-abcd0-envxyz456.us-west-2.aws.private.glb.confluent.cloud"})
    @ParameterizedTest
    void testFilter_ValidateClusterIdEnabled_ClusterIdSameInHostAndPathParam_Pass(String str) throws IOException {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) EasyMock.mock(ContainerRequestContext.class);
        UriInfo uriInfo = (UriInfo) EasyMock.mock(UriInfo.class);
        URI create = URI.create("https://" + str + ":443/kafka/v3/clusters/lkc-abcd0/topics");
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ=");
        MultivaluedHashMap multivaluedHashMap2 = new MultivaluedHashMap();
        multivaluedHashMap2.putSingle("clusterId", "lkc-abcd0");
        EasyMock.expect(containerRequestContext.getUriInfo()).andReturn(uriInfo).times(3);
        EasyMock.expect(uriInfo.getBaseUri()).andReturn(create);
        EasyMock.expect(uriInfo.getPathParameters(true)).andReturn(multivaluedHashMap2).once();
        EasyMock.expect(uriInfo.getRequestUri()).andReturn(create).once();
        EasyMock.expect(containerRequestContext.getHeaders()).andReturn(multivaluedHashMap).times(2);
        containerRequestContext.setSecurityContext(securityContextMatcher("lkc-abcd0"));
        EasyMock.expectLastCall().once();
        EasyMock.replay(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
        new CloudExtensionsAuthFilter(this.configProvider, this.secretsStoreProvider).filter(containerRequestContext);
        EasyMock.verify(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
    }

    @Test
    void testFilter_MetricsRateLimitTenantLevelEnabled_NoAuthz_Fail() throws IOException {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) EasyMock.mock(ContainerRequestContext.class);
        UriInfo uriInfo = (UriInfo) EasyMock.mock(UriInfo.class);
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("clusterId", "lkc-clusterid");
        EasyMock.expect(containerRequestContext.getUriInfo()).andReturn(uriInfo).once();
        EasyMock.expect(uriInfo.getPathParameters(true)).andReturn(multivaluedHashMap).once();
        EasyMock.expect(containerRequestContext.getHeaders()).andReturn(new MultivaluedHashMap()).once();
        containerRequestContext.abortWith(responseMatcher(401, Optional.of("Authentication failed.")));
        EasyMock.expectLastCall().once();
        containerRequestContext.setProperty(EasyMock.anyString(), EasyMock.anyObject());
        EasyMock.expectLastCall().andThrow(new AssertionError("Should not throw this")).anyTimes();
        EasyMock.replay(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
        new CloudExtensionsAuthFilter(this.configProvider, this.secretsStoreProvider).filter(containerRequestContext);
        EasyMock.verify(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
    }

    @Test
    void testFilter_MetricsRateLimitTenantLevelEnabled_WithAuthz_Pass() throws IOException {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) EasyMock.mock(ContainerRequestContext.class);
        UriInfo uriInfo = (UriInfo) EasyMock.mock(UriInfo.class);
        URI create = URI.create("https://test.com:443/kafka/v3/clusters/lkc-abcd0/topics");
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ=");
        MultivaluedHashMap multivaluedHashMap2 = new MultivaluedHashMap();
        multivaluedHashMap2.putSingle("clusterId", "lkc-abcd0");
        EasyMock.expect(containerRequestContext.getUriInfo()).andReturn(uriInfo).times(2);
        EasyMock.expect(uriInfo.getPathParameters(true)).andReturn(multivaluedHashMap2).once();
        EasyMock.expect(uriInfo.getRequestUri()).andReturn(create).once();
        EasyMock.expect(containerRequestContext.getHeaders()).andReturn(multivaluedHashMap).times(2);
        containerRequestContext.setSecurityContext(securityContextMatcher("lkc-abcd0"));
        EasyMock.expectLastCall().once();
        containerRequestContext.setProperty((String) EasyMock.eq("_request_tags"), singletonMapMatcher("tenant", "lkc-abcd0"));
        EasyMock.expectLastCall().once();
        EasyMock.replay(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
        new CloudExtensionsAuthFilter(this.configProvider, this.secretsStoreProvider).filter(containerRequestContext);
        EasyMock.verify(new Object[]{this.configProvider, this.secretsStoreProvider, containerRequestContext, uriInfo});
    }

    private void setUpConfiguration(boolean z, boolean z2) {
        Properties properties = new Properties();
        properties.put("secrets.store.validation.required", false);
        properties.put("validate.cluster.id.in.url", Boolean.valueOf(z));
        properties.put("metrics.rate.limit.tenant.level.enabled", Boolean.valueOf(z2));
        EasyMock.expect(this.configProvider.get()).andReturn(new CeKafkaRestConfig(properties));
        EasyMock.expect(this.secretsStoreProvider.get()).andReturn((Object) null);
    }

    private static Response responseMatcher(final int i, final Optional<String> optional) {
        EasyMock.reportMatcher(new IArgumentMatcher() { // from class: io.confluent.kafkarest.auth.CloudExtensionsAuthFilterTest.1
            public boolean matches(Object obj) {
                if (!((obj instanceof Response) && ((Response) obj).getStatus() == i)) {
                    return false;
                }
                if (!optional.isPresent()) {
                    return true;
                }
                try {
                    return ((ErrorMessage) ((Response) obj).getEntity()).getMessage().equals(optional.get());
                } catch (Exception e) {
                    return false;
                }
            }

            public void appendTo(StringBuffer stringBuffer) {
                stringBuffer.append("ResponseStatus(").append(i).append(")");
            }
        });
        return null;
    }

    private static CloudSecurityContext securityContextMatcher(final String str) {
        EasyMock.reportMatcher(new IArgumentMatcher() { // from class: io.confluent.kafkarest.auth.CloudExtensionsAuthFilterTest.2
            public boolean matches(Object obj) {
                return (obj instanceof CloudSecurityContext) && (((CloudSecurityContext) obj).getUserPrincipal() instanceof CloudPrincipal) && ((CloudSecurityContext) obj).getUserPrincipal().getClusterId().equals(str);
            }

            public void appendTo(StringBuffer stringBuffer) {
                stringBuffer.append("CloudSecurityContext(clusterId=").append(str).append(")");
            }
        });
        return null;
    }

    private static Map<String, String> singletonMapMatcher(final String str, final String str2) {
        EasyMock.reportMatcher(new IArgumentMatcher() { // from class: io.confluent.kafkarest.auth.CloudExtensionsAuthFilterTest.3
            public boolean matches(Object obj) {
                return (obj instanceof Map) && ((Map) obj).size() == 1 && ((Map) obj).containsKey(str) && ((String) ((Map) obj).get(str)).equals(str2);
            }

            public void appendTo(StringBuffer stringBuffer) {
                stringBuffer.append("Map(").append(str).append("=").append(str2).append(")");
            }
        });
        return null;
    }
}
