package io.confluent.kafkarest.security;

import io.confluent.common.security.auth.AuthenticationFilter;
import io.confluent.kafkarest.KafkaRestConfig;
import java.security.cert.X509Certificate;
import java.util.Properties;
import java.util.concurrent.atomic.AtomicReference;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Configurable;
import javax.ws.rs.core.SecurityContext;
import kafka.zk.EmbeddedZookeeper;
import org.apache.kafka.test.TestSslUtils;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.Mockito;

/* loaded from: input_file:io/confluent/kafkarest/security/KafkaRestSecurityResourceExtensionTest.class */
public class KafkaRestSecurityResourceExtensionTest {
    private EmbeddedZookeeper zookeeper;
    private String zkConnect;

    @Before
    public void setupZookeeper() {
        this.zookeeper = new EmbeddedZookeeper();
        this.zkConnect = String.format("127.0.0.1:%d", Integer.valueOf(this.zookeeper.port()));
    }

    @After
    public void shutdownZookeeper() {
        if (this.zookeeper != null) {
            this.zookeeper.shutdown();
        }
    }

    @Test
    public void testRegisteredSslPrincipalMapper() throws Exception {
        Properties properties = new Properties();
        properties.put("zookeeper.connect", this.zkConnect);
        properties.put("confluent.rest.auth.ssl.principal.mapping.rules", "RULE:^CN=(.*?)$/$1/");
        KafkaRestConfig kafkaRestConfig = new KafkaRestConfig(properties);
        Configurable configurable = (Configurable) Mockito.mock(Configurable.class);
        AtomicReference atomicReference = new AtomicReference();
        Mockito.when(configurable.register(Mockito.any(Object.class))).then(invocationOnMock -> {
            if (invocationOnMock.getArguments()[0] instanceof AuthenticationFilter) {
                atomicReference.set((AuthenticationFilter) invocationOnMock.getArguments()[0]);
            }
            return configurable;
        });
        new KafkaRestSecurityResourceExtension().register(configurable, kafkaRestConfig);
        Assert.assertNotNull(atomicReference.get());
        X509Certificate generateCertificate = TestSslUtils.generateCertificate("CN=restproxy/localhost@EXAMPLE.COM", TestSslUtils.generateKeyPair("RSA"), 30, "SHA1withRSA");
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) Mockito.mock(ContainerRequestContext.class);
        Mockito.when(containerRequestContext.getProperty("javax.servlet.request.X509Certificate")).thenReturn(new X509Certificate[]{generateCertificate});
        ArgumentCaptor forClass = ArgumentCaptor.forClass(SecurityContext.class);
        ((ContainerRequestContext) Mockito.doNothing().when(containerRequestContext)).setSecurityContext((SecurityContext) forClass.capture());
        ((AuthenticationFilter) atomicReference.get()).filter(containerRequestContext);
        SecurityContext securityContext = (SecurityContext) forClass.getValue();
        Assert.assertNotNull(securityContext);
        Assert.assertEquals("restproxy/localhost@EXAMPLE.COM", securityContext.getUserPrincipal().getName());
        Assert.assertEquals("SSL", securityContext.getAuthenticationScheme());
    }
}
