package integration.rbacapi.api.v1;

import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.type.TypeReference;
import functional.stubs.StubApplicationUtil;
import io.confluent.rbacapi.retrofit.v1.V1RbacRestApi;
import io.confluent.rbacapi.retrofit.v1.V1RbacRetrofitFactory;
import io.confluent.security.test.utils.RbacClusters;
import io.confluent.testing.TestIndependenceUtil;
import io.confluent.testing.ldap.client.ExampleComLdapCrud;
import io.confluent.testing.ldap.client.LdapCrud;
import io.confluent.testing.ldap.server.LdapServer;
import java.io.UnsupportedEncodingException;
import java.net.ConnectException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.stream.Collectors;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Response;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.awaitility.Awaitility;
import org.glassfish.jersey.client.ClientConfig;
import org.junit.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import utils.KafkaConfigTool;
import utils.MdsJsonUtil;
import utils.MdsTestUtil;
import utils.RoleCrudUtil;

@Test(groups = {"classParallelTests"})
/* loaded from: input_file:integration/rbacapi/api/v1/ProxyServletRewriteTest.class */
public class ProxyServletRewriteTest {
    private static final String BROKER_USER = "kafka";
    private RbacClusters rbacClusters;
    private LdapServer ldapServer;
    private LdapCrud ldapCrud;
    private static int node1MDSPort;
    private static int node2MDSPort;
    private Client client;
    private static V1RbacRestApi brokerUserClient;
    public static String NODE1;
    public static String NODE2;
    private static String basicAuthStr;
    private static final KafkaPrincipal USER_ADMIN = RoleCrudUtil.userPrincipal("cross_cluster_user_admin");
    public static String REGISTRY_PATH = "security/1.0/registry/clusters";
    private static String TEST_PASSWORD = "mds";
    private static String MDS_USER = "mds";

    /* loaded from: input_file:integration/rbacapi/api/v1/ProxyServletRewriteTest$UnicodeNameTestFixture.class */
    public static class UnicodeNameTestFixture {

        @JsonProperty
        String testString;

        public UnicodeNameTestFixture(@JsonProperty("testString") String str) {
            this.testString = str;
        }
    }

    @BeforeClass
    public void setUp() throws Exception {
        this.ldapServer = LdapServer.defaultServerNoUsers().start();
        int actualPort = this.ldapServer.actualPort();
        this.ldapCrud = new ExampleComLdapCrud(actualPort);
        this.ldapCrud.createUsers(Arrays.asList("kafka", USER_ADMIN.getName()));
        this.ldapCrud.createUser(MDS_USER);
        RbacClusters.Config ldapWithTokensTwoNodes = KafkaConfigTool.ldapWithTokensTwoNodes(actualPort, MDS_USER);
        ldapWithTokensTwoNodes.overrideMetadataBrokerConfig("confluent.metadata.server.cluster.registry.clusters", StubApplicationUtil.TEST_DEFAULT_CLUSTER_REGISTRY_JSON_BLOB);
        this.rbacClusters = new RbacClusters(ldapWithTokensTwoNodes);
        node1MDSPort = MdsTestUtil.lookupActualMdsPort(this.rbacClusters);
        node2MDSPort = MdsTestUtil.lookupActualMdsPort(this.rbacClusters, 1);
        brokerUserClient = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, node1MDSPort, "kafka", "kafka");
        NODE1 = "http://localhost:" + node1MDSPort;
        NODE2 = "http://localhost:" + node2MDSPort;
        basicAuthStr = "mds:" + TEST_PASSWORD;
        basicAuthStr = Base64.getEncoder().encodeToString(basicAuthStr.getBytes());
        ClientConfig clientConfig = new ClientConfig();
        clientConfig.property("jersey.config.client.suppressHttpComplianceValidation", true);
        this.client = ClientBuilder.newClient(clientConfig);
        Awaitility.given().ignoreException(ConnectException.class).await().atMost(30L, TimeUnit.SECONDS).until(() -> {
            return Boolean.valueOf(brokerUserClient.getRoleNames().execute().isSuccessful());
        });
    }

    @Test
    public void verifyProxyRewriteWithQueryParam() {
        Response response = this.client.target(NODE1).path(String.format(REGISTRY_PATH, new Object[0])).queryParam("q", new Object[]{"clusterType=kafka-cluster"}).request(new String[]{"application/json"}).header("Authorization", "Basic " + basicAuthStr).get();
        Assert.assertEquals(response.getStatus(), 200L);
        String str = (String) response.readEntity(String.class);
        Response response2 = this.client.target(NODE2).path(String.format(REGISTRY_PATH, new Object[0])).queryParam("q", new Object[]{"clusterType=kafka-cluster"}).request(new String[]{"application/json"}).header("Authorization", "Basic " + basicAuthStr).get();
        Assert.assertEquals(response2.getStatus(), 200L);
        Assert.assertEquals(str, (String) response2.readEntity(String.class));
    }

    @DataProvider(parallel = false)
    public Iterator<Object[]> allowedUnicodeCharactersData() {
        List list = (List) MdsJsonUtil.joltJsonUtil.classpathToType("/testfixtures/allowed-unicode-characters-json-blobs.json", new TypeReference<List<UnicodeNameTestFixture>>() { // from class: integration.rbacapi.api.v1.ProxyServletRewriteTest.1
        });
        List list2 = (List) list.stream().map(unicodeNameTestFixture -> {
            return new Object[]{unicodeNameTestFixture.testString, NODE1};
        }).collect(Collectors.toList());
        list2.addAll((Collection) list.stream().map(unicodeNameTestFixture2 -> {
            return new Object[]{unicodeNameTestFixture2.testString, NODE2};
        }).collect(Collectors.toList()));
        return list2.iterator();
    }

    @Test(dataProvider = "allowedUnicodeCharactersData")
    public void verifyProxyRewriteClusterRegistryCRUD(String str, String str2) throws UnsupportedEncodingException {
        Assert.assertEquals(this.client.target(str2).path(String.format(REGISTRY_PATH, new Object[0])).request(new String[]{"application/json"}).header("Authorization", "Basic " + basicAuthStr).post(Entity.json(String.format("[{ 'clusterName': '%s',  'scope': { 'clusters': { 'kafka-cluster': 'kafka-cluster-%d' } },  'hosts': [ { 'host': 'localhost', 'port': 8001 } ],  'protocol': 'SASL_PLAINTEXT'}]", str, Integer.valueOf(TestIndependenceUtil.getUniqueInteger())).replace("'", LookupTest.PARTIAL_JSON_QUOTE))).getStatus(), 204L);
        String encode = URLEncoder.encode(str, StandardCharsets.UTF_8.toString());
        Assert.assertEquals(this.client.target(str2).path(String.format(REGISTRY_PATH + "/%s", encode)).request(new String[]{"application/json"}).header("Authorization", "Basic " + basicAuthStr).get().getStatus(), 200L);
        Assert.assertEquals(this.client.target(str2).path(String.format(REGISTRY_PATH + "/%s", encode)).request(new String[]{"application/json"}).header("Authorization", "Basic " + basicAuthStr).delete().getStatus(), 204L);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public static Object[][] nodesData() {
        return new Object[]{new Object[]{NODE1}, new Object[]{NODE2}};
    }

    @Test(dataProvider = "nodesData")
    public void verifyProxyRewriteRBACCRUD(String str) {
        String replace = "{ 'scope' : { 'clusters': { 'kafka-cluster' : 'KGUID' }}, 'resourcePatterns' : [ { 'resourceType' : 'Topic', 'name' : 'Topic1', 'patternType' : 'LITERAL' }] }".replace("'", LookupTest.PARTIAL_JSON_QUOTE);
        Assert.assertEquals(this.client.target(str).path("/security/1.0/principals/User:bob/roles/DeveloperRead/bindings").request(new String[]{"application/json"}).header("Authorization", "Basic " + basicAuthStr).method("POST", Entity.json(replace)).getStatus(), 204L);
        Assert.assertEquals(this.client.target(str).path("/security/1.0/principals/User:bob/roles/DeveloperRead/resources").request(new String[]{"application/json"}).header("Authorization", "Basic " + basicAuthStr).method("POST", Entity.json("{ 'clusters': { 'kafka-cluster': 'KGUID' } }".replace("'", LookupTest.PARTIAL_JSON_QUOTE))).getStatus(), 200L);
        Assert.assertEquals(this.client.target(str).path("/security/1.0/principals/User:bob/roles/DeveloperRead/bindings").request(new String[]{"application/json"}).header("Authorization", "Basic " + basicAuthStr).build("DELETE", Entity.json(replace)).invoke().getStatus(), 204L);
    }

    @AfterClass
    public void teardownClass() {
        this.ldapServer.stop();
        try {
            this.rbacClusters.shutdown();
            MdsTestUtil.releasePort(node1MDSPort);
            MdsTestUtil.releasePort(node2MDSPort);
        } catch (RuntimeException e) {
            if (!(e.getCause() instanceof TimeoutException)) {
                throw e;
            }
        }
    }
}
