package io.confluent.rbacdb.kafka;

import io.confluent.rbacdb.config.DbAuthStoreConfig;
import io.confluent.rbacdb.orm.RbacOrmDbService;
import io.confluent.rbacdb.orm.RbacOrmService;
import io.confluent.security.authorizer.Action;
import io.confluent.security.authorizer.AuthorizeResult;
import io.confluent.security.authorizer.EmbeddedAuthorizer;
import io.confluent.security.authorizer.Operation;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.authorizer.ResourceType;
import io.confluent.security.authorizer.Scope;
import java.lang.reflect.Method;
import java.sql.SQLException;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.management.MalformedObjectNameException;
import org.apache.kafka.common.ClusterResource;
import org.apache.kafka.common.Endpoint;
import org.apache.kafka.common.metrics.MetricConfig;
import org.apache.kafka.common.metrics.Metrics;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo;
import org.apache.kafka.test.TestUtils;
import org.testcontainers.shaded.com.google.common.collect.ImmutableSet;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:io/confluent/rbacdb/kafka/DbAuthCacheExpirationTest.class */
public class DbAuthCacheExpirationTest {
    protected RbacOrmService ormService;
    Map<String, String> configMap;
    private final KafkaPrincipal alice = new KafkaPrincipal("User", "alice");
    private final KafkaPrincipal bob = new KafkaPrincipal("User", "bob");
    private final Scope acmeOrg = new Scope.Builder(new String[0]).addPath("organization=acme").build();
    private final Scope acmeDev = new Scope.Builder(new String[0]).addPath("organization=acme").addPath("environment=dev").build();
    private final Scope acmeStg = new Scope.Builder(new String[0]).addPath("organization=acme").addPath("environment=stg").build();
    private final Scope acmeStgLkc1 = new Scope.Builder(new String[0]).addPath("organization=acme").addPath("environment=stg").addPath("cloud-cluster=1").build();
    private final Scope acmeDevLkc2 = new Scope.Builder(new String[0]).addPath("organization=acme").addPath("environment=dev").addPath("cloud-cluster=2").build();
    ResourceType SECURITY_METADATA_TYPE = new ResourceType("SecurityMetadata");
    ResourcePattern SECURITY_METADATA = new ResourcePattern(this.SECURITY_METADATA_TYPE, "security-metadata", PatternType.LITERAL);
    Operation ALTER = new Operation("Alter");
    Action doRoleBindingOrg = new Action(this.acmeOrg, this.SECURITY_METADATA, this.ALTER);
    Action doRoleBindingEnvDev = new Action(this.acmeDev, this.SECURITY_METADATA, this.ALTER);
    Action doRoleBindingEnvDevLkc2 = new Action(this.acmeDevLkc2, this.SECURITY_METADATA, this.ALTER);
    Action doRoleBindingEnvStg = new Action(this.acmeStg, this.SECURITY_METADATA, this.ALTER);
    Action doRoleBindingEnvStgLkc1 = new Action(this.acmeStgLkc1, this.SECURITY_METADATA, this.ALTER);

    @BeforeMethod
    public void setup(Method method) throws SQLException, MalformedObjectNameException {
        H2DBTestBed h2DBTestBed = new H2DBTestBed();
        h2DBTestBed.setupDb(method.getName());
        this.configMap = h2DBTestBed.getConfigMap();
        this.ormService = new RbacOrmDbService(h2DBTestBed.getDbUrl(), H2DBTestBed.DB_USERNAME, H2DBTestBed.DB_PASSWORD, true, 10);
    }

    @AfterMethod
    public void tearDown() throws Exception {
        this.ormService.close();
    }

    @Test
    public void testDBAuthCacheWithCacheDisabled() throws Exception {
        verifyDBAuthCache(false);
    }

    @Test
    public void testDBAuthCacheWithCacheEnabled() throws Exception {
        verifyDBAuthCache(true);
    }

    public void verifyDBAuthCache(boolean z) throws Exception {
        DbAuthWriter dbAuthWriter = null;
        try {
            EmbeddedAuthorizer embeddedAuthorizer = new EmbeddedAuthorizer();
            Throwable th = null;
            try {
                try {
                    configureAuthorizer(embeddedAuthorizer, "DB_TEST");
                    if (z) {
                        this.configMap.put("confluent.metadata.server.db.auth.cache.max.size", "5");
                        this.configMap.put("confluent.metadata.server.db.auth.cache.ttl.ms", "100");
                    } else {
                        this.configMap.put("confluent.metadata.server.db.auth.cache.max.size", "0");
                    }
                    DbAuthStoreConfig dbAuthStoreConfig = new DbAuthStoreConfig(this.configMap);
                    Metrics metrics = new Metrics();
                    DbAuthCache dbAuthCache = new DbAuthCache(Scope.ROOT_SCOPE, dbAuthStoreConfig, this.ormService, metrics);
                    dbAuthWriter = new DbAuthWriter(Scope.ROOT_SCOPE, dbAuthStoreConfig, this.ormService, metrics);
                    TestDbAccessRuleProvider.dbAuthCache = dbAuthCache;
                    Assert.assertTrue(dbAuthCache.rbacRoleBindings(this.alice).isEmpty());
                    Assert.assertTrue(dbAuthCache.rbacRoleBindings(this.bob).isEmpty());
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingOrg)).get(0), AuthorizeResult.DENIED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.DENIED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvStgLkc1)).get(0), AuthorizeResult.DENIED);
                    dbAuthWriter.addClusterRoleBinding(this.bob, "EnvironmentAdmin", this.acmeStg).toCompletableFuture().get(1L, TimeUnit.SECONDS);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob).size(), 1);
                    Assert.assertTrue(dbAuthCache.rbacRoleBindings(this.alice).isEmpty(), "alice still no role");
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeStg)).size(), 1);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeDev)).size(), 0);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeOrg)).size(), 0);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob, ImmutableSet.of(this.acmeStg, this.acmeOrg)).size(), 1);
                    if (z) {
                        Thread.sleep(100L);
                    }
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.ALLOWED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingOrg)).get(0), AuthorizeResult.DENIED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvDev)).get(0), AuthorizeResult.DENIED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvStgLkc1)).get(0), AuthorizeResult.ALLOWED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvDevLkc2)).get(0), AuthorizeResult.DENIED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingOrg)).get(0), AuthorizeResult.DENIED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvDev)).get(0), AuthorizeResult.DENIED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvDevLkc2)).get(0), AuthorizeResult.DENIED);
                    dbAuthWriter.addClusterRoleBinding(this.bob, "EnvironmentAdmin", this.acmeDev).toCompletableFuture().get(1L, TimeUnit.SECONDS);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob).size(), 2);
                    Assert.assertTrue(dbAuthCache.rbacRoleBindings(this.alice).isEmpty(), "alice still no role");
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeStg)).size(), 1);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeDev)).size(), 1);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeOrg)).size(), 0);
                    if (z) {
                        Thread.sleep(100L);
                    }
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob, ImmutableSet.of(this.acmeStg, this.acmeOrg)).size(), 1);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvDev)).get(0), AuthorizeResult.ALLOWED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingOrg)).get(0), AuthorizeResult.DENIED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvDevLkc2)).get(0), AuthorizeResult.ALLOWED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvStgLkc1)).get(0), AuthorizeResult.ALLOWED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingOrg)).get(0), AuthorizeResult.DENIED);
                    dbAuthWriter.addClusterRoleBinding(this.bob, "OrganizationAdmin", this.acmeOrg).toCompletableFuture().get(1L, TimeUnit.SECONDS);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob).size(), 3);
                    Assert.assertTrue(dbAuthCache.rbacRoleBindings(this.alice).isEmpty(), "alice still no role");
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeStg)).size(), 1);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeDev)).size(), 1);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeOrg)).size(), 1);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob, ImmutableSet.of(this.acmeStg, this.acmeOrg)).size(), 2);
                    if (z) {
                        Thread.sleep(100L);
                    }
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.ALLOWED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingOrg)).get(0), AuthorizeResult.ALLOWED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvDev)).get(0), AuthorizeResult.ALLOWED);
                    dbAuthWriter.removeRoleBinding(this.bob, "OrganizationAdmin", this.acmeOrg).toCompletableFuture().get(1L, TimeUnit.SECONDS);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob).size(), 2);
                    Assert.assertTrue(dbAuthCache.rbacRoleBindings(this.alice).isEmpty(), "alice still no role");
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeStg)).size(), 1);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeDev)).size(), 1);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeOrg)).size(), 0);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob, ImmutableSet.of(this.acmeStg, this.acmeOrg)).size(), 1);
                    if (z) {
                        Thread.sleep(100L);
                    }
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.ALLOWED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingOrg)).get(0), AuthorizeResult.DENIED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvDev)).get(0), AuthorizeResult.ALLOWED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.alice, "", Collections.singletonList(this.doRoleBindingOrg)).get(0), AuthorizeResult.DENIED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.alice, "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.DENIED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.alice, "", Collections.singletonList(this.doRoleBindingEnvDev)).get(0), AuthorizeResult.DENIED);
                    dbAuthWriter.addClusterRoleBinding(this.alice, "OrganizationAdmin", this.acmeOrg).toCompletableFuture().get(1L, TimeUnit.SECONDS);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob).size(), 2);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.alice).size(), 1);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeStg)).size(), 1);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeDev)).size(), 1);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeOrg)).size(), 1);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob, ImmutableSet.of(this.acmeStg, this.acmeOrg)).size(), 1);
                    if (z) {
                        Thread.sleep(100L);
                    }
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.alice, "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.ALLOWED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.alice, "", Collections.singletonList(this.doRoleBindingOrg)).get(0), AuthorizeResult.ALLOWED);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.alice, "", Collections.singletonList(this.doRoleBindingEnvDev)).get(0), AuthorizeResult.ALLOWED);
                    if (embeddedAuthorizer != null) {
                        if (0 != 0) {
                            try {
                                embeddedAuthorizer.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            embeddedAuthorizer.close();
                        }
                    }
                    if (dbAuthWriter != null) {
                        dbAuthWriter.close();
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } finally {
            }
        } catch (Throwable th4) {
            if (dbAuthWriter != null) {
                dbAuthWriter.close();
            }
            throw th4;
        }
    }

    @Test
    public void testDBAuthCacheEvictions() throws Exception {
        DbAuthWriter dbAuthWriter = null;
        try {
            EmbeddedAuthorizer embeddedAuthorizer = new EmbeddedAuthorizer();
            Throwable th = null;
            try {
                try {
                    configureAuthorizer(embeddedAuthorizer, "DB_TEST");
                    this.configMap.put("confluent.metadata.server.db.auth.cache.max.size", "5");
                    this.configMap.put("confluent.metadata.server.db.auth.cache.ttl.ms", "100");
                    DbAuthStoreConfig dbAuthStoreConfig = new DbAuthStoreConfig(this.configMap);
                    Metrics metrics = new Metrics();
                    DbAuthCache dbAuthCache = new DbAuthCache(Scope.ROOT_SCOPE, dbAuthStoreConfig, this.ormService, metrics);
                    dbAuthWriter = new DbAuthWriter(Scope.ROOT_SCOPE, dbAuthStoreConfig, this.ormService, metrics);
                    TestDbAccessRuleProvider.dbAuthCache = dbAuthCache;
                    Assert.assertTrue(dbAuthCache.rbacRoleBindings(this.bob).isEmpty());
                    dbAuthWriter.addClusterRoleBinding(this.bob, "EnvironmentAdmin", this.acmeStg).toCompletableFuture().get(1L, TimeUnit.SECONDS);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob).size(), 1);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.ALLOWED);
                    dbAuthWriter.removeRoleBinding(this.bob, "EnvironmentAdmin", this.acmeStg).toCompletableFuture().get(1L, TimeUnit.SECONDS);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob).size(), 0);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.ALLOWED);
                    Thread.sleep(100L);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.DENIED);
                    if (embeddedAuthorizer != null) {
                        if (0 != 0) {
                            try {
                                embeddedAuthorizer.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            embeddedAuthorizer.close();
                        }
                    }
                    if (dbAuthWriter != null) {
                        dbAuthWriter.close();
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } finally {
            }
        } catch (Throwable th4) {
            if (dbAuthWriter != null) {
                dbAuthWriter.close();
            }
            throw th4;
        }
    }

    @Test
    public void testDBAuthCacheAdditions() throws Exception {
        DbAuthWriter dbAuthWriter = null;
        try {
            EmbeddedAuthorizer embeddedAuthorizer = new EmbeddedAuthorizer();
            Throwable th = null;
            try {
                try {
                    configureAuthorizer(embeddedAuthorizer, "DB_TEST");
                    this.configMap.put("confluent.metadata.server.db.auth.cache.max.size", "5");
                    this.configMap.put("confluent.metadata.server.db.auth.cache.ttl.ms", "100");
                    DbAuthStoreConfig dbAuthStoreConfig = new DbAuthStoreConfig(this.configMap);
                    Metrics metrics = new Metrics();
                    DbAuthCache dbAuthCache = new DbAuthCache(Scope.ROOT_SCOPE, dbAuthStoreConfig, this.ormService, metrics);
                    dbAuthWriter = new DbAuthWriter(Scope.ROOT_SCOPE, dbAuthStoreConfig, this.ormService, metrics);
                    TestDbAccessRuleProvider.dbAuthCache = dbAuthCache;
                    Assert.assertTrue(dbAuthCache.rbacRoleBindings(this.bob).isEmpty());
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.DENIED);
                    dbAuthWriter.addClusterRoleBinding(this.bob, "EnvironmentAdmin", this.acmeStg).toCompletableFuture().get(1L, TimeUnit.SECONDS);
                    Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob).size(), 1);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.DENIED);
                    Thread.sleep(100L);
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.ALLOWED);
                    if (embeddedAuthorizer != null) {
                        if (0 != 0) {
                            try {
                                embeddedAuthorizer.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            embeddedAuthorizer.close();
                        }
                    }
                    if (dbAuthWriter != null) {
                        dbAuthWriter.close();
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } finally {
            }
        } catch (Throwable th4) {
            if (dbAuthWriter != null) {
                dbAuthWriter.close();
            }
            throw th4;
        }
    }

    @Test
    public void testFindRuleInvocationMetric() throws Exception {
        DbAuthWriter dbAuthWriter = null;
        try {
            EmbeddedAuthorizer embeddedAuthorizer = new EmbeddedAuthorizer();
            Throwable th = null;
            try {
                configureAuthorizer(embeddedAuthorizer, "DB_TEST");
                this.configMap.put("confluent.metadata.server.db.auth.cache.max.size", "0");
                DbAuthStoreConfig dbAuthStoreConfig = new DbAuthStoreConfig(this.configMap);
                Metrics metrics = new Metrics(new MetricConfig().timeWindow(1L, TimeUnit.SECONDS));
                dbAuthWriter = new DbAuthWriter(Scope.ROOT_SCOPE, dbAuthStoreConfig, this.ormService, metrics);
                TestDbAccessRuleProvider.dbAuthCache = new DbAuthCache(Scope.ROOT_SCOPE, dbAuthStoreConfig, this.ormService, metrics);
                for (int i = 0; i < 10; i++) {
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.DENIED);
                }
                verifyMetricValue(metrics, "findrule-rate");
                verifyCacheMetric(metrics, 0.0d, 0.0d, 10.0d);
                dbAuthWriter.addClusterRoleBinding(this.bob, "EnvironmentAdmin", this.acmeStg).toCompletableFuture().get(1L, TimeUnit.SECONDS);
                for (int i2 = 0; i2 < 10; i2++) {
                    Assert.assertEquals(embeddedAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.ALLOWED);
                }
                verifyMetricValue(metrics, "findrule-rate");
                verifyCacheMetric(metrics, 0.0d, 0.0d, 20.0d);
                if (embeddedAuthorizer != null) {
                    if (0 != 0) {
                        try {
                            embeddedAuthorizer.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        embeddedAuthorizer.close();
                    }
                }
                if (dbAuthWriter != null) {
                    dbAuthWriter.close();
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (dbAuthWriter != null) {
                dbAuthWriter.close();
            }
            throw th3;
        }
    }

    @Test
    public void testCacheMetrics() throws Exception {
        DbAuthWriter dbAuthWriter = null;
        try {
            EmbeddedAuthorizer embeddedAuthorizer = new EmbeddedAuthorizer();
            Throwable th = null;
            try {
                try {
                    configureAuthorizer(embeddedAuthorizer, "DB_TEST");
                    this.configMap.put("confluent.metadata.server.db.auth.cache.max.size", "200");
                    this.configMap.put("confluent.metadata.server.db.auth.cache.ttl.ms", "5000");
                    DbAuthStoreConfig dbAuthStoreConfig = new DbAuthStoreConfig(this.configMap);
                    Metrics metrics = new Metrics(new MetricConfig().timeWindow(1L, TimeUnit.SECONDS));
                    dbAuthWriter = new DbAuthWriter(Scope.ROOT_SCOPE, dbAuthStoreConfig, this.ormService, metrics);
                    TestDbAccessRuleProvider.dbAuthCache = new DbAuthCache(Scope.ROOT_SCOPE, dbAuthStoreConfig, this.ormService, metrics);
                    verifyCacheMetric(metrics, 0.0d, 0.0d, 0.0d);
                    for (int i = 0; i < 100; i++) {
                        Assert.assertEquals(embeddedAuthorizer.authorize(new KafkaPrincipal("User", "bob" + i), "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.DENIED);
                    }
                    verifyMetricValue(metrics, "findrule-rate");
                    verifyCacheMetric(metrics, 100.0d, 0.0d, 100.0d);
                    for (int i2 = 0; i2 < 100; i2++) {
                        Assert.assertEquals(embeddedAuthorizer.authorize(new KafkaPrincipal("User", "bob" + i2), "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.DENIED);
                    }
                    verifyMetricValue(metrics, "findrule-rate");
                    verifyCacheMetric(metrics, 100.0d, 100.0d, 100.0d);
                    for (int i3 = 0; i3 < 100; i3++) {
                        dbAuthWriter.addClusterRoleBinding(new KafkaPrincipal("User", "bob" + i3), "EnvironmentAdmin", this.acmeStg).toCompletableFuture().get(1L, TimeUnit.SECONDS);
                    }
                    Thread.sleep(6000L);
                    for (int i4 = 0; i4 < 100; i4++) {
                        Assert.assertEquals(embeddedAuthorizer.authorize(new KafkaPrincipal("User", "bob" + i4), "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.ALLOWED);
                    }
                    verifyMetricValue(metrics, "findrule-rate");
                    verifyCacheMetric(metrics, 100.0d, 100.0d, 200.0d);
                    for (int i5 = 0; i5 < 100; i5++) {
                        Assert.assertEquals(embeddedAuthorizer.authorize(new KafkaPrincipal("User", "bob" + i5), "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.ALLOWED);
                    }
                    verifyMetricValue(metrics, "findrule-rate");
                    verifyCacheMetric(metrics, 100.0d, 200.0d, 200.0d);
                    if (embeddedAuthorizer != null) {
                        if (0 != 0) {
                            try {
                                embeddedAuthorizer.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            embeddedAuthorizer.close();
                        }
                    }
                    if (dbAuthWriter != null) {
                        dbAuthWriter.close();
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } finally {
            }
        } catch (Throwable th4) {
            if (dbAuthWriter != null) {
                dbAuthWriter.close();
            }
            throw th4;
        }
    }

    private void verifyMetricValue(Metrics metrics, String str) throws InterruptedException {
        Assert.assertTrue(TestUtils.getMetricValue(metrics, str) > 0.0d);
        Thread.sleep(2000L);
        Assert.assertEquals(Double.valueOf(TestUtils.getMetricValue(metrics, str)), Double.valueOf(0.0d));
    }

    private void verifyCacheMetric(Metrics metrics, double d, double d2, double d3) {
        Assert.assertEquals(Double.valueOf(TestUtils.getMetricValue(metrics, "cache-size")), Double.valueOf(d));
        Assert.assertEquals(Double.valueOf(TestUtils.getMetricValue(metrics, "hit-count")), Double.valueOf(d2));
        Assert.assertEquals(Double.valueOf(TestUtils.getMetricValue(metrics, "miss-count")), Double.valueOf(d3));
    }

    private void configureAuthorizer(EmbeddedAuthorizer embeddedAuthorizer, String str) {
        HashMap hashMap = new HashMap();
        hashMap.put("confluent.authorizer.access.rule.providers", str);
        embeddedAuthorizer.configure(hashMap);
        embeddedAuthorizer.configureServerInfo(serverInfo());
        embeddedAuthorizer.start(serverInfo(), Collections.emptyMap(), () -> {
        }).join();
    }

    private ConfluentAuthorizerServerInfo serverInfo() {
        final Endpoint endpoint = new Endpoint("PLAINTEXT", SecurityProtocol.PLAINTEXT, "127.0.0.1", 9092);
        return new ConfluentAuthorizerServerInfo() { // from class: io.confluent.rbacdb.kafka.DbAuthCacheExpirationTest.1
            public ClusterResource clusterResource() {
                return new ClusterResource("clusterId");
            }

            public int brokerId() {
                return 0;
            }

            public Collection<Endpoint> endpoints() {
                return Collections.singleton(endpoint);
            }

            public Endpoint interBrokerEndpoint() {
                return endpoint;
            }

            public Metrics metrics() {
                return new Metrics();
            }
        };
    }
}
