package io.confluent.rbacdb.provider;

import io.confluent.rbacdb.config.DbAuthStoreConfig;
import io.confluent.rbacdb.kafka.DbAuthCache;
import io.confluent.rbacdb.kafka.DbAuthWriter;
import io.confluent.rbacdb.kafka.H2DBTestBed;
import io.confluent.rbacdb.orm.RbacOrmDbService;
import io.confluent.rbacdb.orm.RbacOrmService;
import io.confluent.security.auth.metadata.AuthStore;
import io.confluent.security.auth.provider.ConfluentProvider;
import io.confluent.security.auth.provider.rbac.MockRbacProvider;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.authorizer.ResourceType;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.rbac.RbacRoles;
import io.confluent.security.test.utils.RbacTestUtils;
import java.lang.reflect.Field;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import org.apache.kafka.clients.admin.ConfluentAdmin;
import org.apache.kafka.clients.admin.MockAdminClient;
import org.apache.kafka.common.ClusterResource;
import org.apache.kafka.common.Node;
import org.apache.kafka.common.metrics.Metrics;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.server.authorizer.AuthorizerServerInfo;
import org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo;

/* loaded from: input_file:io/confluent/rbacdb/provider/DbProviderBaseTest.class */
public abstract class DbProviderBaseTest {
    protected final KafkaPrincipal flowserviceadmin = new KafkaPrincipal("User", "flowserviceadmin");
    protected final KafkaPrincipal alice = new KafkaPrincipal("User", "Alice");
    protected final Set<KafkaPrincipal> groups = Collections.emptySet();
    protected final Scope clusterA = new Scope.Builder(new String[]{"organization=123", "environment=t55", "cloud-cluster=lkc-a"}).build();
    protected final Scope kafkaClusterA = new Scope.Builder(new String[]{"organization=123", "environment=t55", "cloud-cluster=lkc-a"}).withKafkaCluster("lkc-a").build();
    protected final Scope clusterB = new Scope.Builder(new String[]{"organization=123", "environment=t55", "cloud-cluster=lkc-b"}).build();
    protected final Scope kafkaClusterB = new Scope.Builder(new String[]{"organization=123", "environment=t55", "cloud-cluster=lkc-b"}).withKafkaCluster("lkc-b").build();
    protected final Scope clusterC = new Scope.Builder(new String[]{"organization=123", "environment=t66", "cloud-cluster=lkc-c"}).build();
    protected final Scope kafkaClusterC = new Scope.Builder(new String[]{"organization=123", "environment=t66", "cloud-cluster=lkc-c"}).withKafkaCluster("lkc-c").build();
    protected final Scope environmentT55 = new Scope.Builder(new String[]{"organization=123", "environment=t55"}).build();
    protected final Scope environmentT66 = new Scope.Builder(new String[]{"organization=123", "environment=t66"}).build();
    protected final Scope organization123 = new Scope.Builder(new String[]{"organization=123"}).build();
    protected final Scope organization789 = new Scope.Builder(new String[]{"organization=789"}).build();
    protected final Scope wrongEnvironmentT55 = new Scope.Builder(new String[]{"organization=789", "environment=t55"}).build();
    protected final Scope wrongClusterB = new Scope.Builder(new String[]{"organization=789", "environment=t55", "cloud-cluster=lkc-b"}).build();
    protected final ResourcePattern cloudClusterResource = new ResourcePattern(new ResourceType("CloudCluster"), "cloud-cluster", PatternType.LITERAL);
    protected final ResourcePattern clusterResource = new ResourcePattern(new ResourceType("Cluster"), "kafka-cluster", PatternType.LITERAL);
    protected final ResourcePattern topic = new ResourcePattern("Topic", "topicA", PatternType.LITERAL);
    protected final ResourcePattern topicB = new ResourcePattern("Topic", "topicB", PatternType.LITERAL);
    protected final ResourcePattern user = new ResourcePattern("User", "789", PatternType.LITERAL);
    protected final ResourcePattern envT55 = new ResourcePattern("Environment", "t55", PatternType.LITERAL);
    protected final ResourcePattern envT66 = new ResourcePattern("Environment", "t66", PatternType.LITERAL);
    protected final ResourcePattern org = new ResourcePattern("Organization", "123", PatternType.LITERAL);
    protected RbacOrmService ormService;
    protected ControlPlaneDBProvider rbacProvider;
    protected DbAuthCache dbAuthCache;
    protected DbAuthWriter dbAuthWriter;
    protected Optional<ConfluentAdmin> aclClientOp;

    /* JADX INFO: Access modifiers changed from: protected */
    public void initializeRbacProvider(String str, Scope scope, RbacRoles rbacRoles, String str2) throws Exception {
        H2DBTestBed h2DBTestBed = new H2DBTestBed();
        h2DBTestBed.setupDb(str2);
        Map<String, String> configMap = h2DBTestBed.getConfigMap();
        this.ormService = new RbacOrmDbService(h2DBTestBed.getDbUrl(), H2DBTestBed.DB_USERNAME, H2DBTestBed.DB_PASSWORD, true, 10);
        DbAuthStoreConfig dbAuthStoreConfig = new DbAuthStoreConfig(configMap);
        this.dbAuthWriter = new DbAuthWriter(rbacRoles, scope, dbAuthStoreConfig, this.ormService, new Metrics());
        this.dbAuthCache = new DbAuthCache(rbacRoles, scope, dbAuthStoreConfig, this.ormService, new Metrics());
        List singletonList = Collections.singletonList(new Node(1, "localhost", 9092));
        this.aclClientOp = Optional.of(new MockAdminClient(singletonList, (Node) singletonList.get(0)));
        this.rbacProvider = new ControlPlaneDBProvider() { // from class: io.confluent.rbacdb.provider.DbProviderBaseTest.1
            public void configure(Map<String, ?> map) {
                super.configure(map);
                DbProviderBaseTest.this.setField(DbProviderBaseTest.this.rbacProvider, ConfluentProvider.class, "authCache", DbProviderBaseTest.this.dbAuthCache);
            }

            protected ConfluentAdmin createMdsAdminClient(AuthorizerServerInfo authorizerServerInfo, Map<String, ?> map) {
                return DbProviderBaseTest.this.aclClientOp.get();
            }

            protected AuthStore createAuthStore(Scope scope2, ConfluentAuthorizerServerInfo confluentAuthorizerServerInfo, Map<String, ?> map) {
                return new MockRbacProvider.MockAuthStore(RbacRoles.loadDefaultPolicy(isConfluentCloud()), scope2);
            }
        };
        this.rbacProvider.onUpdate(new ClusterResource(str));
        this.rbacProvider.configure(Collections.emptyMap());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updateRoleBinding(KafkaPrincipal kafkaPrincipal, String str, Scope scope) throws InterruptedException, ExecutionException, TimeoutException {
        this.dbAuthWriter.addClusterRoleBinding(kafkaPrincipal, str, scope).toCompletableFuture().get(10L, TimeUnit.SECONDS);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updateResourceRoleBinding(KafkaPrincipal kafkaPrincipal, String str, Scope scope, Set<ResourcePattern> set) throws InterruptedException, ExecutionException, TimeoutException {
        this.dbAuthWriter.addResourceRoleBinding(kafkaPrincipal, str, scope, set).toCompletableFuture().get(10L, TimeUnit.SECONDS);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void deleteRoleBinding(KafkaPrincipal kafkaPrincipal, String str, Scope scope) throws InterruptedException, ExecutionException, TimeoutException {
        this.dbAuthWriter.removeRoleBinding(kafkaPrincipal, str, scope).toCompletableFuture().get(10L, TimeUnit.SECONDS);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void verifyRules(KafkaPrincipal kafkaPrincipal, Set<KafkaPrincipal> set, Scope scope, ResourcePattern resourcePattern, String... strArr) {
        RbacTestUtils.verifyPermissions(this.rbacProvider, kafkaPrincipal, set, scope, resourcePattern, strArr);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setField(Object obj, Class<?> cls, String str, Object obj2) {
        try {
            Field declaredField = cls.getDeclaredField(str);
            declaredField.setAccessible(true);
            declaredField.set(obj, obj2);
        } catch (ReflectiveOperationException e) {
            throw new RuntimeException(e);
        }
    }
}
