package org.apache.kafka.common.security;

import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.network.ListenerName;
import org.apache.kafka.common.security.JaasContext;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/apache/kafka/common/security/JaasContextTest.class */
public class JaasContextTest {
    private File jaasConfigFile;

    @BeforeEach
    public void setUp() throws IOException {
        this.jaasConfigFile = File.createTempFile("jaas", ".conf");
        this.jaasConfigFile.deleteOnExit();
        System.setProperty("java.security.auth.login.config", this.jaasConfigFile.toString());
        Configuration.setConfiguration((Configuration) null);
    }

    @AfterEach
    public void tearDown() throws Exception {
        Files.delete(this.jaasConfigFile.toPath());
    }

    @Test
    public void testConfigNoOptions() throws Exception {
        checkConfiguration("test.testConfigNoOptions", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap());
    }

    @Test
    public void testControlFlag() throws Exception {
        AppConfigurationEntry.LoginModuleControlFlag[] loginModuleControlFlagArr = {AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, AppConfigurationEntry.LoginModuleControlFlag.REQUISITE, AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL};
        HashMap hashMap = new HashMap();
        hashMap.put("propName", "propValue");
        for (AppConfigurationEntry.LoginModuleControlFlag loginModuleControlFlag : loginModuleControlFlagArr) {
            checkConfiguration("test.testControlFlag", loginModuleControlFlag, hashMap);
        }
    }

    @Test
    public void testSingleOption() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("propName", "propValue");
        checkConfiguration("test.testSingleOption", AppConfigurationEntry.LoginModuleControlFlag.REQUISITE, hashMap);
    }

    @Test
    public void testMultipleOptions() throws Exception {
        HashMap hashMap = new HashMap();
        for (int i = 0; i < 10; i++) {
            hashMap.put("propName" + i, "propValue" + i);
        }
        checkConfiguration("test.testMultipleOptions", AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, hashMap);
    }

    @Test
    public void testQuotedOptionValue() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("propName", "prop value");
        hashMap.put("propName2", "value1 = 1, value2 = 2");
        checkConfiguration(String.format("test.testQuotedOptionValue required propName=\"%s\" propName2=\"%s\";", hashMap.get("propName"), hashMap.get("propName2")), "test.testQuotedOptionValue", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap);
    }

    @Test
    public void testQuotedOptionName() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("prop name", "propValue");
        checkConfiguration("test.testQuotedOptionName required \"prop name\"=propValue;", "test.testQuotedOptionName", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap);
    }

    @Test
    public void testMultipleLoginModules() throws Exception {
        StringBuilder sb = new StringBuilder();
        HashMap hashMap = new HashMap();
        for (int i = 0; i < 3; i++) {
            HashMap hashMap2 = new HashMap();
            hashMap2.put("index", "Index" + i);
            hashMap2.put("module", "Module" + i);
            hashMap.put(Integer.valueOf(i), hashMap2);
            String jaasConfigProp = jaasConfigProp("test.Module" + i, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap2);
            sb.append(' ');
            sb.append(jaasConfigProp);
        }
        String sb2 = sb.toString();
        AppConfigurationEntry[] appConfigurationEntry = new JaasConfig("CLIENT", sb2).getAppConfigurationEntry("CLIENT");
        Assertions.assertEquals(3, appConfigurationEntry.length);
        for (int i2 = 0; i2 < 3; i2++) {
            checkEntry(appConfigurationEntry[i2], "test.Module" + i2, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, (Map) hashMap.get(Integer.valueOf(i2)));
        }
        writeConfiguration("SERVER", sb2);
        AppConfigurationEntry[] appConfigurationEntry2 = Configuration.getConfiguration().getAppConfigurationEntry("SERVER");
        for (int i3 = 0; i3 < 3; i3++) {
            checkEntry(appConfigurationEntry2[i3], appConfigurationEntry[i3].getLoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, appConfigurationEntry[i3].getOptions());
        }
    }

    @Test
    public void testMissingLoginModule() throws Exception {
        checkInvalidConfiguration("  required option1=value1;");
    }

    @Test
    public void testMissingControlFlag() throws Exception {
        checkInvalidConfiguration("test.loginModule option1=value1;");
    }

    @Test
    public void testMissingOptionValue() throws Exception {
        checkInvalidConfiguration("loginModule required option1;");
    }

    @Test
    public void testMissingSemicolon() throws Exception {
        checkInvalidConfiguration("test.testMissingSemicolon required option1=value1");
    }

    @Test
    public void testNumericOptionWithoutQuotes() throws Exception {
        checkInvalidConfiguration("test.testNumericOptionWithoutQuotes required option1=3;");
    }

    @Test
    public void testInvalidControlFlag() throws Exception {
        checkInvalidConfiguration("test.testInvalidControlFlag { option1=3;");
    }

    @Test
    public void testNumericOptionWithQuotes() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("option1", "3");
        checkConfiguration("test.testNumericOptionWithQuotes required option1=\"3\";", "test.testNumericOptionWithQuotes", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap);
    }

    @Test
    public void testLoadForServerWithListenerNameOverride() throws IOException {
        writeConfiguration(Arrays.asList("KafkaServer { test.LoginModuleDefault required; };", "plaintext.KafkaServer { test.LoginModuleOverride requisite; };"));
        JaasContext loadServerContext = JaasContext.loadServerContext(new ListenerName("plaintext"), "SOME-MECHANISM", Collections.emptyMap());
        Assertions.assertEquals("plaintext.KafkaServer", loadServerContext.name());
        Assertions.assertEquals(JaasContext.Type.SERVER, loadServerContext.type());
        Assertions.assertEquals(1, loadServerContext.configurationEntries().size());
        checkEntry((AppConfigurationEntry) loadServerContext.configurationEntries().get(0), "test.LoginModuleOverride", AppConfigurationEntry.LoginModuleControlFlag.REQUISITE, Collections.emptyMap());
    }

    @Test
    public void testLoadForServerWithListenerNameAndFallback() throws IOException {
        writeConfiguration(Arrays.asList("KafkaServer { test.LoginModule required; };", "other.KafkaServer { test.LoginModuleOther requisite; };"));
        JaasContext loadServerContext = JaasContext.loadServerContext(new ListenerName("plaintext"), "SOME-MECHANISM", Collections.emptyMap());
        Assertions.assertEquals("KafkaServer", loadServerContext.name());
        Assertions.assertEquals(JaasContext.Type.SERVER, loadServerContext.type());
        Assertions.assertEquals(1, loadServerContext.configurationEntries().size());
        checkEntry((AppConfigurationEntry) loadServerContext.configurationEntries().get(0), "test.LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, Collections.emptyMap());
    }

    @Test
    public void testLoadForServerWithWrongListenerName() throws IOException {
        writeConfiguration("Server", "test.LoginModule required;");
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            JaasContext.loadServerContext(new ListenerName("plaintext"), "SOME-MECHANISM", Collections.emptyMap());
        });
    }

    private AppConfigurationEntry configurationEntry(JaasContext.Type type, String str) {
        List configurationEntries = JaasContext.load(type, (String) null, type.name(), str == null ? null : new Password(str)).configurationEntries();
        Assertions.assertEquals(1, configurationEntries.size());
        return (AppConfigurationEntry) configurationEntries.get(0);
    }

    private String controlFlag(AppConfigurationEntry.LoginModuleControlFlag loginModuleControlFlag) {
        String[] split = loginModuleControlFlag.toString().split(" ");
        return split[split.length - 1];
    }

    private String jaasConfigProp(String str, AppConfigurationEntry.LoginModuleControlFlag loginModuleControlFlag, Map<String, Object> map) {
        StringBuilder sb = new StringBuilder();
        sb.append(str);
        sb.append(' ');
        sb.append(controlFlag(loginModuleControlFlag));
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            sb.append(' ');
            sb.append(entry.getKey());
            sb.append('=');
            sb.append(entry.getValue());
        }
        sb.append(';');
        return sb.toString();
    }

    private void writeConfiguration(String str, String str2) throws IOException {
        writeConfiguration(Arrays.asList(str + " { ", str2, "};"));
    }

    private void writeConfiguration(List<String> list) throws IOException {
        Files.write(this.jaasConfigFile.toPath(), list, StandardCharsets.UTF_8, new OpenOption[0]);
        Configuration.setConfiguration((Configuration) null);
    }

    private void checkConfiguration(String str, AppConfigurationEntry.LoginModuleControlFlag loginModuleControlFlag, Map<String, Object> map) throws Exception {
        checkConfiguration(jaasConfigProp(str, loginModuleControlFlag, map), str, loginModuleControlFlag, map);
    }

    private void checkEntry(AppConfigurationEntry appConfigurationEntry, String str, AppConfigurationEntry.LoginModuleControlFlag loginModuleControlFlag, Map<String, ?> map) {
        Assertions.assertEquals(str, appConfigurationEntry.getLoginModuleName());
        Assertions.assertEquals(loginModuleControlFlag, appConfigurationEntry.getControlFlag());
        Assertions.assertEquals(map, appConfigurationEntry.getOptions());
    }

    private void checkConfiguration(String str, String str2, AppConfigurationEntry.LoginModuleControlFlag loginModuleControlFlag, Map<String, Object> map) throws Exception {
        checkEntry(configurationEntry(JaasContext.Type.CLIENT, str), str2, loginModuleControlFlag, map);
        Assertions.assertNull(Configuration.getConfiguration().getAppConfigurationEntry(JaasContext.Type.CLIENT.name()), "Static configuration updated");
        writeConfiguration(JaasContext.Type.SERVER.name(), str);
        checkEntry(configurationEntry(JaasContext.Type.SERVER, null), str2, loginModuleControlFlag, map);
    }

    private void checkInvalidConfiguration(String str) throws IOException {
        try {
            writeConfiguration(JaasContext.Type.SERVER.name(), str);
            Assertions.fail("Invalid JAAS configuration file didn't throw exception, entry=" + configurationEntry(JaasContext.Type.SERVER, null));
        } catch (SecurityException e) {
        }
        try {
            Assertions.fail("Invalid JAAS configuration property didn't throw exception, entry=" + configurationEntry(JaasContext.Type.CLIENT, str));
        } catch (IllegalArgumentException e2) {
        }
    }
}
