package org.apache.pulsar.client.impl;

import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.GenericType;
import org.apache.pulsar.broker.authentication.AuthenticationProviderTls;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.admin.PulsarAdminException;
import org.apache.pulsar.client.admin.internal.JacksonConfigurator;
import org.apache.pulsar.client.api.ProducerConsumerBase;
import org.apache.pulsar.client.impl.auth.AuthenticationKeyStoreTls;
import org.apache.pulsar.client.impl.tls.NoopHostnameVerifier;
import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.apache.pulsar.common.util.keystoretls.KeyStoreSSLContext;
import org.glassfish.jersey.client.ClientConfig;
import org.glassfish.jersey.jackson.JacksonFeature;
import org.glassfish.jersey.media.multipart.MultiPartFeature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/pulsar/client/impl/AdminApiKeyStoreTlsAuthTest.class */
public class AdminApiKeyStoreTlsAuthTest extends ProducerConsumerBase {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AdminApiKeyStoreTlsAuthTest.class);
    protected final String BROKER_KEYSTORE_FILE_PATH = "./src/test/resources/authentication/keystoretls/broker.keystore.jks";
    protected final String BROKER_TRUSTSTORE_FILE_PATH = "./src/test/resources/authentication/keystoretls/broker.truststore.jks";
    protected final String BROKER_KEYSTORE_PW = "111111";
    protected final String BROKER_TRUSTSTORE_PW = "111111";
    protected final String CLIENT_KEYSTORE_FILE_PATH = "./src/test/resources/authentication/keystoretls/client.keystore.jks";
    protected final String CLIENT_TRUSTSTORE_FILE_PATH = "./src/test/resources/authentication/keystoretls/client.truststore.jks";
    protected final String CLIENT_KEYSTORE_PW = "111111";
    protected final String CLIENT_TRUSTSTORE_PW = "111111";
    protected final String CLIENT_KEYSTORE_CN = "clientuser";
    protected final String KEYSTORE_TYPE = "JKS";
    private final String clusterName = "test";
    Set<String> tlsProtocols = Sets.newConcurrentHashSet();

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @BeforeMethod
    public void setup() throws Exception {
        this.conf.setLoadBalancerEnabled(true);
        this.conf.setBrokerServicePortTls(Optional.of(0));
        this.conf.setWebServicePortTls(Optional.of(0));
        this.conf.setTlsEnabledWithKeyStore(true);
        this.conf.setTlsKeyStoreType("JKS");
        this.conf.setTlsKeyStore("./src/test/resources/authentication/keystoretls/broker.keystore.jks");
        this.conf.setTlsKeyStorePassword("111111");
        this.conf.setTlsTrustStoreType("JKS");
        this.conf.setTlsTrustStore("./src/test/resources/authentication/keystoretls/client.truststore.jks");
        this.conf.setTlsTrustStorePassword("111111");
        this.conf.setClusterName("test");
        this.conf.setTlsRequireTrustedClientCertOnConnect(true);
        this.tlsProtocols.add("TLSv1.2");
        this.conf.setTlsProtocols(this.tlsProtocols);
        this.conf.setSuperUserRoles(Sets.newHashSet("clientuser"));
        this.conf.setAuthenticationEnabled(true);
        this.conf.setAuthorizationEnabled(true);
        HashSet hashSet = new HashSet();
        hashSet.add(AuthenticationProviderTls.class.getName());
        this.conf.setAuthenticationProviders(hashSet);
        this.conf.setBrokerClientTlsEnabled(true);
        this.conf.setBrokerClientTlsEnabledWithKeyStore(true);
        HashMap hashMap = new HashMap();
        hashMap.put("keyStoreType", "JKS");
        hashMap.put("keyStorePath", "./src/test/resources/authentication/keystoretls/client.keystore.jks");
        hashMap.put("keyStorePassword", "111111");
        this.conf.setBrokerClientAuthenticationPlugin(AuthenticationKeyStoreTls.class.getName());
        this.conf.setBrokerClientAuthenticationParameters(AuthenticationKeyStoreTls.mapToString(hashMap));
        this.conf.setBrokerClientTlsTrustStore("./src/test/resources/authentication/keystoretls/broker.truststore.jks");
        this.conf.setBrokerClientTlsTrustStorePassword("111111");
        this.conf.setNumExecutorThreadPoolSize(5);
        super.init();
    }

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @AfterMethod(alwaysRun = true)
    public void cleanup() throws Exception {
        super.internalCleanup();
    }

    WebTarget buildWebClient() throws Exception {
        ClientConfig clientConfig = new ClientConfig();
        clientConfig.property("jersey.config.client.followRedirects", true);
        clientConfig.property("jersey.config.client.async.threadPoolSize", 8);
        clientConfig.register(MultiPartFeature.class);
        ClientBuilder register = ClientBuilder.newBuilder().withConfig(clientConfig).register(JacksonConfigurator.class).register(JacksonFeature.class);
        register.sslContext(KeyStoreSSLContext.createClientSslContext("JKS", "./src/test/resources/authentication/keystoretls/client.keystore.jks", "111111", "JKS", "./src/test/resources/authentication/keystoretls/broker.truststore.jks", "111111")).hostnameVerifier(NoopHostnameVerifier.INSTANCE);
        return register.build().target(this.brokerUrlTls.toString());
    }

    PulsarAdmin buildAdminClient() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("keyStorePath", "./src/test/resources/authentication/keystoretls/client.keystore.jks");
        hashMap.put("keyStorePassword", "111111");
        return PulsarAdmin.builder().serviceHttpUrl(this.brokerUrlTls.toString()).useKeyStoreTls(true).tlsTrustStorePath("./src/test/resources/authentication/keystoretls/broker.truststore.jks").tlsTrustStorePassword("111111").allowTlsInsecureConnection(false).authentication(AuthenticationKeyStoreTls.class.getName(), hashMap).build();
    }

    @Test
    public void testSuperUserCanListTenants() throws Exception {
        PulsarAdmin buildAdminClient = buildAdminClient();
        Throwable th = null;
        try {
            buildAdminClient.clusters().createCluster("test", new ClusterData(this.brokerUrl.toString()));
            buildAdminClient.tenants().createTenant("tenant1", new TenantInfo(ImmutableSet.of("foobar"), ImmutableSet.of("test")));
            Assert.assertEquals(ImmutableSet.of("tenant1"), buildAdminClient.tenants().getTenants());
            if (buildAdminClient != null) {
                if (0 == 0) {
                    buildAdminClient.close();
                    return;
                }
                try {
                    buildAdminClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (buildAdminClient != null) {
                if (0 != 0) {
                    try {
                        buildAdminClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    buildAdminClient.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testSuperUserCantListNamespaces() throws Exception {
        PulsarAdmin buildAdminClient = buildAdminClient();
        Throwable th = null;
        try {
            buildAdminClient.clusters().createCluster("test", new ClusterData(this.brokerUrl.toString()));
            buildAdminClient.tenants().createTenant("tenant1", new TenantInfo(ImmutableSet.of("proxy"), ImmutableSet.of("test")));
            buildAdminClient.namespaces().createNamespace("tenant1/ns1");
            buildAdminClient.namespaces().getNamespaces("tenant1").contains("tenant1/ns1");
            if (buildAdminClient != null) {
                if (0 == 0) {
                    buildAdminClient.close();
                    return;
                }
                try {
                    buildAdminClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (buildAdminClient != null) {
                if (0 != 0) {
                    try {
                        buildAdminClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    buildAdminClient.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testAuthorizedUserAsOriginalPrincipal() throws Exception {
        PulsarAdmin buildAdminClient = buildAdminClient();
        Throwable th = null;
        try {
            buildAdminClient.clusters().createCluster("test", new ClusterData(this.brokerUrl.toString()));
            buildAdminClient.tenants().createTenant("tenant1", new TenantInfo(ImmutableSet.of("proxy", "user1"), ImmutableSet.of("test")));
            buildAdminClient.namespaces().createNamespace("tenant1/ns1");
            if (buildAdminClient != null) {
                if (0 != 0) {
                    try {
                        buildAdminClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    buildAdminClient.close();
                }
            }
            Assert.assertEquals(ImmutableSet.of("tenant1/ns1"), (Collection) buildWebClient().path("/admin/v2/namespaces").path("tenant1").request(new String[]{"application/json"}).header("X-Original-Principal", "user1").get(new GenericType<List<String>>() { // from class: org.apache.pulsar.client.impl.AdminApiKeyStoreTlsAuthTest.1
            }));
        } catch (Throwable th3) {
            if (buildAdminClient != null) {
                if (0 != 0) {
                    try {
                        buildAdminClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    buildAdminClient.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testPersistentList() throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        try {
            PulsarAdmin buildAdminClient = buildAdminClient();
            Throwable th = null;
            try {
                buildAdminClient.clusters().createCluster("test", new ClusterData(this.brokerUrl.toString()));
                buildAdminClient.tenants().createTenant("tenant1", new TenantInfo(ImmutableSet.of("foobar"), ImmutableSet.of("test")));
                Assert.assertEquals(ImmutableSet.of("tenant1"), buildAdminClient.tenants().getTenants());
                buildAdminClient.namespaces().createNamespace("tenant1/ns1");
                buildAdminClient.topics().getList("tenant1/ns1");
                if (buildAdminClient != null) {
                    if (0 != 0) {
                        try {
                            buildAdminClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        buildAdminClient.close();
                    }
                }
            } finally {
            }
        } catch (PulsarAdminException e) {
            e.printStackTrace();
            Assert.fail("Should not have thrown an exception");
        }
    }
}
