package org.apache.pulsar.broker.stats;

import io.jsonwebtoken.SignatureAlgorithm;
import io.opentelemetry.api.common.Attributes;
import io.opentelemetry.sdk.metrics.data.MetricData;
import io.opentelemetry.sdk.testing.assertj.OpenTelemetryAssertions;
import java.time.Duration;
import java.util.Collection;
import java.util.Date;
import java.util.Optional;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
import java.util.function.Consumer;
import javax.crypto.SecretKey;
import javax.naming.AuthenticationException;
import org.apache.pulsar.broker.ServiceConfiguration;
import org.apache.pulsar.broker.authentication.AuthenticationDataSource;
import org.apache.pulsar.broker.authentication.AuthenticationProvider;
import org.apache.pulsar.broker.authentication.AuthenticationProviderToken;
import org.apache.pulsar.broker.authentication.metrics.AuthenticationMetrics;
import org.apache.pulsar.broker.authentication.utils.AuthTokenUtils;
import org.apache.pulsar.broker.service.BrokerTestBase;
import org.apache.pulsar.broker.testcontext.PulsarTestContext;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/pulsar/broker/stats/OpenTelemetryAuthenticationStatsTest.class */
public class OpenTelemetryAuthenticationStatsTest extends BrokerTestBase {
    private static final Duration AUTHENTICATION_TIMEOUT = Duration.ofSeconds(1);
    private SecretKey secretKey;
    private AuthenticationProvider provider;

    /* loaded from: input_file:org/apache/pulsar/broker/stats/OpenTelemetryAuthenticationStatsTest$TestAuthenticationDataSource.class */
    private class TestAuthenticationDataSource implements AuthenticationDataSource {
        private final String token;

        public TestAuthenticationDataSource(Optional<Date> optional) {
            this.token = AuthTokenUtils.createToken(OpenTelemetryAuthenticationStatsTest.this.secretKey, "subject", optional);
        }

        public boolean hasDataFromCommand() {
            return true;
        }

        public String getCommandData() {
            return this.token;
        }
    }

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @BeforeMethod(alwaysRun = true)
    protected void setup() throws Exception {
        super.baseSetup();
        this.secretKey = AuthTokenUtils.createSecretKey(SignatureAlgorithm.HS256);
        this.provider = new AuthenticationProviderToken();
        registerCloseable(this.provider);
        Properties properties = new Properties();
        properties.setProperty("tokenSecretKey", AuthTokenUtils.encodeKeyBase64(this.secretKey));
        ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
        serviceConfiguration.setProperties(properties);
        this.provider.initialize(AuthenticationProvider.Context.builder().config(serviceConfiguration).openTelemetry(this.pulsar.getOpenTelemetry().getOpenTelemetry()).build());
    }

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @AfterMethod(alwaysRun = true)
    protected void cleanup() throws Exception {
        super.internalCleanup();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    public void customizeMainPulsarTestContextBuilder(PulsarTestContext.Builder builder) {
        super.customizeMainPulsarTestContextBuilder(builder);
        builder.enableOpenTelemetry(true);
    }

    @Test
    public void testAuthenticationSuccess() {
        OpenTelemetryAssertions.assertThat(this.provider.authenticateAsync(new TestAuthenticationDataSource(Optional.empty()))).succeedsWithin(AUTHENTICATION_TIMEOUT);
        BrokerOpenTelemetryTestUtil.assertMetricLongSumValue((Collection<MetricData>) this.pulsarTestContext.getOpenTelemetryMetricReader().collectAllMetrics(), "pulsar.authentication.operation.count", Attributes.of(AuthenticationMetrics.PROVIDER_KEY, "AuthenticationProviderToken", AuthenticationMetrics.AUTH_RESULT_KEY, "success", AuthenticationMetrics.AUTH_METHOD_KEY, "token"), 1L);
    }

    @Test
    public void testTokenDurationHistogram() {
        OpenTelemetryAssertions.assertThat(this.provider.authenticateAsync(new TestAuthenticationDataSource(Optional.of(new Date(System.currentTimeMillis() + TimeUnit.SECONDS.toMillis(15L)))))).succeedsWithin(AUTHENTICATION_TIMEOUT);
        OpenTelemetryAssertions.assertThat(this.provider.authenticateAsync(new TestAuthenticationDataSource(Optional.empty()))).succeedsWithin(AUTHENTICATION_TIMEOUT);
        OpenTelemetryAssertions.assertThat(this.pulsarTestContext.getOpenTelemetryMetricReader().collectAllMetrics()).anySatisfy(metricData -> {
            OpenTelemetryAssertions.assertThat(metricData).hasName("pulsar.authentication.token.expiry.duration").hasHistogramSatisfying(histogramAssert -> {
                histogramAssert.hasPointsSatisfying(new Consumer[]{histogramPointAssert -> {
                    histogramPointAssert.hasCount(2L).hasMax(Double.POSITIVE_INFINITY);
                }});
            });
        });
    }

    @Test
    public void testAuthenticationFailure() {
        OpenTelemetryAssertions.assertThat(this.provider.authenticateAsync(new AuthenticationDataSource() { // from class: org.apache.pulsar.broker.stats.OpenTelemetryAuthenticationStatsTest.1
        })).failsWithin(AUTHENTICATION_TIMEOUT).withThrowableThat().withRootCauseInstanceOf(AuthenticationException.class).withMessageContaining("No token credentials passed");
        BrokerOpenTelemetryTestUtil.assertMetricLongSumValue((Collection<MetricData>) this.pulsarTestContext.getOpenTelemetryMetricReader().collectAllMetrics(), "pulsar.authentication.operation.count", Attributes.of(AuthenticationMetrics.PROVIDER_KEY, "AuthenticationProviderToken", AuthenticationMetrics.AUTH_RESULT_KEY, "failure", AuthenticationMetrics.AUTH_METHOD_KEY, "token", AuthenticationMetrics.ERROR_CODE_KEY, "INVALID_AUTH_DATA"), 1L);
    }

    @Test
    public void testTokenExpired() {
        OpenTelemetryAssertions.assertThat(this.provider.authenticateAsync(new TestAuthenticationDataSource(Optional.of(new Date(System.currentTimeMillis() - TimeUnit.HOURS.toMillis(1L)))))).failsWithin(AUTHENTICATION_TIMEOUT).withThrowableThat().withRootCauseInstanceOf(AuthenticationException.class).withMessageContaining("JWT expired");
        BrokerOpenTelemetryTestUtil.assertMetricLongSumValue((Collection<MetricData>) this.pulsarTestContext.getOpenTelemetryMetricReader().collectAllMetrics(), "pulsar.authentication.token.expired.count", Attributes.empty(), 1L);
    }
}
