package com.hortonworks.smm.kafka.services.security.impl;

import com.google.common.collect.ImmutableList;
import com.hortonworks.registries.auth.util.AuthToken;
import com.hortonworks.smm.kafka.services.security.AuthenticationContext;
import com.hortonworks.smm.kafka.services.security.AuthorizerConfiguration;
import com.hortonworks.smm.kafka.services.security.KafkaAuthorizerConfiguration;
import com.hortonworks.smm.kafka.services.security.Permission;
import com.hortonworks.smm.kafka.services.security.ResourceType;
import org.junit.Before;
import org.junit.Test;
import org.junit.jupiter.api.Assertions;

/* loaded from: input_file:com/hortonworks/smm/kafka/services/security/impl/DefaultSMMAuthorizerTest.class */
public class DefaultSMMAuthorizerTest {
    DefaultSMMAuthorizer authorizer;

    @Before
    public void init() {
        this.authorizer = new DefaultSMMAuthorizer();
    }

    @Test
    public void cacheIsUsedByDefault() {
        this.authorizer.init(authConfig());
        MockRangerAuthorizer mockRangerAuthorizer = (MockRangerAuthorizer) this.authorizer.getKafkaAuthorizer();
        authorizeTopic("testTopic");
        Assertions.assertEquals(1, mockRangerAuthorizer.authRequests.size());
        Assertions.assertEquals(1L, this.authorizer.getAuthCache().size());
        authorizeTopic("testTopic");
        Assertions.assertEquals(1, mockRangerAuthorizer.authRequests.size());
        Assertions.assertEquals(1L, this.authorizer.getAuthCache().size());
        authorizeGroup("testGroup");
        Assertions.assertEquals(2, mockRangerAuthorizer.authRequests.size());
        Assertions.assertEquals(2L, this.authorizer.getAuthCache().size());
        authorizeGroup("testGroup");
        Assertions.assertEquals(2, mockRangerAuthorizer.authRequests.size());
        Assertions.assertEquals(2L, this.authorizer.getAuthCache().size());
        Assertions.assertEquals(ImmutableList.of(ImmutableList.of("joe", "TOPIC:LITERAL:testTopic", "DESCRIBE"), ImmutableList.of("joe", "GROUP:LITERAL:testGroup", "READ")), mockRangerAuthorizer.authRequests);
    }

    @Test
    public void cacheConfigurationIsRespected() throws Exception {
        AuthorizerConfiguration authConfig = authConfig();
        authConfig.getProperties().put("auth.cache.expiration.ms", 100);
        authConfig.getProperties().put("auth.cache.maximum.size", 20);
        this.authorizer.init(authConfig);
        MockRangerAuthorizer mockRangerAuthorizer = (MockRangerAuthorizer) this.authorizer.getKafkaAuthorizer();
        authorizeTopic("testTopic");
        Assertions.assertEquals(1, mockRangerAuthorizer.authRequests.size());
        Assertions.assertEquals(1L, this.authorizer.getAuthCache().size());
        authorizeTopic("testTopic");
        Assertions.assertEquals(1, mockRangerAuthorizer.authRequests.size());
        Assertions.assertEquals(1L, this.authorizer.getAuthCache().size());
        Thread.sleep(150L);
        authorizeTopic("testTopic");
        Assertions.assertEquals(2, mockRangerAuthorizer.authRequests.size());
        Assertions.assertEquals(1L, this.authorizer.getAuthCache().size());
        Assertions.assertEquals(ImmutableList.of(ImmutableList.of("joe", "TOPIC:LITERAL:testTopic", "DESCRIBE"), ImmutableList.of("joe", "TOPIC:LITERAL:testTopic", "DESCRIBE")), mockRangerAuthorizer.authRequests);
        for (int i = 0; i < 300; i++) {
            authorizeTopic("topic" + i);
        }
        Assertions.assertEquals(20L, this.authorizer.getAuthCache().size());
    }

    private void authorizeTopic(String str) {
        this.authorizer.authorize(authContext(), ResourceType.TOPIC, str, Permission.DESCRIBE);
    }

    private void authorizeGroup(String str) {
        this.authorizer.authorize(authContext(), ResourceType.GROUP, str, Permission.READ);
    }

    private AuthenticationContext authContext() {
        return AuthenticationContext.fromPrincipal(new AuthToken("joe", "joe_principal", "kerberos"));
    }

    private AuthorizerConfiguration authConfig() {
        AuthorizerConfiguration authorizerConfiguration = new AuthorizerConfiguration();
        KafkaAuthorizerConfiguration kafkaAuthorizerConfiguration = new KafkaAuthorizerConfiguration();
        kafkaAuthorizerConfiguration.setClassName(MockRangerAuthorizer.class.getName());
        authorizerConfiguration.setKafkaAuthorizerConfiguration(kafkaAuthorizerConfiguration);
        return authorizerConfiguration;
    }
}
