package com.hortonworks.smm.kafka.services.connect;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.hortonworks.registries.auth.KerberosLogin;
import com.hortonworks.registries.auth.Login;
import com.hortonworks.smm.kafka.common.config.KafkaConnectConfig;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.HashMap;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.GenericType;
import javax.ws.rs.core.Response;
import org.glassfish.jersey.client.JerseyInvocation;
import org.glassfish.jersey.client.JerseyWebTarget;
import org.jetbrains.annotations.Nullable;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.EnumSource;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:com/hortonworks/smm/kafka/services/connect/KafkaConnectClientTest.class */
class KafkaConnectClientTest {
    private static final String saslJaasConfig = "   com.sun.security.auth.module.Krb5LoginModule required    useKeyTab=true    storeKey=true    useTicketCache=false    serviceName=\"kafka_connect\"    keyTab=\"/var/run/cloudera-scm-agent/process/19-streams_messaging_manager-STREAMS_MESSAGING_MANAGER_SERVER/streams_messaging_manager.keytab\"    principal=\"streamsmsgmgr/host@DOMAIN\";";
    private TestKafkaConnectClient client;
    private JerseyInvocation.Builder builder;
    private Response response;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/hortonworks/smm/kafka/services/connect/KafkaConnectClientTest$TestKafkaConnectClient.class */
    public static class TestKafkaConnectClient extends KafkaConnectClient {
        public TestKafkaConnectClient(@Nullable KafkaConnectConfig kafkaConnectConfig) {
            super(kafkaConnectConfig);
        }

        KerberosLogin kerberosLogin() {
            return new TestKerberosLogin();
        }
    }

    /* loaded from: input_file:com/hortonworks/smm/kafka/services/connect/KafkaConnectClientTest$TestKerberosLogin.class */
    static class TestKerberosLogin extends KerberosLogin {
        TestKerberosLogin() {
        }

        Configuration getJaasConfiguration() {
            return this.jaasConfiguration;
        }

        public LoginContext login() {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/hortonworks/smm/kafka/services/connect/KafkaConnectClientTest$TestPrincipal.class */
    public enum TestPrincipal implements Principal {
        SIMPLE("testUser"),
        WITH_HOST("testUser/host.domain"),
        WITH_DOMAIN("testUser@EXAMPLE.COM"),
        FULL("testUser/host.domain@EXAMPLE.COM");

        private final String name;

        TestPrincipal(String str) {
            this.name = str;
        }

        @Override // java.security.Principal
        public String getName() {
            return this.name;
        }
    }

    KafkaConnectClientTest() {
    }

    @BeforeEach
    void setUp() {
        createClient(new KafkaConnectConfig());
    }

    private void createClient(KafkaConnectConfig kafkaConnectConfig) {
        this.client = (TestKafkaConnectClient) Mockito.spy(new TestKafkaConnectClient(kafkaConnectConfig));
        this.client.webClient = (Client) Mockito.mock(Client.class);
        this.client.login = (Login) Mockito.spy(this.client.login);
        this.response = (Response) Mockito.mock(Response.class);
        Mockito.when(this.response.getStatusInfo()).thenReturn(Response.Status.OK);
        this.builder = (JerseyInvocation.Builder) Mockito.mock(JerseyInvocation.Builder.class);
        Mockito.when(this.builder.header(Mockito.anyString(), Mockito.any())).thenReturn(this.builder);
        Mockito.when(this.builder.put((Entity) Mockito.any())).thenReturn(this.response);
        Mockito.when(this.builder.delete()).thenReturn(this.response);
        Mockito.when(this.builder.get()).thenReturn(this.response);
        Mockito.when(this.builder.post((Entity) Mockito.any())).thenReturn(this.response);
        JerseyWebTarget jerseyWebTarget = (JerseyWebTarget) Mockito.mock(JerseyWebTarget.class);
        Mockito.when(jerseyWebTarget.resolveTemplate(Mockito.anyString(), Mockito.any())).thenReturn(jerseyWebTarget);
        Mockito.when(jerseyWebTarget.request()).thenReturn(this.builder);
        Mockito.when(this.client.webClient.target(Mockito.anyString())).thenReturn(jerseyWebTarget);
    }

    @AfterEach
    void tearDown() {
    }

    @Test
    void isConfigured() {
        Assertions.assertTrue(this.client.isConfigured());
    }

    @Test
    void close() throws Exception {
        this.client.close();
        ((Login) Mockito.verify(this.client.login)).close();
    }

    @EnumSource(TestPrincipal.class)
    @ParameterizedTest
    void doAsKerberosPrincipalSimpleNameIsUsed(TestPrincipal testPrincipal) {
        Mockito.when(this.builder.get((GenericType) Mockito.any(GenericType.class))).thenReturn(ImmutableList.of());
        this.client.getConnectorPlugins(testPrincipal);
        verifyTrustedProxyCall();
        Mockito.reset(new Client[]{this.client.webClient});
    }

    @Test
    void loadJaasConfig() {
        KafkaConnectConfig kafkaConnectConfig = new KafkaConnectConfig();
        kafkaConnectConfig.setProperties(ImmutableMap.of("sasl.jaas.config", saslJaasConfig));
        createClient(kafkaConnectConfig);
        Assertions.assertEquals(ImmutableMap.builder().put("principal", "streamsmsgmgr/host@DOMAIN").put("useKeyTab", "true").put("storeKey", "true").put("useTicketCache", "false").put("serviceName", "kafka_connect").put("keyTab", "/var/run/cloudera-scm-agent/process/19-streams_messaging_manager-STREAMS_MESSAGING_MANAGER_SERVER/streams_messaging_manager.keytab").build(), this.client.login.getJaasConfiguration().getAppConfigurationEntry("KafkaConnectClient")[0].getOptions());
    }

    @Test
    void configureConnector() throws Exception {
        this.client.configureConnector("myConnector", new HashMap(), testPrincipal());
        verifyTrustedProxyCall();
        this.client.configureConnector("myConnector", new HashMap(), null);
        verifyNonTrustedProxyCall();
        verifyKerberizedJaxRsCall(2);
    }

    @Test
    void proxyValidateConnectorConfig() throws Exception {
        this.client.proxyValidateConnectorConfig("myConnector", new HashMap(), testPrincipal());
        verifyTrustedProxyCall();
        this.client.proxyValidateConnectorConfig("myConnector", new HashMap(), null);
        verifyNonTrustedProxyCall();
        verifyKerberizedJaxRsCall(2);
    }

    @Test
    void validateConnectorConfig() throws Exception {
        this.client.validateConnectorConfig("myConnector", new HashMap(), testPrincipal());
        verifyTrustedProxyCall();
        this.client.validateConnectorConfig("myConnector", new HashMap(), null);
        verifyTrustedProxyCall();
        verifyKerberizedJaxRsCall(2);
    }

    @Test
    void getConnectorPlugins() throws Exception {
        Mockito.when(this.builder.get((GenericType) Mockito.any(GenericType.class))).thenReturn(ImmutableList.of());
        this.client.getConnectorPlugins(testPrincipal());
        verifyTrustedProxyCall();
        this.client.getConnectorPlugins(null);
        verifyNonTrustedProxyCall();
        verifyKerberizedJaxRsCall(2);
    }

    @Test
    void deleteConnector() throws Exception {
        this.client.deleteConnector("myConnector", testPrincipal());
        verifyTrustedProxyCall();
        this.client.deleteConnector("myConnector", null);
        verifyNonTrustedProxyCall();
        verifyKerberizedJaxRsCall(2);
    }

    @Test
    void getConnectors() throws Exception {
        Mockito.when(this.builder.get((GenericType) Mockito.any(GenericType.class))).thenReturn(ImmutableMap.of());
        this.client.getConnectorConfigsAndStatuses(testPrincipal());
        verifyTrustedProxyCall(true);
        this.client.getConnectorConfigsAndStatuses(null);
        verifyNonTrustedProxyCall(true);
        verifyKerberizedJaxRsCall(2);
    }

    @Test
    void getTaskConfigs() throws Exception {
        Mockito.when(this.builder.get((GenericType) Mockito.any(GenericType.class))).thenReturn(ImmutableList.of());
        this.client.getTaskConfigs("myConnector", testPrincipal());
        verifyTrustedProxyCall();
        this.client.getTaskConfigs("myConnector", null);
        verifyNonTrustedProxyCall();
        verifyKerberizedJaxRsCall(2);
    }

    @Test
    void pauseConnector() throws Exception {
        this.client.pauseConnector("myConnector", testPrincipal());
        verifyTrustedProxyCall();
        this.client.pauseConnector("myConnector", null);
        verifyNonTrustedProxyCall();
        verifyKerberizedJaxRsCall(2);
    }

    @Test
    void restartConnector() throws Exception {
        this.client.restartConnector("myConnector", testPrincipal());
        verifyTrustedProxyCall();
        this.client.restartConnector("myConnector", null);
        verifyNonTrustedProxyCall();
        verifyKerberizedJaxRsCall(2);
    }

    @Test
    void resumeConnector() throws Exception {
        this.client.resumeConnector("myConnector", testPrincipal());
        verifyTrustedProxyCall();
        this.client.resumeConnector("myConnector", null);
        verifyNonTrustedProxyCall();
        verifyKerberizedJaxRsCall(2);
    }

    @Test
    void restartTask() throws Exception {
        this.client.restartTask("myConnector", 0, testPrincipal());
        verifyTrustedProxyCall();
        this.client.restartTask("myConnector", 0, null);
        verifyNonTrustedProxyCall();
        verifyKerberizedJaxRsCall(2);
    }

    @Test
    void getConnectorPermissions() throws Exception {
        this.client.getConnectorPermissions(testPrincipal());
        System.out.println(Mockito.mockingDetails(this.client.webClient).printInvocations());
        verifyTrustedProxyCall("connector-permissions");
        this.client.getConnectorPermissions(null);
        verifyNonTrustedProxyCall("connector-permissions");
        verifyKerberizedJaxRsCall(2);
    }

    private void verifyKerberizedJaxRsCall(int i) throws Exception {
        ((Login) Mockito.verify(this.client.login, Mockito.times(i))).doAction((PrivilegedAction) Mockito.any(PrivilegedAction.class));
    }

    private void verifyTrustedProxyCall() {
        verifyTrustedProxyCall(false);
    }

    private void verifyTrustedProxyCall(boolean z) {
        ((Client) Mockito.verify(this.client.webClient)).target(Mockito.matches(z ? "^null://null:null.*\\/[a-z\\-\\{\\}]+\\?(expand=.*&)*doAs=testUser$" : "^null://null:null.*\\/[a-z\\-\\{\\}]+\\?doAs=testUser$"));
    }

    private void verifyTrustedProxyCall(String str) {
        ((Client) Mockito.verify(this.client.webClient)).target((String) ArgumentMatchers.eq(String.format("null://null:null/%s?doAs=testUser", str)));
    }

    private void verifyNonTrustedProxyCall() {
        verifyNonTrustedProxyCall(false);
    }

    private void verifyNonTrustedProxyCall(boolean z) {
        ((Client) Mockito.verify(this.client.webClient)).target(Mockito.matches(z ? "^null://null:null.*\\/[a-z\\-\\{\\}]+(\\?expand=[^&]*(&expand=[^&]*)*)?$" : "^null://null:null.*\\/[a-z\\-\\{\\}]+$"));
    }

    private void verifyNonTrustedProxyCall(String str) {
        ((Client) Mockito.verify(this.client.webClient)).target((String) ArgumentMatchers.eq(String.format("null://null:null/%s", str)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Principal testPrincipal() {
        return TestPrincipal.SIMPLE;
    }
}
