package io.confluent.kafka.security.oauthbearer;

import io.confluent.kafka.security.PemUtils;
import io.confluent.kafka.security.PrivateKeyUtils;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.Security;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.kafka.common.KafkaException;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.security.oauthbearer.internals.secured.ConfigurationUtils;
import org.apache.kafka.common.security.oauthbearer.internals.secured.JaasOptionsUtils;
import org.apache.kafka.common.utils.FileWatchService;
import org.apache.kafka.test.TestUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import org.mockito.MockedStatic;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/kafka/security/oauthbearer/HttpRequestFormatterFactoryTest.class */
class HttpRequestFormatterFactoryTest {
    static MockedStatic<LoggerFactory> loggerFactory;
    static Logger mockLog;
    private ConfigurationUtils cu;
    private JaasOptionsUtils jou;

    HttpRequestFormatterFactoryTest() {
    }

    @BeforeAll
    public static void beforeAll() {
        loggerFactory = Mockito.mockStatic(LoggerFactory.class);
        mockLog = (Logger) Mockito.mock(Logger.class);
        loggerFactory.when(() -> {
            LoggerFactory.getLogger(HttpRequestFormatterFactory.class);
        }).thenReturn(mockLog);
        loggerFactory.when(() -> {
            LoggerFactory.getLogger(PrivateKeyClientAssertion.class);
        }).thenReturn(mockLog);
        loggerFactory.when(() -> {
            LoggerFactory.getLogger(FileWatchService.class);
        }).thenReturn(mockLog);
        loggerFactory.when(() -> {
            LoggerFactory.getLogger(PemUtils.class);
        }).thenReturn(mockLog);
    }

    @BeforeEach
    public void before() {
        Mockito.reset(new Logger[]{mockLog});
    }

    public void initUtils(Map<String, ?> map, Map<String, Object> map2) {
        this.cu = new ConfigurationUtils(map);
        this.jou = new JaasOptionsUtils(map2);
    }

    private static String getFilePath(String str) throws IOException {
        return TestUtils.tempFile((String) new BufferedReader(new InputStreamReader((InputStream) Objects.requireNonNull(ClassLoader.getSystemResourceAsStream(str)))).lines().collect(Collectors.joining("\n"))).getPath();
    }

    @AfterAll
    public static void afterAll() {
        loggerFactory.close();
    }

    private static Map<String, Object> getSaslConfigs(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put("sasl.oauthbearer.assertion.claim.iss", "issuer");
        hashMap.put("sasl.oauthbearer.assertion.file", null);
        hashMap.put("sasl.oauthbearer.assertion.claim.aud", "audience");
        hashMap.put("sasl.oauthbearer.assertion.claim.sub", "subject");
        hashMap.put("sasl.oauthbearer.assertion.claim.exp.minutes", 10);
        hashMap.put("sasl.oauthbearer.assertion.claim.nbf.include", true);
        hashMap.put("sasl.oauthbearer.assertion.claim.jti.include", true);
        hashMap.put("sasl.oauthbearer.assertion.private.key.file", str);
        hashMap.put("sasl.oauthbearer.assertion.private.key.passphrase", null);
        return hashMap;
    }

    private static Map<String, Object> getJaasOptions() {
        HashMap hashMap = new HashMap();
        hashMap.put("clientId", "clientId");
        hashMap.put("clientSecret", "clientSecret");
        return hashMap;
    }

    @Test
    void testCreateWithLocalClientAssertionwithPKCS1() throws Exception {
        initUtils(getSaslConfigs(TestUtils.tempFile(PrivateKeyUtils.getPkcs1PemKey(PrivateKeyUtils.getRsaKeyPair())).getAbsolutePath()), getJaasOptions());
        Assertions.assertTrue(HttpRequestFormatterFactory.create(this.cu, this.jou) instanceof ClientAssertionHttpRequestFormatter);
        ((Logger) Mockito.verify(mockLog, Mockito.times(1))).info("Configuring local client assertion creation");
        ((Logger) Mockito.verify(mockLog, Mockito.times(1))).info("Client assertion config path is not provided, not configuring additional header and payload values");
    }

    @Test
    void testCreateWithLocalClientAssertionwithUnEncryptedPKCS8() throws Exception {
        initUtils(getSaslConfigs(getFilePath("pkcs8KeypairUnencrypted.pem")), getJaasOptions());
        Assertions.assertTrue(HttpRequestFormatterFactory.create(this.cu, this.jou) instanceof ClientAssertionHttpRequestFormatter);
        ((Logger) Mockito.verify(mockLog, Mockito.times(1))).info("Configuring local client assertion creation");
        ((Logger) Mockito.verify(mockLog, Mockito.times(1))).info("Client assertion config path is not provided, not configuring additional header and payload values");
    }

    @Test
    void testCreateWithLocalClientAssertionwithEncryptedPKCS8() throws Exception {
        Map<String, ?> saslConfigs = getSaslConfigs(getFilePath("pkcs8KeypairEncrypted_PBE-SHA1-3DES.pem"));
        Map<String, Object> jaasOptions = getJaasOptions();
        saslConfigs.put("sasl.oauthbearer.assertion.private.key.passphrase", new Password("secretpass"));
        initUtils(saslConfigs, jaasOptions);
        Assertions.assertTrue(HttpRequestFormatterFactory.create(this.cu, this.jou) instanceof ClientAssertionHttpRequestFormatter);
        ((Logger) Mockito.verify(mockLog, Mockito.times(1))).info("Configuring local client assertion creation");
        ((Logger) Mockito.verify(mockLog, Mockito.times(1))).info("Client assertion config path is not provided, not configuring additional header and payload values");
    }

    @Test
    void testCreateWithLocalClientAssertionwithEncryptedPKCS8withBCProvider() throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        Map<String, ?> saslConfigs = getSaslConfigs(getFilePath("pkcs8KeypairEncrypted.pem"));
        Map<String, Object> jaasOptions = getJaasOptions();
        saslConfigs.put("sasl.oauthbearer.assertion.private.key.passphrase", new Password("secretpass"));
        initUtils(saslConfigs, jaasOptions);
        Assertions.assertTrue(HttpRequestFormatterFactory.create(this.cu, this.jou) instanceof ClientAssertionHttpRequestFormatter);
        ((Logger) Mockito.verify(mockLog, Mockito.times(1))).info("Configuring local client assertion creation");
        ((Logger) Mockito.verify(mockLog, Mockito.times(1))).info("Client assertion config path is not provided, not configuring additional header and payload values");
    }

    @Test
    void testCreateWithFileClientAssertion() {
        Map<String, ?> saslConfigs = getSaslConfigs("testing");
        initUtils(saslConfigs, getJaasOptions());
        saslConfigs.put("sasl.oauthbearer.assertion.file", "file path");
        Assertions.assertTrue(HttpRequestFormatterFactory.create(this.cu, this.jou) instanceof ClientAssertionHttpRequestFormatter);
        ((Logger) Mockito.verify(mockLog, Mockito.times(1))).info("Configuring File based client assertion using file: {}", "file path");
    }

    @Test
    void testCreateWithClientAssertionThrowsException() {
        initUtils(getSaslConfigs("privateKeyPath"), getJaasOptions());
        Assertions.assertThrows(KafkaException.class, () -> {
            HttpRequestFormatterFactory.create(this.cu, this.jou);
        });
    }

    @Test
    void testCreateWithClientSecret() {
        initUtils(new HashMap(), getJaasOptions());
        Assertions.assertTrue(HttpRequestFormatterFactory.create(this.cu, this.jou) instanceof ClientSecretHttpRequestFormatter);
    }

    @MethodSource({"urlEncodeHeaderSupplier"})
    @ParameterizedTest
    public void testUrlEncodeHeader(Map<String, Object> map, boolean z) {
        Assertions.assertEquals(Boolean.valueOf(z), Boolean.valueOf(HttpRequestFormatterFactory.validateUrlEncodeHeader(new ConfigurationUtils(map))));
    }

    private static Stream<Arguments> urlEncodeHeaderSupplier() {
        return Stream.of((Object[]) new Arguments[]{Arguments.of(new Object[]{Collections.emptyMap(), false}), Arguments.of(new Object[]{Collections.singletonMap("sasl.oauthbearer.header.urlencode", null), false}), Arguments.of(new Object[]{Collections.singletonMap("sasl.oauthbearer.header.urlencode", true), true}), Arguments.of(new Object[]{Collections.singletonMap("sasl.oauthbearer.header.urlencode", false), false})});
    }
}
