package org.apache.kafka.common.security.authenticator;

import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.login.LoginException;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.network.ListenerName;
import org.apache.kafka.common.security.JaasContext;
import org.apache.kafka.common.security.auth.AuthenticateCallbackHandler;
import org.apache.kafka.common.security.auth.Login;
import org.apache.kafka.common.security.plain.PlainLoginModule;
import org.apache.kafka.common.utils.Utils;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.MockedStatic;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/kafka/common/security/authenticator/LoginManagerTest.class */
public class LoginManagerTest {
    private Password dynamicPlainContext;
    private Password dynamicDigestContext;

    @BeforeEach
    public void setUp() {
        this.dynamicPlainContext = new Password(PlainLoginModule.class.getName() + " required user=\"plainuser\" password=\"plain-secret\";");
        this.dynamicDigestContext = new Password(TestDigestLoginModule.class.getName() + " required user=\"digestuser\" password=\"digest-secret\";");
        TestJaasConfig.createConfiguration("SCRAM-SHA-256", Collections.singletonList("SCRAM-SHA-256"));
    }

    @AfterEach
    public void tearDown() {
        LoginManager.closeAll();
    }

    @Test
    public void testClientLoginManager() throws Exception {
        Map<String, ?> singletonMap = Collections.singletonMap("sasl.jaas.config", this.dynamicPlainContext);
        JaasContext loadClientContext = JaasContext.loadClientContext(singletonMap);
        JaasContext loadClientContext2 = JaasContext.loadClientContext(Collections.emptyMap());
        LoginManager acquireLoginManager = LoginManager.acquireLoginManager(loadClientContext, "PLAIN", DefaultLogin.class, singletonMap);
        Assertions.assertEquals(this.dynamicPlainContext, acquireLoginManager.cacheKey());
        LoginManager acquireLoginManager2 = LoginManager.acquireLoginManager(loadClientContext2, "SCRAM-SHA-256", DefaultLogin.class, singletonMap);
        Assertions.assertNotSame(acquireLoginManager, acquireLoginManager2);
        Assertions.assertEquals("KafkaClient", acquireLoginManager2.cacheKey());
        Assertions.assertSame(acquireLoginManager, LoginManager.acquireLoginManager(loadClientContext, "PLAIN", DefaultLogin.class, singletonMap));
        Assertions.assertSame(acquireLoginManager2, LoginManager.acquireLoginManager(loadClientContext2, "SCRAM-SHA-256", DefaultLogin.class, singletonMap));
        verifyLoginManagerRelease(acquireLoginManager, 2, loadClientContext, singletonMap);
        verifyLoginManagerRelease(acquireLoginManager2, 2, loadClientContext2, singletonMap);
    }

    @Test
    public void testServerLoginManager() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("plain.sasl.jaas.config", this.dynamicPlainContext);
        hashMap.put("digest-md5.sasl.jaas.config", this.dynamicDigestContext);
        ListenerName listenerName = new ListenerName("listener1");
        JaasContext loadServerContext = JaasContext.loadServerContext(listenerName, "PLAIN", hashMap);
        JaasContext loadServerContext2 = JaasContext.loadServerContext(listenerName, "DIGEST-MD5", hashMap);
        JaasContext loadServerContext3 = JaasContext.loadServerContext(listenerName, "SCRAM-SHA-256", hashMap);
        LoginManager acquireLoginManager = LoginManager.acquireLoginManager(loadServerContext, "PLAIN", DefaultLogin.class, hashMap);
        Assertions.assertEquals(this.dynamicPlainContext, acquireLoginManager.cacheKey());
        LoginManager acquireLoginManager2 = LoginManager.acquireLoginManager(loadServerContext2, "DIGEST-MD5", DefaultLogin.class, hashMap);
        Assertions.assertNotSame(acquireLoginManager, acquireLoginManager2);
        Assertions.assertEquals(this.dynamicDigestContext, acquireLoginManager2.cacheKey());
        LoginManager acquireLoginManager3 = LoginManager.acquireLoginManager(loadServerContext3, "SCRAM-SHA-256", DefaultLogin.class, hashMap);
        Assertions.assertNotSame(acquireLoginManager, acquireLoginManager3);
        Assertions.assertEquals("KafkaServer", acquireLoginManager3.cacheKey());
        Assertions.assertSame(acquireLoginManager, LoginManager.acquireLoginManager(loadServerContext, "PLAIN", DefaultLogin.class, hashMap));
        Assertions.assertSame(acquireLoginManager2, LoginManager.acquireLoginManager(loadServerContext2, "DIGEST-MD5", DefaultLogin.class, hashMap));
        Assertions.assertSame(acquireLoginManager3, LoginManager.acquireLoginManager(loadServerContext3, "SCRAM-SHA-256", DefaultLogin.class, hashMap));
        verifyLoginManagerRelease(acquireLoginManager, 2, loadServerContext, hashMap);
        verifyLoginManagerRelease(acquireLoginManager2, 2, loadServerContext2, hashMap);
        verifyLoginManagerRelease(acquireLoginManager3, 2, loadServerContext3, hashMap);
    }

    @Test
    public void testNonReconfigurableLoginManager() throws Exception {
        Map<String, ?> singletonMap = Collections.singletonMap("sasl.jaas.config", this.dynamicPlainContext);
        JaasContext loadClientContext = JaasContext.loadClientContext(singletonMap);
        LoginManager acquireLoginManager = LoginManager.acquireLoginManager(loadClientContext, "PLAIN", DefaultLogin.class, singletonMap);
        Assertions.assertEquals(this.dynamicPlainContext, acquireLoginManager.cacheKey());
        Assertions.assertThrows(IllegalStateException.class, () -> {
            acquireLoginManager.reconfigure(singletonMap);
        });
        verifyLoginManagerRelease(acquireLoginManager, 1, loadClientContext, singletonMap);
    }

    @Test
    public void testReconfigurableLoginManager() throws Exception {
        Password password = new Password("io.confluent.kafka.security.auth.plain.DynamicPlainLoginModule required username_config=\"test.username\" password_config=\"test.password\";");
        HashMap hashMap = new HashMap();
        hashMap.put("sasl.jaas.config", password);
        hashMap.put("sasl.login.callback.handler.class", Utils.loadClass("io.confluent.kafka.security.auth.plain.DynamicPlainLoginCallbackHandler", AuthenticateCallbackHandler.class));
        hashMap.put("test.username", "alice");
        hashMap.put("test.password", "alice-password");
        JaasContext loadClientContext = JaasContext.loadClientContext(hashMap);
        LoginManager acquireLoginManager = LoginManager.acquireLoginManager(loadClientContext, "PLAIN", DefaultLogin.class, hashMap);
        Assertions.assertEquals(password, acquireLoginManager.cacheKey());
        Assertions.assertEquals(1, acquireLoginManager.subject().getPrivateCredentials().size());
        hashMap.put("test.password", "alice-new-password");
        acquireLoginManager.reconfigure(hashMap);
        Assertions.assertEquals(1, acquireLoginManager.subject().getPrivateCredentials().size());
        verifyLoginManagerRelease(acquireLoginManager, 1, loadClientContext, hashMap);
    }

    @Test
    public void testLoginManagerWithDifferentConfigs() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("sasl.jaas.config", this.dynamicPlainContext);
        hashMap.put("client.id", "client");
        hashMap.put("sasl.oauthbearer.token.endpoint.url", "http://host1:1234");
        HashMap hashMap2 = new HashMap(hashMap);
        hashMap2.put("sasl.oauthbearer.token.endpoint.url", "http://host2:1234");
        JaasContext loadClientContext = JaasContext.loadClientContext(hashMap);
        HashMap hashMap3 = new HashMap(hashMap);
        hashMap3.put("client.id", "client3");
        LoginManager acquireLoginManager = LoginManager.acquireLoginManager(loadClientContext, "PLAIN", DefaultLogin.class, hashMap);
        LoginManager acquireLoginManager2 = LoginManager.acquireLoginManager(loadClientContext, "PLAIN", DefaultLogin.class, hashMap2);
        Assertions.assertEquals(this.dynamicPlainContext, acquireLoginManager.cacheKey());
        Assertions.assertEquals(this.dynamicPlainContext, acquireLoginManager2.cacheKey());
        Assertions.assertNotSame(acquireLoginManager, acquireLoginManager2);
        Assertions.assertSame(acquireLoginManager, LoginManager.acquireLoginManager(loadClientContext, "PLAIN", DefaultLogin.class, hashMap));
        Assertions.assertSame(acquireLoginManager2, LoginManager.acquireLoginManager(loadClientContext, "PLAIN", DefaultLogin.class, hashMap2));
        Assertions.assertSame(acquireLoginManager, LoginManager.acquireLoginManager(loadClientContext, "PLAIN", DefaultLogin.class, new HashMap(hashMap)));
        Assertions.assertSame(acquireLoginManager, LoginManager.acquireLoginManager(loadClientContext, "PLAIN", DefaultLogin.class, hashMap3));
        JaasContext loadClientContext2 = JaasContext.loadClientContext(Collections.emptyMap());
        LoginManager acquireLoginManager3 = LoginManager.acquireLoginManager(loadClientContext2, "SCRAM-SHA-256", DefaultLogin.class, hashMap);
        LoginManager acquireLoginManager4 = LoginManager.acquireLoginManager(loadClientContext2, "SCRAM-SHA-256", DefaultLogin.class, hashMap2);
        Assertions.assertNotSame(acquireLoginManager3, acquireLoginManager);
        Assertions.assertNotSame(acquireLoginManager4, acquireLoginManager2);
        Assertions.assertNotSame(acquireLoginManager3, acquireLoginManager4);
        Assertions.assertSame(acquireLoginManager3, LoginManager.acquireLoginManager(loadClientContext2, "SCRAM-SHA-256", DefaultLogin.class, hashMap));
        Assertions.assertSame(acquireLoginManager4, LoginManager.acquireLoginManager(loadClientContext2, "SCRAM-SHA-256", DefaultLogin.class, hashMap2));
        Assertions.assertSame(acquireLoginManager3, LoginManager.acquireLoginManager(loadClientContext2, "SCRAM-SHA-256", DefaultLogin.class, new HashMap(hashMap)));
        Assertions.assertSame(acquireLoginManager3, LoginManager.acquireLoginManager(loadClientContext2, "SCRAM-SHA-256", DefaultLogin.class, hashMap3));
        verifyLoginManagerRelease(acquireLoginManager, 4, loadClientContext, hashMap);
        verifyLoginManagerRelease(acquireLoginManager2, 2, loadClientContext, hashMap2);
        verifyLoginManagerRelease(acquireLoginManager3, 4, loadClientContext2, hashMap);
        verifyLoginManagerRelease(acquireLoginManager4, 2, loadClientContext2, hashMap2);
    }

    @Test
    public void testShouldReThrowExceptionOnErrorLoginAttempt() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("sasl.jaas.config", this.dynamicPlainContext);
        hashMap.put("sasl.login.class", Login.class);
        hashMap.put("sasl.login.callback.handler.class", AuthenticateCallbackHandler.class);
        JaasContext loadClientContext = JaasContext.loadClientContext(hashMap);
        Login login = (Login) Mockito.mock(Login.class);
        AuthenticateCallbackHandler authenticateCallbackHandler = (AuthenticateCallbackHandler) Mockito.mock(AuthenticateCallbackHandler.class);
        ((Login) Mockito.doThrow(new Throwable[]{new LoginException("Expecting LoginException")}).when(login)).login();
        MockedStatic mockStatic = Mockito.mockStatic(Utils.class, Mockito.CALLS_REAL_METHODS);
        try {
            mockStatic.when(() -> {
                Utils.newInstance(Login.class);
            }).thenReturn(login);
            mockStatic.when(() -> {
                Utils.newInstance(AuthenticateCallbackHandler.class);
            }).thenReturn(authenticateCallbackHandler);
            Assertions.assertThrows(LoginException.class, () -> {
                LoginManager.acquireLoginManager(loadClientContext, "PLAIN", DefaultLogin.class, hashMap);
            });
            ((Login) Mockito.verify(login)).close();
            ((AuthenticateCallbackHandler) Mockito.verify(authenticateCallbackHandler)).close();
            if (mockStatic != null) {
                mockStatic.close();
            }
        } catch (Throwable th) {
            if (mockStatic != null) {
                try {
                    mockStatic.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void verifyLoginManagerRelease(LoginManager loginManager, int i, JaasContext jaasContext, Map<String, ?> map) throws Exception {
        for (int i2 = 0; i2 < i - 1; i2++) {
            loginManager.release();
        }
        Assertions.assertSame(loginManager, LoginManager.acquireLoginManager(jaasContext, "PLAIN", DefaultLogin.class, map));
        for (int i3 = 0; i3 < 2; i3++) {
            loginManager.release();
        }
        LoginManager acquireLoginManager = LoginManager.acquireLoginManager(jaasContext, "PLAIN", DefaultLogin.class, map);
        Assertions.assertNotSame(loginManager, acquireLoginManager);
        acquireLoginManager.release();
    }
}
