package org.apache.kafka.common.security.oauthbearer.internals.secured;

import java.io.File;
import java.util.Collections;
import java.util.Map;
import org.apache.kafka.common.config.ConfigException;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/apache/kafka/common/security/oauthbearer/internals/secured/VerificationKeyResolverFactoryTest.class */
public class VerificationKeyResolverFactoryTest extends OAuthBearerTest {
    @AfterEach
    public void tearDown() throws Exception {
        System.clearProperty("org.apache.kafka.sasl.oauthbearer.allowed.urls");
    }

    @Test
    public void testConfigureRefreshingFileVerificationKeyResolver() throws Exception {
        File createTempFile = createTempFile(createTempDir("access-token"), "access-token-", ".json", "{}");
        System.setProperty("org.apache.kafka.sasl.oauthbearer.allowed.urls", createTempFile.toURI().toString());
        CloseableVerificationKeyResolver create = VerificationKeyResolverFactory.create(Collections.singletonMap("sasl.oauthbearer.jwks.endpoint.url", createTempFile.toURI().toString()), Collections.emptyMap());
        if (create != null) {
            create.close();
        }
    }

    @Test
    public void testConfigureRefreshingFileVerificationKeyResolverWithInvalidDirectory() {
        String uri = new File("/tmp/this-directory-does-not-exist/foo.json").toURI().toString();
        System.setProperty("org.apache.kafka.sasl.oauthbearer.allowed.urls", uri);
        Map<String, ?> saslConfigs = getSaslConfigs("sasl.oauthbearer.jwks.endpoint.url", uri);
        Map emptyMap = Collections.emptyMap();
        assertThrowsWithMessage(ConfigException.class, () -> {
            VerificationKeyResolverFactory.create(saslConfigs, emptyMap);
        }, "that doesn't exist");
    }

    @Test
    public void testConfigureRefreshingFileVerificationKeyResolverWithInvalidFile() throws Exception {
        File file = new File(createTempDir("this-directory-does-exist"), "this-file-does-not-exist.json");
        System.setProperty("org.apache.kafka.sasl.oauthbearer.allowed.urls", file.toURI().toString());
        Map<String, ?> saslConfigs = getSaslConfigs("sasl.oauthbearer.jwks.endpoint.url", file.toURI().toString());
        Map emptyMap = Collections.emptyMap();
        assertThrowsWithMessage(ConfigException.class, () -> {
            VerificationKeyResolverFactory.create(saslConfigs, emptyMap);
        }, "that doesn't exist");
    }

    @Test
    public void testSaslOauthbearerTokenEndpointUrlIsNotAllowed() throws Exception {
        Map<String, ?> saslConfigs = getSaslConfigs("sasl.oauthbearer.jwks.endpoint.url", new File(createTempDir("not_allowed"), "not_allowed.json").toURI().toString());
        assertThrowsWithMessage(ConfigException.class, () -> {
            VerificationKeyResolverFactory.create(saslConfigs, Collections.emptyMap());
        }, "org.apache.kafka.sasl.oauthbearer.allowed.urls");
    }
}
