package io.confluent.kafka.server.plugins.auth;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.File;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.util.Collections;
import java.util.Optional;
import org.apache.kafka.common.errors.SaslAuthenticationException;
import org.apache.kafka.common.utils.MockTime;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:io/confluent/kafka/server/plugins/auth/FileBasedPlainSaslAuthenticatorCachingTest.class */
public class FileBasedPlainSaslAuthenticatorCachingTest extends AbstractFileBasedPlainSaslAuthenticatorTest {
    private AuthAttemptCache successfulAuthCache;
    private AuthAttemptCache failedAuthCache;
    private MultiTenantSaslSecretsLoader secretsLoader;

    @Override // io.confluent.kafka.server.plugins.auth.AbstractFileBasedPlainSaslAuthenticatorTest
    public void setUp() throws Exception {
        this.failedAuthCache = new AuthAttemptCache();
        this.successfulAuthCache = new AuthAttemptCache();
        this.secretsLoader = new MultiTenantSaslSecretsLoader(3);
        super.setUp();
    }

    @Override // io.confluent.kafka.server.plugins.auth.AbstractFileBasedPlainSaslAuthenticatorTest
    protected FileBasedPlainSaslAuthenticator createAuthenticator() {
        return new FileBasedPlainSaslAuthenticator(this.successfulAuthCache, this.failedAuthCache, this.secretsLoader);
    }

    @Test
    public void testCacheSuccess() throws Exception {
        Assert.assertNotNull(this.saslAuth.authenticate("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe", Optional.empty()));
        Assert.assertNotNull(this.successfulAuthCache.get("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe"));
        Assert.assertNull(this.failedAuthCache.get("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe"));
    }

    @Test
    public void testCacheFailure() throws Exception {
        try {
            this.saslAuth.authenticate("bkey", "wrong pwd", Optional.empty());
            Assert.fail("Should throw exception");
        } catch (SaslAuthenticationException e) {
        }
        Assert.assertNotNull(this.failedAuthCache.get("bkey", "wrong pwd"));
        Assert.assertNull(this.successfulAuthCache.get("bkey", "wrong pwd"));
    }

    @Test
    public void testTtlSuccessfulAuth() throws Exception {
        MockTime mockTime = new MockTime();
        this.successfulAuthCache = new AuthAttemptCache(10000L, 10000, mockTime, 10);
        super.setUp();
        Assert.assertNotNull(this.saslAuth.authenticate("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe", Optional.empty()));
        Assert.assertNotNull(this.successfulAuthCache.get("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe"));
        mockTime.sleep(10000 - 1);
        this.successfulAuthCache.get("foo", "bar");
        Assert.assertNotNull(this.successfulAuthCache.get("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe"));
        mockTime.sleep(10000 - 1);
        this.successfulAuthCache.get("foo", "bar");
        Assert.assertNotNull(this.successfulAuthCache.get("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe"));
        mockTime.sleep(10000L);
        this.successfulAuthCache.get("foo", "bar");
        Assert.assertNull(this.successfulAuthCache.get("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe"));
    }

    @Test
    public void testTtlFailedAuth() throws Exception {
        MockTime mockTime = new MockTime();
        this.failedAuthCache = new AuthAttemptCache(10000L, 10000, mockTime, 10);
        super.setUp();
        try {
            this.saslAuth.authenticate("bkey", "bad pwd", Optional.empty());
            Assert.fail("Should throw exception");
        } catch (SaslAuthenticationException e) {
        }
        Assert.assertNotNull(this.failedAuthCache.get("bkey", "bad pwd"));
        mockTime.sleep(10000 - 1);
        this.failedAuthCache.get("foo", "bar");
        Assert.assertNotNull(this.failedAuthCache.get("bkey", "bad pwd"));
        mockTime.sleep(10000 - 1);
        this.failedAuthCache.get("foo", "bar");
        Assert.assertNotNull(this.failedAuthCache.get("bkey", "bad pwd"));
        mockTime.sleep(10000L);
        this.failedAuthCache.get("foo", "bar");
        Assert.assertNull(this.failedAuthCache.get("bkey", "bad pwd"));
    }

    @Test
    public void testUserRemoved() throws Exception {
        Assert.assertNotNull(this.saslAuth.authenticate("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe", Optional.empty()));
        Assert.assertNotNull(this.successfulAuthCache.get("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe"));
        File createTempFile = File.createTempFile("kafka", ".tmp");
        try {
            Files.write(createTempFile.toPath(), new String("{\"keys\":{}}").getBytes(StandardCharsets.UTF_8), new OpenOption[0]);
            this.saslAuth.setConfigFilePath(createTempFile.getAbsolutePath());
            Assert.assertThrows(SaslAuthenticationException.class, () -> {
                this.saslAuth.authenticate("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe", Optional.empty());
            });
        } finally {
            Files.delete(createTempFile.toPath());
        }
    }

    @Test
    public void testUserPasswordChanged() throws Exception {
        Assert.assertNotNull(this.saslAuth.authenticate("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe", Optional.empty()));
        Assert.assertNotNull(this.successfulAuthCache.get("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe"));
        MultiTenantSaslSecrets multiTenantSaslSecrets = new MultiTenantSaslSecrets(Collections.singletonMap("bkey", new MultiTenantSaslConfigEntry("PLAIN", "foobar", "none", FileBasedPlainSaslAuthenticatorTest.USER_ID_1, "lkc-bkey", false)));
        ObjectMapper objectMapper = new ObjectMapper();
        File createTempFile = File.createTempFile("kafka", ".tmp");
        try {
            objectMapper.writeValue(createTempFile, multiTenantSaslSecrets);
            this.saslAuth.setConfigFilePath(createTempFile.getAbsolutePath());
            Assert.assertThrows(SaslAuthenticationException.class, () -> {
                this.saslAuth.authenticate("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe", Optional.empty());
            });
            this.saslAuth.authenticate("bkey", "foobar", Optional.empty());
            Files.delete(createTempFile.toPath());
        } catch (Throwable th) {
            Files.delete(createTempFile.toPath());
            throw th;
        }
    }
}
