package io.confluent.kafka.multitenant;

import io.confluent.kafka.common.multitenant.oauth.OAuthBearerJwsToken;
import java.net.InetAddress;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.security.sasl.SaslServer;
import org.apache.kafka.common.network.Authenticator;
import org.apache.kafka.common.network.ChannelBuilders;
import org.apache.kafka.common.network.TransportLayer;
import org.apache.kafka.common.security.auth.SaslAuthenticationContext;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.security.kerberos.KerberosShortNamer;
import org.apache.kafka.common.security.oauthbearer.internals.OAuthBearerSaslServer;
import org.apache.kafka.common.security.ssl.SslPrincipalMapper;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:io/confluent/kafka/multitenant/MultiTenantPrincipalBuilderTest.class */
public class MultiTenantPrincipalBuilderTest {
    private static final String OAUTH_NEGOTIATED_TOKEN_PROPERTY_KEY = "OAUTHBEARER.token";
    private SaslAuthenticationContext context;
    Map<String, Object> configs;

    @Before
    public void setUp() {
        SaslServer saslServer = (SaslServer) Mockito.mock(OAuthBearerSaslServer.class);
        Mockito.when(saslServer.getNegotiatedProperty(OAUTH_NEGOTIATED_TOKEN_PROPERTY_KEY)).thenReturn(new OAuthBearerJwsToken("", (Set) null, 0L, MultiTenantRequestContextTest.USERNAME, 0L));
        Mockito.when(saslServer.getNegotiatedProperty("logicalCluster")).thenReturn("lkc-abc123");
        this.context = new SaslAuthenticationContext(saslServer, SecurityProtocol.SASL_PLAINTEXT, InetAddress.getLoopbackAddress(), SecurityProtocol.SASL_PLAINTEXT.name());
        this.configs = new HashMap();
        this.configs.put("principal.builder.class", MultiTenantPrincipalBuilder.class);
    }

    @Test
    public void testOauthSaslPrincipalIsSuperuserByDefault() {
        Assert.assertTrue(ChannelBuilders.createPrincipalBuilder(this.configs, (TransportLayer) null, (Authenticator) null, (KerberosShortNamer) null, (SslPrincipalMapper) null).build(this.context).tenantMetadata().isSuperUser);
    }

    @Test
    public void testOauthSaslPrincipalIsNotSuperuserWhenMultitenantOauthSuperuserDisableIsTrue() {
        this.configs.put("multitenant.oauth.superuser.disable", "true");
        Assert.assertFalse(ChannelBuilders.createPrincipalBuilder(this.configs, (TransportLayer) null, (Authenticator) null, (KerberosShortNamer) null, (SslPrincipalMapper) null).build(this.context).tenantMetadata().isSuperUser);
    }
}
