package io.confluent.kafka.multitenant.integration.test;

import io.confluent.kafka.multitenant.MultiTenantRequestContextTest;
import io.confluent.kafka.multitenant.Utils;
import io.confluent.kafka.server.plugins.auth.oauth.OAuthUtils;
import io.confluent.kafka.test.utils.SecurityTestUtils;
import java.io.IOException;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.apache.kafka.common.network.CertStores;
import org.apache.kafka.common.security.authenticator.TestJaasConfig;
import org.apache.kafka.test.TestUtils;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.TestInfo;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.ValueSource;

@Tag("integration")
/* loaded from: input_file:io/confluent/kafka/multitenant/integration/test/OAuthIntegrationTest.class */
public class OAuthIntegrationTest {
    private IntegrationTestHarness testHarness;
    private OAuthUtils.JwsContainer jwsContainer;
    private Map<String, Object> saslClientConfigs;
    private Map<String, Object> saslServerConfigs;
    private final String allowedCluster = Utils.LC_META_ABC.logicalClusterId();
    private final String orgId = Utils.LC_META_ABC.organizationId();
    private final String[] allowedClusters = {this.allowedCluster};
    private Path tempDir;

    @BeforeEach
    public void setUp(TestInfo testInfo) throws Exception {
        this.tempDir = TestUtils.tempDirectory().toPath();
        Utils.createLogicalClusterFile(Utils.LC_META_ABC, this.tempDir);
        CertStores certStores = new CertStores(true, MultiTenantRequestContextTest.LOCALHOST);
        CertStores certStores2 = new CertStores(false, MultiTenantRequestContextTest.LOCALHOST);
        this.saslServerConfigs = certStores.getTrustingConfig(certStores2);
        this.saslClientConfigs = certStores2.getTrustingConfig(certStores);
        this.testHarness = new IntegrationTestHarness(testInfo);
    }

    @ValueSource(strings = {"zk", "kraft"})
    @ParameterizedTest(name = "{displayName}.quorum={0}")
    public void testOAuthPluginInitializesCleanlyOnServerStartup(String str) throws Exception {
        this.jwsContainer = new OAuthUtils.Builder(100000, "Confluent", "Confluent", this.orgId).build();
        configureMechanisms("OAUTHBEARER", Collections.singletonList("OAUTHBEARER"));
        this.testHarness.start(brokerProps());
        this.testHarness.shutdown();
    }

    private Properties brokerProps() throws IOException {
        Properties properties = new Properties();
        properties.put("multitenant.metadata.dir", this.tempDir.toRealPath(new LinkOption[0]).toString());
        properties.put("multitenant.metadata.class", "io.confluent.kafka.multitenant.PhysicalClusterMetadata");
        HashMap hashMap = new HashMap();
        SecurityTestUtils.attachServerOAuthConfigs(hashMap, Collections.singletonList("OAUTHBEARER"), "listener.name.external", this.jwsContainer);
        properties.putAll(hashMap);
        return properties;
    }

    private void configureMechanisms(String str, List<String> list) {
        SecurityTestUtils.attachMechanisms(this.saslClientConfigs, str, this.jwsContainer, this.allowedCluster);
        SecurityTestUtils.attachServerOAuthConfigs(this.saslServerConfigs, list, "listener.name.sasl_ssl", this.jwsContainer);
        TestJaasConfig.createConfiguration(str, list);
    }
}
