package io.confluent.kafka.server.plugins.auth;

import com.fasterxml.jackson.databind.ObjectMapper;
import io.confluent.kafka.link.integration.MultiTenantCLDefaultDataPolicyTest;
import io.confluent.kafka.server.plugins.auth.PlainSaslCredentials;
import java.io.File;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.util.Collections;
import org.apache.kafka.common.errors.SaslAuthenticationException;
import org.apache.kafka.common.metrics.Metrics;
import org.apache.kafka.common.utils.MockTime;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:io/confluent/kafka/server/plugins/auth/FileBasedPlainSaslAuthenticatorCachingTest.class */
public class FileBasedPlainSaslAuthenticatorCachingTest extends AbstractFileBasedPlainSaslAuthenticatorTest {
    private AuthAttemptCache successfulAuthCache;
    private AuthAttemptCache failedAuthCache;
    private MultiTenantSaslSecretsLoader secretsLoader;
    private Metrics metrics;

    @Override // io.confluent.kafka.server.plugins.auth.AbstractFileBasedPlainSaslAuthenticatorTest
    @BeforeEach
    public void setUp() throws Exception {
        this.metrics = new Metrics();
        this.failedAuthCache = new AuthAttemptCache("FailedAuthCache", this.metrics);
        this.successfulAuthCache = new AuthAttemptCache("SuccessfulAuthCache", this.metrics);
        this.secretsLoader = new MultiTenantSaslSecretsLoader(3);
        super.setUp();
    }

    @AfterEach
    public void tearDown() {
        this.metrics.close();
    }

    @Override // io.confluent.kafka.server.plugins.auth.AbstractFileBasedPlainSaslAuthenticatorTest
    protected FileBasedPlainSaslAuthenticator createAuthenticator() {
        return new FileBasedPlainSaslAuthenticator(this.successfulAuthCache, this.failedAuthCache, this.secretsLoader);
    }

    @Test
    public void testCacheSuccess() throws Exception {
        Assertions.assertNotNull(this.saslAuth.authenticate(new PlainSaslCredentials.Builder("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe").build()));
        Assertions.assertNotNull(this.successfulAuthCache.get("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe"));
        Assertions.assertNull(this.failedAuthCache.get("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe"));
    }

    @Test
    public void testCacheFailure() throws Exception {
        try {
            this.saslAuth.authenticate(new PlainSaslCredentials.Builder("bkey", "wrong pwd").build());
            Assertions.fail("Should throw exception");
        } catch (SaslAuthenticationException e) {
        }
        Assertions.assertNotNull(this.failedAuthCache.get("bkey", "wrong pwd"));
        Assertions.assertNull(this.successfulAuthCache.get("bkey", "wrong pwd"));
    }

    @Test
    public void testTtlSuccessfulAuth() throws Exception {
        MockTime mockTime = new MockTime();
        this.successfulAuthCache = new AuthAttemptCache(10000L, 10000, mockTime, 10, "", new Metrics());
        super.setUp();
        Assertions.assertNotNull(this.saslAuth.authenticate(new PlainSaslCredentials.Builder("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe").build()));
        Assertions.assertNotNull(this.successfulAuthCache.get("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe"));
        mockTime.sleep(10000 - 1);
        this.successfulAuthCache.get("foo", "bar");
        Assertions.assertNotNull(this.successfulAuthCache.get("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe"));
        mockTime.sleep(10000 - 1);
        this.successfulAuthCache.get("foo", "bar");
        Assertions.assertNotNull(this.successfulAuthCache.get("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe"));
        mockTime.sleep(10000L);
        this.successfulAuthCache.get("foo", "bar");
        Assertions.assertNull(this.successfulAuthCache.get("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe"));
    }

    @Test
    public void testTtlFailedAuth() throws Exception {
        MockTime mockTime = new MockTime();
        this.failedAuthCache = new AuthAttemptCache(10000L, 10000, mockTime, 10, "", new Metrics());
        super.setUp();
        try {
            this.saslAuth.authenticate(new PlainSaslCredentials.Builder("bkey", "bad pwd").build());
            Assertions.fail("Should throw exception");
        } catch (SaslAuthenticationException e) {
        }
        Assertions.assertNotNull(this.failedAuthCache.get("bkey", "bad pwd"));
        mockTime.sleep(10000 - 1);
        this.failedAuthCache.get("foo", "bar");
        Assertions.assertNotNull(this.failedAuthCache.get("bkey", "bad pwd"));
        mockTime.sleep(10000 - 1);
        this.failedAuthCache.get("foo", "bar");
        Assertions.assertNotNull(this.failedAuthCache.get("bkey", "bad pwd"));
        mockTime.sleep(10000L);
        this.failedAuthCache.get("foo", "bar");
        Assertions.assertNull(this.failedAuthCache.get("bkey", "bad pwd"));
    }

    @Test
    public void testUserRemoved() throws Exception {
        Assertions.assertNotNull(this.saslAuth.authenticate(new PlainSaslCredentials.Builder("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe").build()));
        Assertions.assertNotNull(this.successfulAuthCache.get("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe"));
        File createTempFile = File.createTempFile(MultiTenantCLDefaultDataPolicyTest.SSL_KAFKA_CN, ".tmp");
        try {
            Files.write(createTempFile.toPath(), new String("{\"keys\":{}}").getBytes(StandardCharsets.UTF_8), new OpenOption[0]);
            this.saslAuth.setConfigFilePath(createTempFile.getAbsolutePath());
            Assertions.assertThrows(SaslAuthenticationException.class, () -> {
                this.saslAuth.authenticate(new PlainSaslCredentials.Builder("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe").build());
            });
        } finally {
            Files.delete(createTempFile.toPath());
        }
    }

    @Test
    public void testUserPasswordChanged() throws Exception {
        Assertions.assertNotNull(this.saslAuth.authenticate(new PlainSaslCredentials.Builder("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe").build()));
        Assertions.assertNotNull(this.successfulAuthCache.get("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe"));
        MultiTenantSaslSecrets multiTenantSaslSecrets = new MultiTenantSaslSecrets(Collections.singletonMap("bkey", new MultiTenantSaslConfigEntry("PLAIN", "foobar", "none", FileBasedPlainSaslAuthenticatorTest.USER_ID_1, "lkc-bkey", false, "u-23")));
        ObjectMapper objectMapper = new ObjectMapper();
        File createTempFile = File.createTempFile(MultiTenantCLDefaultDataPolicyTest.SSL_KAFKA_CN, ".tmp");
        try {
            objectMapper.writeValue(createTempFile, multiTenantSaslSecrets);
            this.saslAuth.setConfigFilePath(createTempFile.getAbsolutePath());
            Assertions.assertThrows(SaslAuthenticationException.class, () -> {
                this.saslAuth.authenticate(new PlainSaslCredentials.Builder("bkey", "MKRWvhKV5Xd8VQ05JYre6f+aAq0UBXutZjsHWnQd/GYNR6DfqFeay+VNnReeTRpe").build());
            });
            this.saslAuth.authenticate(new PlainSaslCredentials.Builder("bkey", "foobar").build());
            Files.delete(createTempFile.toPath());
        } catch (Throwable th) {
            Files.delete(createTempFile.toPath());
            throw th;
        }
    }
}
