package io.confluent.kafka.multitenant.integration.test;

import io.confluent.kafka.multitenant.BasePhysicalClusterMetadata;
import io.confluent.kafka.multitenant.KafkaLogicalClusterUtils;
import io.confluent.kafka.multitenant.MultiTenantPrincipalBuilder;
import io.confluent.kafka.multitenant.TopicBasedPhysicalClusterMetadata;
import io.confluent.kafka.multitenant.authorizer.MultiTenantAuthorizer;
import io.confluent.kafka.multitenant.integration.cluster.LogicalClusterUser;
import io.confluent.kafka.multitenant.integration.cluster.PhysicalCluster;
import io.confluent.kafka.security.audit.event.ConfluentAuthenticationEvent;
import io.confluent.kafka.security.authorizer.MockAuditLogProvider;
import io.confluent.kafka.server.plugins.auth.FileBasedPlainSaslAuthenticatorTest;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
import kafka.test.JarResourceLoader;
import org.apache.kafka.clients.admin.NewTopic;
import org.apache.kafka.common.acl.AclOperation;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.utils.Time;
import org.apache.kafka.common.utils.Utils;
import org.apache.kafka.test.TestUtils;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.TestInfo;

@Tag("integration")
/* loaded from: input_file:io/confluent/kafka/multitenant/integration/test/AbstractTopicBasedPlainSaslAuthIntegrationTest.class */
public abstract class AbstractTopicBasedPlainSaslAuthIntegrationTest {
    protected IntegrationTestHarness testHarness;
    protected PhysicalCluster physicalCluster;
    protected final String logicalClusterId = KafkaLogicalClusterUtils.LC_META_ABC.logicalClusterId();
    protected final String environmentId = KafkaLogicalClusterUtils.LC_META_ABC.environmentId();
    protected final String organizationId = KafkaLogicalClusterUtils.LC_META_ABC.organizationId();
    protected final String serviceUserAPIkey = "APIKEY1";
    protected final String serviceUserAPIkeyPassword = "pwd1";
    protected int numBrokers = 3;
    protected final String apiKeysTopic = "_confluent-apikey";
    protected final String lkcMetadataTopic = "_confluent-logical_clusters";
    protected final String testTopic = "abcd";
    protected List<NewTopic> sampleTopics = Collections.singletonList(new NewTopic("abcd", 3, 1));
    protected long baseSequenceId = 1000;

    @BeforeEach
    public void setUp(TestInfo testInfo) throws Exception {
        this.testHarness = new IntegrationTestHarness(testInfo, this.numBrokers);
    }

    @AfterEach
    public void tearDown() throws Exception {
        this.testHarness.shutdown();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void startWithTopic() throws Exception {
        startWithTopic(Optional.empty(), SecurityProtocol.SASL_PLAINTEXT);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void startWithTopic(Optional<Time> optional, SecurityProtocol securityProtocol) throws Exception {
        long millis = 15000 + TimeUnit.SECONDS.toMillis(3L);
        this.physicalCluster = this.testHarness.startWithTopic(getInitialTopics(), 1, 1, 15000L, brokerProps(millis, true, securityProtocol), nodeProps(millis), optional);
        LogicalClusterUser user = this.physicalCluster.createLogicalCluster(this.logicalClusterId, 100, 1).user(1);
        this.testHarness.newAclCommand().addTopicAclArgs(user.prefixedKafkaPrincipal(), user.withPrefix("abcd"), AclOperation.ALL, PatternType.LITERAL).execute();
    }

    protected List<String> getInitialTopics() {
        return Arrays.asList("_confluent-apikey", "_confluent-logical_clusters");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Properties brokerProps(long j, boolean z, SecurityProtocol securityProtocol) throws Exception {
        Properties properties = new Properties();
        properties.put("listeners", "INTERNAL://localhost:0, EXTERNAL://localhost:0");
        properties.put("advertised.listeners", "INTERNAL://localhost:0, EXTERNAL://localhost:0");
        properties.put("listener.security.protocol.map", "INTERNAL:PLAINTEXT, EXTERNAL:" + securityProtocol.name());
        properties.put("inter.broker.listener.name", "INTERNAL");
        properties.putAll(nodeProps(j));
        if (z) {
            setupClusterMetadata(properties);
        }
        return properties;
    }

    protected Properties nodeProps(long j) throws IOException {
        Properties properties = new Properties();
        properties.put("sasl.enabled.mechanisms", Collections.singletonList("PLAIN"));
        properties.put("listener.name.external.principal.builder.class", MultiTenantPrincipalBuilder.class.getName());
        properties.put("listener.name.external.confluent.security.event.logger.authentication.enable", "true");
        properties.put("authorizer.class.name", MultiTenantAuthorizer.class.getName());
        properties.put("confluent.security.event.logger.multitenant.enable", "true");
        properties.put("listener.name.external.plain.sasl.jaas.config", "io.confluent.kafka.server.plugins.auth.TopicBasedLoginModule required;");
        properties.put("confluent.multitenant.listener.names", "EXTERNAL");
        properties.put("confluent.cdc.api.keys.topic", "_confluent-apikey");
        properties.put("confluent.cdc.api.keys.topic.load.timeout.ms", String.valueOf(j));
        properties.put(MockAuditLogProvider.AUDIT_PROVIDER_CONFIG, "TEST");
        properties.put("confluent.close.connections.on.credential.delete", "true");
        properties.put("sasl.server.max.receive.size", "1024");
        return properties;
    }

    private void setupClusterMetadata(Properties properties) {
        properties.put("confluent.cdc.lkc.metadata.topic", "_confluent-logical_clusters");
        properties.put("confluent.cdc.api.keys.topic.load.timeout.ms", Long.valueOf(15000 + TimeUnit.SECONDS.toMillis(3L)));
        properties.put("multitenant.metadata.class", TopicBasedPhysicalClusterMetadata.class.getName());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void loadApiKeys() throws Exception {
        try {
            this.physicalCluster.kafkaCluster().produceApiKeysData("_confluent-apikey", "APIKEY1", Utils.readFullyToString((BufferedInputStream) JarResourceLoader.loadFileFromResource(FileBasedPlainSaslAuthenticatorTest.class, "/file_auth_test_apikeys.json").toURI().toURL().getContent()), true);
        } catch (IOException e) {
            throw new Exception("Couldn't read apikeys content");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void loadLKCMetadata() throws InterruptedException {
        List<BasePhysicalClusterMetadata> clusterMetadataInstances = this.physicalCluster.clusterMetadataInstances();
        String logicalClusterId = KafkaLogicalClusterUtils.LC_META_ABC.logicalClusterId();
        this.physicalCluster.kafkaCluster().produceLCMData("_confluent-logical_clusters", this.baseSequenceId + 1, logicalClusterId, KafkaLogicalClusterUtils.LC_META_ABC);
        TestUtils.waitForCondition(() -> {
            return clusterMetadataInstances.stream().allMatch(basePhysicalClusterMetadata -> {
                return basePhysicalClusterMetadata.metadata(logicalClusterId) != null;
            });
        }, "Expected metadata to get consumed");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ConfluentAuthenticationEvent getLastAuthenticationEvent() throws Exception {
        TestUtils.waitForCondition(() -> {
            return getLastAuthenticationEventOrNull() != null;
        }, "Couldn't find the last authentication event");
        return getLastAuthenticationEventOrNull();
    }

    private ConfluentAuthenticationEvent getLastAuthenticationEventOrNull() {
        ConfluentAuthenticationEvent lastAuthenticationEntry;
        for (int i = 0; i < this.numBrokers; i++) {
            try {
                lastAuthenticationEntry = MockAuditLogProvider.getInstance(getBrokerSessionUuid(i)).lastAuthenticationEntry();
            } catch (Exception e) {
            }
            if (lastAuthenticationEntry != null) {
                return lastAuthenticationEntry;
            }
        }
        return null;
    }

    private String getBrokerSessionUuid(int i) {
        return this.physicalCluster.kafkaCluster().kafkaBrokers().get(i).config().brokerSessionUuid();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void resetAuditEvents() {
        for (int i = 0; i < this.numBrokers; i++) {
            MockAuditLogProvider.getInstance(getBrokerSessionUuid(i)).resetEvents();
        }
    }
}
