package kafka.api;

import java.util.Properties;
import kafka.utils.TestUtils$;
import org.apache.kafka.common.network.Mode;
import org.apache.kafka.common.security.auth.AuthenticationContext;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.KafkaPrincipalBuilder;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.security.auth.SslAuthenticationContext;
import org.junit.Before;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.StringContext;
import scala.collection.LinearSeqOptimized;
import scala.collection.immutable.List$;
import scala.collection.immutable.StringOps;
import scala.reflect.ScalaSignature;
import scala.util.matching.Regex;

/* compiled from: SslEndToEndAuthorizationTest.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005=q!B\u0001\u0003\u0011\u00039\u0011\u0001H*tY\u0016sG\rV8F]\u0012\fU\u000f\u001e5pe&T\u0018\r^5p]R+7\u000f\u001e\u0006\u0003\u0007\u0011\t1!\u00199j\u0015\u0005)\u0011!B6bM.\f7\u0001\u0001\t\u0003\u0011%i\u0011A\u0001\u0004\u0006\u0015\tA\ta\u0003\u0002\u001d'NdWI\u001c3U_\u0016sG-Q;uQ>\u0014\u0018N_1uS>tG+Z:u'\tIA\u0002\u0005\u0002\u000e!5\taBC\u0001\u0010\u0003\u0015\u00198-\u00197b\u0013\t\tbB\u0001\u0004B]f\u0014VM\u001a\u0005\u0006'%!\t\u0001F\u0001\u0007y%t\u0017\u000e\u001e \u0015\u0003\u001d1AAF\u0005\u0001/\t!B+Z:u!JLgnY5qC2\u0014U/\u001b7eKJ\u001c2!\u0006\r!!\tIb$D\u0001\u001b\u0015\tYB$\u0001\u0003mC:<'\"A\u000f\u0002\t)\fg/Y\u0005\u0003?i\u0011aa\u00142kK\u000e$\bCA\u0011.\u001b\u0005\u0011#BA\u0012%\u0003\u0011\tW\u000f\u001e5\u000b\u0005\u00152\u0013\u0001C:fGV\u0014\u0018\u000e^=\u000b\u0005\u001dB\u0013AB2p[6|gN\u0003\u0002\u0006S)\u0011!fK\u0001\u0007CB\f7\r[3\u000b\u00031\n1a\u001c:h\u0013\tq#EA\u000bLC\u001a\\\u0017\r\u0015:j]\u000eL\u0007/\u00197Ck&dG-\u001a:\t\u000bM)B\u0011\u0001\u0019\u0015\u0003E\u0002\"AM\u000b\u000e\u0003%Aq\u0001N\u000bC\u0002\u0013%Q'A\u0004QCR$XM\u001d8\u0016\u0003Y\u0002\"a\u000e\u001f\u000e\u0003aR!!\u000f\u001e\u0002\u00115\fGo\u00195j]\u001eT!a\u000f\b\u0002\tU$\u0018\u000e\\\u0005\u0003{a\u0012QAU3hKbDaaP\u000b!\u0002\u00131\u0014\u0001\u0003)biR,'O\u001c\u0011\t\u000b\u0005+B\u0011\t\"\u0002\u000b\t,\u0018\u000e\u001c3\u0015\u0005\r3\u0005CA\u0011E\u0013\t)%E\u0001\bLC\u001a\\\u0017\r\u0015:j]\u000eL\u0007/\u00197\t\u000b\u001d\u0003\u0005\u0019\u0001%\u0002\u000f\r|g\u000e^3yiB\u0011\u0011%S\u0005\u0003\u0015\n\u0012Q#Q;uQ\u0016tG/[2bi&|gnQ8oi\u0016DHO\u0002\u0003\u000b\u0005\u0001a5CA&N!\tAa*\u0003\u0002P\u0005\tIRI\u001c3U_\u0016sG-Q;uQ>\u0014\u0018N_1uS>tG+Z:u\u0011\u0015\u00192\n\"\u0001R)\u0005\u0011\u0006C\u0001\u0005L\u0011\u0015!6\n\"\u0015V\u0003A\u0019XmY;sSRL\bK]8u_\u000e|G.F\u0001W!\t\ts+\u0003\u0002YE\t\u00012+Z2ve&$\u0018\u0010\u0015:pi>\u001cw\u000e\u001c\u0005\b5.\u0013\r\u0011\"\u0003\\\u0003!\u0019G.[3oi\u000esW#\u0001/\u0011\u0005ei\u0016B\u00010\u001b\u0005\u0019\u0019FO]5oO\"1\u0001m\u0013Q\u0001\nq\u000b\u0011b\u00197jK:$8I\u001c\u0011\t\u000f\t\\%\u0019!C!G\u0006y1\r\\5f]R\u0004&/\u001b8dSB\fG.F\u0001e!\t)\u0007N\u0004\u0002\u000eM&\u0011qMD\u0001\u0007!J,G-\u001a4\n\u0005yK'BA4\u000f\u0011\u0019Y7\n)A\u0005I\u0006\u00012\r\\5f]R\u0004&/\u001b8dSB\fG\u000e\t\u0005\b[.\u0013\r\u0011\"\u0011\\\u00039Y\u0017MZ6b!JLgnY5qC2Daa\\&!\u0002\u0013a\u0016aD6bM.\f\u0007K]5oG&\u0004\u0018\r\u001c\u0011\t\u000bE\\E\u0011\t:\u0002\u000bM,G/\u00169\u0015\u0003M\u0004\"!\u0004;\n\u0005Ut!\u0001B+oSRD#\u0001]<\u0011\u0005a\\X\"A=\u000b\u0005i\\\u0013!\u00026v]&$\u0018B\u0001?z\u0005\u0019\u0011UMZ8sK\")ap\u0013C!\u007f\u0006\u00192\r\\5f]R\u001cVmY;sSRL\bK]8qgR!\u0011\u0011AA\u0006!\u0011\t\u0019!a\u0002\u000e\u0005\u0005\u0015!BA\u001e\u001d\u0013\u0011\tI!!\u0002\u0003\u0015A\u0013x\u000e]3si&,7\u000f\u0003\u0004\u0002\u000eu\u0004\r\u0001Z\u0001\nG\u0016\u0014H/\u00117jCN\u0004")
/* loaded from: input_file:kafka/api/SslEndToEndAuthorizationTest.class */
public class SslEndToEndAuthorizationTest extends EndToEndAuthorizationTest {
    private final String clientCn;
    private final String clientPrincipal;
    private final String kafkaPrincipal;

    /* compiled from: SslEndToEndAuthorizationTest.scala */
    /* loaded from: input_file:kafka/api/SslEndToEndAuthorizationTest$TestPrincipalBuilder.class */
    public static class TestPrincipalBuilder implements KafkaPrincipalBuilder {
        private final Regex Pattern = new StringOps(Predef$.MODULE$.augmentString("O=A (.*?),CN=(.*?)")).r();

        private Regex Pattern() {
            return this.Pattern;
        }

        public KafkaPrincipal build(AuthenticationContext authenticationContext) {
            KafkaPrincipal kafkaPrincipal;
            if (!(authenticationContext instanceof SslAuthenticationContext)) {
                throw new MatchError(authenticationContext);
            }
            String name = ((SslAuthenticationContext) authenticationContext).session().getPeerPrincipal().getName();
            Option unapplySeq = Pattern().unapplySeq(name);
            if (unapplySeq.isEmpty() || unapplySeq.get() == null || ((LinearSeqOptimized) unapplySeq.get()).lengthCompare(2) != 0) {
                kafkaPrincipal = KafkaPrincipal.ANONYMOUS;
            } else {
                String str = (String) ((LinearSeqOptimized) unapplySeq.get()).apply(0);
                kafkaPrincipal = new KafkaPrincipal("User", (str != null ? !str.equals("server") : "server" != 0) ? name : str);
            }
            return kafkaPrincipal;
        }
    }

    @Override // kafka.integration.KafkaServerTestHarness
    public SecurityProtocol securityProtocol() {
        return SecurityProtocol.SSL;
    }

    private String clientCn() {
        return this.clientCn;
    }

    @Override // kafka.api.EndToEndAuthorizationTest
    public String clientPrincipal() {
        return this.clientPrincipal;
    }

    @Override // kafka.api.EndToEndAuthorizationTest
    public String kafkaPrincipal() {
        return this.kafkaPrincipal;
    }

    @Override // kafka.api.EndToEndAuthorizationTest, kafka.api.IntegrationTestHarness, kafka.integration.KafkaServerTestHarness, kafka.zk.ZooKeeperTestHarness
    @Before
    public void setUp() {
        startSasl(jaasSections(List$.MODULE$.empty(), None$.MODULE$, ZkSasl$.MODULE$, jaasSections$default$4()));
        super.setUp();
    }

    @Override // kafka.api.IntegrationTestHarness
    public Properties clientSecurityProps(String str) {
        Properties securityConfigs = TestUtils$.MODULE$.securityConfigs(Mode.CLIENT, securityProtocol(), mo449trustStoreFile(), str, clientCn(), mo75clientSaslProperties());
        securityConfigs.remove("ssl.endpoint.identification.algorithm");
        return securityConfigs;
    }

    public SslEndToEndAuthorizationTest() {
        serverConfig().setProperty("ssl.client.auth", "required");
        serverConfig().setProperty("principal.builder.class", TestPrincipalBuilder.class.getName());
        this.clientCn = "\\#A client with special chars in CN : (\\, \\+ \\\" \\\\ \\< \\> \\; ')";
        this.clientPrincipal = new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"O=A client,CN=", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{clientCn()}));
        this.kafkaPrincipal = "server";
    }
}
