package io.confluent.kafka.multitenant.integration.test;

import antlr.Version;
import com.google.common.collect.Iterables;
import io.confluent.kafka.multitenant.MultiTenantPrincipal;
import io.confluent.kafka.multitenant.MultiTenantPrincipalBuilder;
import io.confluent.kafka.multitenant.Utils;
import io.confluent.kafka.multitenant.authorizer.MultiTenantAuthorizer;
import io.confluent.kafka.multitenant.integration.cluster.PhysicalCluster;
import io.confluent.kafka.security.authorizer.MockAuditLogProvider;
import io.confluent.kafka.server.plugins.auth.FileBasedPlainSaslAuthenticatorTest;
import io.confluent.kafka.server.plugins.policy.TopicPolicyConfig;
import io.confluent.kafka.test.utils.AclCommandBuilder;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import kafka.server.KafkaConfig$;
import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms;
import org.apache.kafka.clients.admin.AdminClient;
import org.apache.kafka.clients.admin.AlterConfigOp;
import org.apache.kafka.clients.admin.ConfigEntry;
import org.apache.kafka.clients.admin.DeleteAclsResult;
import org.apache.kafka.clients.admin.NewTopic;
import org.apache.kafka.common.KafkaFuture;
import org.apache.kafka.common.acl.AccessControlEntry;
import org.apache.kafka.common.acl.AccessControlEntryFilter;
import org.apache.kafka.common.acl.AclBinding;
import org.apache.kafka.common.acl.AclBindingFilter;
import org.apache.kafka.common.acl.AclOperation;
import org.apache.kafka.common.acl.AclPermissionType;
import org.apache.kafka.common.config.ConfigResource;
import org.apache.kafka.common.config.internals.BrokerSecurityConfigs;
import org.apache.kafka.common.config.internals.ConfluentConfigs;
import org.apache.kafka.common.errors.TopicAuthorizationException;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.resource.ResourcePattern;
import org.apache.kafka.common.resource.ResourcePatternFilter;
import org.apache.kafka.common.resource.ResourceType;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.utils.SecurityUtils;
import org.apache.kafka.test.TestUtils;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInfo;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.ValueSource;

@Tag("integration")
/* loaded from: input_file:io/confluent/kafka/multitenant/integration/test/UserResourceIdAuthorizationIntegrationTest.class */
public class UserResourceIdAuthorizationIntegrationTest {
    private IntegrationTestHarness testHarness;
    private PhysicalCluster physicalCluster;
    private final String logicalClusterId = Utils.LC_META_ABC.logicalClusterId();
    private final String adminUserAPIkey = "APIKEY1";
    private final String adminUserAPIkeyPassword = "pwd1";
    private final String serviceUserAPIkey2 = "APIKEY2";
    private final String serviceUserAPIkeyPassword2 = "pwd2";
    private final String serviceUserAPIkey3 = "APIKEY3";
    private final String serviceUserAPIkeyPassword3 = "pwd3";
    private final String apiKeysTopic = "_confluent-apikey";
    private final String testTopic1 = "abcd1";
    private final String testTopic2 = "abcd2";
    private final String testTopic3 = "abcd3";
    private final String userType = "User:";
    private final String userResourceId2 = "u-2";
    private final String userResourceId3 = "u-3";
    private final String userResourceId4 = "u-4";
    private final String userId2 = Version.version;
    private final String userId3 = ConfluentConfigs.AUDIT_LOGGER_REPLICATION_FACTOR_DEFAULT;
    private final String userId4 = "4";
    private final List<NewTopic> sampleTopics = Collections.singletonList(new NewTopic("abcd1", 3, (short) 1));

    @BeforeEach
    public void setUp(TestInfo testInfo) throws Exception {
        this.testHarness = new IntegrationTestHarness(testInfo, 3);
        long millis = 15000 + TimeUnit.SECONDS.toMillis(3L);
        this.physicalCluster = this.testHarness.startWithTopic("_confluent-apikey", 1, 1, 15000L, brokerProps(millis), controllerProps(millis));
        this.physicalCluster.createLogicalCluster(this.logicalClusterId, 100, 1, 2);
        loadApiKeys("/file_auth_test_apikeys.json", "APIKEY1");
        loadApiKeys("/service_account_apikey_2.json", "APIKEY2");
        loadApiKeys("/service_account_apikey_3.json", "APIKEY3");
        loadApiKeys("/service_account_apikey_4.json", "APIKEY4");
    }

    @AfterEach
    public void tearDown() throws Exception {
        this.testHarness.shutdown();
    }

    private Properties brokerProps(long j) throws IOException {
        Properties properties = new Properties();
        properties.put("listeners", "INTERNAL://localhost:0, EXTERNAL://localhost:0");
        properties.put("advertised.listeners", "INTERNAL://localhost:0, EXTERNAL://localhost:0");
        properties.put("listener.security.protocol.map", "INTERNAL:PLAINTEXT, EXTERNAL:SASL_PLAINTEXT");
        properties.put("inter.broker.listener.name", TopicPolicyConfig.DEFAULT_INTERNAL_LISTENER);
        properties.put(BrokerSecurityConfigs.SASL_ENABLED_MECHANISMS_CONFIG, Collections.singletonList("PLAIN"));
        properties.put("listener.name.external.principal.builder.class", MultiTenantPrincipalBuilder.class.getName());
        properties.put("listener.name.external.confluent.security.event.logger.authentication.enable", "true");
        properties.put(KafkaConfig$.MODULE$.AuthorizerClassNameProp(), MultiTenantAuthorizer.class.getName());
        properties.put("confluent.security.event.logger.multitenant.enable", "true");
        properties.put("listener.name.external.plain.sasl.jaas.config", "io.confluent.kafka.server.plugins.auth.TopicBasedLoginModule required;");
        properties.put(ConfluentConfigs.MULTITENANT_LISTENER_NAMES_CONFIG, SupportedSaslMechanisms.EXTERNAL);
        properties.put(ConfluentConfigs.CDC_API_KEYS_TOPIC_CONFIG, "_confluent-apikey");
        properties.put(ConfluentConfigs.CDC_TOPIC_LOAD_TIMEOUT_MS_CONFIG, String.valueOf(j));
        properties.put(MockAuditLogProvider.AUDIT_PROVIDER_CONFIG, "TEST");
        properties.put(ConfluentConfigs.CLOSE_CONNECTIONS_ON_CREDENTIAL_DELETE_CONFIG, "true");
        properties.put(ConfluentConfigs.SUPPORT_USER_RESOURCE_ID_IN_ACL, "true");
        return properties;
    }

    private Properties controllerProps(long j) throws IOException {
        Properties properties = new Properties();
        properties.put(BrokerSecurityConfigs.SASL_ENABLED_MECHANISMS_CONFIG, Collections.singletonList("PLAIN"));
        properties.put("listener.name.external.principal.builder.class", MultiTenantPrincipalBuilder.class.getName());
        properties.put("listener.name.external.confluent.security.event.logger.authentication.enable", "true");
        properties.put(KafkaConfig$.MODULE$.AuthorizerClassNameProp(), MultiTenantAuthorizer.class.getName());
        properties.put("confluent.security.event.logger.multitenant.enable", "true");
        properties.put("listener.name.external.plain.sasl.jaas.config", "io.confluent.kafka.server.plugins.auth.TopicBasedLoginModule required;");
        properties.put(ConfluentConfigs.MULTITENANT_LISTENER_NAMES_CONFIG, SupportedSaslMechanisms.EXTERNAL);
        properties.put(ConfluentConfigs.CDC_API_KEYS_TOPIC_CONFIG, "_confluent-apikey");
        properties.put(ConfluentConfigs.CDC_TOPIC_LOAD_TIMEOUT_MS_CONFIG, String.valueOf(j));
        properties.put(MockAuditLogProvider.AUDIT_PROVIDER_CONFIG, "TEST");
        properties.put(ConfluentConfigs.CLOSE_CONNECTIONS_ON_CREDENTIAL_DELETE_CONFIG, "true");
        properties.put(ConfluentConfigs.SUPPORT_USER_RESOURCE_ID_IN_ACL, "true");
        return properties;
    }

    @ValueSource(strings = {"zk", "kraft"})
    @ParameterizedTest(name = "{displayName}.quorum={0}")
    public void testCreateAcls(String str) throws Exception {
        AdminClient createPlainAuthAdminClient;
        Throwable th;
        AdminClient createPlainAuthAdminClient2;
        Throwable th2;
        Throwable th3;
        AdminClient createPlainAuthAdminClient3 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY1", "pwd1"));
        Throwable th4 = null;
        try {
            AdminClient createPlainAuthAdminClient4 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
            Throwable th5 = null;
            try {
                try {
                    TestUtils.assertFutureError(createPlainAuthAdminClient4.createTopics(topicsList("topic1")).all(), TopicAuthorizationException.class);
                    if (createPlainAuthAdminClient4 != null) {
                        if (0 != 0) {
                            try {
                                createPlainAuthAdminClient4.close();
                            } catch (Throwable th6) {
                                th5.addSuppressed(th6);
                            }
                        } else {
                            createPlainAuthAdminClient4.close();
                        }
                    }
                    createPlainAuthAdminClient3.createAcls(Collections.singleton(topicAcl(Version.version, "topic1"))).all().get();
                    createPlainAuthAdminClient = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
                    th = null;
                } catch (Throwable th7) {
                    th5 = th7;
                    throw th7;
                }
                try {
                    createPlainAuthAdminClient.createTopics(topicsList("topic1")).all().get();
                    Assertions.assertTrue(createPlainAuthAdminClient.listTopics().names().get().containsAll((List) topicsList("topic1").stream().map((v0) -> {
                        return v0.name();
                    }).collect(Collectors.toList())));
                    if (createPlainAuthAdminClient != null) {
                        if (0 != 0) {
                            try {
                                createPlainAuthAdminClient.close();
                            } catch (Throwable th8) {
                                th.addSuppressed(th8);
                            }
                        } else {
                            createPlainAuthAdminClient.close();
                        }
                    }
                    AdminClient createPlainAuthAdminClient5 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
                    Throwable th9 = null;
                    try {
                        TestUtils.assertFutureError(createPlainAuthAdminClient5.createTopics(topicsList("topic2")).all(), TopicAuthorizationException.class);
                        if (createPlainAuthAdminClient5 != null) {
                            if (0 != 0) {
                                try {
                                    createPlainAuthAdminClient5.close();
                                } catch (Throwable th10) {
                                    th9.addSuppressed(th10);
                                }
                            } else {
                                createPlainAuthAdminClient5.close();
                            }
                        }
                        createPlainAuthAdminClient3.createAcls(Collections.singleton(topicAcl(Version.version, "topic2"))).all().get();
                        AdminClient createPlainAuthAdminClient6 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
                        Throwable th11 = null;
                        try {
                            try {
                                createPlainAuthAdminClient6.createTopics(topicsList("topic2")).all().get();
                                Assertions.assertTrue(createPlainAuthAdminClient6.listTopics().names().get().containsAll((List) topicsList("topic2").stream().map((v0) -> {
                                    return v0.name();
                                }).collect(Collectors.toList())));
                                if (createPlainAuthAdminClient6 != null) {
                                    if (0 != 0) {
                                        try {
                                            createPlainAuthAdminClient6.close();
                                        } catch (Throwable th12) {
                                            th11.addSuppressed(th12);
                                        }
                                    } else {
                                        createPlainAuthAdminClient6.close();
                                    }
                                }
                                createPlainAuthAdminClient2 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY3", "pwd3"));
                                th2 = null;
                            } catch (Throwable th13) {
                                th11 = th13;
                                throw th13;
                            }
                            try {
                                try {
                                    TestUtils.assertFutureError(createPlainAuthAdminClient2.createTopics(topicsList("topic3")).all(), TopicAuthorizationException.class);
                                    if (createPlainAuthAdminClient2 != null) {
                                        if (0 != 0) {
                                            try {
                                                createPlainAuthAdminClient2.close();
                                            } catch (Throwable th14) {
                                                th2.addSuppressed(th14);
                                            }
                                        } else {
                                            createPlainAuthAdminClient2.close();
                                        }
                                    }
                                    createPlainAuthAdminClient3.createAcls(Collections.singleton(topicAcl(ConfluentConfigs.AUDIT_LOGGER_REPLICATION_FACTOR_DEFAULT, "topic3"))).all().get();
                                    createPlainAuthAdminClient4 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY3", "pwd3"));
                                    th3 = null;
                                } catch (Throwable th15) {
                                    th2 = th15;
                                    throw th15;
                                }
                                try {
                                    try {
                                        createPlainAuthAdminClient4.createTopics(topicsList("topic3")).all().get();
                                        Assertions.assertTrue(createPlainAuthAdminClient4.listTopics().names().get().containsAll((List) topicsList("topic3").stream().map((v0) -> {
                                            return v0.name();
                                        }).collect(Collectors.toList())));
                                        if (createPlainAuthAdminClient4 != null) {
                                            if (0 != 0) {
                                                try {
                                                    createPlainAuthAdminClient4.close();
                                                } catch (Throwable th16) {
                                                    th3.addSuppressed(th16);
                                                }
                                            } else {
                                                createPlainAuthAdminClient4.close();
                                            }
                                        }
                                        AdminClient createPlainAuthAdminClient7 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
                                        Throwable th17 = null;
                                        try {
                                            TestUtils.assertFutureError(createPlainAuthAdminClient7.createTopics(topicsList("topic4")).all(), TopicAuthorizationException.class);
                                            if (createPlainAuthAdminClient7 != null) {
                                                if (0 != 0) {
                                                    try {
                                                        createPlainAuthAdminClient7.close();
                                                    } catch (Throwable th18) {
                                                        th17.addSuppressed(th18);
                                                    }
                                                } else {
                                                    createPlainAuthAdminClient7.close();
                                                }
                                            }
                                            createPlainAuthAdminClient3.createAcls(Collections.singleton(topicAcl("*", "topic4"))).all().get();
                                            createPlainAuthAdminClient4 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
                                            Throwable th19 = null;
                                            try {
                                                try {
                                                    createPlainAuthAdminClient4.createTopics(topicsList("topic4")).all().get();
                                                    Assertions.assertTrue(createPlainAuthAdminClient4.listTopics().names().get().containsAll((List) topicsList("topic4").stream().map((v0) -> {
                                                        return v0.name();
                                                    }).collect(Collectors.toList())));
                                                    if (createPlainAuthAdminClient4 != null) {
                                                        if (0 != 0) {
                                                            try {
                                                                createPlainAuthAdminClient4.close();
                                                            } catch (Throwable th20) {
                                                                th19.addSuppressed(th20);
                                                            }
                                                        } else {
                                                            createPlainAuthAdminClient4.close();
                                                        }
                                                    }
                                                    if (createPlainAuthAdminClient3 != null) {
                                                        if (0 == 0) {
                                                            createPlainAuthAdminClient3.close();
                                                            return;
                                                        }
                                                        try {
                                                            createPlainAuthAdminClient3.close();
                                                        } catch (Throwable th21) {
                                                            th4.addSuppressed(th21);
                                                        }
                                                    }
                                                } catch (Throwable th22) {
                                                    th19 = th22;
                                                    throw th22;
                                                }
                                            } finally {
                                            }
                                        } catch (Throwable th23) {
                                            if (createPlainAuthAdminClient7 != null) {
                                                if (0 != 0) {
                                                    try {
                                                        createPlainAuthAdminClient7.close();
                                                    } catch (Throwable th24) {
                                                        th17.addSuppressed(th24);
                                                    }
                                                } else {
                                                    createPlainAuthAdminClient7.close();
                                                }
                                            }
                                            throw th23;
                                        }
                                    } catch (Throwable th25) {
                                        th3 = th25;
                                        throw th25;
                                    }
                                } finally {
                                }
                            } finally {
                                if (createPlainAuthAdminClient2 != null) {
                                    if (th2 != null) {
                                        try {
                                            createPlainAuthAdminClient2.close();
                                        } catch (Throwable th26) {
                                            th2.addSuppressed(th26);
                                        }
                                    } else {
                                        createPlainAuthAdminClient2.close();
                                    }
                                }
                            }
                        } finally {
                            if (createPlainAuthAdminClient6 != null) {
                                if (th11 != null) {
                                    try {
                                        createPlainAuthAdminClient6.close();
                                    } catch (Throwable th27) {
                                        th11.addSuppressed(th27);
                                    }
                                } else {
                                    createPlainAuthAdminClient6.close();
                                }
                            }
                        }
                    } catch (Throwable th28) {
                        if (createPlainAuthAdminClient5 != null) {
                            if (0 != 0) {
                                try {
                                    createPlainAuthAdminClient5.close();
                                } catch (Throwable th29) {
                                    th9.addSuppressed(th29);
                                }
                            } else {
                                createPlainAuthAdminClient5.close();
                            }
                        }
                        throw th28;
                    }
                } catch (Throwable th30) {
                    if (createPlainAuthAdminClient != null) {
                        if (0 != 0) {
                            try {
                                createPlainAuthAdminClient.close();
                            } catch (Throwable th31) {
                                th.addSuppressed(th31);
                            }
                        } else {
                            createPlainAuthAdminClient.close();
                        }
                    }
                    throw th30;
                }
            } finally {
                if (createPlainAuthAdminClient4 != null) {
                    if (th5 != null) {
                        try {
                            createPlainAuthAdminClient4.close();
                        } catch (Throwable th32) {
                            th5.addSuppressed(th32);
                        }
                    } else {
                        createPlainAuthAdminClient4.close();
                    }
                }
            }
        } catch (Throwable th33) {
            if (createPlainAuthAdminClient3 != null) {
                if (0 != 0) {
                    try {
                        createPlainAuthAdminClient3.close();
                    } catch (Throwable th34) {
                        th4.addSuppressed(th34);
                    }
                } else {
                    createPlainAuthAdminClient3.close();
                }
            }
            throw th33;
        }
    }

    @ValueSource(strings = {"zk", "kraft"})
    @ParameterizedTest(name = "{displayName}.quorum={0}")
    public void testDescribeAcls(String str) throws Exception {
        AclBinding aclBinding = topicAcl(Version.version);
        AclBinding aclBinding2 = topicAcl(ConfluentConfigs.AUDIT_LOGGER_REPLICATION_FACTOR_DEFAULT);
        ArrayList arrayList = new ArrayList(Arrays.asList(aclBinding, aclBinding2));
        ArrayList arrayList2 = new ArrayList(Arrays.asList(topicAcl("u-2"), aclBinding2));
        AdminClient createPlainAuthAdminClient = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY1", "pwd1"));
        Throwable th = null;
        try {
            try {
                createPlainAuthAdminClient.createAcls(new ArrayList(Arrays.asList(aclBinding, aclBinding2))).all().get();
                Collection<AclBinding> collection = createPlainAuthAdminClient.describeAcls(AclBindingFilter.ANY).values().get();
                Assertions.assertEquals(arrayList.size(), collection.size());
                Assertions.assertTrue(arrayList.containsAll(collection));
                Assertions.assertEquals(topicAcl("u-2"), Iterables.getOnlyElement(createPlainAuthAdminClient.describeAcls(topicFilter("u-2")).values().get()));
                Assertions.assertEquals(aclBinding, Iterables.getOnlyElement(createPlainAuthAdminClient.describeAcls(topicFilter(Version.version)).values().get()));
                Collection<AclBinding> collection2 = createPlainAuthAdminClient.describeAcls(topicFilter("*", MultiTenantPrincipal.USERV2)).values().get();
                Assertions.assertEquals(arrayList2.size(), collection2.size());
                Assertions.assertTrue(arrayList2.containsAll(collection2));
                if (createPlainAuthAdminClient != null) {
                    if (0 == 0) {
                        createPlainAuthAdminClient.close();
                        return;
                    }
                    try {
                        createPlainAuthAdminClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (createPlainAuthAdminClient != null) {
                if (th != null) {
                    try {
                        createPlainAuthAdminClient.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    createPlainAuthAdminClient.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testDeleteAcls() throws Exception {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < 5; i++) {
            arrayList.add(topicAcl(Version.version, "abcd1" + i));
            arrayList.add(topicAcl("u-2", "abcd2" + i));
            arrayList.add(topicAcl(ConfluentConfigs.AUDIT_LOGGER_REPLICATION_FACTOR_DEFAULT, "abcd1" + i));
            arrayList.add(topicAcl("u-3", "abcd1" + i));
            arrayList.add(topicAcl("4", "abcd1" + i));
            arrayList.add(topicAcl("u-4", "abcd2" + i));
        }
        AdminClient createPlainAuthAdminClient = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY1", "pwd1"));
        Throwable th = null;
        try {
            try {
                List asList = Arrays.asList(topicFilter(Version.version), topicFilter("u-2"), topicFilter(ConfluentConfigs.AUDIT_LOGGER_REPLICATION_FACTOR_DEFAULT), topicFilter("u-3"), topicFilter("4"));
                createPlainAuthAdminClient.createAcls(arrayList).all().get();
                Map<AclBindingFilter, KafkaFuture<DeleteAclsResult.FilterResults>> values = createPlainAuthAdminClient.deleteAcls(asList).values();
                this.testHarness.ensureKraftMetadataConsistent();
                int i2 = 0;
                while (i2 < 5) {
                    DeleteAclsResult.FilterResults filterResults = values.get(asList.get(i2)).get();
                    Set set = (Set) filterResults.values().stream().map(filterResult -> {
                        return filterResult.binding().entry().principal();
                    }).collect(Collectors.toSet());
                    Assertions.assertTrue(set.size() == (i2 == 0 ? 0 : 1));
                    switch (i2) {
                        case 1:
                            Assertions.assertTrue(filterResults.values().size() == 10 && set.contains(principal("u-2")));
                            break;
                        case 2:
                            Assertions.assertTrue(filterResults.values().size() == 5 && set.contains(principal(ConfluentConfigs.AUDIT_LOGGER_REPLICATION_FACTOR_DEFAULT)));
                            break;
                        case 3:
                            Assertions.assertTrue(filterResults.values().size() == 5 && set.contains(principal("u-3")));
                            break;
                        case 4:
                            Assertions.assertTrue(filterResults.values().size() == 10 && set.contains(principal("4")));
                            break;
                    }
                    i2++;
                }
                createPlainAuthAdminClient.createAcls(arrayList).all().get();
                Collection<AclBinding> collection = createPlainAuthAdminClient.deleteAcls(Arrays.asList(AclBindingFilter.ANY)).all().get();
                Set set2 = (Set) collection.stream().map(aclBinding -> {
                    return aclBinding.entry().principal();
                }).collect(Collectors.toSet());
                Assertions.assertTrue(collection.size() == 30 && set2.size() == 4 && set2.containsAll(Arrays.asList(principal(Version.version), principal(ConfluentConfigs.AUDIT_LOGGER_REPLICATION_FACTOR_DEFAULT), principal("u-3"), principal("4"))));
                createPlainAuthAdminClient.createAcls(arrayList).all().get();
                Collection<AclBinding> collection2 = createPlainAuthAdminClient.deleteAcls(Arrays.asList(topicFilter("*", MultiTenantPrincipal.USERV2))).all().get();
                Set set3 = (Set) collection2.stream().map(aclBinding2 -> {
                    return aclBinding2.entry().principal();
                }).collect(Collectors.toSet());
                Assertions.assertTrue(collection2.size() == 30 && set3.size() == 4 && set3.containsAll(Arrays.asList(principal("u-2"), principal(ConfluentConfigs.AUDIT_LOGGER_REPLICATION_FACTOR_DEFAULT), principal("u-3"), principal("u-4"))));
                if (createPlainAuthAdminClient != null) {
                    if (0 == 0) {
                        createPlainAuthAdminClient.close();
                        return;
                    }
                    try {
                        createPlainAuthAdminClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (createPlainAuthAdminClient != null) {
                if (th != null) {
                    try {
                        createPlainAuthAdminClient.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    createPlainAuthAdminClient.close();
                }
            }
            throw th4;
        }
    }

    private String principal(String str) {
        return "User:" + str;
    }

    @Disabled
    @ValueSource(strings = {"zk", "kraft"})
    @ParameterizedTest(name = "{displayName}.quorum={0}")
    public void testUserResourceIdWithAdminClient(String str) throws Exception {
        Throwable th;
        Throwable th2;
        AclBinding aclBinding = topicAcl("u-2");
        AclBindingFilter aclBindingFilter = topicFilter("u-2");
        AdminClient createPlainAuthAdminClient = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY1", "pwd1"));
        Throwable th3 = null;
        try {
            Assertions.assertTrue(createPlainAuthAdminClient.describeAcls(aclBindingFilter).values().get().isEmpty());
            AdminClient createPlainAuthAdminClient2 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
            Throwable th4 = null;
            try {
                try {
                    TestUtils.assertFutureError(createPlainAuthAdminClient2.createTopics(this.sampleTopics).all(), TopicAuthorizationException.class);
                    if (createPlainAuthAdminClient2 != null) {
                        if (0 != 0) {
                            try {
                                createPlainAuthAdminClient2.close();
                            } catch (Throwable th5) {
                                th4.addSuppressed(th5);
                            }
                        } else {
                            createPlainAuthAdminClient2.close();
                        }
                    }
                    createPlainAuthAdminClient.createAcls(Collections.singleton(aclBinding)).all().get();
                    Assertions.assertEquals(1, createPlainAuthAdminClient.describeAcls(aclBindingFilter).values().get().size());
                    createPlainAuthAdminClient2 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
                    th = null;
                } catch (Throwable th6) {
                    th4 = th6;
                    throw th6;
                }
                try {
                    try {
                        createPlainAuthAdminClient2.createTopics(this.sampleTopics).all().get();
                        Assertions.assertTrue(createPlainAuthAdminClient2.listTopics().names().get().containsAll((List) this.sampleTopics.stream().map((v0) -> {
                            return v0.name();
                        }).collect(Collectors.toList())));
                        if (createPlainAuthAdminClient2 != null) {
                            if (0 != 0) {
                                try {
                                    createPlainAuthAdminClient2.close();
                                } catch (Throwable th7) {
                                    th.addSuppressed(th7);
                                }
                            } else {
                                createPlainAuthAdminClient2.close();
                            }
                        }
                        createPlainAuthAdminClient.deleteAcls(Collections.singleton(aclBindingFilter)).all().get();
                        Assertions.assertTrue(createPlainAuthAdminClient.describeAcls(aclBindingFilter).values().get().isEmpty());
                        createPlainAuthAdminClient2 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
                        th2 = null;
                    } catch (Throwable th8) {
                        th = th8;
                        throw th8;
                    }
                    try {
                        try {
                            TestUtils.assertFutureError(createPlainAuthAdminClient2.describeTopics(Collections.singletonList("abcd1")).allTopicNames(), TopicAuthorizationException.class);
                            if (createPlainAuthAdminClient2 != null) {
                                if (0 != 0) {
                                    try {
                                        createPlainAuthAdminClient2.close();
                                    } catch (Throwable th9) {
                                        th2.addSuppressed(th9);
                                    }
                                } else {
                                    createPlainAuthAdminClient2.close();
                                }
                            }
                            if (createPlainAuthAdminClient != null) {
                                if (0 == 0) {
                                    createPlainAuthAdminClient.close();
                                    return;
                                }
                                try {
                                    createPlainAuthAdminClient.close();
                                } catch (Throwable th10) {
                                    th3.addSuppressed(th10);
                                }
                            }
                        } catch (Throwable th11) {
                            th2 = th11;
                            throw th11;
                        }
                    } finally {
                    }
                } finally {
                }
            } finally {
                if (createPlainAuthAdminClient2 != null) {
                    if (th4 != null) {
                        try {
                            createPlainAuthAdminClient2.close();
                        } catch (Throwable th12) {
                            th4.addSuppressed(th12);
                        }
                    } else {
                        createPlainAuthAdminClient2.close();
                    }
                }
            }
        } catch (Throwable th13) {
            if (createPlainAuthAdminClient != null) {
                if (0 != 0) {
                    try {
                        createPlainAuthAdminClient.close();
                    } catch (Throwable th14) {
                        th3.addSuppressed(th14);
                    }
                } else {
                    createPlainAuthAdminClient.close();
                }
            }
            throw th13;
        }
    }

    @Test
    public void testDynamicConfig() throws ExecutionException, InterruptedException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(topicAcl(Version.version, "abcd1"));
        arrayList.add(topicAcl("u-2", "abcd2"));
        arrayList.add(topicAcl("u-2", "abcd3"));
        arrayList.add(topicAcl(ConfluentConfigs.AUDIT_LOGGER_REPLICATION_FACTOR_DEFAULT, "abcd1"));
        AdminClient createPlainAuthAdminClient = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY1", "pwd1"));
        Throwable th = null;
        try {
            createPlainAuthAdminClient.createAcls(arrayList).all().get();
            AclBindingFilter aclBindingFilter = topicFilter(Version.version);
            AclBindingFilter aclBindingFilter2 = topicFilter(ConfluentConfigs.AUDIT_LOGGER_REPLICATION_FACTOR_DEFAULT);
            AdminClient createPlainAuthAdminClient2 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
            Throwable th2 = null;
            try {
                try {
                    createPlainAuthAdminClient2.createTopics(topicsList("abcd1")).all().get();
                    Assertions.assertTrue(createPlainAuthAdminClient2.listTopics().names().get().containsAll((List) topicsList("abcd1").stream().map((v0) -> {
                        return v0.name();
                    }).collect(Collectors.toList())));
                    if (createPlainAuthAdminClient2 != null) {
                        if (0 != 0) {
                            try {
                                createPlainAuthAdminClient2.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            createPlainAuthAdminClient2.close();
                        }
                    }
                    Assertions.assertTrue(createPlainAuthAdminClient.describeAcls(aclBindingFilter).values().get().size() == 3 && createPlainAuthAdminClient.describeAcls(aclBindingFilter2).values().get().size() == 1);
                    createPlainAuthAdminClient.incrementalAlterConfigs(supportUserResourceIdInAclConfig("false")).all().get();
                    TestUtils.retryOnExceptionWithTimeout(() -> {
                        Assertions.assertTrue(createPlainAuthAdminClient.describeAcls(aclBindingFilter).values().get().size() == 0 && createPlainAuthAdminClient.describeAcls(aclBindingFilter2).values().get().size() == 1);
                    });
                    AdminClient createPlainAuthAdminClient3 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
                    Throwable th4 = null;
                    try {
                        try {
                            TestUtils.assertFutureError(createPlainAuthAdminClient3.createTopics(topicsList("abcd2")).all(), TopicAuthorizationException.class);
                            if (createPlainAuthAdminClient3 != null) {
                                if (0 != 0) {
                                    try {
                                        createPlainAuthAdminClient3.close();
                                    } catch (Throwable th5) {
                                        th4.addSuppressed(th5);
                                    }
                                } else {
                                    createPlainAuthAdminClient3.close();
                                }
                            }
                            createPlainAuthAdminClient.incrementalAlterConfigs(supportUserResourceIdInAclConfig("true")).all().get();
                            TestUtils.retryOnExceptionWithTimeout(() -> {
                                Assertions.assertTrue(createPlainAuthAdminClient.describeAcls(aclBindingFilter).values().get().size() == 3 && createPlainAuthAdminClient.describeAcls(aclBindingFilter2).values().get().size() == 1);
                            });
                            createPlainAuthAdminClient2 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
                            Throwable th6 = null;
                            try {
                                try {
                                    createPlainAuthAdminClient2.createTopics(topicsList("abcd3")).all().get();
                                    Assertions.assertTrue(createPlainAuthAdminClient2.listTopics().names().get().containsAll((List) topicsList("abcd3").stream().map((v0) -> {
                                        return v0.name();
                                    }).collect(Collectors.toList())));
                                    if (createPlainAuthAdminClient2 != null) {
                                        if (0 != 0) {
                                            try {
                                                createPlainAuthAdminClient2.close();
                                            } catch (Throwable th7) {
                                                th6.addSuppressed(th7);
                                            }
                                        } else {
                                            createPlainAuthAdminClient2.close();
                                        }
                                    }
                                    if (createPlainAuthAdminClient != null) {
                                        if (0 == 0) {
                                            createPlainAuthAdminClient.close();
                                            return;
                                        }
                                        try {
                                            createPlainAuthAdminClient.close();
                                        } catch (Throwable th8) {
                                            th.addSuppressed(th8);
                                        }
                                    }
                                } catch (Throwable th9) {
                                    th6 = th9;
                                    throw th9;
                                }
                            } finally {
                            }
                        } catch (Throwable th10) {
                            th4 = th10;
                            throw th10;
                        }
                    } finally {
                    }
                } catch (Throwable th11) {
                    th2 = th11;
                    throw th11;
                }
            } finally {
                if (createPlainAuthAdminClient2 != null) {
                    if (th2 != null) {
                        try {
                            createPlainAuthAdminClient2.close();
                        } catch (Throwable th12) {
                            th2.addSuppressed(th12);
                        }
                    } else {
                        createPlainAuthAdminClient2.close();
                    }
                }
            }
        } catch (Throwable th13) {
            if (createPlainAuthAdminClient != null) {
                if (0 != 0) {
                    try {
                        createPlainAuthAdminClient.close();
                    } catch (Throwable th14) {
                        th.addSuppressed(th14);
                    }
                } else {
                    createPlainAuthAdminClient.close();
                }
            }
            throw th13;
        }
    }

    @Test
    public void testResourceIdSupportInKafkaCli() {
        String clientPlainJaasConfig = IntegrationTestHarness.clientPlainJaasConfig("APIKEY1", "pwd1");
        topicAclCommandBuilder(Version.version, "abcd1", clientPlainJaasConfig).execute();
        topicAclCommandBuilder("u-2", "abcd2", clientPlainJaasConfig).execute();
        topicAclCommandBuilder("u-2", "abcd3", clientPlainJaasConfig).execute();
        topicAclCommandBuilder("4", "abcd1", clientPlainJaasConfig).execute();
        String executeAndGrabOutput = this.physicalCluster.newAclCommandWithExternalListener(clientPlainJaasConfig).customCommand(Arrays.asList("--add", "--resource-pattern-type=" + PatternType.LITERAL.name(), "--topic=abcd1", "--operation=" + SecurityUtils.operationName(AclOperation.READ), "--allow-principal=" + new KafkaPrincipal(KafkaPrincipal.USER_TYPE, ConfluentConfigs.AUDIT_LOGGER_REPLICATION_FACTOR_DEFAULT), "--resource-id")).executeAndGrabOutput();
        Assertions.assertTrue(executeAndGrabOutput.split("User:u-2", -1).length == 2 && executeAndGrabOutput.split("User:u-4", -1).length == 2 && executeAndGrabOutput.split("User:3", -1).length == 3);
        String executeAndGrabOutput2 = this.physicalCluster.newAclCommandWithExternalListener(clientPlainJaasConfig).customCommand(Arrays.asList("--list", "--resource-id")).executeAndGrabOutput();
        Assertions.assertTrue(executeAndGrabOutput2.split("User:u-2", -1).length == 4 && executeAndGrabOutput2.split("User:3", -1).length == 2);
        String executeAndGrabOutput3 = this.physicalCluster.newAclCommandWithExternalListener(clientPlainJaasConfig).customCommand(Arrays.asList("--list", "--principal=User:u-2", "--resource-id")).executeAndGrabOutput();
        Assertions.assertTrue(executeAndGrabOutput3.split("User:u-2", -1).length == 5 && executeAndGrabOutput3.split("User:3", -1).length == 1);
        String executeAndGrabOutput4 = this.physicalCluster.newAclCommandWithExternalListener(clientPlainJaasConfig).customCommand(Arrays.asList("--list", "--principal=User:3", "--resource-id")).executeAndGrabOutput();
        Assertions.assertTrue(executeAndGrabOutput4.split("User:u-2", -1).length == 1 && executeAndGrabOutput4.split("User:3", -1).length == 3);
    }

    private Map<ConfigResource, Collection<AlterConfigOp>> supportUserResourceIdInAclConfig(String str) {
        return Collections.singletonMap(new ConfigResource(ConfigResource.Type.BROKER, ""), Collections.singleton(new AlterConfigOp(new ConfigEntry(ConfluentConfigs.SUPPORT_USER_RESOURCE_ID_IN_ACL, str), AlterConfigOp.OpType.SET)));
    }

    private AclCommandBuilder topicAclCommandBuilder(String str, String str2, String str3) {
        return this.physicalCluster.newAclCommandWithExternalListener(str3).addTopicAclArgs(new KafkaPrincipal(KafkaPrincipal.USER_TYPE, str), str2, AclOperation.READ, PatternType.LITERAL);
    }

    private AclBinding topicAcl(String str) {
        return topicAcl(str, "abcd1");
    }

    private AclBinding topicAcl(String str, String str2) {
        return new AclBinding(new ResourcePattern(ResourceType.TOPIC, str2, PatternType.LITERAL), new AccessControlEntry(new KafkaPrincipal(KafkaPrincipal.USER_TYPE, str).toString(), "*", AclOperation.ALL, AclPermissionType.ALLOW));
    }

    private AclBindingFilter topicFilter(String str) {
        return topicFilter(str, KafkaPrincipal.USER_TYPE);
    }

    private AclBindingFilter topicFilter(String str, String str2) {
        return new AclBindingFilter(new ResourcePatternFilter(ResourceType.ANY, null, PatternType.ANY), new AccessControlEntryFilter(new KafkaPrincipal(str2, str).toString(), null, AclOperation.ANY, AclPermissionType.ANY));
    }

    private List<NewTopic> topicsList(String str) {
        return Collections.singletonList(new NewTopic(str, 3, (short) 1));
    }

    private void loadApiKeys(String str, String str2) throws Exception {
        try {
            this.physicalCluster.kafkaCluster().produceApiKeysData("_confluent-apikey", str2, org.apache.kafka.common.utils.Utils.readFullyToString((BufferedInputStream) FileBasedPlainSaslAuthenticatorTest.class.getResource(str).getContent()), true);
        } catch (IOException e) {
            throw new Exception("Couldn't read apikeys content");
        }
    }
}
