package kafka.api;

import java.util.Properties;
import kafka.server.KafkaConfig$;
import kafka.server.KafkaServer;
import kafka.utils.JaasTestUtils$;
import kafka.utils.TestInfoUtils$;
import kafka.utils.TestUtils$;
import kafka.zk.ConfigEntityChangeNotificationZNode$;
import org.apache.kafka.clients.admin.Admin;
import org.apache.kafka.clients.admin.AlterUserScramCredentialsResult;
import org.apache.kafka.clients.admin.CreateDelegationTokenOptions;
import org.apache.kafka.clients.admin.ScramCredentialInfo;
import org.apache.kafka.clients.admin.UserScramCredentialUpsertion;
import org.apache.kafka.common.KafkaFuture;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.security.scram.internals.ScramMechanism;
import org.apache.kafka.common.security.token.delegation.DelegationToken;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInfo;
import scala.Function0;
import scala.Option$;
import scala.Predef$;
import scala.Some;
import scala.Tuple2;
import scala.collection.TraversableOnce;
import scala.collection.immutable.$colon;
import scala.collection.immutable.List;
import scala.collection.immutable.Nil$;
import scala.jdk.CollectionConverters$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxesRunTime;
import scala.runtime.RichLong$;

/* compiled from: DelegationTokenEndToEndAuthorizationTest.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005Uf\u0001\u0002\u0014(\u00011BQ!\r\u0001\u0005\u0002IBq\u0001\u000e\u0001C\u0002\u0013\u0005Q\u0007\u0003\u0004?\u0001\u0001\u0006IA\u000e\u0005\b\u007f\u0001\u0011\r\u0011\"\u0001A\u0011\u0019Y\u0005\u0001)A\u0005\u0003\")A\n\u0001C)\u001b\"9Q\f\u0001b\u0001\n#r\u0006B\u00025\u0001A\u0003%q\fC\u0004j\u0001\t\u0007I\u0011\u000b0\t\r)\u0004\u0001\u0015!\u0003`\u0011\u001dY\u0007A1A\u0005B1Da\u0001\u001d\u0001!\u0002\u0013i\u0007bB9\u0001\u0005\u0004%I!\u000e\u0005\u0007e\u0002\u0001\u000b\u0011\u0002\u001c\t\u000fM\u0004!\u0019!C!Y\"1A\u000f\u0001Q\u0001\n5Dq!\u001e\u0001C\u0002\u0013EQ\u0007\u0003\u0004w\u0001\u0001\u0006IA\u000e\u0005\bo\u0002\u0011\r\u0011\"\u00116\u0011\u0019A\b\u0001)A\u0005m!9\u0011\u0010\u0001b\u0001\n#Q\bBB>\u0001A\u0003%!\rC\u0003}\u0001\u0011\u0005Q\u0010C\u0004\u0002\u000e\u0001!\t!a\u0004\t\u000f\u0005]\u0001\u0001\"\u0011\u0002\u0010!9\u0011\u0011\u0004\u0001\u0005B\u0005m\u0001bBA\u0012\u0001\u0011\u0005\u0011q\u0002\u0005\b\u0003K\u0001A\u0011IA\b\u0011\u001d\t9\u0003\u0001C\u0001\u0003\u001fAq!!\u0010\u0001\t\u0003\ny\u0004C\u0004\u0002T\u0001!\t!!\u0016\t\u000f\u00055\u0004\u0001\"\u0001\u0002p!9\u0011q\u000f\u0001\u0005\u0002\u0005e\u0004bBA?\u0001\u0011\u0005\u00111\u0004\u0005\b\u0003\u007f\u0002A\u0011AAA\u0011\u001d\ty\b\u0001C\u0001\u0003\u0013C\u0011\"!(\u0001#\u0003%\t!a(\u0003Q\u0011+G.Z4bi&|g\u000eV8lK:,e\u000e\u001a+p\u000b:$\u0017)\u001e;i_JL'0\u0019;j_:$Vm\u001d;\u000b\u0005!J\u0013aA1qS*\t!&A\u0003lC\u001a\\\u0017m\u0001\u0001\u0014\u0005\u0001i\u0003C\u0001\u00180\u001b\u00059\u0013B\u0001\u0019(\u0005e)e\u000e\u001a+p\u000b:$\u0017)\u001e;i_JL'0\u0019;j_:$Vm\u001d;\u0002\rqJg.\u001b;?)\u0005\u0019\u0004C\u0001\u0018\u0001\u0003aY\u0017MZ6b\u00072LWM\u001c;TCNdW*Z2iC:L7/\\\u000b\u0002mA\u0011q\u0007P\u0007\u0002q)\u0011\u0011HO\u0001\u0005Y\u0006twMC\u0001<\u0003\u0011Q\u0017M^1\n\u0005uB$AB*ue&tw-A\rlC\u001a\\\u0017m\u00117jK:$8+Y:m\u001b\u0016\u001c\u0007.\u00198jg6\u0004\u0013!G6bM.\f7+\u001a:wKJ\u001c\u0016m\u001d7NK\u000eD\u0017M\\5t[N,\u0012!\u0011\t\u0004\u0005\"3dBA\"G\u001b\u0005!%\"A#\u0002\u000bM\u001c\u0017\r\\1\n\u0005\u001d#\u0015a\u00029bG.\fw-Z\u0005\u0003\u0013*\u0013A\u0001T5ti*\u0011q\tR\u0001\u001bW\u000647.Y*feZ,'oU1tY6+7\r[1oSNl7\u000fI\u0001\u0011g\u0016\u001cWO]5usB\u0013x\u000e^8d_2,\u0012A\u0014\t\u0003\u001fnk\u0011\u0001\u0015\u0006\u0003#J\u000bA!Y;uQ*\u00111\u000bV\u0001\tg\u0016\u001cWO]5us*\u0011QKV\u0001\u0007G>lWn\u001c8\u000b\u0005):&B\u0001-Z\u0003\u0019\t\u0007/Y2iK*\t!,A\u0002pe\u001eL!\u0001\u0018)\u0003!M+7-\u001e:jif\u0004&o\u001c;pG>d\u0017\u0001F:feZ,'oU1tYB\u0013x\u000e]3si&,7/F\u0001`!\r\u0019\u0005MY\u0005\u0003C\u0012\u0013AaU8nKB\u00111MZ\u0007\u0002I*\u0011QMO\u0001\u0005kRLG.\u0003\u0002hI\nQ\u0001K]8qKJ$\u0018.Z:\u0002+M,'O^3s'\u0006\u001cH\u000e\u0015:pa\u0016\u0014H/[3tA\u0005!2\r\\5f]R\u001c\u0016m\u001d7Qe>\u0004XM\u001d;jKN\fQc\u00197jK:$8+Y:m!J|\u0007/\u001a:uS\u0016\u001c\b%A\bdY&,g\u000e\u001e)sS:\u001c\u0017\u000e]1m+\u0005i\u0007CA(o\u0013\ty\u0007K\u0001\bLC\u001a\\\u0017\r\u0015:j]\u000eL\u0007/\u00197\u0002!\rd\u0017.\u001a8u!JLgnY5qC2\u0004\u0013AD2mS\u0016tG\u000fU1tg^|'\u000fZ\u0001\u0010G2LWM\u001c;QCN\u001cxo\u001c:eA\u0005q1.\u00194lCB\u0013\u0018N\\2ja\u0006d\u0017aD6bM.\f\u0007K]5oG&\u0004\u0018\r\u001c\u0011\u0002\u001b-\fgm[1QCN\u001cxo\u001c:e\u00039Y\u0017MZ6b!\u0006\u001c8o^8sI\u0002\n1#\u001e8j[BdW-\\3oi\u0016$\u0017/^8sk6\fA#\u001e8j[BdW-\\3oi\u0016$\u0017/^8sk6\u0004\u0013a\u00079sSZLG.Z4fI\u0006#W.\u001b8DY&,g\u000e^\"p]\u001aLw-F\u0001c\u0003q\u0001(/\u001b<jY\u0016<W\rZ!e[&t7\t\\5f]R\u001cuN\u001c4jO\u0002\nAd\u0019:fCR,G)\u001a7fO\u0006$\u0018n\u001c8U_.,gn\u00149uS>t7\u000fF\u0001\u007f!\ry\u0018\u0011B\u0007\u0003\u0003\u0003QA!a\u0001\u0002\u0006\u0005)\u0011\rZ7j]*\u0019\u0011q\u0001,\u0002\u000f\rd\u0017.\u001a8ug&!\u00111BA\u0001\u0005q\u0019%/Z1uK\u0012+G.Z4bi&|g\u000eV8lK:|\u0005\u000f^5p]N\fAeY8oM&<WO]3U_.,g.Q2mg\n+gm\u001c:f'\u0016\u0014h/\u001a:t'R\f'\u000f\u001e\u000b\u0003\u0003#\u00012aQA\n\u0013\r\t)\u0002\u0012\u0002\u0005+:LG/A\u0012d_:4\u0017nZ;sKN+7-\u001e:jif\u0014UMZ8sKN+'O^3sgN#\u0018M\u001d;\u00027\r\u0014X-\u0019;f!JLg/\u001b7fO\u0016$\u0017\tZ7j]\u000ec\u0017.\u001a8u)\t\ti\u0002E\u0002��\u0003?IA!!\t\u0002\u0002\t)\u0011\tZ7j]\u0006q3M]3bi\u0016\fE\rZ5uS>t\u0017\r\\\"sK\u0012,g\u000e^5bYN\fe\r^3s'\u0016\u0014h/\u001a:t'R\f'\u000f^3e\u0003\t\u001awN\u001c4jOV\u0014XmU3dkJLG/_!gi\u0016\u00148+\u001a:wKJ\u001c8\u000b^1si\u0006\tC/Z:u\u0007J,\u0017\r^3Vg\u0016\u0014x+\u001b;i\t\u0016dWmZ1uS>tGk\\6f]\"\u001aQ$a\u000b\u0011\t\u00055\u0012\u0011H\u0007\u0003\u0003_Q1\u0001KA\u0019\u0015\u0011\t\u0019$!\u000e\u0002\u000f),\b/\u001b;fe*\u0019\u0011qG-\u0002\u000b),h.\u001b;\n\t\u0005m\u0012q\u0006\u0002\u0005)\u0016\u001cH/A\u0003tKR,\u0006\u000f\u0006\u0003\u0002\u0012\u0005\u0005\u0003bBA\"=\u0001\u0007\u0011QI\u0001\ti\u0016\u001cH/\u00138g_B!\u0011QFA$\u0013\u0011\tI%a\f\u0003\u0011Q+7\u000f^%oM>D3AHA'!\u0011\ti#a\u0014\n\t\u0005E\u0013q\u0006\u0002\u000b\u0005\u00164wN]3FC\u000eD\u0017\u0001E1tg\u0016\u0014H\u000fV8lK:|uO\\3s)\u0019\t\t\"a\u0016\u0002\\!1\u0011\u0011L\u0010A\u00025\fQa\\<oKJDq!!\u0018 \u0001\u0004\ty&A\u0003u_.,g\u000e\u0005\u0003\u0002b\u0005%TBAA2\u0015\u0011\t)'a\u001a\u0002\u0015\u0011,G.Z4bi&|gNC\u0002\u0002^IKA!a\u001b\u0002d\tyA)\u001a7fO\u0006$\u0018n\u001c8U_.,g.\u0001\u000bbgN,'\u000f\u001e+pW\u0016t'+Z9vKN$XM\u001d\u000b\u0007\u0003#\t\t(!\u001e\t\r\u0005M\u0004\u00051\u0001n\u0003%\u0011X-];fgR,'\u000fC\u0004\u0002^\u0001\u0002\r!a\u0018\u0002\u0017\u0005\u001c8/\u001a:u)>\\WM\u001c\u000b\u0005\u0003#\tY\bC\u0004\u0002^\u0005\u0002\r!a\u0018\u0002?\r\u0014X-\u0019;f)>\\WM\u001c*fcV,7\u000f^3s\u0003\u0012l\u0017N\\\"mS\u0016tG/\u0001\fde\u0016\fG/\u001a#fY\u0016<\u0017\r^5p]R{7.\u001a8t)\t\t\u0019\tE\u0004D\u0003\u000b\u000by&a\u0018\n\u0007\u0005\u001dEI\u0001\u0004UkBdWM\r\u000b\u0007\u0003\u0007\u000bY)a%\t\rq$\u0003\u0019AAG!\u0011\u0019\u0015q\u0012@\n\u0007\u0005EEIA\u0005Gk:\u001cG/[8oa!I\u0011Q\u0013\u0013\u0011\u0002\u0003\u0007\u0011qS\u0001\u0007CN\u001cXM\u001d;\u0011\u0007\r\u000bI*C\u0002\u0002\u001c\u0012\u0013qAQ8pY\u0016\fg.\u0001\u0011de\u0016\fG/\u001a#fY\u0016<\u0017\r^5p]R{7.\u001a8tI\u0011,g-Y;mi\u0012\u0012TCAAQU\u0011\t9*a),\u0005\u0005\u0015\u0006\u0003BAT\u0003ck!!!+\u000b\t\u0005-\u0016QV\u0001\nk:\u001c\u0007.Z2lK\u0012T1!a,E\u0003)\tgN\\8uCRLwN\\\u0005\u0005\u0003g\u000bIKA\tv]\u000eDWmY6fIZ\u000b'/[1oG\u0016\u0004")
/* loaded from: input_file:kafka/api/DelegationTokenEndToEndAuthorizationTest.class */
public class DelegationTokenEndToEndAuthorizationTest extends EndToEndAuthorizationTest {
    private final String kafkaClientSaslMechanism = "SCRAM-SHA-256";
    private final List<String> kafkaServerSaslMechanisms = ((TraversableOnce) CollectionConverters$.MODULE$.collectionAsScalaIterableConverter(ScramMechanism.mechanismNames()).asScala()).toList();
    private final Some<Properties> serverSaslProperties = new Some<>(kafkaServerSaslProperties(kafkaServerSaslMechanisms(), kafkaClientSaslMechanism()));
    private final Some<Properties> clientSaslProperties = new Some<>(kafkaClientSaslProperties(kafkaClientSaslMechanism(), kafkaClientSaslProperties$default$2()));
    private final KafkaPrincipal clientPrincipal = new KafkaPrincipal("User", JaasTestUtils$.MODULE$.KafkaScramUser());
    private final String clientPassword = JaasTestUtils$.MODULE$.KafkaScramPassword();
    private final KafkaPrincipal kafkaPrincipal = new KafkaPrincipal("User", JaasTestUtils$.MODULE$.KafkaScramAdmin());
    private final String kafkaPassword = JaasTestUtils$.MODULE$.KafkaScramAdminPassword();
    private final String unimplementedquorum = "kraft";
    private final Properties privilegedAdminClientConfig = new Properties();

    public String kafkaClientSaslMechanism() {
        return this.kafkaClientSaslMechanism;
    }

    public List<String> kafkaServerSaslMechanisms() {
        return this.kafkaServerSaslMechanisms;
    }

    @Override // kafka.integration.KafkaServerTestHarness
    public SecurityProtocol securityProtocol() {
        return SecurityProtocol.SASL_SSL;
    }

    @Override // kafka.integration.KafkaServerTestHarness
    /* renamed from: serverSaslProperties, reason: merged with bridge method [inline-methods] */
    public Some<Properties> mo12serverSaslProperties() {
        return this.serverSaslProperties;
    }

    @Override // kafka.integration.KafkaServerTestHarness
    /* renamed from: clientSaslProperties, reason: merged with bridge method [inline-methods] */
    public Some<Properties> mo11clientSaslProperties() {
        return this.clientSaslProperties;
    }

    @Override // kafka.api.EndToEndAuthorizationTest
    public KafkaPrincipal clientPrincipal() {
        return this.clientPrincipal;
    }

    private String clientPassword() {
        return this.clientPassword;
    }

    @Override // kafka.api.EndToEndAuthorizationTest
    public KafkaPrincipal kafkaPrincipal() {
        return this.kafkaPrincipal;
    }

    public String kafkaPassword() {
        return this.kafkaPassword;
    }

    @Override // kafka.api.EndToEndAuthorizationTest
    public String unimplementedquorum() {
        return this.unimplementedquorum;
    }

    public Properties privilegedAdminClientConfig() {
        return this.privilegedAdminClientConfig;
    }

    public CreateDelegationTokenOptions createDelegationTokenOptions() {
        return new CreateDelegationTokenOptions();
    }

    public void configureTokenAclsBeforeServersStart() {
    }

    @Override // kafka.integration.KafkaServerTestHarness
    public void configureSecurityBeforeServersStart() {
        super.configureSecurityBeforeServersStart();
        configureTokenAclsBeforeServersStart();
        zkClient().makeSurePersistentPathExists(ConfigEntityChangeNotificationZNode$.MODULE$.path());
        createScramCredentials(zkConnect(), kafkaPrincipal().getName(), kafkaPassword());
    }

    @Override // kafka.api.EndToEndAuthorizationTest, kafka.api.SaslSetup
    public Admin createPrivilegedAdminClient() {
        return createScramAdminClient(kafkaClientSaslMechanism(), kafkaPrincipal().getName(), kafkaPassword());
    }

    public void createAdditionalCredentialsAfterServersStarted() {
    }

    @Override // kafka.integration.KafkaServerTestHarness
    public void configureSecurityAfterServersStart() {
        super.configureSecurityAfterServersStart();
        createScramCredentialsViaPrivilegedAdminClient(clientPrincipal().getName(), clientPassword());
        waitForUserScramCredentialToAppearOnAllBrokers(clientPrincipal().getName(), kafkaClientSaslMechanism());
        createAdditionalCredentialsAfterServersStarted();
        Tuple2<DelegationToken, DelegationToken> createDelegationTokens = createDelegationTokens();
        DelegationToken delegationToken = (DelegationToken) createDelegationTokens._1();
        DelegationToken delegationToken2 = (DelegationToken) createDelegationTokens._2();
        privilegedAdminClientConfig().putAll(adminClientConfig());
        String str = JaasTestUtils$.MODULE$.tokenClientLoginModule(delegationToken.tokenInfo().tokenId(), delegationToken.hmacAsBase64String());
        producerConfig().put("sasl.jaas.config", str);
        consumerConfig().put("sasl.jaas.config", str);
        adminClientConfig().put("sasl.jaas.config", str);
        String str2 = JaasTestUtils$.MODULE$.tokenClientLoginModule(delegationToken2.tokenInfo().tokenId(), delegationToken2.hmacAsBase64String());
        privilegedAdminClientConfig().put("sasl.jaas.config", str2);
        superuserClientConfig().put("sasl.jaas.config", str2);
    }

    @Test
    public void testCreateUserWithDelegationToken() {
        Admin create = Admin.create(privilegedAdminClientConfig());
        try {
            AlterUserScramCredentialsResult alterUserScramCredentials = create.alterUserScramCredentials((java.util.List) CollectionConverters$.MODULE$.seqAsJavaListConverter(new $colon.colon(new UserScramCredentialUpsertion("user", new ScramCredentialInfo(org.apache.kafka.clients.admin.ScramMechanism.SCRAM_SHA_256, 4096), "password"), Nil$.MODULE$)).asJava());
            Assertions.assertEquals(1, alterUserScramCredentials.values().size());
            ((KafkaFuture) alterUserScramCredentials.values().get("user")).get();
        } finally {
            create.close();
        }
    }

    @Override // kafka.api.EndToEndAuthorizationTest, kafka.api.IntegrationTestHarness, kafka.integration.KafkaServerTestHarness, kafka.server.QuorumTestHarness
    @BeforeEach
    public void setUp(TestInfo testInfo) {
        if (TestInfoUtils$.MODULE$.isKRaft(testInfo)) {
            return;
        }
        startSasl(jaasSections(kafkaServerSaslMechanisms(), Option$.MODULE$.apply(kafkaClientSaslMechanism()), Both$.MODULE$, jaasSections$default$4()));
        super.setUp(testInfo);
        privilegedAdminClientConfig().put("bootstrap.servers", bootstrapServers(bootstrapServers$default$1()));
    }

    public void assertTokenOwner(KafkaPrincipal kafkaPrincipal, DelegationToken delegationToken) {
        Assertions.assertEquals(kafkaPrincipal, delegationToken.tokenInfo().owner());
    }

    public void assertTokenRequester(KafkaPrincipal kafkaPrincipal, DelegationToken delegationToken) {
        Assertions.assertEquals(kafkaPrincipal, delegationToken.tokenInfo().tokenRequester());
    }

    public void assertToken(DelegationToken delegationToken) {
        assertTokenOwner(clientPrincipal(), delegationToken);
        assertTokenRequester(clientPrincipal(), delegationToken);
    }

    public Admin createTokenRequesterAdminClient() {
        return createScramAdminClient(kafkaClientSaslMechanism(), clientPrincipal().getName(), clientPassword());
    }

    public Tuple2<DelegationToken, DelegationToken> createDelegationTokens() {
        return createDelegationTokens(() -> {
            return this.createDelegationTokenOptions();
        }, createDelegationTokens$default$2());
    }

    public Tuple2<DelegationToken, DelegationToken> createDelegationTokens(Function0<CreateDelegationTokenOptions> function0, boolean z) {
        Admin createTokenRequesterAdminClient = createTokenRequesterAdminClient();
        try {
            Admin createScramAdminClient = createScramAdminClient(kafkaClientSaslMechanism(), kafkaPrincipal().getName(), kafkaPassword());
            try {
                DelegationToken delegationToken = (DelegationToken) createTokenRequesterAdminClient.createDelegationToken((CreateDelegationTokenOptions) function0.apply()).delegationToken().get();
                if (z) {
                    assertToken(delegationToken);
                }
                DelegationToken delegationToken2 = (DelegationToken) createScramAdminClient.createDelegationToken().delegationToken().get();
                TestUtils$ testUtils$ = TestUtils$.MODULE$;
                long waitUntilTrue$default$3 = TestUtils$.MODULE$.waitUntilTrue$default$3();
                long waitUntilTrue$default$4 = TestUtils$.MODULE$.waitUntilTrue$default$4();
                if (testUtils$ == null) {
                    throw null;
                }
                long currentTimeMillis = System.currentTimeMillis();
                while (!$anonfun$createDelegationTokens$2(this)) {
                    if (System.currentTimeMillis() > currentTimeMillis + waitUntilTrue$default$3) {
                        Assertions.fail($anonfun$createDelegationTokens$4());
                    }
                    Thread.sleep(RichLong$.MODULE$.min$extension(Predef$.MODULE$.longWrapper(waitUntilTrue$default$3), waitUntilTrue$default$4));
                }
                Tuple2<DelegationToken, DelegationToken> tuple2 = new Tuple2<>(delegationToken, delegationToken2);
                createScramAdminClient.close();
                return tuple2;
            } catch (Throwable th) {
                createScramAdminClient.close();
                throw th;
            }
        } finally {
            createTokenRequesterAdminClient.close();
        }
    }

    public boolean createDelegationTokens$default$2() {
        return true;
    }

    public static final /* synthetic */ boolean $anonfun$createDelegationTokens$3(KafkaServer kafkaServer) {
        return kafkaServer.tokenCache().tokens().size() == 2;
    }

    public static final /* synthetic */ boolean $anonfun$createDelegationTokens$2(DelegationTokenEndToEndAuthorizationTest delegationTokenEndToEndAuthorizationTest) {
        return delegationTokenEndToEndAuthorizationTest.servers().forall(kafkaServer -> {
            return BoxesRunTime.boxToBoolean($anonfun$createDelegationTokens$3(kafkaServer));
        });
    }

    public static final /* synthetic */ String $anonfun$createDelegationTokens$4() {
        return "Timed out waiting for token to propagate to all servers";
    }

    public DelegationTokenEndToEndAuthorizationTest() {
        serverConfig().setProperty(KafkaConfig$.MODULE$.DelegationTokenSecretKeyProp(), "testKey");
    }
}
