package kafka.security.auth;

import java.io.File;
import java.util.List;
import javax.security.auth.login.Configuration;
import kafka.admin.ZkSecurityMigrator$;
import kafka.utils.CoreUtils$;
import kafka.utils.JaasTestUtils$;
import kafka.utils.ZkUtils;
import kafka.utils.ZkUtils$;
import kafka.zk.ZooKeeperTestHarness;
import org.apache.kafka.common.KafkaException;
import org.apache.kafka.common.security.JaasUtils;
import org.apache.zookeeper.data.ACL;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.scalactic.source.Position;
import scala.MatchError;
import scala.Predef$;
import scala.StringContext;
import scala.collection.IterableLike;
import scala.collection.JavaConverters$;
import scala.collection.Seq$;
import scala.collection.mutable.StringBuilder;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.runtime.ObjectRef;
import scala.util.Failure;
import scala.util.Success;
import scala.util.Try;

/* compiled from: ZkAuthorizationTest.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005ec\u0001B\u0001\u0003\u0001%\u00111CW6BkRDwN]5{CRLwN\u001c+fgRT!a\u0001\u0003\u0002\t\u0005,H\u000f\u001b\u0006\u0003\u000b\u0019\t\u0001b]3dkJLG/\u001f\u0006\u0002\u000f\u0005)1.\u00194lC\u000e\u00011c\u0001\u0001\u000b!A\u00111BD\u0007\u0002\u0019)\u0011QBB\u0001\u0003u.L!a\u0004\u0007\u0003)i{wnS3fa\u0016\u0014H+Z:u\u0011\u0006\u0014h.Z:t!\t\tB#D\u0001\u0013\u0015\t\u0019b!A\u0003vi&d7/\u0003\u0002\u0016%\t9Aj\\4hS:<\u0007\"B\f\u0001\t\u0003A\u0012A\u0002\u001fj]&$h\bF\u0001\u001a!\tQ\u0002!D\u0001\u0003\u0011\u001da\u0002A1A\u0005\u0002u\t\u0001B[1bg\u001aKG.Z\u000b\u0002=A\u0011q\u0004J\u0007\u0002A)\u0011\u0011EI\u0001\u0003S>T\u0011aI\u0001\u0005U\u00064\u0018-\u0003\u0002&A\t!a)\u001b7f\u0011\u00199\u0003\u0001)A\u0005=\u0005I!.Y1t\r&dW\r\t\u0005\bS\u0001\u0011\r\u0011\"\u0001+\u00031\tW\u000f\u001e5Qe>4\u0018\u000eZ3s+\u0005Y\u0003C\u0001\u00170\u001b\u0005i#B\u0001\u0018#\u0003\u0011a\u0017M\\4\n\u0005Aj#AB*ue&tw\r\u0003\u00043\u0001\u0001\u0006IaK\u0001\u000eCV$\b\u000e\u0015:pm&$WM\u001d\u0011\t\u000fQ\u0002\u0001\u0019!C\u0001k\u00059!p[+uS2\u001cX#\u0001\u001c\u0011\u0005E9\u0014B\u0001\u001d\u0013\u0005\u001dQ6.\u0016;jYNDqA\u000f\u0001A\u0002\u0013\u00051(A\u0006{WV#\u0018\u000e\\:`I\u0015\fHC\u0001\u001fC!\ti\u0004)D\u0001?\u0015\u0005y\u0014!B:dC2\f\u0017BA!?\u0005\u0011)f.\u001b;\t\u000f\rK\u0014\u0011!a\u0001m\u0005\u0019\u0001\u0010J\u0019\t\r\u0015\u0003\u0001\u0015)\u00037\u0003!Q8.\u0016;jYN\u0004\u0003\"B$\u0001\t\u0003B\u0015!B:fiV\u0003H#\u0001\u001f)\u0005\u0019S\u0005CA&Q\u001b\u0005a%BA'O\u0003\u0015QWO\\5u\u0015\u0005y\u0015aA8sO&\u0011\u0011\u000b\u0014\u0002\u0007\u0005\u00164wN]3\t\u000bM\u0003A\u0011\t%\u0002\u0011Q,\u0017M\u001d#po:D#AU+\u0011\u0005-3\u0016BA,M\u0005\u0015\te\r^3s\u0011\u0015I\u0006\u0001\"\u0001I\u0003]!Xm\u001d;Jgj[7+Z2ve&$\u00180\u00128bE2,G\r\u000b\u0002Y7B\u00111\nX\u0005\u0003;2\u0013A\u0001V3ti\")q\f\u0001C\u0001\u0011\u0006YA/Z:u5.,F/\u001b7tQ\tq6\fC\u0003c\u0001\u0011\u0005\u0001*A\buKN$(l['jOJ\fG/[8oQ\t\t7\fC\u0003f\u0001\u0011\u0005\u0001*A\nuKN$(l[!oi&l\u0015n\u001a:bi&|g\u000e\u000b\u0002e7\")\u0001\u000e\u0001C\u0001\u0011\u0006QA/Z:u\t\u0016dW\r^3)\u0005\u001d\\\u0006\"B6\u0001\t\u0003A\u0015a\u0005;fgR$U\r\\3uKJ+7-\u001e:tSZ,\u0007F\u00016\\\u0011\u0015q\u0007\u0001\"\u0001I\u0003)!Xm\u001d;DQJ|w\u000e\u001e\u0015\u0003[nCQ!\u001d\u0001\u0005\nI\fQ\u0002^3ti6KwM]1uS>tG\u0003\u0002\u001ftwvDQ\u0001\u001e9A\u0002U\fQA_6Ve2\u0004\"A^=\u000f\u0005u:\u0018B\u0001=?\u0003\u0019\u0001&/\u001a3fM&\u0011\u0001G\u001f\u0006\u0003qzBQ\u0001 9A\u0002Y\nqAZ5sgRT6\u000eC\u0003\u007fa\u0002\u0007a'\u0001\u0005tK\u000e|g\u000e\u001a.l\u0011\u001d\t\t\u0001\u0001C\u0005\u0003\u0007\taA^3sS\u001aLH\u0003BA\u0003\u0003\u0017\u00012!PA\u0004\u0013\r\tIA\u0010\u0002\b\u0005>|G.Z1o\u0011\u0019\tia a\u0001k\u0006!\u0001/\u0019;i\u0011\u001d\t\t\u0002\u0001C\u0005\u0003'\tA\"[:BG2\u001cuN\u001d:fGR$\u0002\"!\u0002\u0002\u0016\u0005e\u0012Q\b\u0005\t\u0003/\ty\u00011\u0001\u0002\u001a\u0005!A.[:u!\u0019\tY\"!\t\u0002&5\u0011\u0011Q\u0004\u0006\u0004\u0003?\u0011\u0013\u0001B;uS2LA!a\t\u0002\u001e\t!A*[:u!\u0011\t9#!\u000e\u000e\u0005\u0005%\"\u0002BA\u0016\u0003[\tA\u0001Z1uC*!\u0011qFA\u0019\u0003%Qxn\\6fKB,'OC\u0002\u000249\u000ba!\u00199bG\",\u0017\u0002BA\u001c\u0003S\u00111!Q\"M\u0011!\tY$a\u0004A\u0002\u0005\u0015\u0011AB:fGV\u0014X\r\u0003\u0005\u0002@\u0005=\u0001\u0019AA\u0003\u0003%\u0019XM\\:ji&4X\r\u0003\u0004\u0002D\u0001!I\u0001S\u0001\u0012I\u0016dW\r^3BY2,fn]3dkJ,\u0007bBA$\u0001\u0011%\u0011\u0011J\u0001\u0010I\u0016dW\r^3SK\u000e,(o]5wKR1\u00111JA+\u0003/\u0002b!!\u0014\u0002R\u0005\u0015QBAA(\u0015\r\tyBP\u0005\u0005\u0003'\nyEA\u0002UefDa\u0001NA#\u0001\u00041\u0004bBA\u0007\u0003\u000b\u0002\r!\u001e")
/* loaded from: input_file:kafka/security/auth/ZkAuthorizationTest.class */
public class ZkAuthorizationTest extends ZooKeeperTestHarness {
    private final File jaasFile = JaasTestUtils$.MODULE$.writeJaasContextsToFile(JaasTestUtils$.MODULE$.zkSections());
    private final String authProvider = "zookeeper.authProvider.1";
    private ZkUtils zkUtils = null;

    public File jaasFile() {
        return this.jaasFile;
    }

    public String authProvider() {
        return this.authProvider;
    }

    public ZkUtils zkUtils() {
        return this.zkUtils;
    }

    public void zkUtils_$eq(ZkUtils zkUtils) {
        this.zkUtils = zkUtils;
    }

    @Override // kafka.zk.ZooKeeperTestHarness
    @Before
    public void setUp() {
        System.setProperty("java.security.auth.login.config", jaasFile().getAbsolutePath());
        Configuration.setConfiguration((Configuration) null);
        System.setProperty(authProvider(), "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
        super.setUp();
        zkUtils_$eq(ZkUtils$.MODULE$.apply(zkConnect(), zkSessionTimeout(), zkConnectionTimeout(), BoxesRunTime.unboxToBoolean(zkAclsEnabled().getOrElse(new ZkAuthorizationTest$$anonfun$setUp$1(this)))));
    }

    @Override // kafka.zk.ZooKeeperTestHarness
    @After
    public void tearDown() {
        if (zkUtils() != null) {
            CoreUtils$.MODULE$.swallow(new ZkAuthorizationTest$$anonfun$tearDown$1(this), this, CoreUtils$.MODULE$.swallow$default$3());
        }
        super.tearDown();
        System.clearProperty("java.security.auth.login.config");
        System.clearProperty(authProvider());
        Configuration.setConfiguration((Configuration) null);
    }

    @Test
    public void testIsZkSecurityEnabled() {
        Assert.assertTrue(JaasUtils.isZkSecurityEnabled());
        Configuration.setConfiguration((Configuration) null);
        System.clearProperty("java.security.auth.login.config");
        Assert.assertFalse(JaasUtils.isZkSecurityEnabled());
        try {
            Configuration.setConfiguration((Configuration) null);
            System.setProperty("java.security.auth.login.config", "no-such-file-exists.conf");
            JaasUtils.isZkSecurityEnabled();
            throw fail("Should have thrown an exception", new Position("ZkAuthorizationTest.scala", "Please set the environment variable SCALACTIC_FILL_FILE_PATHNAMES to yes at compile time to enable this feature.", 71));
        } catch (KafkaException unused) {
        }
    }

    @Test
    public void testZkUtils() {
        Assert.assertTrue(zkUtils().isSecure());
        zkUtils().persistentZkPaths().foreach(new ZkAuthorizationTest$$anonfun$testZkUtils$1(this));
        ZkUtils zkUtils = zkUtils();
        zkUtils.createEphemeralPathExpectConflict("/a", "", zkUtils.createEphemeralPathExpectConflict$default$3());
        verify("/a");
        ZkUtils zkUtils2 = zkUtils();
        zkUtils2.createPersistentPath("/b", zkUtils2.createPersistentPath$default$2(), zkUtils2.createPersistentPath$default$3());
        verify("/b");
        ZkUtils zkUtils3 = zkUtils();
        verify(zkUtils3.createSequentialPersistentPath("/c", "", zkUtils3.createSequentialPersistentPath$default$3()));
        ZkUtils zkUtils4 = zkUtils();
        zkUtils4.updateEphemeralPath("/a", "updated", zkUtils4.updateEphemeralPath$default$3());
        Assert.assertTrue(((String) zkUtils().zkClient().readData("/a")).equals("updated"));
        ZkUtils zkUtils5 = zkUtils();
        zkUtils5.updatePersistentPath("/b", "updated", zkUtils5.updatePersistentPath$default$3());
        Assert.assertTrue(((String) zkUtils().zkClient().readData("/b")).equals("updated"));
        info(new ZkAuthorizationTest$$anonfun$testZkUtils$2(this));
    }

    @Test
    public void testZkMigration() {
        ZkUtils apply = ZkUtils$.MODULE$.apply(zkConnect(), 6000, 6000, false);
        try {
            testMigration(zkConnect(), apply, zkUtils());
        } finally {
            apply.close();
        }
    }

    @Test
    public void testZkAntiMigration() {
        ZkUtils apply = ZkUtils$.MODULE$.apply(zkConnect(), 6000, 6000, false);
        try {
            testMigration(zkConnect(), zkUtils(), apply);
        } finally {
            apply.close();
        }
    }

    @Test
    public void testDelete() {
        info(new ZkAuthorizationTest$$anonfun$testDelete$1(this));
        ZkSecurityMigrator$.MODULE$.run(new String[]{"--zookeeper.acl=secure", new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"--zookeeper.connect=", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{zkConnect()}))});
        deleteAllUnsecure();
    }

    @Test
    public void testDeleteRecursive() {
        info(new ZkAuthorizationTest$$anonfun$testDeleteRecursive$1(this));
        ZkUtils$.MODULE$.SecureZkRootPaths().foreach(new ZkAuthorizationTest$$anonfun$testDeleteRecursive$2(this));
        zkUtils().zkConnection().setAcl("/", zkUtils().defaultAcls("/"), -1);
        deleteAllUnsecure();
    }

    @Test
    public void testChroot() {
        String stringBuilder = new StringBuilder().append(zkConnect()).append("/kafka").toString();
        ZkUtils zkUtils = zkUtils();
        zkUtils.createPersistentPath("/kafka", zkUtils.createPersistentPath$default$2(), zkUtils.createPersistentPath$default$3());
        ZkUtils apply = ZkUtils$.MODULE$.apply(stringBuilder, 6000, 6000, false);
        ZkUtils apply2 = ZkUtils$.MODULE$.apply(stringBuilder, 6000, 6000, true);
        try {
            testMigration(stringBuilder, apply, apply2);
        } finally {
            apply.close();
            apply2.close();
        }
    }

    private void testMigration(String str, ZkUtils zkUtils, ZkUtils zkUtils2) {
        String str2;
        info(new ZkAuthorizationTest$$anonfun$testMigration$1(this, str));
        ((IterableLike) ZkUtils$.MODULE$.SecureZkRootPaths().$plus$plus(ZkUtils$.MODULE$.SensitiveZkRootPaths(), Seq$.MODULE$.canBuildFrom())).foreach(new ZkAuthorizationTest$$anonfun$testMigration$2(this, zkUtils));
        if (zkUtils2.isSecure()) {
            zkUtils.createPersistentPath(ZkUtils$.MODULE$.ConsumersPath(), zkUtils.createPersistentPath$default$2(), zkUtils.createPersistentPath$default$3());
            str2 = "secure";
        } else {
            zkUtils2.createPersistentPath(ZkUtils$.MODULE$.ConsumersPath(), zkUtils2.createPersistentPath$default$2(), zkUtils2.createPersistentPath$default$3());
            str2 = "unsecure";
        }
        ZkSecurityMigrator$.MODULE$.run(new String[]{new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"--zookeeper.acl=", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str2})), new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"--zookeeper.connect=", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str}))});
        info(new ZkAuthorizationTest$$anonfun$testMigration$3(this));
        ((IterableLike) ZkUtils$.MODULE$.SecureZkRootPaths().$plus$plus(ZkUtils$.MODULE$.SensitiveZkRootPaths(), Seq$.MODULE$.canBuildFrom())).foreach(new ZkAuthorizationTest$$anonfun$testMigration$4(this, zkUtils2));
        Assert.assertTrue(ZkUtils$.MODULE$.ConsumersPath(), kafka$security$auth$ZkAuthorizationTest$$isAclCorrect((List) zkUtils.zkConnection().getAcl(ZkUtils$.MODULE$.ConsumersPath()).getKey(), false, false));
    }

    private boolean verify(String str) {
        boolean sensitivePath = ZkUtils$.MODULE$.sensitivePath(str);
        return ((IterableLike) JavaConverters$.MODULE$.asScalaBufferConverter((List) zkUtils().zkConnection().getAcl(str).getKey()).asScala()).forall(new ZkAuthorizationTest$$anonfun$verify$1(this, sensitivePath));
    }

    public boolean kafka$security$auth$ZkAuthorizationTest$$isAclCorrect(List<ACL> list, boolean z, boolean z2) {
        if ((!z || z2) ? list.size() == 1 : list.size() == 2) {
            if (((IterableLike) JavaConverters$.MODULE$.asScalaBufferConverter(list).asScala()).forall(z ? new ZkAuthorizationTest$$anonfun$kafka$security$auth$ZkAuthorizationTest$$isAclCorrect$1(this, z2) : new ZkAuthorizationTest$$anonfun$kafka$security$auth$ZkAuthorizationTest$$isAclCorrect$2(this))) {
                return true;
            }
        }
        return false;
    }

    private void deleteAllUnsecure() {
        System.setProperty("zookeeper.sasl.client", "false");
        ZkUtils apply = ZkUtils$.MODULE$.apply(zkConnect(), 6000, 6000, false);
        Failure kafka$security$auth$ZkAuthorizationTest$$deleteRecursive = kafka$security$auth$ZkAuthorizationTest$$deleteRecursive(apply, "/");
        apply.close();
        System.clearProperty("zookeeper.sasl.client");
        if (kafka$security$auth$ZkAuthorizationTest$$deleteRecursive instanceof Success) {
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            if (!(kafka$security$auth$ZkAuthorizationTest$$deleteRecursive instanceof Failure)) {
                throw new MatchError(kafka$security$auth$ZkAuthorizationTest$$deleteRecursive);
            }
            throw fail(kafka$security$auth$ZkAuthorizationTest$$deleteRecursive.exception().getMessage(), new Position("ZkAuthorizationTest.scala", "Please set the environment variable SCALACTIC_FILL_FILE_PATHNAMES to yes at compile time to enable this feature.", 276));
        }
    }

    public Try<Object> kafka$security$auth$ZkAuthorizationTest$$deleteRecursive(ZkUtils zkUtils, String str) {
        Try<Object> r0;
        Try<Object> r17;
        info(new ZkAuthorizationTest$$anonfun$kafka$security$auth$ZkAuthorizationTest$$deleteRecursive$1(this, str));
        ObjectRef create = ObjectRef.create(new Success(BoxesRunTime.boxToBoolean(true)));
        zkUtils.getChildren(str).foreach(new ZkAuthorizationTest$$anonfun$kafka$security$auth$ZkAuthorizationTest$$deleteRecursive$2(this, zkUtils, str, create));
        if ("/".equals(str)) {
            r17 = (Try) create.elem;
        } else {
            try {
                zkUtils.deletePath(str);
                r0 = new Failure<>(new Exception(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Have been able to delete ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str}))));
            } catch (Exception unused) {
                r0 = (Try) create.elem;
            }
            r17 = r0;
        }
        return r17;
    }
}
