package kafka.api;

import java.util.Properties;
import kafka.utils.TestUtils$;
import org.apache.kafka.common.network.Mode;
import org.apache.kafka.common.security.auth.AuthenticationContext;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.KafkaPrincipalBuilder;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.security.auth.SslAuthenticationContext;
import org.junit.Before;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.collection.LinearSeqOptimized;
import scala.collection.immutable.List$;
import scala.collection.immutable.StringOps;
import scala.reflect.ScalaSignature;
import scala.util.matching.Regex;

/* compiled from: SslEndToEndAuthorizationTest.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005]q!B\n\u0015\u0011\u0003Ib!B\u000e\u0015\u0011\u0003a\u0002\"B\u0012\u0002\t\u0003!c\u0001B\u0013\u0002\u0001\u0019BQaI\u0002\u0005\u0002yBq!Q\u0002C\u0002\u0013%!\t\u0003\u0004L\u0007\u0001\u0006Ia\u0011\u0005\u0006\u0019\u000e!\t%\u0014\u0004\u00057Q\u0001a\u000bC\u0003$\u0011\u0011\u0005!\fC\u0003]\u0011\u0011ES\fC\u0004b\u0011\t\u0007I\u0011\u00022\t\r\u0019D\u0001\u0015!\u0003d\u0011\u001d9\u0007B1A\u0005B!Daa\u001d\u0005!\u0002\u0013I\u0007b\u0002;\t\u0005\u0004%\tE\u0019\u0005\u0007k\"\u0001\u000b\u0011B2\t\u000bYDA\u0011I<\t\u000f\u0005\u0015\u0001\u0002\"\u0011\u0002\b\u0005a2k\u001d7F]\u0012$v.\u00128e\u0003V$\bn\u001c:ju\u0006$\u0018n\u001c8UKN$(BA\u000b\u0017\u0003\r\t\u0007/\u001b\u0006\u0002/\u0005)1.\u00194lC\u000e\u0001\u0001C\u0001\u000e\u0002\u001b\u0005!\"\u0001H*tY\u0016sG\rV8F]\u0012\fU\u000f\u001e5pe&T\u0018\r^5p]R+7\u000f^\n\u0003\u0003u\u0001\"AH\u0011\u000e\u0003}Q\u0011\u0001I\u0001\u0006g\u000e\fG.Y\u0005\u0003E}\u0011a!\u00118z%\u00164\u0017A\u0002\u001fj]&$h\bF\u0001\u001a\u0005Q!Vm\u001d;Qe&t7-\u001b9bY\n+\u0018\u000e\u001c3feN\u00191aJ\u0018\u0011\u0005!jS\"A\u0015\u000b\u0005)Z\u0013\u0001\u00027b]\u001eT\u0011\u0001L\u0001\u0005U\u00064\u0018-\u0003\u0002/S\t1qJ\u00196fGR\u0004\"\u0001\r\u001f\u000e\u0003ER!AM\u001a\u0002\t\u0005,H\u000f\u001b\u0006\u0003iU\n\u0001b]3dkJLG/\u001f\u0006\u0003m]\naaY8n[>t'BA\f9\u0015\tI$(\u0001\u0004ba\u0006\u001c\u0007.\u001a\u0006\u0002w\u0005\u0019qN]4\n\u0005u\n$!F&bM.\f\u0007K]5oG&\u0004\u0018\r\u001c\"vS2$WM\u001d\u000b\u0002\u007fA\u0011\u0001iA\u0007\u0002\u0003\u00059\u0001+\u0019;uKJtW#A\"\u0011\u0005\u0011KU\"A#\u000b\u0005\u0019;\u0015\u0001C7bi\u000eD\u0017N\\4\u000b\u0005!{\u0012\u0001B;uS2L!AS#\u0003\u000bI+w-\u001a=\u0002\u0011A\u000bG\u000f^3s]\u0002\nQAY;jY\u0012$\"AT)\u0011\u0005Az\u0015B\u0001)2\u00059Y\u0015MZ6b!JLgnY5qC2DQAU\u0004A\u0002M\u000bqaY8oi\u0016DH\u000f\u0005\u00021)&\u0011Q+\r\u0002\u0016\u0003V$\b.\u001a8uS\u000e\fG/[8o\u0007>tG/\u001a=u'\tAq\u000b\u0005\u0002\u001b1&\u0011\u0011\f\u0006\u0002\u001a\u000b:$Gk\\#oI\u0006+H\u000f[8sSj\fG/[8o)\u0016\u001cH\u000fF\u0001\\!\tQ\u0002\"\u0001\ttK\u000e,(/\u001b;z!J|Go\\2pYV\ta\f\u0005\u00021?&\u0011\u0001-\r\u0002\u0011'\u0016\u001cWO]5usB\u0013x\u000e^8d_2\f\u0001b\u00197jK:$8I\\\u000b\u0002GB\u0011\u0001\u0006Z\u0005\u0003K&\u0012aa\u0015;sS:<\u0017!C2mS\u0016tGo\u00118!\u0003=\u0019G.[3oiB\u0013\u0018N\\2ja\u0006dW#A5\u0011\u0005)\fhBA6p!\taw$D\u0001n\u0015\tq\u0007$\u0001\u0004=e>|GOP\u0005\u0003a~\ta\u0001\u0015:fI\u00164\u0017BA3s\u0015\t\u0001x$\u0001\tdY&,g\u000e\u001e)sS:\u001c\u0017\u000e]1mA\u0005q1.\u00194lCB\u0013\u0018N\\2ja\u0006d\u0017aD6bM.\f\u0007K]5oG&\u0004\u0018\r\u001c\u0011\u0002\u000bM,G/\u00169\u0015\u0003a\u0004\"AH=\n\u0005i|\"\u0001B+oSRD#!\u0005?\u0011\u0007u\f\t!D\u0001\u007f\u0015\ty((A\u0003kk:LG/C\u0002\u0002\u0004y\u0014aAQ3g_J,\u0017aE2mS\u0016tGoU3dkJLG/\u001f)s_B\u001cH\u0003BA\u0005\u0003'\u0001B!a\u0003\u0002\u00105\u0011\u0011Q\u0002\u0006\u0003\u0011.JA!!\u0005\u0002\u000e\tQ\u0001K]8qKJ$\u0018.Z:\t\r\u0005U!\u00031\u0001j\u0003%\u0019WM\u001d;BY&\f7\u000f")
/* loaded from: input_file:kafka/api/SslEndToEndAuthorizationTest.class */
public class SslEndToEndAuthorizationTest extends EndToEndAuthorizationTest {
    private final String clientCn;
    private final String clientPrincipal;
    private final String kafkaPrincipal;

    /* compiled from: SslEndToEndAuthorizationTest.scala */
    /* loaded from: input_file:kafka/api/SslEndToEndAuthorizationTest$TestPrincipalBuilder.class */
    public static class TestPrincipalBuilder implements KafkaPrincipalBuilder {
        private final Regex Pattern = new StringOps(Predef$.MODULE$.augmentString("O=A (.*?),CN=(.*?)")).r();

        private Regex Pattern() {
            return this.Pattern;
        }

        public KafkaPrincipal build(AuthenticationContext authenticationContext) {
            KafkaPrincipal kafkaPrincipal;
            if (!(authenticationContext instanceof SslAuthenticationContext)) {
                throw new MatchError(authenticationContext);
            }
            String name = ((SslAuthenticationContext) authenticationContext).session().getPeerPrincipal().getName();
            Option unapplySeq = Pattern().unapplySeq(name);
            if (unapplySeq.isEmpty() || unapplySeq.get() == null || ((LinearSeqOptimized) unapplySeq.get()).lengthCompare(2) != 0) {
                kafkaPrincipal = KafkaPrincipal.ANONYMOUS;
            } else {
                String str = (String) ((LinearSeqOptimized) unapplySeq.get()).apply(0);
                kafkaPrincipal = new KafkaPrincipal("User", (str != null ? !str.equals("server") : "server" != 0) ? name : str);
            }
            return kafkaPrincipal;
        }
    }

    @Override // kafka.integration.KafkaServerTestHarness
    public SecurityProtocol securityProtocol() {
        return SecurityProtocol.SSL;
    }

    private String clientCn() {
        return this.clientCn;
    }

    @Override // kafka.api.EndToEndAuthorizationTest
    public String clientPrincipal() {
        return this.clientPrincipal;
    }

    @Override // kafka.api.EndToEndAuthorizationTest
    public String kafkaPrincipal() {
        return this.kafkaPrincipal;
    }

    @Override // kafka.api.EndToEndAuthorizationTest, kafka.api.IntegrationTestHarness, kafka.integration.KafkaServerTestHarness, kafka.zk.ZooKeeperTestHarness
    @Before
    public void setUp() {
        startSasl(jaasSections(List$.MODULE$.empty(), None$.MODULE$, ZkSasl$.MODULE$, jaasSections$default$4()));
        super.setUp();
    }

    @Override // kafka.api.IntegrationTestHarness
    public Properties clientSecurityProps(String str) {
        Properties securityConfigs = TestUtils$.MODULE$.securityConfigs(Mode.CLIENT, securityProtocol(), mo20trustStoreFile(), str, clientCn(), mo10clientSaslProperties());
        securityConfigs.remove("ssl.endpoint.identification.algorithm");
        return securityConfigs;
    }

    public SslEndToEndAuthorizationTest() {
        serverConfig().setProperty("ssl.client.auth", "required");
        serverConfig().setProperty("principal.builder.class", TestPrincipalBuilder.class.getName());
        this.clientCn = "\\#A client with special chars in CN : (\\, \\+ \\\" \\\\ \\< \\> \\; ')";
        this.clientPrincipal = new StringBuilder(14).append("O=A client,CN=").append(clientCn()).toString();
        this.kafkaPrincipal = "server";
    }
}
