package kafka.api;

import java.util.Properties;
import kafka.server.KafkaConfig$;
import kafka.server.KafkaServer;
import kafka.utils.JaasTestUtils$;
import kafka.utils.TestInfoUtils$;
import kafka.utils.TestUtils$;
import kafka.zk.ConfigEntityChangeNotificationZNode$;
import org.apache.kafka.clients.admin.Admin;
import org.apache.kafka.clients.admin.AlterUserScramCredentialsResult;
import org.apache.kafka.clients.admin.CreateDelegationTokenOptions;
import org.apache.kafka.clients.admin.ScramCredentialInfo;
import org.apache.kafka.clients.admin.UserScramCredentialUpsertion;
import org.apache.kafka.common.KafkaFuture;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.security.scram.internals.ScramMechanism;
import org.apache.kafka.common.security.token.delegation.DelegationToken;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInfo;
import scala.Function0;
import scala.Option$;
import scala.Predef$;
import scala.Some;
import scala.Tuple2;
import scala.collection.immutable.$colon;
import scala.collection.immutable.List;
import scala.collection.immutable.Nil$;
import scala.jdk.CollectionConverters$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxesRunTime;
import scala.runtime.RichLong$;

/* compiled from: DelegationTokenEndToEndAuthorizationTest.scala */
@ScalaSignature(bytes = "\u0006\u0005\u0005mf\u0001\u0002\u0014(\u00011BQ!\r\u0001\u0005\u0002IBq\u0001\u000e\u0001C\u0002\u0013\u0005Q\u0007\u0003\u0004?\u0001\u0001\u0006IA\u000e\u0005\b\u007f\u0001\u0011\r\u0011\"\u0001A\u0011\u0019Y\u0005\u0001)A\u0005\u0003\")A\n\u0001C)\u001b\"9Q\f\u0001b\u0001\n#r\u0006BB5\u0001A\u0003%q\fC\u0004k\u0001\t\u0007I\u0011\u000b0\t\r-\u0004\u0001\u0015!\u0003`\u0011\u001da\u0007A1A\u0005B5Da!\u001d\u0001!\u0002\u0013q\u0007b\u0002:\u0001\u0005\u0004%I!\u000e\u0005\u0007g\u0002\u0001\u000b\u0011\u0002\u001c\t\u000fQ\u0004!\u0019!C![\"1Q\u000f\u0001Q\u0001\n9DqA\u001e\u0001C\u0002\u0013EQ\u0007\u0003\u0004x\u0001\u0001\u0006IA\u000e\u0005\bq\u0002\u0011\r\u0011\"\u00116\u0011\u0019I\b\u0001)A\u0005m!9!\u0010\u0001b\u0001\n#Y\bB\u0002?\u0001A\u0003%1\rC\u0003~\u0001\u0011\u0005a\u0010C\u0004\u0002\u0010\u0001!\t!!\u0005\t\u000f\u0005e\u0001\u0001\"\u0011\u0002\u001c!9\u00111\u0007\u0001\u0005B\u0005U\u0002bBA\u001f\u0001\u0011\u0005\u0011\u0011\u0003\u0005\b\u0003\u007f\u0001A\u0011IA\t\u0011\u001d\t\t\u0005\u0001C\u0001\u0003#Aq!a\u0013\u0001\t\u0003\ni\u0005C\u0004\u0002Z\u0001!\t!a\u0017\t\u000f\u0005M\u0004\u0001\"\u0001\u0002v!9\u0011Q\u0010\u0001\u0005\u0002\u0005}\u0004bBAB\u0001\u0011\u0005\u0011Q\u0007\u0005\b\u0003\u000b\u0003A\u0011AAD\u0011\u001d\t)\t\u0001C\u0001\u0003\u001fC\u0011\"a)\u0001#\u0003%\t!!*\u0003Q\u0011+G.Z4bi&|g\u000eV8lK:,e\u000e\u001a+p\u000b:$\u0017)\u001e;i_JL'0\u0019;j_:$Vm\u001d;\u000b\u0005!J\u0013aA1qS*\t!&A\u0003lC\u001a\\\u0017m\u0001\u0001\u0014\u0005\u0001i\u0003C\u0001\u00180\u001b\u00059\u0013B\u0001\u0019(\u0005e)e\u000e\u001a+p\u000b:$\u0017)\u001e;i_JL'0\u0019;j_:$Vm\u001d;\u0002\rqJg.\u001b;?)\u0005\u0019\u0004C\u0001\u0018\u0001\u0003aY\u0017MZ6b\u00072LWM\u001c;TCNdW*Z2iC:L7/\\\u000b\u0002mA\u0011q\u0007P\u0007\u0002q)\u0011\u0011HO\u0001\u0005Y\u0006twMC\u0001<\u0003\u0011Q\u0017M^1\n\u0005uB$AB*ue&tw-A\rlC\u001a\\\u0017m\u00117jK:$8+Y:m\u001b\u0016\u001c\u0007.\u00198jg6\u0004\u0013!G6bM.\f7+\u001a:wKJ\u001c\u0016m\u001d7NK\u000eD\u0017M\\5t[N,\u0012!\u0011\t\u0004\u0005&3T\"A\"\u000b\u0005\u0011+\u0015!C5n[V$\u0018M\u00197f\u0015\t1u)\u0001\u0006d_2dWm\u0019;j_:T\u0011\u0001S\u0001\u0006g\u000e\fG.Y\u0005\u0003\u0015\u000e\u0013A\u0001T5ti\u0006Q2.\u00194lCN+'O^3s'\u0006\u001cH.T3dQ\u0006t\u0017n]7tA\u0005\u00012/Z2ve&$\u0018\u0010\u0015:pi>\u001cw\u000e\\\u000b\u0002\u001dB\u0011qjW\u0007\u0002!*\u0011\u0011KU\u0001\u0005CV$\bN\u0003\u0002T)\u0006A1/Z2ve&$\u0018P\u0003\u0002V-\u000611m\\7n_:T!AK,\u000b\u0005aK\u0016AB1qC\u000eDWMC\u0001[\u0003\ry'oZ\u0005\u00039B\u0013\u0001cU3dkJLG/\u001f)s_R|7m\u001c7\u0002)M,'O^3s'\u0006\u001cH\u000e\u0015:pa\u0016\u0014H/[3t+\u0005y\u0006c\u00011bG6\tq)\u0003\u0002c\u000f\n!1k\\7f!\t!w-D\u0001f\u0015\t1'(\u0001\u0003vi&d\u0017B\u00015f\u0005)\u0001&o\u001c9feRLWm]\u0001\u0016g\u0016\u0014h/\u001a:TCNd\u0007K]8qKJ$\u0018.Z:!\u0003Q\u0019G.[3oiN\u000b7\u000f\u001c)s_B,'\u000f^5fg\u0006)2\r\\5f]R\u001c\u0016m\u001d7Qe>\u0004XM\u001d;jKN\u0004\u0013aD2mS\u0016tG\u000f\u0015:j]\u000eL\u0007/\u00197\u0016\u00039\u0004\"aT8\n\u0005A\u0004&AD&bM.\f\u0007K]5oG&\u0004\u0018\r\\\u0001\u0011G2LWM\u001c;Qe&t7-\u001b9bY\u0002\nab\u00197jK:$\b+Y:to>\u0014H-A\bdY&,g\u000e\u001e)bgN<xN\u001d3!\u00039Y\u0017MZ6b!JLgnY5qC2\fqb[1gW\u0006\u0004&/\u001b8dSB\fG\u000eI\u0001\u000eW\u000647.\u0019)bgN<xN\u001d3\u0002\u001d-\fgm[1QCN\u001cxo\u001c:eA\u0005\u0019RO\\5na2,W.\u001a8uK\u0012\fXo\u001c:v[\u0006!RO\\5na2,W.\u001a8uK\u0012\fXo\u001c:v[\u0002\n1\u0004\u001d:jm&dWmZ3e\u0003\u0012l\u0017N\\\"mS\u0016tGoQ8oM&<W#A2\u00029A\u0014\u0018N^5mK\u001e,G-\u00113nS:\u001cE.[3oi\u000e{gNZ5hA\u0005a2M]3bi\u0016$U\r\\3hCRLwN\u001c+pW\u0016tw\n\u001d;j_:\u001cH#A@\u0011\t\u0005\u0005\u00111B\u0007\u0003\u0003\u0007QA!!\u0002\u0002\b\u0005)\u0011\rZ7j]*\u0019\u0011\u0011\u0002,\u0002\u000f\rd\u0017.\u001a8ug&!\u0011QBA\u0002\u0005q\u0019%/Z1uK\u0012+G.Z4bi&|g\u000eV8lK:|\u0005\u000f^5p]N\fAeY8oM&<WO]3U_.,g.Q2mg\n+gm\u001c:f'\u0016\u0014h/\u001a:t'R\f'\u000f\u001e\u000b\u0003\u0003'\u00012\u0001YA\u000b\u0013\r\t9b\u0012\u0002\u0005+:LG/A\u0012d_:4\u0017nZ;sKN+7-\u001e:jif\u0014UMZ8sKN+'O^3sgN#\u0018M\u001d;\u0015\t\u0005M\u0011Q\u0004\u0005\b\u0003?I\u0002\u0019AA\u0011\u0003!!Xm\u001d;J]\u001a|\u0007\u0003BA\u0012\u0003_i!!!\n\u000b\u0007!\n9C\u0003\u0003\u0002*\u0005-\u0012a\u00026va&$XM\u001d\u0006\u0004\u0003[I\u0016!\u00026v]&$\u0018\u0002BA\u0019\u0003K\u0011\u0001\u0002V3ti&sgm\\\u0001\u001cGJ,\u0017\r^3Qe&4\u0018\u000e\\3hK\u0012\fE-\\5o\u00072LWM\u001c;\u0015\u0005\u0005]\u0002\u0003BA\u0001\u0003sIA!a\u000f\u0002\u0004\t)\u0011\tZ7j]\u0006q3M]3bi\u0016\fE\rZ5uS>t\u0017\r\\\"sK\u0012,g\u000e^5bYN\fe\r^3s'\u0016\u0014h/\u001a:t'R\f'\u000f^3e\u0003\t\u001awN\u001c4jOV\u0014XmU3dkJLG/_!gi\u0016\u00148+\u001a:wKJ\u001c8\u000b^1si\u0006\tC/Z:u\u0007J,\u0017\r^3Vg\u0016\u0014x+\u001b;i\t\u0016dWmZ1uS>tGk\\6f]\"\u001aQ$!\u0012\u0011\t\u0005\r\u0012qI\u0005\u0005\u0003\u0013\n)C\u0001\u0003UKN$\u0018!B:fiV\u0003H\u0003BA\n\u0003\u001fBq!a\b\u001f\u0001\u0004\t\t\u0003K\u0002\u001f\u0003'\u0002B!a\t\u0002V%!\u0011qKA\u0013\u0005)\u0011UMZ8sK\u0016\u000b7\r[\u0001\u0011CN\u001cXM\u001d;U_.,gnT<oKJ$b!a\u0005\u0002^\u0005\u0005\u0004BBA0?\u0001\u0007a.A\u0003po:,'\u000fC\u0004\u0002d}\u0001\r!!\u001a\u0002\u000bQ|7.\u001a8\u0011\t\u0005\u001d\u0014qN\u0007\u0003\u0003SRA!a\u001b\u0002n\u0005QA-\u001a7fO\u0006$\u0018n\u001c8\u000b\u0007\u0005\r$+\u0003\u0003\u0002r\u0005%$a\u0004#fY\u0016<\u0017\r^5p]R{7.\u001a8\u0002)\u0005\u001c8/\u001a:u)>\\WM\u001c*fcV,7\u000f^3s)\u0019\t\u0019\"a\u001e\u0002|!1\u0011\u0011\u0010\u0011A\u00029\f\u0011B]3rk\u0016\u001cH/\u001a:\t\u000f\u0005\r\u0004\u00051\u0001\u0002f\u0005Y\u0011m]:feR$vn[3o)\u0011\t\u0019\"!!\t\u000f\u0005\r\u0014\u00051\u0001\u0002f\u0005y2M]3bi\u0016$vn[3o%\u0016\fX/Z:uKJ\fE-\\5o\u00072LWM\u001c;\u0002-\r\u0014X-\u0019;f\t\u0016dWmZ1uS>tGk\\6f]N$\"!!#\u0011\u000f\u0001\fY)!\u001a\u0002f%\u0019\u0011QR$\u0003\rQ+\b\u000f\\33)\u0019\tI)!%\u0002\u001a\"1Q\u0010\na\u0001\u0003'\u0003B\u0001YAK\u007f&\u0019\u0011qS$\u0003\u0013\u0019+hn\u0019;j_:\u0004\u0004\"CANIA\u0005\t\u0019AAO\u0003\u0019\t7o]3siB\u0019\u0001-a(\n\u0007\u0005\u0005vIA\u0004C_>dW-\u00198\u0002A\r\u0014X-\u0019;f\t\u0016dWmZ1uS>tGk\\6f]N$C-\u001a4bk2$HEM\u000b\u0003\u0003OSC!!(\u0002*.\u0012\u00111\u0016\t\u0005\u0003[\u000b9,\u0004\u0002\u00020*!\u0011\u0011WAZ\u0003%)hn\u00195fG.,GMC\u0002\u00026\u001e\u000b!\"\u00198o_R\fG/[8o\u0013\u0011\tI,a,\u0003#Ut7\r[3dW\u0016$g+\u0019:jC:\u001cW\r")
/* loaded from: input_file:kafka/api/DelegationTokenEndToEndAuthorizationTest.class */
public class DelegationTokenEndToEndAuthorizationTest extends EndToEndAuthorizationTest {
    private final String kafkaClientSaslMechanism = "SCRAM-SHA-256";
    private final List<String> kafkaServerSaslMechanisms = CollectionConverters$.MODULE$.CollectionHasAsScala(ScramMechanism.mechanismNames()).asScala().toList();
    private final Some<Properties> serverSaslProperties = new Some<>(kafkaServerSaslProperties(kafkaServerSaslMechanisms(), kafkaClientSaslMechanism()));
    private final Some<Properties> clientSaslProperties = new Some<>(kafkaClientSaslProperties(kafkaClientSaslMechanism(), kafkaClientSaslProperties$default$2()));
    private final KafkaPrincipal clientPrincipal = new KafkaPrincipal("User", JaasTestUtils$.MODULE$.KafkaScramUser());
    private final String clientPassword = JaasTestUtils$.MODULE$.KafkaScramPassword();
    private final KafkaPrincipal kafkaPrincipal = new KafkaPrincipal("User", JaasTestUtils$.MODULE$.KafkaScramAdmin());
    private final String kafkaPassword = JaasTestUtils$.MODULE$.KafkaScramAdminPassword();
    private final String unimplementedquorum = "kraft";
    private final Properties privilegedAdminClientConfig = new Properties();

    public String kafkaClientSaslMechanism() {
        return this.kafkaClientSaslMechanism;
    }

    public List<String> kafkaServerSaslMechanisms() {
        return this.kafkaServerSaslMechanisms;
    }

    @Override // kafka.integration.KafkaServerTestHarness
    public SecurityProtocol securityProtocol() {
        return SecurityProtocol.SASL_SSL;
    }

    @Override // kafka.integration.KafkaServerTestHarness
    /* renamed from: serverSaslProperties, reason: merged with bridge method [inline-methods] */
    public Some<Properties> mo23serverSaslProperties() {
        return this.serverSaslProperties;
    }

    @Override // kafka.integration.KafkaServerTestHarness
    /* renamed from: clientSaslProperties, reason: merged with bridge method [inline-methods] */
    public Some<Properties> mo22clientSaslProperties() {
        return this.clientSaslProperties;
    }

    @Override // kafka.api.EndToEndAuthorizationTest
    public KafkaPrincipal clientPrincipal() {
        return this.clientPrincipal;
    }

    private String clientPassword() {
        return this.clientPassword;
    }

    @Override // kafka.api.EndToEndAuthorizationTest
    public KafkaPrincipal kafkaPrincipal() {
        return this.kafkaPrincipal;
    }

    public String kafkaPassword() {
        return this.kafkaPassword;
    }

    @Override // kafka.api.EndToEndAuthorizationTest
    public String unimplementedquorum() {
        return this.unimplementedquorum;
    }

    public Properties privilegedAdminClientConfig() {
        return this.privilegedAdminClientConfig;
    }

    public CreateDelegationTokenOptions createDelegationTokenOptions() {
        return new CreateDelegationTokenOptions();
    }

    public void configureTokenAclsBeforeServersStart() {
    }

    @Override // kafka.integration.KafkaServerTestHarness
    public void configureSecurityBeforeServersStart(TestInfo testInfo) {
        super.configureSecurityBeforeServersStart(testInfo);
        configureTokenAclsBeforeServersStart();
        zkClient().makeSurePersistentPathExists(ConfigEntityChangeNotificationZNode$.MODULE$.path());
        createScramCredentials(zkConnect(), kafkaPrincipal().getName(), kafkaPassword());
    }

    @Override // kafka.api.EndToEndAuthorizationTest, kafka.api.SaslSetup
    public Admin createPrivilegedAdminClient() {
        return createScramAdminClient(kafkaClientSaslMechanism(), kafkaPrincipal().getName(), kafkaPassword());
    }

    public void createAdditionalCredentialsAfterServersStarted() {
    }

    @Override // kafka.integration.KafkaServerTestHarness
    public void configureSecurityAfterServersStart() {
        super.configureSecurityAfterServersStart();
        createScramCredentialsViaPrivilegedAdminClient(clientPrincipal().getName(), clientPassword());
        waitForUserScramCredentialToAppearOnAllBrokers(clientPrincipal().getName(), kafkaClientSaslMechanism());
        createAdditionalCredentialsAfterServersStarted();
        Tuple2<DelegationToken, DelegationToken> createDelegationTokens = createDelegationTokens();
        DelegationToken delegationToken = (DelegationToken) createDelegationTokens._1();
        DelegationToken delegationToken2 = (DelegationToken) createDelegationTokens._2();
        privilegedAdminClientConfig().putAll(adminClientConfig());
        String str = JaasTestUtils$.MODULE$.tokenClientLoginModule(delegationToken.tokenInfo().tokenId(), delegationToken.hmacAsBase64String());
        producerConfig().put("sasl.jaas.config", str);
        consumerConfig().put("sasl.jaas.config", str);
        adminClientConfig().put("sasl.jaas.config", str);
        String str2 = JaasTestUtils$.MODULE$.tokenClientLoginModule(delegationToken2.tokenInfo().tokenId(), delegationToken2.hmacAsBase64String());
        privilegedAdminClientConfig().put("sasl.jaas.config", str2);
        superuserClientConfig().put("sasl.jaas.config", str2);
    }

    @Test
    public void testCreateUserWithDelegationToken() {
        Admin create = Admin.create(privilegedAdminClientConfig());
        try {
            AlterUserScramCredentialsResult alterUserScramCredentials = create.alterUserScramCredentials(CollectionConverters$.MODULE$.SeqHasAsJava(new $colon.colon(new UserScramCredentialUpsertion("user", new ScramCredentialInfo(org.apache.kafka.clients.admin.ScramMechanism.SCRAM_SHA_256, 4096), "password"), Nil$.MODULE$)).asJava());
            Assertions.assertEquals(1, alterUserScramCredentials.values().size());
            ((KafkaFuture) alterUserScramCredentials.values().get("user")).get();
        } finally {
            create.close();
        }
    }

    @Override // kafka.api.EndToEndAuthorizationTest, kafka.api.IntegrationTestHarness, kafka.integration.KafkaServerTestHarness, kafka.server.QuorumTestHarness
    @BeforeEach
    public void setUp(TestInfo testInfo) {
        if (TestInfoUtils$.MODULE$.isKRaft(testInfo)) {
            return;
        }
        startSasl(jaasSections(kafkaServerSaslMechanisms(), Option$.MODULE$.apply(kafkaClientSaslMechanism()), Both$.MODULE$, jaasSections$default$4()));
        super.setUp(testInfo);
        privilegedAdminClientConfig().put("bootstrap.servers", bootstrapServers(bootstrapServers$default$1()));
    }

    public void assertTokenOwner(KafkaPrincipal kafkaPrincipal, DelegationToken delegationToken) {
        Assertions.assertEquals(kafkaPrincipal, delegationToken.tokenInfo().owner());
    }

    public void assertTokenRequester(KafkaPrincipal kafkaPrincipal, DelegationToken delegationToken) {
        Assertions.assertEquals(kafkaPrincipal, delegationToken.tokenInfo().tokenRequester());
    }

    public void assertToken(DelegationToken delegationToken) {
        assertTokenOwner(clientPrincipal(), delegationToken);
        assertTokenRequester(clientPrincipal(), delegationToken);
    }

    public Admin createTokenRequesterAdminClient() {
        return createScramAdminClient(kafkaClientSaslMechanism(), clientPrincipal().getName(), clientPassword());
    }

    public Tuple2<DelegationToken, DelegationToken> createDelegationTokens() {
        return createDelegationTokens(() -> {
            return this.createDelegationTokenOptions();
        }, createDelegationTokens$default$2());
    }

    public Tuple2<DelegationToken, DelegationToken> createDelegationTokens(Function0<CreateDelegationTokenOptions> function0, boolean z) {
        Admin createTokenRequesterAdminClient = createTokenRequesterAdminClient();
        try {
            Admin createScramAdminClient = createScramAdminClient(kafkaClientSaslMechanism(), kafkaPrincipal().getName(), kafkaPassword());
            try {
                DelegationToken delegationToken = (DelegationToken) createTokenRequesterAdminClient.createDelegationToken((CreateDelegationTokenOptions) function0.apply()).delegationToken().get();
                if (z) {
                    assertToken(delegationToken);
                }
                DelegationToken delegationToken2 = (DelegationToken) createScramAdminClient.createDelegationToken().delegationToken().get();
                TestUtils$ testUtils$ = TestUtils$.MODULE$;
                TestUtils$ testUtils$2 = TestUtils$.MODULE$;
                TestUtils$ testUtils$3 = TestUtils$.MODULE$;
                long currentTimeMillis = System.currentTimeMillis();
                while (!$anonfun$createDelegationTokens$2(this)) {
                    if (System.currentTimeMillis() > currentTimeMillis + 15000) {
                        Assertions.fail("Timed out waiting for token to propagate to all servers");
                    }
                    Thread.sleep(RichLong$.MODULE$.min$extension(Predef$.MODULE$.longWrapper(15000L), 100L));
                }
                Tuple2<DelegationToken, DelegationToken> tuple2 = new Tuple2<>(delegationToken, delegationToken2);
                createScramAdminClient.close();
                return tuple2;
            } catch (Throwable th) {
                createScramAdminClient.close();
                throw th;
            }
        } finally {
            createTokenRequesterAdminClient.close();
        }
    }

    public boolean createDelegationTokens$default$2() {
        return true;
    }

    public static final /* synthetic */ boolean $anonfun$createDelegationTokens$3(KafkaServer kafkaServer) {
        return kafkaServer.tokenCache().tokens().size() == 2;
    }

    public static final /* synthetic */ boolean $anonfun$createDelegationTokens$2(DelegationTokenEndToEndAuthorizationTest delegationTokenEndToEndAuthorizationTest) {
        return delegationTokenEndToEndAuthorizationTest.servers().forall(kafkaServer -> {
            return BoxesRunTime.boxToBoolean($anonfun$createDelegationTokens$3(kafkaServer));
        });
    }

    public static final /* synthetic */ String $anonfun$createDelegationTokens$4() {
        return "Timed out waiting for token to propagate to all servers";
    }

    public DelegationTokenEndToEndAuthorizationTest() {
        serverConfig().setProperty(KafkaConfig$.MODULE$.DelegationTokenSecretKeyProp(), "testKey");
    }
}
