package org.apache.kafka.common.security.scram.internals;

import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import org.apache.kafka.common.errors.SaslAuthenticationException;
import org.apache.kafka.common.security.authenticator.CredentialCache;
import org.apache.kafka.common.security.scram.ScramCredential;
import org.apache.kafka.common.security.token.delegation.internals.DelegationTokenCache;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/apache/kafka/common/security/scram/internals/ScramSaslServerTest.class */
public class ScramSaslServerTest {
    private static final String USER_A = "userA";
    private static final String USER_B = "userB";
    private ScramFormatter formatter;
    private ScramSaslServer saslServer;

    @BeforeEach
    public void setUp() throws Exception {
        ScramMechanism scramMechanism = ScramMechanism.SCRAM_SHA_256;
        this.formatter = new ScramFormatter(scramMechanism);
        CredentialCache.Cache createCache = new CredentialCache().createCache(scramMechanism.mechanismName(), ScramCredential.class);
        createCache.put(USER_A, this.formatter.generateCredential("passwordA", 4096));
        createCache.put(USER_B, this.formatter.generateCredential("passwordB", 4096));
        this.saslServer = new ScramSaslServer(scramMechanism, new HashMap(), new ScramServerCallbackHandler(createCache, new DelegationTokenCache(ScramMechanism.mechanismNames())));
    }

    @Test
    public void noAuthorizationIdSpecified() throws Exception {
        Assertions.assertTrue(this.saslServer.evaluateResponse(clientFirstMessage(USER_A, null)).length > 0, "Next challenge is empty");
    }

    @Test
    public void authorizationIdEqualsAuthenticationId() throws Exception {
        Assertions.assertTrue(this.saslServer.evaluateResponse(clientFirstMessage(USER_A, USER_A)).length > 0, "Next challenge is empty");
    }

    @Test
    public void authorizationIdNotEqualsAuthenticationId() {
        Assertions.assertThrows(SaslAuthenticationException.class, () -> {
            this.saslServer.evaluateResponse(clientFirstMessage(USER_A, USER_B));
        });
    }

    private byte[] clientFirstMessage(String str, String str2) {
        return String.format("n,%s,n=%s,r=%s", str2 != null ? "a=" + str2 : "", str, this.formatter.secureRandomString()).getBytes(StandardCharsets.UTF_8);
    }
}
