package org.apache.kafka.common.security.oauthbearer.internals.secured;

import java.io.File;
import java.util.Collections;
import java.util.Map;
import java.util.stream.Stream;
import org.apache.kafka.common.config.ConfigException;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;

/* loaded from: input_file:org/apache/kafka/common/security/oauthbearer/internals/secured/AccessTokenRetrieverFactoryTest.class */
public class AccessTokenRetrieverFactoryTest extends OAuthBearerTest {
    @AfterEach
    public void tearDown() throws Exception {
        System.clearProperty("org.apache.kafka.sasl.oauthbearer.allowed.urls");
    }

    @Test
    public void testConfigureRefreshingFileAccessTokenRetriever() throws Exception {
        File createTempFile = createTempFile(createTempDir("access-token"), "access-token-", ".json", "{}");
        System.setProperty("org.apache.kafka.sasl.oauthbearer.allowed.urls", createTempFile.toURI().toString());
        AccessTokenRetriever create = AccessTokenRetrieverFactory.create(Collections.singletonMap("sasl.oauthbearer.token.endpoint.url", createTempFile.toURI().toString()), Collections.emptyMap());
        try {
            create.init();
            Assertions.assertEquals("{}", create.retrieve());
            if (create != null) {
                create.close();
            }
        } catch (Throwable th) {
            if (create != null) {
                try {
                    create.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testConfigureRefreshingFileAccessTokenRetrieverWithInvalidDirectory() {
        String uri = new File("/tmp/this-directory-does-not-exist/foo.json").toURI().toString();
        System.setProperty("org.apache.kafka.sasl.oauthbearer.allowed.urls", uri);
        Map<String, ?> saslConfigs = getSaslConfigs("sasl.oauthbearer.token.endpoint.url", uri);
        Map emptyMap = Collections.emptyMap();
        assertThrowsWithMessage(ConfigException.class, () -> {
            AccessTokenRetrieverFactory.create(saslConfigs, emptyMap);
        }, "that doesn't exist");
    }

    @Test
    public void testConfigureRefreshingFileAccessTokenRetrieverWithInvalidFile() throws Exception {
        File file = new File(createTempDir("this-directory-does-exist"), "this-file-does-not-exist.json");
        System.setProperty("org.apache.kafka.sasl.oauthbearer.allowed.urls", file.toURI().toString());
        Map<String, ?> saslConfigs = getSaslConfigs("sasl.oauthbearer.token.endpoint.url", file.toURI().toString());
        Map emptyMap = Collections.emptyMap();
        assertThrowsWithMessage(ConfigException.class, () -> {
            AccessTokenRetrieverFactory.create(saslConfigs, emptyMap);
        }, "that doesn't exist");
    }

    @Test
    public void testSaslOauthbearerTokenEndpointUrlIsNotAllowed() throws Exception {
        Map<String, ?> saslConfigs = getSaslConfigs("sasl.oauthbearer.token.endpoint.url", new File(createTempDir("not_allowed"), "not_allowed.json").toURI().toString());
        assertThrowsWithMessage(ConfigException.class, () -> {
            AccessTokenRetrieverFactory.create(saslConfigs, Collections.emptyMap());
        }, "org.apache.kafka.sasl.oauthbearer.allowed.urls");
    }

    @MethodSource({"urlencodeHeaderSupplier"})
    @ParameterizedTest
    public void testUrlencodeHeader(Map<String, Object> map, boolean z) {
        Assertions.assertEquals(Boolean.valueOf(z), Boolean.valueOf(AccessTokenRetrieverFactory.validateUrlencodeHeader(new ConfigurationUtils(map))));
    }

    private static Stream<Arguments> urlencodeHeaderSupplier() {
        return Stream.of((Object[]) new Arguments[]{Arguments.of(new Object[]{Collections.emptyMap(), false}), Arguments.of(new Object[]{Collections.singletonMap("sasl.oauthbearer.header.urlencode", null), false}), Arguments.of(new Object[]{Collections.singletonMap("sasl.oauthbearer.header.urlencode", true), true}), Arguments.of(new Object[]{Collections.singletonMap("sasl.oauthbearer.header.urlencode", false), false})});
    }
}
