package kafka.api;

import java.util.Optional;
import java.util.Properties;
import kafka.security.JaasTestUtils;
import org.apache.kafka.common.network.ConnectionMode;
import org.apache.kafka.common.security.auth.AuthenticationContext;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.security.auth.SslAuthenticationContext;
import org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder;
import org.apache.kafka.common.security.kerberos.KerberosShortNamer;
import org.apache.kafka.common.security.ssl.SslPrincipalMapper;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.TestInfo;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.collection.LinearSeqOps;
import scala.collection.StringOps$;
import scala.collection.immutable.List;
import scala.jdk.javaapi.OptionConverters$;
import scala.package$;
import scala.reflect.ScalaSignature;
import scala.util.matching.Regex;

/* compiled from: SslEndToEndAuthorizationTest.scala */
@ScalaSignature(bytes = "\u0006\u0005\u0005}r!\u0002\r\u001a\u0011\u0003qb!\u0002\u0011\u001a\u0011\u0003\t\u0003\"\u0002\u0015\u0002\t\u0003I\u0003b\u0002\u0016\u0002\u0005\u0004%\ta\u000b\u0005\u0007i\u0005\u0001\u000b\u0011\u0002\u0017\u0007\tU\n\u0001A\u000e\u0005\u0006Q\u0015!\tA\u0012\u0005\b\u0013\u0016\u0011\r\u0011\"\u0003K\u0011\u0019\u0019V\u0001)A\u0005\u0017\")A+\u0002C!+\u001a!\u0001%\u0007\u0001b\u0011\u0015A#\u0002\"\u0001f\u0011\u00159'\u0002\"\u0015i\u0011\u001da'B1A\u0005\n-Ba!\u001c\u0006!\u0002\u0013a\u0003b\u00028\u000b\u0005\u0004%Ia\u000b\u0005\u0007_*\u0001\u000b\u0011\u0002\u0017\t\u000fAT!\u0019!C!c\"1!O\u0003Q\u0001\nYCqa\u001d\u0006C\u0002\u0013\u0005\u0013\u000f\u0003\u0004u\u0015\u0001\u0006IA\u0016\u0005\u0006k*!\tE\u001e\u0005\b\u0003'QA\u0011IA\u000b\u0011\u001d\tID\u0003C!\u0003w\tAdU:m\u000b:$Gk\\#oI\u0006+H\u000f[8sSj\fG/[8o)\u0016\u001cHO\u0003\u0002\u001b7\u0005\u0019\u0011\r]5\u000b\u0003q\tQa[1gW\u0006\u001c\u0001\u0001\u0005\u0002 \u00035\t\u0011D\u0001\u000fTg2,e\u000e\u001a+p\u000b:$\u0017)\u001e;i_JL'0\u0019;j_:$Vm\u001d;\u0014\u0005\u0005\u0011\u0003CA\u0012'\u001b\u0005!#\"A\u0013\u0002\u000bM\u001c\u0017\r\\1\n\u0005\u001d\"#AB!osJ+g-\u0001\u0004=S:LGO\u0010\u000b\u0002=\u0005Y1/\u001e9feV\u001cXM]\"o+\u0005a\u0003CA\u00173\u001b\u0005q#BA\u00181\u0003\u0011a\u0017M\\4\u000b\u0003E\nAA[1wC&\u00111G\f\u0002\u0007'R\u0014\u0018N\\4\u0002\u0019M,\b/\u001a:vg\u0016\u00148I\u001c\u0011\u0003)Q+7\u000f\u001e)sS:\u001c\u0017\u000e]1m\u0005VLG\u000eZ3s'\t)q\u0007\u0005\u00029\t6\t\u0011H\u0003\u0002;w\u0005i\u0011-\u001e;iK:$\u0018nY1u_JT!\u0001P\u001f\u0002\u0011M,7-\u001e:jifT!AP \u0002\r\r|W.\\8o\u0015\ta\u0002I\u0003\u0002B\u0005\u00061\u0011\r]1dQ\u0016T\u0011aQ\u0001\u0004_J<\u0017BA#:\u0005q!UMZ1vYR\\\u0015MZ6b!JLgnY5qC2\u0014U/\u001b7eKJ$\u0012a\u0012\t\u0003\u0011\u0016i\u0011!A\u0001\b!\u0006$H/\u001a:o+\u0005Y\u0005C\u0001'R\u001b\u0005i%B\u0001(P\u0003!i\u0017\r^2iS:<'B\u0001)%\u0003\u0011)H/\u001b7\n\u0005Ik%!\u0002*fO\u0016D\u0018\u0001\u0003)biR,'O\u001c\u0011\u0002\u000b\t,\u0018\u000e\u001c3\u0015\u0005Yc\u0006CA,[\u001b\u0005A&BA-<\u0003\u0011\tW\u000f\u001e5\n\u0005mC&AD&bM.\f\u0007K]5oG&\u0004\u0018\r\u001c\u0005\u0006;&\u0001\rAX\u0001\bG>tG/\u001a=u!\t9v,\u0003\u0002a1\n)\u0012)\u001e;iK:$\u0018nY1uS>t7i\u001c8uKb$8C\u0001\u0006c!\ty2-\u0003\u0002e3\tIRI\u001c3U_\u0016sG-Q;uQ>\u0014\u0018N_1uS>tG+Z:u)\u00051\u0007CA\u0010\u000b\u0003A\u0019XmY;sSRL\bK]8u_\u000e|G.F\u0001j!\t9&.\u0003\u0002l1\n\u00012+Z2ve&$\u0018\u0010\u0015:pi>\u001cw\u000e\\\u0001\fi2\u001c\bK]8u_\u000e|G.\u0001\u0007uYN\u0004&o\u001c;pG>d\u0007%\u0001\u0005dY&,g\u000e^\"o\u0003%\u0019G.[3oi\u000es\u0007%A\bdY&,g\u000e\u001e)sS:\u001c\u0017\u000e]1m+\u00051\u0016\u0001E2mS\u0016tG\u000f\u0015:j]\u000eL\u0007/\u00197!\u00039Y\u0017MZ6b!JLgnY5qC2\fqb[1gW\u0006\u0004&/\u001b8dSB\fG\u000eI\u0001\u0006g\u0016$X\u000b\u001d\u000b\u0003oj\u0004\"a\t=\n\u0005e$#\u0001B+oSRDQa_\u000bA\u0002q\f\u0001\u0002^3ti&sgm\u001c\t\u0004{\u0006\u001dQ\"\u0001@\u000b\u0005iy(\u0002BA\u0001\u0003\u0007\tqA[;qSR,'OC\u0002\u0002\u0006\t\u000bQA[;oSRL1!!\u0003\u007f\u0005!!Vm\u001d;J]\u001a|\u0007fA\u000b\u0002\u000eA\u0019Q0a\u0004\n\u0007\u0005EaP\u0001\u0006CK\u001a|'/Z#bG\"\f1c\u00197jK:$8+Z2ve&$\u0018\u0010\u0015:paN$B!a\u0006\u0002\"A!\u0011\u0011DA\u000f\u001b\t\tYB\u0003\u0002Qa%!\u0011qDA\u000e\u0005)\u0001&o\u001c9feRLWm\u001d\u0005\b\u0003G1\u0002\u0019AA\u0013\u0003%\u0019WM\u001d;BY&\f7\u000f\u0005\u0003\u0002(\u0005Ub\u0002BA\u0015\u0003c\u00012!a\u000b%\u001b\t\tiCC\u0002\u00020u\ta\u0001\u0010:p_Rt\u0014bAA\u001aI\u00051\u0001K]3eK\u001aL1aMA\u001c\u0015\r\t\u0019\u0004J\u0001\u0017gV\u0004XM];tKJ\u001cVmY;sSRL\bK]8qgR!\u0011qCA\u001f\u0011\u001d\t\u0019c\u0006a\u0001\u0003K\u0001")
/* loaded from: input_file:kafka/api/SslEndToEndAuthorizationTest.class */
public class SslEndToEndAuthorizationTest extends EndToEndAuthorizationTest {
    private final String tlsProtocol = "TLSv1.3";
    private final String clientCn;
    private final KafkaPrincipal clientPrincipal;
    private final KafkaPrincipal kafkaPrincipal;

    /* compiled from: SslEndToEndAuthorizationTest.scala */
    /* loaded from: input_file:kafka/api/SslEndToEndAuthorizationTest$TestPrincipalBuilder.class */
    public static class TestPrincipalBuilder extends DefaultKafkaPrincipalBuilder {
        private final Regex Pattern;

        private Regex Pattern() {
            return this.Pattern;
        }

        public KafkaPrincipal build(AuthenticationContext authenticationContext) {
            String str;
            String name = ((SslAuthenticationContext) authenticationContext).session().getPeerPrincipal().getName();
            if (name != null) {
                Option unapplySeq = Pattern().unapplySeq(name);
                if (!unapplySeq.isEmpty() && unapplySeq.get() != null && ((List) unapplySeq.get()).lengthCompare(2) == 0) {
                    String str2 = (String) ((LinearSeqOps) unapplySeq.get()).apply(0);
                    String str3 = (String) ((LinearSeqOps) unapplySeq.get()).apply(1);
                    if (str2 == null || !str2.equals("server")) {
                        String superuserCn = SslEndToEndAuthorizationTest$.MODULE$.superuserCn();
                        if (str3 != null ? !str3.equals(superuserCn) : superuserCn != null) {
                            str = name;
                            return new KafkaPrincipal("User", str);
                        }
                    }
                    str = "server";
                    return new KafkaPrincipal("User", str);
                }
            }
            return KafkaPrincipal.ANONYMOUS;
        }

        public TestPrincipalBuilder() {
            super((KerberosShortNamer) null, (SslPrincipalMapper) null);
            this.Pattern = StringOps$.MODULE$.r$extension(Predef$.MODULE$.augmentString("O=A (.*?),CN=(.*?)"));
        }
    }

    public static String superuserCn() {
        return SslEndToEndAuthorizationTest$.MODULE$.superuserCn();
    }

    @Override // kafka.integration.KafkaServerTestHarness
    public SecurityProtocol securityProtocol() {
        return SecurityProtocol.SSL;
    }

    private String tlsProtocol() {
        return this.tlsProtocol;
    }

    private String clientCn() {
        return this.clientCn;
    }

    @Override // kafka.api.EndToEndAuthorizationTest
    public KafkaPrincipal clientPrincipal() {
        return this.clientPrincipal;
    }

    @Override // kafka.api.EndToEndAuthorizationTest
    public KafkaPrincipal kafkaPrincipal() {
        return this.kafkaPrincipal;
    }

    @Override // kafka.api.EndToEndAuthorizationTest, kafka.api.IntegrationTestHarness, kafka.integration.KafkaServerTestHarness, kafka.server.QuorumTestHarness
    @BeforeEach
    public void setUp(TestInfo testInfo) {
        startSasl(jaasSections(package$.MODULE$.List().empty(), None$.MODULE$, jaasSections$default$3()));
        super.setUp(testInfo);
    }

    @Override // kafka.api.IntegrationTestHarness
    public Properties clientSecurityProps(String str) {
        Properties securityConfigs = JaasTestUtils.securityConfigs(ConnectionMode.CLIENT, securityProtocol(), OptionConverters$.MODULE$.toJava(mo18trustStoreFile()), str, clientCn(), OptionConverters$.MODULE$.toJava(mo16clientSaslProperties()), tlsProtocol(), Optional.empty());
        securityConfigs.remove("ssl.endpoint.identification.algorithm");
        return securityConfigs;
    }

    @Override // kafka.api.IntegrationTestHarness
    public Properties superuserSecurityProps(String str) {
        Properties securityConfigs = JaasTestUtils.securityConfigs(ConnectionMode.CLIENT, securityProtocol(), OptionConverters$.MODULE$.toJava(mo18trustStoreFile()), str, SslEndToEndAuthorizationTest$.MODULE$.superuserCn(), OptionConverters$.MODULE$.toJava(mo16clientSaslProperties()), tlsProtocol(), Optional.empty());
        securityConfigs.remove("ssl.endpoint.identification.algorithm");
        return securityConfigs;
    }

    public SslEndToEndAuthorizationTest() {
        serverConfig().setProperty("ssl.client.auth", "required");
        serverConfig().setProperty("principal.builder.class", TestPrincipalBuilder.class.getName());
        serverConfig().setProperty("ssl.protocol", tlsProtocol());
        serverConfig().setProperty("ssl.enabled.protocols", tlsProtocol());
        this.clientCn = "\\#A client with special chars in CN : (\\, \\+ \\\" \\\\ \\< \\> \\; ')";
        this.clientPrincipal = new KafkaPrincipal("User", "O=A client,CN=" + clientCn());
        this.kafkaPrincipal = new KafkaPrincipal("User", "server");
    }
}
