package org.apache.kafka.common.security.oauthbearer.internals.unsecured;

import ch.qos.logback.classic.ClassicConstants;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.apache.kafka.common.security.authenticator.TestJaasConfig;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback;
import org.apache.kafka.common.utils.MockTime;
import org.junit.Assert;
import org.junit.Test;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;
import org.springframework.beans.propertyeditors.CustomBooleanEditor;
import org.springframework.boot.logging.LoggingSystem;
import org.springframework.kafka.security.jaas.KafkaJaasLoginModuleInitializer;

/* loaded from: input_file:BOOT-INF/lib/kafka-clients-2.0.1-test.jar:org/apache/kafka/common/security/oauthbearer/internals/unsecured/OAuthBearerUnsecuredLoginCallbackHandlerTest.class */
public class OAuthBearerUnsecuredLoginCallbackHandlerTest {
    @Test
    public void minimalToken() throws IOException, UnsupportedCallbackException {
        HashMap hashMap = new HashMap();
        hashMap.put("unsecuredLoginStringClaim_sub", ClassicConstants.USER_MDC_KEY);
        MockTime mockTime = new MockTime();
        OAuthBearerUnsecuredLoginCallbackHandler createCallbackHandler = createCallbackHandler(hashMap, mockTime);
        OAuthBearerTokenCallback oAuthBearerTokenCallback = new OAuthBearerTokenCallback();
        createCallbackHandler.handle(new Callback[]{oAuthBearerTokenCallback});
        OAuthBearerUnsecuredJws oAuthBearerUnsecuredJws = (OAuthBearerUnsecuredJws) oAuthBearerTokenCallback.token();
        Assert.assertNotNull("create token failed", oAuthBearerUnsecuredJws);
        confirmCorrectValues(oAuthBearerUnsecuredJws, ClassicConstants.USER_MDC_KEY, mockTime.milliseconds(), 3600000L);
        Assert.assertEquals(new HashSet(Arrays.asList("sub", "iat", "exp")), oAuthBearerUnsecuredJws.claims().keySet());
    }

    @Test
    public void validOptionsWithExplicitOptionValues() throws IOException, UnsupportedCallbackException, LoginException {
        String[] strArr = {null, "putScopeInHere"};
        int length = strArr.length;
        for (int i = 0; i < length; i++) {
            String str = strArr[i];
            HashMap hashMap = new HashMap();
            hashMap.put("unsecuredLoginStringClaim_principal", ClassicConstants.USER_MDC_KEY);
            hashMap.put("unsecuredLoginListClaim_list", ",1,2,");
            hashMap.put("unsecuredLoginListClaim_emptyList1", "");
            hashMap.put("unsecuredLoginListClaim_emptyList2", ",");
            hashMap.put("unsecuredLoginNumberClaim_number", CustomBooleanEditor.VALUE_1);
            hashMap.put("unsecuredLoginLifetimeSeconds", String.valueOf(10000L));
            hashMap.put("unsecuredLoginPrincipalClaimName", "principal");
            if (str != null) {
                hashMap.put("unsecuredLoginScopeClaimName", str);
            }
            String str2 = str == null ? "scope" : "putScopeInHere";
            hashMap.put("unsecuredLoginListClaim_" + str2, String.format("|%s|%s", "scope1", "scope2"));
            MockTime mockTime = new MockTime();
            OAuthBearerUnsecuredLoginCallbackHandler createCallbackHandler = createCallbackHandler(hashMap, mockTime);
            OAuthBearerTokenCallback oAuthBearerTokenCallback = new OAuthBearerTokenCallback();
            createCallbackHandler.handle(new Callback[]{oAuthBearerTokenCallback});
            OAuthBearerUnsecuredJws oAuthBearerUnsecuredJws = (OAuthBearerUnsecuredJws) oAuthBearerTokenCallback.token();
            Assert.assertNotNull("create token failed", oAuthBearerUnsecuredJws);
            confirmCorrectValues(oAuthBearerUnsecuredJws, ClassicConstants.USER_MDC_KEY, mockTime.milliseconds(), 10000 * 1000);
            Map<String, Object> claims = oAuthBearerUnsecuredJws.claims();
            Assert.assertEquals(new HashSet(Arrays.asList(str2, "principal", "iat", "exp", "number", BeanDefinitionParserDelegate.LIST_ELEMENT, "emptyList1", "emptyList2")), claims.keySet());
            Assert.assertEquals(new HashSet(Arrays.asList("scope1", "scope2")), new HashSet((List) claims.get(str2)));
            Assert.assertEquals(new HashSet(Arrays.asList("scope1", "scope2")), oAuthBearerUnsecuredJws.scope());
            Assert.assertEquals(Double.valueOf(1.0d), oAuthBearerUnsecuredJws.claim("number", Number.class));
            Assert.assertEquals(Arrays.asList(CustomBooleanEditor.VALUE_1, "2", ""), oAuthBearerUnsecuredJws.claim(BeanDefinitionParserDelegate.LIST_ELEMENT, List.class));
            Assert.assertEquals(Collections.emptyList(), oAuthBearerUnsecuredJws.claim("emptyList1", List.class));
            Assert.assertEquals(Collections.emptyList(), oAuthBearerUnsecuredJws.claim("emptyList2", List.class));
        }
    }

    private static OAuthBearerUnsecuredLoginCallbackHandler createCallbackHandler(Map<String, String> map, MockTime mockTime) {
        TestJaasConfig testJaasConfig = new TestJaasConfig();
        testJaasConfig.createOrUpdateEntry(KafkaJaasLoginModuleInitializer.KAFKA_CLIENT_CONTEXT_NAME, "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule", map);
        OAuthBearerUnsecuredLoginCallbackHandler oAuthBearerUnsecuredLoginCallbackHandler = new OAuthBearerUnsecuredLoginCallbackHandler();
        oAuthBearerUnsecuredLoginCallbackHandler.time(mockTime);
        oAuthBearerUnsecuredLoginCallbackHandler.configure(Collections.emptyMap(), OAuthBearerLoginModule.OAUTHBEARER_MECHANISM, Arrays.asList(testJaasConfig.getAppConfigurationEntry(KafkaJaasLoginModuleInitializer.KAFKA_CLIENT_CONTEXT_NAME)[0]));
        return oAuthBearerUnsecuredLoginCallbackHandler;
    }

    private static void confirmCorrectValues(OAuthBearerUnsecuredJws oAuthBearerUnsecuredJws, String str, long j, long j2) throws OAuthBearerIllegalTokenException {
        Map<String, Object> header = oAuthBearerUnsecuredJws.header();
        Assert.assertEquals(header.size(), 1L);
        Assert.assertEquals(LoggingSystem.NONE, header.get("alg"));
        Assert.assertEquals(str != null ? str : "<unknown>", oAuthBearerUnsecuredJws.principalName());
        Assert.assertEquals(Long.valueOf(j), oAuthBearerUnsecuredJws.startTimeMs());
        Assert.assertEquals(j, Math.round(oAuthBearerUnsecuredJws.issuedAt().doubleValue() * 1000.0d));
        Assert.assertEquals(j + j2, oAuthBearerUnsecuredJws.lifetimeMs());
        Assert.assertEquals(oAuthBearerUnsecuredJws.lifetimeMs(), Math.round(oAuthBearerUnsecuredJws.expirationTime().doubleValue() * 1000.0d));
    }
}
