package org.apache.kafka.common.security.authenticator;

import java.io.IOException;
import java.net.InetAddress;
import java.nio.ByteBuffer;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import org.apache.kafka.common.errors.IllegalSaslStateException;
import org.apache.kafka.common.message.ApiMessageType;
import org.apache.kafka.common.network.ChannelMetadataRegistry;
import org.apache.kafka.common.network.DefaultChannelMetadataRegistry;
import org.apache.kafka.common.network.InvalidReceiveException;
import org.apache.kafka.common.network.ListenerName;
import org.apache.kafka.common.network.TransportLayer;
import org.apache.kafka.common.protocol.ApiKeys;
import org.apache.kafka.common.requests.ApiVersionsRequest;
import org.apache.kafka.common.requests.ApiVersionsResponse;
import org.apache.kafka.common.requests.RequestHeader;
import org.apache.kafka.common.requests.RequestTestUtils;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.security.kerberos.KerberosShortNamer;
import org.apache.kafka.common.security.plain.PlainLoginModule;
import org.apache.kafka.common.security.scram.internals.ScramMechanism;
import org.apache.kafka.common.utils.AppInfoParser;
import org.apache.kafka.common.utils.Time;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.mockito.Answers;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/kafka/common/security/authenticator/SaslServerAuthenticatorTest.class */
public class SaslServerAuthenticatorTest {
    @Test
    public void testOversizeRequest() throws IOException {
        TransportLayer transportLayer = (TransportLayer) Mockito.mock(TransportLayer.class);
        SaslServerAuthenticator saslServerAuthenticator = setupAuthenticator(Collections.singletonMap("sasl.enabled.mechanisms", Collections.singletonList(ScramMechanism.SCRAM_SHA_256.mechanismName())), transportLayer, ScramMechanism.SCRAM_SHA_256.mechanismName(), new DefaultChannelMetadataRegistry());
        Mockito.when(Integer.valueOf(transportLayer.read((ByteBuffer) ArgumentMatchers.any(ByteBuffer.class)))).then(invocationOnMock -> {
            ((ByteBuffer) invocationOnMock.getArgument(0)).putInt(524289);
            return 4;
        });
        saslServerAuthenticator.getClass();
        Assertions.assertThrows(InvalidReceiveException.class, saslServerAuthenticator::authenticate);
        ((TransportLayer) Mockito.verify(transportLayer)).read((ByteBuffer) ArgumentMatchers.any(ByteBuffer.class));
    }

    @Test
    public void testUnexpectedRequestType() throws IOException {
        TransportLayer transportLayer = (TransportLayer) Mockito.mock(TransportLayer.class);
        SaslServerAuthenticator saslServerAuthenticator = setupAuthenticator(Collections.singletonMap("sasl.enabled.mechanisms", Collections.singletonList(ScramMechanism.SCRAM_SHA_256.mechanismName())), transportLayer, ScramMechanism.SCRAM_SHA_256.mechanismName(), new DefaultChannelMetadataRegistry());
        ByteBuffer serializeRequestHeader = RequestTestUtils.serializeRequestHeader(new RequestHeader(ApiKeys.METADATA, (short) 0, "clientId", 13243));
        Mockito.when(Integer.valueOf(transportLayer.read((ByteBuffer) ArgumentMatchers.any(ByteBuffer.class)))).then(invocationOnMock -> {
            ((ByteBuffer) invocationOnMock.getArgument(0)).putInt(serializeRequestHeader.remaining());
            return 4;
        }).then(invocationOnMock2 -> {
            ((ByteBuffer) invocationOnMock2.getArgument(0)).put(serializeRequestHeader.duplicate());
            return Integer.valueOf(serializeRequestHeader.remaining());
        });
        try {
            saslServerAuthenticator.authenticate();
            Assertions.fail("Expected authenticate() to raise an exception");
        } catch (IllegalSaslStateException e) {
        }
        ((TransportLayer) Mockito.verify(transportLayer, Mockito.times(2))).read((ByteBuffer) ArgumentMatchers.any(ByteBuffer.class));
    }

    @Test
    public void testOldestApiVersionsRequest() throws IOException {
        testApiVersionsRequest(ApiKeys.API_VERSIONS.oldestVersion(), "unknown", "unknown");
    }

    @Test
    public void testLatestApiVersionsRequest() throws IOException {
        testApiVersionsRequest(ApiKeys.API_VERSIONS.latestVersion(), "apache-kafka-java", AppInfoParser.getVersion());
    }

    private void testApiVersionsRequest(short s, String str, String str2) throws IOException {
        TransportLayer transportLayer = (TransportLayer) Mockito.mock(TransportLayer.class, Answers.RETURNS_DEEP_STUBS);
        Map<String, ?> singletonMap = Collections.singletonMap("sasl.enabled.mechanisms", Collections.singletonList(ScramMechanism.SCRAM_SHA_256.mechanismName()));
        DefaultChannelMetadataRegistry defaultChannelMetadataRegistry = new DefaultChannelMetadataRegistry();
        SaslServerAuthenticator saslServerAuthenticator = setupAuthenticator(singletonMap, transportLayer, ScramMechanism.SCRAM_SHA_256.mechanismName(), defaultChannelMetadataRegistry);
        ByteBuffer serializeRequestHeader = RequestTestUtils.serializeRequestHeader(new RequestHeader(ApiKeys.API_VERSIONS, s, "clientId", 0));
        ByteBuffer serialize = new ApiVersionsRequest.Builder().build(s).serialize();
        serialize.rewind();
        Mockito.when(transportLayer.socketChannel().socket().getInetAddress()).thenReturn(InetAddress.getLoopbackAddress());
        Mockito.when(Integer.valueOf(transportLayer.read((ByteBuffer) ArgumentMatchers.any(ByteBuffer.class)))).then(invocationOnMock -> {
            ((ByteBuffer) invocationOnMock.getArgument(0)).putInt(serializeRequestHeader.remaining() + serialize.remaining());
            return 4;
        }).then(invocationOnMock2 -> {
            ((ByteBuffer) invocationOnMock2.getArgument(0)).put(serializeRequestHeader.duplicate()).put(serialize.duplicate());
            return Integer.valueOf(serializeRequestHeader.remaining() + serialize.remaining());
        });
        saslServerAuthenticator.authenticate();
        Assertions.assertEquals(str, defaultChannelMetadataRegistry.clientInformation().softwareName());
        Assertions.assertEquals(str2, defaultChannelMetadataRegistry.clientInformation().softwareVersion());
        ((TransportLayer) Mockito.verify(transportLayer, Mockito.times(2))).read((ByteBuffer) ArgumentMatchers.any(ByteBuffer.class));
    }

    private SaslServerAuthenticator setupAuthenticator(Map<String, ?> map, TransportLayer transportLayer, String str, ChannelMetadataRegistry channelMetadataRegistry) {
        new TestJaasConfig().addEntry("jaasContext", PlainLoginModule.class.getName(), new HashMap());
        Map singletonMap = Collections.singletonMap(str, new Subject());
        Map singletonMap2 = Collections.singletonMap(str, new SaslServerCallbackHandler());
        ApiVersionsResponse defaultApiVersionsResponse = ApiVersionsResponse.defaultApiVersionsResponse(ApiMessageType.ListenerType.ZK_BROKER);
        return new SaslServerAuthenticator(map, singletonMap2, "node", singletonMap, (KerberosShortNamer) null, new ListenerName("ssl"), SecurityProtocol.SASL_SSL, transportLayer, Collections.emptyMap(), channelMetadataRegistry, Time.SYSTEM, () -> {
            return defaultApiVersionsResponse;
        });
    }
}
