package org.apache.kafka.common.security.oauthbearer.secured;

import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import javax.security.auth.callback.Callback;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerToken;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerValidatorCallback;
import org.apache.kafka.common.utils.Utils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/apache/kafka/common/security/oauthbearer/secured/OAuthBearerValidatorCallbackHandlerTest.class */
public class OAuthBearerValidatorCallbackHandlerTest extends OAuthBearerTest {
    @Test
    public void testBasic() throws Exception {
        List asList = Arrays.asList("a", "b", "c");
        AccessTokenBuilder audience = new AccessTokenBuilder().audience("a");
        String build = audience.build();
        OAuthBearerValidatorCallbackHandler createHandler = createHandler(getSaslConfigs("sasl.oauthbearer.expected.audience", asList), audience);
        try {
            Callback oAuthBearerValidatorCallback = new OAuthBearerValidatorCallback(build);
            createHandler.handle(new Callback[]{oAuthBearerValidatorCallback});
            Assertions.assertNotNull(oAuthBearerValidatorCallback.token());
            OAuthBearerToken oAuthBearerToken = oAuthBearerValidatorCallback.token();
            Assertions.assertEquals(build, oAuthBearerToken.value());
            Assertions.assertEquals(audience.subject(), oAuthBearerToken.principalName());
            Assertions.assertEquals(audience.expirationSeconds().longValue() * 1000, oAuthBearerToken.lifetimeMs());
            Assertions.assertEquals(audience.issuedAtSeconds().longValue() * 1000, oAuthBearerToken.startTimeMs());
            createHandler.close();
        } catch (Throwable th) {
            createHandler.close();
            throw th;
        }
    }

    @Test
    public void testInvalidAccessToken() throws Exception {
        assertInvalidAccessTokenFails("this isn't valid", "invalid_token");
        assertInvalidAccessTokenFails("this.isn't.valid", "invalid_token");
        assertInvalidAccessTokenFails(createAccessKey("this", "isn't", "valid"), "invalid_token");
        assertInvalidAccessTokenFails(createAccessKey("{}", "{}", "{}"), "invalid_token");
    }

    private void assertInvalidAccessTokenFails(String str, String str2) throws Exception {
        OAuthBearerValidatorCallbackHandler createHandler = createHandler(getSaslConfigs(), new AccessTokenBuilder());
        try {
            Callback oAuthBearerValidatorCallback = new OAuthBearerValidatorCallback(str);
            createHandler.handle(new Callback[]{oAuthBearerValidatorCallback});
            Assertions.assertNull(oAuthBearerValidatorCallback.token());
            String errorStatus = oAuthBearerValidatorCallback.errorStatus();
            Assertions.assertNotNull(errorStatus);
            Assertions.assertTrue(errorStatus.contains(str2), String.format("The error message \"%s\" didn't contain the expected substring \"%s\"", errorStatus, str2));
            createHandler.close();
        } catch (Throwable th) {
            createHandler.close();
            throw th;
        }
    }

    private OAuthBearerValidatorCallbackHandler createHandler(Map<String, ?> map, AccessTokenBuilder accessTokenBuilder) {
        OAuthBearerValidatorCallbackHandler oAuthBearerValidatorCallbackHandler = new OAuthBearerValidatorCallbackHandler();
        CloseableVerificationKeyResolver closeableVerificationKeyResolver = (jsonWebSignature, list) -> {
            return accessTokenBuilder.jwk().getRsaPublicKey();
        };
        oAuthBearerValidatorCallbackHandler.init(closeableVerificationKeyResolver, AccessTokenValidatorFactory.create(map, closeableVerificationKeyResolver));
        return oAuthBearerValidatorCallbackHandler;
    }

    private String createAccessKey(String str, String str2, String str3) {
        Base64.Encoder encoder = Base64.getEncoder();
        return String.format("%s.%s.%s", encoder.encodeToString(Utils.utf8(str)), encoder.encodeToString(Utils.utf8(str2)), encoder.encodeToString(Utils.utf8(str3)));
    }
}
