package org.apache.kafka.controller;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.CompletionStage;
import org.apache.kafka.common.Endpoint;
import org.apache.kafka.common.Uuid;
import org.apache.kafka.common.acl.AccessControlEntry;
import org.apache.kafka.common.acl.AccessControlEntryFilter;
import org.apache.kafka.common.acl.AclBinding;
import org.apache.kafka.common.acl.AclBindingFilter;
import org.apache.kafka.common.acl.AclOperation;
import org.apache.kafka.common.acl.AclPermissionType;
import org.apache.kafka.common.errors.ApiException;
import org.apache.kafka.common.errors.InvalidRequestException;
import org.apache.kafka.common.errors.NotControllerException;
import org.apache.kafka.common.metadata.AccessControlEntryRecord;
import org.apache.kafka.common.metadata.RemoveAccessControlEntryRecord;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.resource.ResourcePattern;
import org.apache.kafka.common.resource.ResourcePatternFilter;
import org.apache.kafka.common.resource.ResourceType;
import org.apache.kafka.common.utils.LogContext;
import org.apache.kafka.metadata.RecordTestUtils;
import org.apache.kafka.metadata.authorizer.AclMutator;
import org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer;
import org.apache.kafka.metadata.authorizer.StandardAcl;
import org.apache.kafka.metadata.authorizer.StandardAclTest;
import org.apache.kafka.metadata.authorizer.StandardAclWithId;
import org.apache.kafka.metadata.authorizer.StandardAclWithIdTest;
import org.apache.kafka.server.authorizer.AclCreateResult;
import org.apache.kafka.server.authorizer.AclDeleteResult;
import org.apache.kafka.server.authorizer.Action;
import org.apache.kafka.server.authorizer.AuthorizableRequestContext;
import org.apache.kafka.server.authorizer.AuthorizationResult;
import org.apache.kafka.server.authorizer.AuthorizerServerInfo;
import org.apache.kafka.server.common.ApiMessageAndVersion;
import org.apache.kafka.timeline.SnapshotRegistry;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.Timeout;

@Timeout(40)
/* loaded from: input_file:org/apache/kafka/controller/AclControlManagerTest.class */
public class AclControlManagerTest {

    /* loaded from: input_file:org/apache/kafka/controller/AclControlManagerTest$MockClusterMetadataAuthorizer.class */
    static class MockClusterMetadataAuthorizer implements ClusterMetadataAuthorizer {
        Map<Uuid, StandardAcl> acls = Collections.emptyMap();

        MockClusterMetadataAuthorizer() {
        }

        public void setAclMutator(AclMutator aclMutator) {
        }

        public AclMutator aclMutatorOrException() {
            throw new NotControllerException("The current node is not the active controller.");
        }

        public void loadSnapshot(Map<Uuid, StandardAcl> map) {
            this.acls = new HashMap(map);
        }

        public void addAcl(Uuid uuid, StandardAcl standardAcl) {
        }

        public void removeAcl(Uuid uuid) {
        }

        public Map<Endpoint, ? extends CompletionStage<Void>> start(AuthorizerServerInfo authorizerServerInfo) {
            return null;
        }

        public List<AuthorizationResult> authorize(AuthorizableRequestContext authorizableRequestContext, List<Action> list) {
            return null;
        }

        public Iterable<AclBinding> acls(AclBindingFilter aclBindingFilter) {
            return null;
        }

        public void close() throws IOException {
        }

        public void configure(Map<String, ?> map) {
        }
    }

    @Test
    public void testValidateNewAcl() {
        AclControlManager.validateNewAcl(new AclBinding(new ResourcePattern(ResourceType.TOPIC, "*", PatternType.LITERAL), new AccessControlEntry("User:*", "*", AclOperation.ALTER, AclPermissionType.ALLOW)));
        Assertions.assertEquals("Invalid patternType UNKNOWN", Assertions.assertThrows(InvalidRequestException.class, () -> {
            AclControlManager.validateNewAcl(new AclBinding(new ResourcePattern(ResourceType.TOPIC, "*", PatternType.UNKNOWN), new AccessControlEntry("User:*", "*", AclOperation.ALTER, AclPermissionType.ALLOW)));
        }).getMessage());
        Assertions.assertEquals("Invalid resourceType UNKNOWN", Assertions.assertThrows(InvalidRequestException.class, () -> {
            AclControlManager.validateNewAcl(new AclBinding(new ResourcePattern(ResourceType.UNKNOWN, "*", PatternType.LITERAL), new AccessControlEntry("User:*", "*", AclOperation.ALTER, AclPermissionType.ALLOW)));
        }).getMessage());
        Assertions.assertEquals("Invalid operation UNKNOWN", Assertions.assertThrows(InvalidRequestException.class, () -> {
            AclControlManager.validateNewAcl(new AclBinding(new ResourcePattern(ResourceType.TOPIC, "*", PatternType.LITERAL), new AccessControlEntry("User:*", "*", AclOperation.UNKNOWN, AclPermissionType.ALLOW)));
        }).getMessage());
        Assertions.assertEquals("Invalid permissionType UNKNOWN", Assertions.assertThrows(InvalidRequestException.class, () -> {
            AclControlManager.validateNewAcl(new AclBinding(new ResourcePattern(ResourceType.TOPIC, "*", PatternType.LITERAL), new AccessControlEntry("User:*", "*", AclOperation.ALTER, AclPermissionType.UNKNOWN)));
        }).getMessage());
    }

    @Test
    public void testValidateFilter() {
        AclControlManager.validateFilter(new AclBindingFilter(new ResourcePatternFilter(ResourceType.ANY, "*", PatternType.LITERAL), new AccessControlEntryFilter("User:*", "*", AclOperation.ANY, AclPermissionType.ANY)));
        Assertions.assertEquals("Unknown patternFilter.", Assertions.assertThrows(InvalidRequestException.class, () -> {
            AclControlManager.validateFilter(new AclBindingFilter(new ResourcePatternFilter(ResourceType.ANY, "*", PatternType.UNKNOWN), new AccessControlEntryFilter("User:*", "*", AclOperation.ANY, AclPermissionType.ANY)));
        }).getMessage());
        Assertions.assertEquals("Unknown entryFilter.", Assertions.assertThrows(InvalidRequestException.class, () -> {
            AclControlManager.validateFilter(new AclBindingFilter(new ResourcePatternFilter(ResourceType.ANY, "*", PatternType.MATCH), new AccessControlEntryFilter("User:*", "*", AclOperation.ANY, AclPermissionType.UNKNOWN)));
        }).getMessage());
    }

    @Test
    public void testLoadSnapshot() {
        SnapshotRegistry snapshotRegistry = new SnapshotRegistry(new LogContext());
        snapshotRegistry.getOrCreateSnapshot(0L);
        AclControlManager aclControlManager = new AclControlManager(snapshotRegistry, Optional.empty());
        HashSet hashSet = new HashSet();
        for (StandardAclWithId standardAclWithId : StandardAclWithIdTest.TEST_ACLS) {
            Assertions.assertTrue(hashSet.add(new ApiMessageAndVersion(standardAclWithId.toRecord(), (short) 0)));
            aclControlManager.replay(standardAclWithId.toRecord(), Optional.empty());
        }
        HashSet hashSet2 = new HashSet();
        Iterator it = aclControlManager.iterator(Long.MAX_VALUE);
        while (it.hasNext()) {
            Iterator it2 = ((List) it.next()).iterator();
            while (it2.hasNext()) {
                Assertions.assertTrue(hashSet2.add((ApiMessageAndVersion) it2.next()));
            }
        }
        Assertions.assertEquals(hashSet, hashSet2);
        MockClusterMetadataAuthorizer mockClusterMetadataAuthorizer = new MockClusterMetadataAuthorizer();
        mockClusterMetadataAuthorizer.loadSnapshot(aclControlManager.idToAcl());
        Assertions.assertEquals(new HashSet(StandardAclTest.TEST_ACLS), new HashSet(mockClusterMetadataAuthorizer.acls.values()));
        snapshotRegistry.revertToSnapshot(0L);
        mockClusterMetadataAuthorizer.loadSnapshot(aclControlManager.idToAcl());
        Assertions.assertFalse(aclControlManager.iterator(Long.MAX_VALUE).hasNext());
    }

    @Test
    public void testAddAndDelete() {
        AclControlManager aclControlManager = new AclControlManager(new SnapshotRegistry(new LogContext()), Optional.empty());
        new MockClusterMetadataAuthorizer().loadSnapshot(aclControlManager.idToAcl());
        aclControlManager.replay(StandardAclWithIdTest.TEST_ACLS.get(0).toRecord(), Optional.empty());
        Assertions.assertEquals(new ApiMessageAndVersion(StandardAclWithIdTest.TEST_ACLS.get(0).toRecord(), (short) 0), ((List) aclControlManager.iterator(Long.MAX_VALUE).next()).get(0));
        aclControlManager.replay(new RemoveAccessControlEntryRecord().setId(StandardAclWithIdTest.TEST_ACLS.get(0).id()), Optional.empty());
        Assertions.assertFalse(aclControlManager.iterator(Long.MAX_VALUE).hasNext());
    }

    @Test
    public void testCreateAclDeleteAcl() {
        AclControlManager aclControlManager = new AclControlManager(new SnapshotRegistry(new LogContext()), Optional.empty());
        new MockClusterMetadataAuthorizer().loadSnapshot(aclControlManager.idToAcl());
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < 3; i++) {
            arrayList.add(StandardAclWithIdTest.TEST_ACLS.get(i).toBinding());
        }
        arrayList.add(new AclBinding(new ResourcePattern(ResourceType.TOPIC, "*", PatternType.UNKNOWN), new AccessControlEntry("User:*", "*", AclOperation.ALTER, AclPermissionType.ALLOW)));
        ControllerResult createAcls = aclControlManager.createAcls(arrayList);
        ArrayList arrayList2 = new ArrayList();
        for (int i2 = 0; i2 < 3; i2++) {
            arrayList2.add(AclCreateResult.SUCCESS);
        }
        arrayList2.add(new AclCreateResult(new InvalidRequestException("Invalid patternType UNKNOWN")));
        for (int i3 = 0; i3 < arrayList2.size(); i3++) {
            AclCreateResult aclCreateResult = (AclCreateResult) arrayList2.get(i3);
            if (aclCreateResult.exception().isPresent()) {
                Assertions.assertEquals(((ApiException) aclCreateResult.exception().get()).getMessage(), ((ApiException) ((AclCreateResult) ((List) createAcls.response()).get(i3)).exception().get()).getMessage());
            } else {
                Assertions.assertFalse(((AclCreateResult) ((List) createAcls.response()).get(i3)).exception().isPresent());
            }
        }
        RecordTestUtils.replayAll(aclControlManager, createAcls.records());
        Assertions.assertTrue(aclControlManager.iterator(Long.MAX_VALUE).hasNext());
        ControllerResult deleteAcls = aclControlManager.deleteAcls(Arrays.asList(new AclBindingFilter(new ResourcePatternFilter(ResourceType.ANY, (String) null, PatternType.LITERAL), AccessControlEntryFilter.ANY), new AclBindingFilter(new ResourcePatternFilter(ResourceType.UNKNOWN, (String) null, PatternType.LITERAL), AccessControlEntryFilter.ANY)));
        Assertions.assertEquals(2, ((List) deleteAcls.response()).size());
        HashSet hashSet = new HashSet();
        for (AclDeleteResult.AclBindingDeleteResult aclBindingDeleteResult : ((AclDeleteResult) ((List) deleteAcls.response()).get(0)).aclBindingDeleteResults()) {
            Assertions.assertEquals(Optional.empty(), aclBindingDeleteResult.exception());
            hashSet.add(aclBindingDeleteResult.aclBinding());
        }
        Assertions.assertEquals(new HashSet(Arrays.asList(StandardAclWithIdTest.TEST_ACLS.get(0).toBinding(), StandardAclWithIdTest.TEST_ACLS.get(2).toBinding())), hashSet);
        Assertions.assertEquals(InvalidRequestException.class, ((ApiException) ((AclDeleteResult) ((List) deleteAcls.response()).get(1)).exception().get()).getClass());
        RecordTestUtils.replayAll(aclControlManager, deleteAcls.records());
        Iterator it = aclControlManager.iterator(Long.MAX_VALUE);
        Assertions.assertTrue(it.hasNext());
        List list = (List) it.next();
        Assertions.assertEquals(1, list.size());
        Assertions.assertEquals(StandardAclWithIdTest.TEST_ACLS.get(1).toBinding(), StandardAcl.fromRecord((AccessControlEntryRecord) ((ApiMessageAndVersion) list.get(0)).message()).toBinding());
        Assertions.assertFalse(it.hasNext());
    }
}
