package org.apache.kafka.tools.consumer.group;

import java.io.IOException;
import java.time.Duration;
import java.util.Arrays;
import java.util.Collections;
import java.util.Objects;
import java.util.Properties;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import kafka.api.AbstractSaslTest;
import org.apache.kafka.clients.admin.Admin;
import org.apache.kafka.clients.admin.NewTopic;
import org.apache.kafka.clients.consumer.Consumer;
import org.apache.kafka.common.errors.SaslAuthenticationException;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.serialization.ByteArrayDeserializer;
import org.apache.kafka.metadata.storage.Formatter;
import org.apache.kafka.test.TestUtils;
import org.apache.kafka.tools.consumer.group.ConsumerGroupCommand;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.TestInfo;
import org.junit.jupiter.api.function.Executable;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;
import scala.Option;
import scala.Some$;
import scala.collection.Seq;
import scala.jdk.javaapi.CollectionConverters;

/* loaded from: input_file:org/apache/kafka/tools/consumer/group/SaslClientsWithInvalidCredentialsTest.class */
public class SaslClientsWithInvalidCredentialsTest extends AbstractSaslTest {
    private static final String TOPIC = "topic";
    public static final int NUM_PARTITIONS = 1;
    public static final int BROKER_COUNT = 1;
    public static final String KAFKA_CLIENT_SASL_MECHANISM = "SCRAM-SHA-256";
    private static final Seq<String> KAFKA_SERVER_SASL_MECHANISMS = CollectionConverters.asScala(Collections.singletonList(KAFKA_CLIENT_SASL_MECHANISM)).toSeq();

    private Consumer<byte[], byte[]> createConsumer() {
        return createConsumer(new ByteArrayDeserializer(), new ByteArrayDeserializer(), new Properties(), CollectionConverters.asScala(Collections.emptySet()).toList());
    }

    public SecurityProtocol securityProtocol() {
        return SecurityProtocol.SASL_PLAINTEXT;
    }

    public Option<Properties> serverSaslProperties() {
        return Some$.MODULE$.apply(kafkaServerSaslProperties(KAFKA_SERVER_SASL_MECHANISMS, KAFKA_CLIENT_SASL_MECHANISM));
    }

    public Option<Properties> clientSaslProperties() {
        return Some$.MODULE$.apply(kafkaClientSaslProperties(KAFKA_CLIENT_SASL_MECHANISM, false));
    }

    public int brokerCount() {
        return 1;
    }

    public void configureSecurityBeforeServersStart(TestInfo testInfo) {
        super.configureSecurityBeforeServersStart(testInfo);
    }

    public void addFormatterSettings(Formatter formatter) {
        formatter.setClusterId("XcZZOzUqS4yHOjhMQB6JLQ");
        formatter.setScramArguments(Arrays.asList("SCRAM-SHA-256=[name=scram-admin,password=scram-admin-secret]"));
    }

    public Admin createPrivilegedAdminClient() {
        return createAdminClient(bootstrapServers(listenerName()), securityProtocol(), trustStoreFile(), clientSaslProperties(), KAFKA_CLIENT_SASL_MECHANISM, "scram-admin", "scram-admin-secret");
    }

    @BeforeEach
    public void setUp(TestInfo testInfo) {
        startSasl(jaasSections(KAFKA_SERVER_SASL_MECHANISMS, Some$.MODULE$.apply(KAFKA_CLIENT_SASL_MECHANISM), "KafkaServer"));
        superuserClientConfig().put("sasl.jaas.config", jaasAdminLoginModule(KAFKA_CLIENT_SASL_MECHANISM, Option.empty()));
        super.setUp(testInfo);
        try {
            Admin createPrivilegedAdminClient = createPrivilegedAdminClient();
            try {
                createPrivilegedAdminClient.createTopics(Collections.singletonList(new NewTopic(TOPIC, 1, (short) 1))).all().get(5L, TimeUnit.MINUTES);
                if (createPrivilegedAdminClient != null) {
                    createPrivilegedAdminClient.close();
                }
            } finally {
            }
        } catch (InterruptedException | ExecutionException | TimeoutException e) {
            throw new RuntimeException(e);
        }
    }

    @AfterEach
    public void tearDown() {
        super.tearDown();
        closeSasl();
    }

    @MethodSource({"getTestQuorumAndGroupProtocolParametersAll"})
    @ParameterizedTest(name = "{displayName}.quorum={0}.groupProtocol={1}")
    public void testConsumerGroupServiceWithAuthenticationFailure(String str, String str2) throws Exception {
        ConsumerGroupCommand.ConsumerGroupService prepareConsumerGroupService = prepareConsumerGroupService();
        try {
            Consumer<byte[], byte[]> createConsumer = createConsumer();
            try {
                createConsumer.subscribe(Collections.singletonList(TOPIC));
                Objects.requireNonNull(prepareConsumerGroupService);
                verifyAuthenticationException(prepareConsumerGroupService::listGroups);
                if (createConsumer != null) {
                    createConsumer.close();
                }
                if (prepareConsumerGroupService != null) {
                    prepareConsumerGroupService.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (prepareConsumerGroupService != null) {
                try {
                    prepareConsumerGroupService.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @MethodSource({"getTestQuorumAndGroupProtocolParametersAll"})
    @ParameterizedTest(name = "{displayName}.quorum={0}.groupProtocol={1}")
    public void testConsumerGroupServiceWithAuthenticationSuccess(String str, String str2) throws Exception {
        createScramCredentialsViaPrivilegedAdminClient("scram-user2", "scram-user2-secret");
        ConsumerGroupCommand.ConsumerGroupService prepareConsumerGroupService = prepareConsumerGroupService();
        try {
            Consumer<byte[], byte[]> createConsumer = createConsumer();
            try {
                createConsumer.subscribe(Collections.singletonList(TOPIC));
                TestUtils.waitForCondition(() -> {
                    try {
                        createConsumer.poll(Duration.ofMillis(1000L));
                        return true;
                    } catch (SaslAuthenticationException e) {
                        return false;
                    }
                }, "failed to poll data with authentication");
                Assertions.assertEquals(1, prepareConsumerGroupService.listConsumerGroups().size());
                if (createConsumer != null) {
                    createConsumer.close();
                }
                if (prepareConsumerGroupService != null) {
                    prepareConsumerGroupService.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (prepareConsumerGroupService != null) {
                try {
                    prepareConsumerGroupService.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private ConsumerGroupCommand.ConsumerGroupService prepareConsumerGroupService() throws IOException {
        return new ConsumerGroupCommand.ConsumerGroupService(ConsumerGroupCommandOptions.fromArgs(new String[]{"--bootstrap-server", bootstrapServers(listenerName()), "--describe", "--group", "test.group", "--command-config", TestUtils.tempFile("security.protocol=SASL_PLAINTEXT\nsasl.mechanism=SCRAM-SHA-256").getAbsolutePath()}), Collections.emptyMap());
    }

    private void verifyAuthenticationException(Executable executable) {
        long currentTimeMillis = System.currentTimeMillis();
        Assertions.assertThrows(Exception.class, executable);
        long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
        Assertions.assertTrue(currentTimeMillis2 <= 5000, "Poll took too long, elapsed=" + currentTimeMillis2);
    }
}
