package org.apache.kafka.common.security.oauthbearer.internals.unsecured;

import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.kafka.common.security.auth.SaslExtensionsCallback;
import org.apache.kafka.common.security.authenticator.TestJaasConfig;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback;
import org.apache.kafka.common.utils.MockTime;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/apache/kafka/common/security/oauthbearer/internals/unsecured/OAuthBearerUnsecuredLoginCallbackHandlerTest.class */
public class OAuthBearerUnsecuredLoginCallbackHandlerTest {
    @Test
    public void addsExtensions() throws IOException, UnsupportedCallbackException {
        HashMap hashMap = new HashMap();
        hashMap.put("unsecuredLoginExtension_testId", "1");
        OAuthBearerUnsecuredLoginCallbackHandler createCallbackHandler = createCallbackHandler(hashMap, new MockTime());
        Callback saslExtensionsCallback = new SaslExtensionsCallback();
        createCallbackHandler.handle(new Callback[]{saslExtensionsCallback});
        Assertions.assertEquals("1", saslExtensionsCallback.extensions().map().get("testId"));
    }

    @Test
    public void throwsErrorOnInvalidExtensionName() {
        HashMap hashMap = new HashMap();
        hashMap.put("unsecuredLoginExtension_test.Id", "1");
        OAuthBearerUnsecuredLoginCallbackHandler createCallbackHandler = createCallbackHandler(hashMap, new MockTime());
        SaslExtensionsCallback saslExtensionsCallback = new SaslExtensionsCallback();
        Assertions.assertThrows(IOException.class, () -> {
            createCallbackHandler.handle(new Callback[]{saslExtensionsCallback});
        });
    }

    @Test
    public void throwsErrorOnInvalidExtensionValue() {
        HashMap hashMap = new HashMap();
        hashMap.put("unsecuredLoginExtension_testId", "Çalifornia");
        OAuthBearerUnsecuredLoginCallbackHandler createCallbackHandler = createCallbackHandler(hashMap, new MockTime());
        SaslExtensionsCallback saslExtensionsCallback = new SaslExtensionsCallback();
        Assertions.assertThrows(IOException.class, () -> {
            createCallbackHandler.handle(new Callback[]{saslExtensionsCallback});
        });
    }

    @Test
    public void minimalToken() throws IOException, UnsupportedCallbackException {
        HashMap hashMap = new HashMap();
        hashMap.put("unsecuredLoginStringClaim_sub", "user");
        MockTime mockTime = new MockTime();
        OAuthBearerUnsecuredLoginCallbackHandler createCallbackHandler = createCallbackHandler(hashMap, mockTime);
        Callback oAuthBearerTokenCallback = new OAuthBearerTokenCallback();
        createCallbackHandler.handle(new Callback[]{oAuthBearerTokenCallback});
        OAuthBearerUnsecuredJws oAuthBearerUnsecuredJws = oAuthBearerTokenCallback.token();
        Assertions.assertNotNull(oAuthBearerUnsecuredJws, "create token failed");
        confirmCorrectValues(oAuthBearerUnsecuredJws, "user", mockTime.milliseconds(), 3600000L);
        Assertions.assertEquals(new HashSet(Arrays.asList("sub", "iat", "exp")), oAuthBearerUnsecuredJws.claims().keySet());
    }

    @Test
    public void validOptionsWithExplicitOptionValues() throws IOException, UnsupportedCallbackException {
        String[] strArr = {null, "putScopeInHere"};
        int length = strArr.length;
        for (int i = 0; i < length; i++) {
            String str = strArr[i];
            HashMap hashMap = new HashMap();
            hashMap.put("unsecuredLoginStringClaim_principal", "user");
            hashMap.put("unsecuredLoginListClaim_list", ",1,2,");
            hashMap.put("unsecuredLoginListClaim_emptyList1", "");
            hashMap.put("unsecuredLoginListClaim_emptyList2", ",");
            hashMap.put("unsecuredLoginNumberClaim_number", "1");
            hashMap.put("unsecuredLoginLifetimeSeconds", String.valueOf(10000L));
            hashMap.put("unsecuredLoginPrincipalClaimName", "principal");
            if (str != null) {
                hashMap.put("unsecuredLoginScopeClaimName", str);
            }
            String str2 = str == null ? "scope" : "putScopeInHere";
            hashMap.put("unsecuredLoginListClaim_" + str2, String.format("|%s|%s", "scope1", "scope2"));
            MockTime mockTime = new MockTime();
            OAuthBearerUnsecuredLoginCallbackHandler createCallbackHandler = createCallbackHandler(hashMap, mockTime);
            Callback oAuthBearerTokenCallback = new OAuthBearerTokenCallback();
            createCallbackHandler.handle(new Callback[]{oAuthBearerTokenCallback});
            OAuthBearerUnsecuredJws oAuthBearerUnsecuredJws = oAuthBearerTokenCallback.token();
            Assertions.assertNotNull(oAuthBearerUnsecuredJws, "create token failed");
            confirmCorrectValues(oAuthBearerUnsecuredJws, "user", mockTime.milliseconds(), 10000 * 1000);
            Map claims = oAuthBearerUnsecuredJws.claims();
            Assertions.assertEquals(new HashSet(Arrays.asList(str2, "principal", "iat", "exp", "number", "list", "emptyList1", "emptyList2")), claims.keySet());
            Assertions.assertEquals(new HashSet(Arrays.asList("scope1", "scope2")), new HashSet((List) claims.get(str2)));
            Assertions.assertEquals(new HashSet(Arrays.asList("scope1", "scope2")), oAuthBearerUnsecuredJws.scope());
            Assertions.assertEquals(Double.valueOf(1.0d), oAuthBearerUnsecuredJws.claim("number", Number.class));
            Assertions.assertEquals(Arrays.asList("1", "2", ""), oAuthBearerUnsecuredJws.claim("list", List.class));
            Assertions.assertEquals(Collections.emptyList(), oAuthBearerUnsecuredJws.claim("emptyList1", List.class));
            Assertions.assertEquals(Collections.emptyList(), oAuthBearerUnsecuredJws.claim("emptyList2", List.class));
        }
    }

    private static OAuthBearerUnsecuredLoginCallbackHandler createCallbackHandler(Map<String, String> map, MockTime mockTime) {
        TestJaasConfig testJaasConfig = new TestJaasConfig();
        testJaasConfig.createOrUpdateEntry("KafkaClient", "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule", map);
        OAuthBearerUnsecuredLoginCallbackHandler oAuthBearerUnsecuredLoginCallbackHandler = new OAuthBearerUnsecuredLoginCallbackHandler();
        oAuthBearerUnsecuredLoginCallbackHandler.time(mockTime);
        oAuthBearerUnsecuredLoginCallbackHandler.configure(Collections.emptyMap(), "OAUTHBEARER", Arrays.asList(testJaasConfig.getAppConfigurationEntry("KafkaClient")[0]));
        return oAuthBearerUnsecuredLoginCallbackHandler;
    }

    private static void confirmCorrectValues(OAuthBearerUnsecuredJws oAuthBearerUnsecuredJws, String str, long j, long j2) throws OAuthBearerIllegalTokenException {
        Map header = oAuthBearerUnsecuredJws.header();
        Assertions.assertEquals(header.size(), 1);
        Assertions.assertEquals("none", header.get("alg"));
        Assertions.assertEquals(str != null ? str : "<unknown>", oAuthBearerUnsecuredJws.principalName());
        Assertions.assertEquals(Long.valueOf(j), oAuthBearerUnsecuredJws.startTimeMs());
        Assertions.assertEquals(j, Math.round(oAuthBearerUnsecuredJws.issuedAt().doubleValue() * 1000.0d));
        Assertions.assertEquals(j + j2, oAuthBearerUnsecuredJws.lifetimeMs());
        Assertions.assertEquals(oAuthBearerUnsecuredJws.lifetimeMs(), Math.round(oAuthBearerUnsecuredJws.expirationTime().doubleValue() * 1000.0d));
    }
}
