package kafka.admin;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.PrintStream;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.management.InstanceAlreadyExistsException;
import kafka.admin.AclCommand;
import kafka.security.authorizer.AclAuthorizer;
import kafka.test.ClusterInstance;
import kafka.test.annotation.ClusterConfigProperty;
import kafka.test.annotation.ClusterTest;
import kafka.test.annotation.ClusterTestDefaults;
import kafka.test.annotation.ClusterTests;
import kafka.test.annotation.Type;
import kafka.test.junit.ClusterTestExtensions;
import kafka.test.junit.ZkClusterInvocationContext;
import kafka.utils.Exit;
import kafka.utils.TestUtils;
import org.apache.kafka.common.acl.AccessControlEntry;
import org.apache.kafka.common.acl.AccessControlEntryFilter;
import org.apache.kafka.common.acl.AclOperation;
import org.apache.kafka.common.acl.AclPermissionType;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.resource.ResourcePattern;
import org.apache.kafka.common.resource.ResourceType;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.utils.AppInfoParser;
import org.apache.kafka.common.utils.LogCaptureAppender;
import org.apache.kafka.common.utils.SecurityUtils;
import org.apache.kafka.server.authorizer.Authorizer;
import org.apache.log4j.Level;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import scala.Console;
import scala.collection.JavaConverters;

@ClusterTestDefaults(serverProperties = {@ClusterConfigProperty(key = "super.users", value = "User:ANONYMOUS"), @ClusterConfigProperty(key = "authorizer.class.name", value = AclCommandTest.ACL_AUTHORIZER)})
@ExtendWith({ClusterTestExtensions.class})
/* loaded from: input_file:kafka/admin/AclCommandTest.class */
public class AclCommandTest {
    public static final String ACL_AUTHORIZER = "kafka.security.authorizer.AclAuthorizer";
    private static final String STANDARD_AUTHORIZER = "org.apache.kafka.metadata.authorizer.StandardAuthorizer";
    private static final String LOCALHOST = "localhost:9092";
    private static final String AUTHORIZER = "--authorizer";
    private static final String AUTHORIZER_PROPERTIES = "--authorizer-properties";
    private static final String ADD = "--add";
    private static final String BOOTSTRAP_SERVER = "--bootstrap-server";
    private static final String COMMAND_CONFIG = "--command-config";
    private static final String CONSUMER = "--consumer";
    private static final String IDEMPOTENT = "--idempotent";
    private static final String GROUP = "--group";
    private static final String LIST = "--list";
    private static final String REMOVE = "--remove";
    private static final String PRODUCER = "--producer";
    private static final String OPERATION = "--operation";
    private static final String TOPIC = "--topic";
    private static final String RESOURCE_PATTERN_TYPE = "--resource-pattern-type";
    private static final String ZOOKEEPER_CONNECT = "zookeeper.connect=localhost:2181";
    private static final KafkaPrincipal PRINCIPAL = SecurityUtils.parseKafkaPrincipal("User:test2");
    private static final Set<KafkaPrincipal> USERS = new HashSet(Arrays.asList(SecurityUtils.parseKafkaPrincipal("User:CN=writeuser,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown"), PRINCIPAL, SecurityUtils.parseKafkaPrincipal("User:CN=\\#User with special chars in CN : (\\, \\+ \" \\ \\< \\> \\; ')")));
    private static final Set<String> HOSTS = new HashSet(Arrays.asList("host1", "host2"));
    private static final List<String> ALLOW_HOST_COMMAND = Arrays.asList("--allow-host", "host1", "--allow-host", "host2");
    private static final List<String> DENY_HOST_COMMAND = Arrays.asList("--deny-host", "host1", "--deny-host", "host2");
    private static final ResourcePattern CLUSTER_RESOURCE = new ResourcePattern(ResourceType.CLUSTER, "kafka-cluster", PatternType.LITERAL);
    private static final Set<ResourcePattern> TOPIC_RESOURCES = new HashSet(Arrays.asList(new ResourcePattern(ResourceType.TOPIC, "test-1", PatternType.LITERAL), new ResourcePattern(ResourceType.TOPIC, "test-2", PatternType.LITERAL)));
    private static final Set<ResourcePattern> GROUP_RESOURCES = new HashSet(Arrays.asList(new ResourcePattern(ResourceType.GROUP, "testGroup-1", PatternType.LITERAL), new ResourcePattern(ResourceType.GROUP, "testGroup-2", PatternType.LITERAL)));
    private static final Set<ResourcePattern> TRANSACTIONAL_ID_RESOURCES = new HashSet(Arrays.asList(new ResourcePattern(ResourceType.TRANSACTIONAL_ID, "t0", PatternType.LITERAL), new ResourcePattern(ResourceType.TRANSACTIONAL_ID, "t1", PatternType.LITERAL)));
    private static final Set<ResourcePattern> TOKEN_RESOURCES = new HashSet(Arrays.asList(new ResourcePattern(ResourceType.DELEGATION_TOKEN, "token1", PatternType.LITERAL), new ResourcePattern(ResourceType.DELEGATION_TOKEN, "token2", PatternType.LITERAL)));
    private static final Set<ResourcePattern> USER_RESOURCES = new HashSet(Arrays.asList(new ResourcePattern(ResourceType.USER, "User:test-user1", PatternType.LITERAL), new ResourcePattern(ResourceType.USER, "User:test-user2", PatternType.LITERAL)));
    private static final Map<Set<ResourcePattern>, List<String>> RESOURCE_TO_COMMAND = new HashMap<Set<ResourcePattern>, List<String>>() { // from class: kafka.admin.AclCommandTest.1
        {
            put(AclCommandTest.TOPIC_RESOURCES, Arrays.asList(AclCommandTest.TOPIC, "test-1", AclCommandTest.TOPIC, "test-2"));
            put(Collections.singleton(AclCommandTest.CLUSTER_RESOURCE), Collections.singletonList("--cluster"));
            put(AclCommandTest.GROUP_RESOURCES, Arrays.asList(AclCommandTest.GROUP, "testGroup-1", AclCommandTest.GROUP, "testGroup-2"));
            put(AclCommandTest.TRANSACTIONAL_ID_RESOURCES, Arrays.asList("--transactional-id", "t0", "--transactional-id", "t1"));
            put(AclCommandTest.TOKEN_RESOURCES, Arrays.asList("--delegation-token", "token1", "--delegation-token", "token2"));
            put(AclCommandTest.USER_RESOURCES, Arrays.asList("--user-principal", "User:test-user1", "--user-principal", "User:test-user2"));
        }
    };
    private static final Map<Set<ResourcePattern>, Map.Entry<Set<AclOperation>, List<String>>> RESOURCE_TO_OPERATIONS = new HashMap<Set<ResourcePattern>, Map.Entry<Set<AclOperation>, List<String>>>() { // from class: kafka.admin.AclCommandTest.2
        {
            put(AclCommandTest.TOPIC_RESOURCES, new AbstractMap.SimpleImmutableEntry(new HashSet(Arrays.asList(AclOperation.READ, AclOperation.WRITE, AclOperation.CREATE, AclOperation.DESCRIBE, AclOperation.DELETE, AclOperation.DESCRIBE_CONFIGS, AclOperation.ALTER_CONFIGS, AclOperation.ALTER)), Arrays.asList(AclCommandTest.OPERATION, "Read", AclCommandTest.OPERATION, "Write", AclCommandTest.OPERATION, "Create", AclCommandTest.OPERATION, "Describe", AclCommandTest.OPERATION, "Delete", AclCommandTest.OPERATION, "DescribeConfigs", AclCommandTest.OPERATION, "AlterConfigs", AclCommandTest.OPERATION, "Alter")));
            put(Collections.singleton(AclCommandTest.CLUSTER_RESOURCE), new AbstractMap.SimpleImmutableEntry(new HashSet(Arrays.asList(AclOperation.CREATE, AclOperation.CLUSTER_ACTION, AclOperation.DESCRIBE_CONFIGS, AclOperation.ALTER_CONFIGS, AclOperation.IDEMPOTENT_WRITE, AclOperation.ALTER, AclOperation.DESCRIBE)), Arrays.asList(AclCommandTest.OPERATION, "Create", AclCommandTest.OPERATION, "ClusterAction", AclCommandTest.OPERATION, "DescribeConfigs", AclCommandTest.OPERATION, "AlterConfigs", AclCommandTest.OPERATION, "IdempotentWrite", AclCommandTest.OPERATION, "Alter", AclCommandTest.OPERATION, "Describe")));
            put(AclCommandTest.GROUP_RESOURCES, new AbstractMap.SimpleImmutableEntry(new HashSet(Arrays.asList(AclOperation.READ, AclOperation.DESCRIBE, AclOperation.DELETE)), Arrays.asList(AclCommandTest.OPERATION, "Read", AclCommandTest.OPERATION, "Describe", AclCommandTest.OPERATION, "Delete")));
            put(AclCommandTest.TRANSACTIONAL_ID_RESOURCES, new AbstractMap.SimpleImmutableEntry(new HashSet(Arrays.asList(AclOperation.DESCRIBE, AclOperation.WRITE)), Arrays.asList(AclCommandTest.OPERATION, "Describe", AclCommandTest.OPERATION, "Write")));
            put(AclCommandTest.TOKEN_RESOURCES, new AbstractMap.SimpleImmutableEntry(Collections.singleton(AclOperation.DESCRIBE), Arrays.asList(AclCommandTest.OPERATION, "Describe")));
            put(AclCommandTest.USER_RESOURCES, new AbstractMap.SimpleImmutableEntry(new HashSet(Arrays.asList(AclOperation.CREATE_TOKENS, AclOperation.DESCRIBE_TOKENS)), Arrays.asList(AclCommandTest.OPERATION, "CreateTokens", AclCommandTest.OPERATION, "DescribeTokens")));
        }
    };
    private static final Map<Set<ResourcePattern>, Set<AccessControlEntry>> CONSUMER_RESOURCE_TO_ACLS = new HashMap<Set<ResourcePattern>, Set<AccessControlEntry>>() { // from class: kafka.admin.AclCommandTest.3
        {
            put(AclCommandTest.TOPIC_RESOURCES, AclCommandTest.asJavaSet(AclCommand.getAcls(AclCommandTest.asScalaSet(AclCommandTest.USERS), AclPermissionType.ALLOW, AclCommandTest.asScalaSet(new HashSet(Arrays.asList(AclOperation.READ, AclOperation.DESCRIBE))), AclCommandTest.asScalaSet(AclCommandTest.HOSTS))));
            put(AclCommandTest.GROUP_RESOURCES, AclCommandTest.asJavaSet(AclCommand.getAcls(AclCommandTest.asScalaSet(AclCommandTest.USERS), AclPermissionType.ALLOW, AclCommandTest.asScalaSet(Collections.singleton(AclOperation.READ)), AclCommandTest.asScalaSet(AclCommandTest.HOSTS))));
        }
    };
    private static final Map<List<String>, Map<Set<ResourcePattern>, Set<AccessControlEntry>>> CMD_TO_RESOURCES_TO_ACL = new HashMap<List<String>, Map<Set<ResourcePattern>, Set<AccessControlEntry>>>() { // from class: kafka.admin.AclCommandTest.4
        {
            put(Collections.singletonList(AclCommandTest.PRODUCER), AclCommandTest.producerResourceToAcls(false));
            put(Arrays.asList(AclCommandTest.PRODUCER, AclCommandTest.IDEMPOTENT), AclCommandTest.producerResourceToAcls(true));
            put(Collections.singletonList(AclCommandTest.CONSUMER), AclCommandTest.CONSUMER_RESOURCE_TO_ACLS);
            put(Arrays.asList(AclCommandTest.PRODUCER, AclCommandTest.CONSUMER), AclCommandTest.CONSUMER_RESOURCE_TO_ACLS.entrySet().stream().map(entry -> {
                HashSet hashSet = new HashSet((Collection) entry.getValue());
                hashSet.addAll((Collection) AclCommandTest.producerResourceToAcls(false).getOrDefault(entry.getKey(), Collections.emptySet()));
                return new AbstractMap.SimpleEntry(entry.getKey(), hashSet);
            }).collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, (v0) -> {
                return v0.getValue();
            })));
            put(Arrays.asList(AclCommandTest.PRODUCER, AclCommandTest.IDEMPOTENT, AclCommandTest.CONSUMER), AclCommandTest.CONSUMER_RESOURCE_TO_ACLS.entrySet().stream().map(entry2 -> {
                HashSet hashSet = new HashSet((Collection) entry2.getValue());
                hashSet.addAll((Collection) AclCommandTest.producerResourceToAcls(true).getOrDefault(entry2.getKey(), Collections.emptySet()));
                return new AbstractMap.SimpleEntry(entry2.getKey(), hashSet);
            }).collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, (v0) -> {
                return v0.getValue();
            })));
        }
    };

    @ClusterTest(types = {Type.ZK})
    public void testAclCliWithAuthorizer(ClusterInstance clusterInstance) {
        testAclCli(clusterInstance, zkArgs(clusterInstance));
    }

    @ClusterTests({@ClusterTest(types = {Type.ZK}), @ClusterTest(types = {Type.KRAFT}, serverProperties = {@ClusterConfigProperty(key = "authorizer.class.name", value = STANDARD_AUTHORIZER)})})
    public void testAclCliWithAdminAPI(ClusterInstance clusterInstance) {
        testAclCli(clusterInstance, adminArgs(clusterInstance.bootstrapServers(), Optional.empty()));
    }

    @ClusterTest(types = {Type.ZK})
    public void testProducerConsumerCliWithAuthorizer(ClusterInstance clusterInstance) {
        testProducerConsumerCli(clusterInstance, zkArgs(clusterInstance));
    }

    @ClusterTests({@ClusterTest(types = {Type.ZK}), @ClusterTest(types = {Type.KRAFT}, serverProperties = {@ClusterConfigProperty(key = "authorizer.class.name", value = STANDARD_AUTHORIZER)})})
    public void testProducerConsumerCliWithAdminAPI(ClusterInstance clusterInstance) {
        testProducerConsumerCli(clusterInstance, adminArgs(clusterInstance.bootstrapServers(), Optional.empty()));
    }

    @ClusterTests({@ClusterTest(types = {Type.ZK}), @ClusterTest(types = {Type.KRAFT}, serverProperties = {@ClusterConfigProperty(key = "authorizer.class.name", value = STANDARD_AUTHORIZER)})})
    public void testAclCliWithClientId(ClusterInstance clusterInstance) {
        LogCaptureAppender createAndRegister = LogCaptureAppender.createAndRegister();
        createAndRegister.setClassLogger(AppInfoParser.class, Level.WARN);
        try {
            testAclCli(clusterInstance, adminArgs(clusterInstance.bootstrapServers(), Optional.of(TestUtils.tempFile("client.id=my-client"))));
            Assertions.assertEquals(0L, createAndRegister.getEvents().stream().filter(event -> {
                return event.getLevel().equals(Level.WARN.toString());
            }).filter(event2 -> {
                return event2.getThrowableClassName().filter(str -> {
                    return str.equals(InstanceAlreadyExistsException.class.getName());
                }).isPresent();
            }).count(), "There should be no warnings about multiple registration of mbeans");
        } finally {
            createAndRegister.close();
        }
    }

    @ClusterTest(types = {Type.ZK})
    public void testAclsOnPrefixedResourcesWithAuthorizer(ClusterInstance clusterInstance) {
        testAclsOnPrefixedResources(clusterInstance, zkArgs(clusterInstance));
    }

    @ClusterTests({@ClusterTest(types = {Type.ZK}), @ClusterTest(types = {Type.KRAFT}, serverProperties = {@ClusterConfigProperty(key = "authorizer.class.name", value = STANDARD_AUTHORIZER)})})
    public void testAclsOnPrefixedResourcesWithAdminAPI(ClusterInstance clusterInstance) {
        testAclsOnPrefixedResources(clusterInstance, adminArgs(clusterInstance.bootstrapServers(), Optional.empty()));
    }

    @ClusterTest(types = {Type.ZK})
    public void testInvalidAuthorizerProperty(ClusterInstance clusterInstance) {
        AclCommand.AuthorizerService authorizerService = new AclCommand.AuthorizerService(AclAuthorizer.class.getName(), new AclCommand.AclCommandOptions(new String[]{AUTHORIZER_PROPERTIES, "zookeeper.connect " + zkConnect(clusterInstance)}));
        authorizerService.getClass();
        Assertions.assertThrows(IllegalArgumentException.class, authorizerService::listAcls);
    }

    @ClusterTest(types = {Type.ZK})
    public void testPatternTypesWithAuthorizer(ClusterInstance clusterInstance) {
        testPatternTypes(zkArgs(clusterInstance));
    }

    @ClusterTests({@ClusterTest(types = {Type.ZK}), @ClusterTest(types = {Type.KRAFT}, serverProperties = {@ClusterConfigProperty(key = "authorizer.class.name", value = STANDARD_AUTHORIZER)})})
    public void testPatternTypesWithAdminAPI(ClusterInstance clusterInstance) {
        testPatternTypes(adminArgs(clusterInstance.bootstrapServers(), Optional.empty()));
    }

    @Test
    public void testUseBootstrapServerOptWithAuthorizerOpt() {
        assertInitializeInvalidOptionsExitCodeAndMsg(Arrays.asList(BOOTSTRAP_SERVER, LOCALHOST, AUTHORIZER, ACL_AUTHORIZER), "Only one of --bootstrap-server or --authorizer must be specified");
    }

    @Test
    public void testRequiredArgsForAuthorizerOpt() {
        assertInitializeInvalidOptionsExitCodeAndMsg(Arrays.asList(AUTHORIZER, ACL_AUTHORIZER), "Missing required argument \"[authorizer-properties]\"");
        checkNotThrow(Arrays.asList(AUTHORIZER, ACL_AUTHORIZER, AUTHORIZER_PROPERTIES, ZOOKEEPER_CONNECT, LIST));
    }

    @Test
    public void testUseCommandConfigOptWithoutBootstrapServerOpt() {
        assertInitializeInvalidOptionsExitCodeAndMsg(Arrays.asList(COMMAND_CONFIG, "cfg.properties", AUTHORIZER, ACL_AUTHORIZER, AUTHORIZER_PROPERTIES, ZOOKEEPER_CONNECT), "The --command-config option can only be used with --bootstrap-server option");
    }

    @Test
    public void testUseAuthorizerPropertiesOptWithBootstrapServerOpt() {
        assertInitializeInvalidOptionsExitCodeAndMsg(Arrays.asList(BOOTSTRAP_SERVER, LOCALHOST, AUTHORIZER_PROPERTIES, ZOOKEEPER_CONNECT), "The --authorizer-properties option can only be used with --authorizer option");
    }

    @Test
    public void testExactlyOneAction() {
        assertInitializeInvalidOptionsExitCodeAndMsg(Arrays.asList(BOOTSTRAP_SERVER, LOCALHOST, ADD, LIST), "Command must include exactly one action: --list, --add, --remove. ");
        assertInitializeInvalidOptionsExitCodeAndMsg(Arrays.asList(BOOTSTRAP_SERVER, LOCALHOST, ADD, LIST, REMOVE), "Command must include exactly one action: --list, --add, --remove. ");
    }

    @Test
    public void testUseListPrincipalsOptWithoutListOpt() {
        assertInitializeInvalidOptionsExitCodeAndMsg(Arrays.asList(BOOTSTRAP_SERVER, LOCALHOST, ADD, "--principal", "User:CN=client"), "The --principal option is only available if --list is set");
    }

    @Test
    public void testUseProducerOptWithoutTopicOpt() {
        assertInitializeInvalidOptionsExitCodeAndMsg(Arrays.asList(BOOTSTRAP_SERVER, LOCALHOST, ADD, PRODUCER), "With --producer you must specify a --topic");
    }

    @Test
    public void testUseIdempotentOptWithoutProducerOpt() {
        assertInitializeInvalidOptionsExitCodeAndMsg(Arrays.asList(BOOTSTRAP_SERVER, LOCALHOST, ADD, IDEMPOTENT), "The --idempotent option is only available if --producer is set");
    }

    @Test
    public void testUseConsumerOptWithoutRequiredOpt() {
        assertInitializeInvalidOptionsExitCodeAndMsg(Arrays.asList(BOOTSTRAP_SERVER, LOCALHOST, ADD, CONSUMER), "With --consumer you must specify a --topic and a --group and no --cluster or --transactional-id option should be specified.");
        checkNotThrow(Arrays.asList(BOOTSTRAP_SERVER, LOCALHOST, ADD, CONSUMER, TOPIC, "test-topic", GROUP, "test-group"));
    }

    @Test
    public void testInvalidArgs() {
        assertInitializeInvalidOptionsExitCodeAndMsg(Arrays.asList(BOOTSTRAP_SERVER, LOCALHOST, LIST, PRODUCER), "Option \"[list]\" can't be used with option \"[producer]\"");
        assertInitializeInvalidOptionsExitCodeAndMsg(Arrays.asList(BOOTSTRAP_SERVER, LOCALHOST, ADD, PRODUCER, OPERATION), "Option \"[producer]\" can't be used with option \"[operation]\"");
        assertInitializeInvalidOptionsExitCodeAndMsg(Arrays.asList(BOOTSTRAP_SERVER, LOCALHOST, ADD, CONSUMER, OPERATION, TOPIC, "test-topic", GROUP, "test-group"), "Option \"[consumer]\" can't be used with option \"[operation]\"");
    }

    private void testProducerConsumerCli(ClusterInstance clusterInstance, List<String> list) {
        for (Map.Entry<List<String>, Map<Set<ResourcePattern>, Set<AccessControlEntry>>> entry : CMD_TO_RESOURCES_TO_ACL.entrySet()) {
            List<String> key = entry.getKey();
            Map<Set<ResourcePattern>, Set<AccessControlEntry>> value = entry.getValue();
            Stream<Set<ResourcePattern>> stream = value.keySet().stream();
            Map<Set<ResourcePattern>, List<String>> map = RESOURCE_TO_COMMAND;
            map.getClass();
            List list2 = (List) stream.map((v1) -> {
                return r1.get(v1);
            }).reduce(new ArrayList(), (list3, list4) -> {
                list3.addAll(list4);
                return list3;
            });
            ArrayList arrayList = new ArrayList(list);
            arrayList.addAll(getCmd(AclPermissionType.ALLOW));
            arrayList.addAll(list2);
            arrayList.addAll(key);
            arrayList.add(ADD);
            callMain(arrayList);
            for (Map.Entry<Set<ResourcePattern>, Set<AccessControlEntry>> entry2 : value.entrySet()) {
                for (ResourcePattern resourcePattern : entry2.getKey()) {
                    withAuthorizer(clusterInstance, authorizer -> {
                        TestUtils.waitAndVerifyAcls(asScalaSet((Set) entry2.getValue()), authorizer, resourcePattern, AccessControlEntryFilter.ANY);
                    });
                }
            }
            ArrayList arrayList2 = new ArrayList(list2);
            arrayList2.addAll(key);
            testRemove(clusterInstance, list, (Set) value.keySet().stream().flatMap((v0) -> {
                return v0.stream();
            }).collect(Collectors.toSet()), arrayList2);
        }
    }

    private void testAclsOnPrefixedResources(ClusterInstance clusterInstance, List<String> list) {
        List asList = Arrays.asList("--allow-principal", PRINCIPAL.toString(), PRODUCER, TOPIC, "Test-", RESOURCE_PATTERN_TYPE, "Prefixed");
        ArrayList arrayList = new ArrayList(list);
        arrayList.addAll(asList);
        arrayList.add(ADD);
        callMain(arrayList);
        withAuthorizer(clusterInstance, authorizer -> {
            TestUtils.waitAndVerifyAcls(asScalaSet(new HashSet(Arrays.asList(new AccessControlEntry(PRINCIPAL.toString(), "*", AclOperation.WRITE, AclPermissionType.ALLOW), new AccessControlEntry(PRINCIPAL.toString(), "*", AclOperation.DESCRIBE, AclPermissionType.ALLOW), new AccessControlEntry(PRINCIPAL.toString(), "*", AclOperation.CREATE, AclPermissionType.ALLOW)))), authorizer, new ResourcePattern(ResourceType.TOPIC, "Test-", PatternType.PREFIXED), AccessControlEntryFilter.ANY);
        });
        ArrayList arrayList2 = new ArrayList(list);
        arrayList2.addAll(asList);
        arrayList2.add(REMOVE);
        arrayList2.add("--force");
        callMain(arrayList2);
        withAuthorizer(clusterInstance, authorizer2 -> {
            TestUtils.waitAndVerifyAcls(asScalaSet(Collections.emptySet()), authorizer2, new ResourcePattern(ResourceType.CLUSTER, "kafka-cluster", PatternType.LITERAL), AccessControlEntryFilter.ANY);
            TestUtils.waitAndVerifyAcls(asScalaSet(Collections.emptySet()), authorizer2, new ResourcePattern(ResourceType.TOPIC, "Test-", PatternType.PREFIXED), AccessControlEntryFilter.ANY);
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Map<Set<ResourcePattern>, Set<AccessControlEntry>> producerResourceToAcls(boolean z) {
        HashMap hashMap = new HashMap();
        hashMap.put(TOPIC_RESOURCES, asJavaSet(AclCommand.getAcls(asScalaSet(USERS), AclPermissionType.ALLOW, asScalaSet(new HashSet(Arrays.asList(AclOperation.WRITE, AclOperation.DESCRIBE, AclOperation.CREATE))), asScalaSet(HOSTS))));
        hashMap.put(TRANSACTIONAL_ID_RESOURCES, asJavaSet(AclCommand.getAcls(asScalaSet(USERS), AclPermissionType.ALLOW, asScalaSet(new HashSet(Arrays.asList(AclOperation.WRITE, AclOperation.DESCRIBE))), asScalaSet(HOSTS))));
        hashMap.put(Collections.singleton(CLUSTER_RESOURCE), asJavaSet(AclCommand.getAcls(asScalaSet(USERS), AclPermissionType.ALLOW, z ? asScalaSet(Collections.singleton(AclOperation.IDEMPOTENT_WRITE)) : asScalaSet(Collections.emptySet()), asScalaSet(HOSTS))));
        return hashMap;
    }

    private List<String> adminArgs(String str, Optional<File> optional) {
        ArrayList arrayList = new ArrayList(Arrays.asList(BOOTSTRAP_SERVER, str));
        optional.ifPresent(file -> {
            arrayList.addAll(Arrays.asList(COMMAND_CONFIG, file.getAbsolutePath()));
        });
        return arrayList;
    }

    private Map.Entry<String, String> callMain(List<String> list) {
        return grabConsoleOutputAndError(() -> {
            AclCommand.main((String[]) list.toArray(new String[0]));
        });
    }

    private void testAclCli(ClusterInstance clusterInstance, List<String> list) {
        for (Map.Entry<Set<ResourcePattern>, List<String>> entry : RESOURCE_TO_COMMAND.entrySet()) {
            Set<ResourcePattern> key = entry.getKey();
            List<String> value = entry.getValue();
            for (AclPermissionType aclPermissionType : new HashSet(Arrays.asList(AclPermissionType.ALLOW, AclPermissionType.DENY))) {
                Map.Entry<Set<AclOperation>, List<String>> entry2 = RESOURCE_TO_OPERATIONS.get(key);
                Map.Entry<Set<AccessControlEntry>, List<String>> aclToCommand = getAclToCommand(aclPermissionType, entry2.getKey());
                List<String> arrayList = new ArrayList<>(list);
                arrayList.addAll(aclToCommand.getValue());
                arrayList.addAll(value);
                arrayList.addAll(entry2.getValue());
                arrayList.add(ADD);
                Map.Entry<String, String> callMain = callMain(arrayList);
                assertOutputContains("Adding ACLs", key, value, callMain.getKey());
                Assertions.assertEquals("", callMain.getValue());
                for (ResourcePattern resourcePattern : key) {
                    withAuthorizer(clusterInstance, authorizer -> {
                        TestUtils.waitAndVerifyAcls(asScalaSet((Set) aclToCommand.getKey()), authorizer, resourcePattern, AccessControlEntryFilter.ANY);
                    });
                }
                List<String> arrayList2 = new ArrayList<>(list);
                arrayList2.add(LIST);
                Map.Entry<String, String> callMain2 = callMain(arrayList2);
                assertOutputContains("Current ACLs", key, value, callMain2.getKey());
                Assertions.assertEquals("", callMain2.getValue());
                testRemove(clusterInstance, list, key, value);
            }
        }
    }

    private void assertOutputContains(String str, Set<ResourcePattern> set, List<String> list, String str2) {
        set.forEach(resourcePattern -> {
            String resourceType = resourcePattern.resourceType().toString();
            (resourcePattern == CLUSTER_RESOURCE ? Collections.singletonList("kafka-cluster") : (List) list.stream().filter(str3 -> {
                return !str3.startsWith("--");
            }).collect(Collectors.toList())).forEach(str4 -> {
                String format = String.format("%s for resource `ResourcePattern(resourceType=%s, name=%s, patternType=LITERAL)`:", str, resourceType, str4);
                Assertions.assertTrue(str2.contains(format), "Substring " + format + " not in output:\n" + str2);
            });
        });
    }

    private void testPatternTypes(List<String> list) {
        Exit.setExitProcedure((obj, option) -> {
            if (((Integer) obj).intValue() == 1) {
                throw new RuntimeException("Exiting command");
            }
            throw new AssertionError("Unexpected exit with status " + obj);
        });
        try {
            ((Stream) Arrays.stream(PatternType.values()).sequential()).forEach(patternType -> {
                ArrayList arrayList = new ArrayList(list);
                arrayList.addAll(Arrays.asList("--allow-principal", PRINCIPAL.toString(), PRODUCER, TOPIC, "Test", ADD, RESOURCE_PATTERN_TYPE, patternType.toString()));
                verifyPatternType(arrayList, patternType.isSpecific());
                ArrayList arrayList2 = new ArrayList(list);
                arrayList2.addAll(Arrays.asList(TOPIC, "Test", LIST, RESOURCE_PATTERN_TYPE, patternType.toString()));
                verifyPatternType(arrayList2, patternType != PatternType.UNKNOWN);
                ArrayList arrayList3 = new ArrayList(list);
                arrayList3.addAll(Arrays.asList(TOPIC, "Test", "--force", REMOVE, RESOURCE_PATTERN_TYPE, patternType.toString()));
                verifyPatternType(arrayList3, patternType != PatternType.UNKNOWN);
            });
        } finally {
            Exit.resetExitProcedure();
        }
    }

    private void verifyPatternType(List<String> list, boolean z) {
        if (z) {
            callMain(list);
        } else {
            Assertions.assertThrows(RuntimeException.class, () -> {
                callMain(list);
            });
        }
    }

    private void testRemove(ClusterInstance clusterInstance, List<String> list, Set<ResourcePattern> set, List<String> list2) {
        ArrayList arrayList = new ArrayList(list);
        arrayList.addAll(list2);
        arrayList.add(REMOVE);
        arrayList.add("--force");
        Assertions.assertEquals("", callMain(arrayList).getValue());
        for (ResourcePattern resourcePattern : set) {
            withAuthorizer(clusterInstance, authorizer -> {
                TestUtils.waitAndVerifyAcls(asScalaSet(Collections.emptySet()), authorizer, resourcePattern, AccessControlEntryFilter.ANY);
            });
        }
    }

    private Map.Entry<Set<AccessControlEntry>, List<String>> getAclToCommand(AclPermissionType aclPermissionType, Set<AclOperation> set) {
        return new AbstractMap.SimpleImmutableEntry(asJavaSet(AclCommand.getAcls(asScalaSet(USERS), aclPermissionType, asScalaSet(set), asScalaSet(HOSTS))), getCmd(aclPermissionType));
    }

    private List<String> getCmd(AclPermissionType aclPermissionType) {
        String str = aclPermissionType == AclPermissionType.ALLOW ? "--allow-principal" : "--deny-principal";
        List<String> list = aclPermissionType == AclPermissionType.ALLOW ? ALLOW_HOST_COMMAND : DENY_HOST_COMMAND;
        ArrayList arrayList = new ArrayList();
        for (KafkaPrincipal kafkaPrincipal : USERS) {
            arrayList.addAll(list);
            arrayList.addAll(Arrays.asList(str, kafkaPrincipal.toString()));
        }
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void withAuthorizer(ClusterInstance clusterInstance, Consumer<Authorizer> consumer) {
        if (!clusterInstance.isKRaftTest()) {
            consumer.accept(clusterInstance.brokers().values().stream().findFirst().orElseThrow(() -> {
                return new RuntimeException("No broker found");
            }).authorizer().get());
            return;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.addAll((Collection) clusterInstance.brokers().values().stream().map(kafkaBroker -> {
            return (Authorizer) kafkaBroker.authorizer().get();
        }).collect(Collectors.toList()));
        arrayList.addAll((Collection) clusterInstance.controllers().values().stream().map(controllerServer -> {
            return (Authorizer) controllerServer.authorizer().get();
        }).collect(Collectors.toList()));
        arrayList.forEach(consumer);
    }

    private static Map.Entry<String, String> grabConsoleOutputAndError(Runnable runnable) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        PrintStream printStream = new PrintStream(byteArrayOutputStream);
        PrintStream printStream2 = new PrintStream(byteArrayOutputStream2);
        try {
            Console.withOut(printStream, () -> {
                Console.withErr(printStream2, () -> {
                    runnable.run();
                    return null;
                });
                return null;
            });
            printStream.flush();
            printStream2.flush();
            return new AbstractMap.SimpleImmutableEntry(byteArrayOutputStream.toString(), byteArrayOutputStream2.toString());
        } catch (Throwable th) {
            printStream.flush();
            printStream2.flush();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static <T> scala.collection.immutable.Set<T> asScalaSet(Set<T> set) {
        return JavaConverters.asScalaSet(set).toSet();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static <T> Set<T> asJavaSet(scala.collection.immutable.Set<T> set) {
        return JavaConverters.setAsJavaSet(set);
    }

    private String zkConnect(ClusterInstance clusterInstance) {
        return ((ZkClusterInvocationContext.ZkClusterInstance) clusterInstance).getUnderlying().zkConnect();
    }

    private List<String> zkArgs(ClusterInstance clusterInstance) {
        return Arrays.asList(AUTHORIZER_PROPERTIES, "zookeeper.connect=" + zkConnect(clusterInstance));
    }

    private void assertInitializeInvalidOptionsExitCodeAndMsg(List<String> list, String str) {
        Exit.setExitProcedure((obj, option) -> {
            Assertions.assertEquals(1, obj);
            Assertions.assertTrue(option.contains(str));
            throw new RuntimeException();
        });
        try {
            Assertions.assertThrows(RuntimeException.class, () -> {
                new AclCommand.AclCommandOptions((String[]) list.toArray(new String[0])).checkArgs();
            });
        } finally {
            Exit.resetExitProcedure();
        }
    }

    private void checkNotThrow(List<String> list) {
        AtomicReference atomicReference = new AtomicReference();
        org.apache.kafka.common.utils.Exit.setExitProcedure((i, str) -> {
            atomicReference.set(Integer.valueOf(i));
            throw new RuntimeException();
        });
        try {
            Assertions.assertDoesNotThrow(() -> {
                new AclCommand.AclCommandOptions((String[]) list.toArray(new String[0])).checkArgs();
            });
            Assertions.assertNull(atomicReference.get());
        } finally {
            org.apache.kafka.common.utils.Exit.resetExitProcedure();
        }
    }
}
