package org.apache.pulsar.client.api;

import com.google.common.collect.Sets;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.util.Base64;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.crypto.SecretKey;
import lombok.Generated;
import org.apache.pulsar.broker.authentication.AuthenticationProviderToken;
import org.apache.pulsar.broker.authentication.utils.AuthTokenUtils;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.api.PulsarClientException;
import org.apache.pulsar.client.impl.auth.AuthenticationToken;
import org.apache.pulsar.common.naming.NamespaceName;
import org.apache.pulsar.common.policies.data.AuthAction;
import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.TenantInfoImpl;
import org.awaitility.Awaitility;
import org.mockito.Mockito;
import org.mockito.internal.util.MockUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

@Test(groups = {"broker-api"})
/* loaded from: input_file:org/apache/pulsar/client/api/TokenExpirationProduceConsumerTest.class */
public class TokenExpirationProduceConsumerTest extends TlsProducerConsumerBase {
    private final String tenant = "my-tenant";
    private final NamespaceName namespaceName = NamespaceName.get("my-tenant", "my-ns");

    @Generated
    private static final Logger log = LoggerFactory.getLogger(TokenExpirationProduceConsumerTest.class);
    private static final SecretKey SECRET_KEY = AuthTokenUtils.createSecretKey(SignatureAlgorithm.HS256);
    public static final String ADMIN_TOKEN = Jwts.builder().setSubject("admin").signWith(SECRET_KEY).compact();

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.pulsar.client.api.TlsProducerConsumerBase, org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @BeforeMethod
    public void setup() throws Exception {
        internalSetUpForBroker();
        super.init();
        if (this.admin != null) {
            this.admin.close();
            if (MockUtil.isMock(this.admin)) {
                Mockito.reset(new PulsarAdmin[]{this.admin});
            }
        }
        this.admin = getAdmin(ADMIN_TOKEN);
        this.admin.clusters().createCluster(this.configClusterName, ClusterData.builder().serviceUrl(this.brokerUrl.toString()).serviceUrlTls(this.brokerUrlTls.toString()).brokerServiceUrl(this.pulsar.getBrokerServiceUrl()).brokerServiceUrlTls(this.pulsar.getBrokerServiceUrlTls()).build());
        this.admin.tenants().createTenant("my-tenant", new TenantInfoImpl(Sets.newHashSet(new String[]{"appid1", "appid2"}), Sets.newHashSet(new String[]{this.configClusterName})));
        this.admin.namespaces().createNamespace(this.namespaceName.toString());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.pulsar.client.api.TlsProducerConsumerBase, org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @AfterMethod(alwaysRun = true)
    public void cleanup() throws Exception {
        super.internalCleanup();
    }

    public String getExpireToken(String str, Date date) {
        return Jwts.builder().setSubject(str).signWith(SECRET_KEY).setExpiration(date).compact();
    }

    @Override // org.apache.pulsar.client.api.TlsProducerConsumerBase
    protected void internalSetUpForBroker() {
        this.conf.setBrokerServicePortTls(Optional.of(0));
        this.conf.setWebServicePortTls(Optional.of(0));
        this.conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
        this.conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
        this.conf.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
        this.conf.setClusterName(this.configClusterName);
        this.conf.setAuthenticationRefreshCheckSeconds(1);
        this.conf.setTlsRequireTrustedClientCertOnConnect(false);
        this.conf.setTlsAllowInsecureConnection(false);
        this.conf.setAuthenticationEnabled(true);
        this.conf.setTransactionCoordinatorEnabled(true);
        this.conf.setSuperUserRoles(Sets.newHashSet(new String[]{"admin"}));
        this.conf.setAuthenticationProviders(Sets.newHashSet(new String[]{AuthenticationProviderToken.class.getName()}));
        this.conf.setBrokerClientAuthenticationPlugin(AuthenticationToken.class.getName());
        this.conf.setBrokerClientAuthenticationParameters("token:" + ADMIN_TOKEN);
        this.conf.setBrokerClientTlsEnabled(true);
        this.conf.getProperties().setProperty("tokenSecretKey", "data:;base64," + Base64.getEncoder().encodeToString(SECRET_KEY.getEncoded()));
    }

    private PulsarClient getClient(String str) throws Exception {
        return PulsarClient.builder().serviceUrl(this.pulsar.getBrokerServiceUrlTls()).tlsTrustCertsFilePath(CA_CERT_FILE_PATH).enableTls(true).allowTlsInsecureConnection(false).enableTlsHostnameVerification(true).authentication(AuthenticationToken.class.getName(), "token:" + str).operationTimeout(1000, TimeUnit.MILLISECONDS).build();
    }

    private PulsarAdmin getAdmin(String str) throws Exception {
        return PulsarAdmin.builder().serviceHttpUrl(this.pulsar.getWebServiceAddressTls()).tlsTrustCertsFilePath(CA_CERT_FILE_PATH).allowTlsInsecureConnection(false).authentication(AuthenticationToken.class.getName(), "token:" + str).enableTlsHostnameVerification(true).build();
    }

    /* JADX WARN: Finally extract failed */
    @Test
    public void testNonPersistentTopic() throws Exception {
        PulsarClient client = getClient(ADMIN_TOKEN);
        try {
            String str = "non-persistent://" + String.valueOf(this.namespaceName) + "/test-token-non-persistent";
            Consumer subscribe = client.newConsumer().topic(new String[]{str}).subscriptionInitialPosition(SubscriptionInitialPosition.Earliest).subscriptionName("test").subscribe();
            try {
                Producer create = client.newProducer().topic(str).create();
                try {
                    byte[] bytes = "Hello".getBytes(StandardCharsets.UTF_8);
                    create.send(bytes);
                    Message receive = subscribe.receive(3, TimeUnit.SECONDS);
                    Assert.assertNotNull(receive);
                    Assert.assertEquals(receive.getData(), bytes);
                    if (Collections.singletonList(create).get(0) != null) {
                        create.close();
                    }
                    if (Collections.singletonList(subscribe).get(0) != null) {
                        subscribe.close();
                    }
                } catch (Throwable th) {
                    if (Collections.singletonList(create).get(0) != null) {
                        create.close();
                    }
                    throw th;
                }
            } catch (Throwable th2) {
                if (Collections.singletonList(subscribe).get(0) != null) {
                    subscribe.close();
                }
                throw th2;
            }
        } finally {
            if (Collections.singletonList(client).get(0) != null) {
                client.close();
            }
        }
    }

    /* JADX WARN: Finally extract failed */
    @Test
    public void testTokenExpirationProduceConsumer() throws Exception {
        Calendar calendar = Calendar.getInstance();
        calendar.add(13, 20);
        String expireToken = getExpireToken("test", calendar.getTime());
        Date time = calendar.getTime();
        HashSet hashSet = new HashSet();
        hashSet.add(AuthAction.consume);
        hashSet.add(AuthAction.produce);
        this.admin.namespaces().grantPermissionOnNamespace(this.namespaceName.toString(), "test", hashSet);
        PulsarClient client = getClient(expireToken);
        try {
            String str = String.valueOf(this.namespaceName) + "/test-token";
            Consumer subscribe = client.newConsumer().topic(new String[]{str}).subscriptionName("test-token").subscribe();
            try {
                Producer create = client.newProducer().topic(str).create();
                try {
                    Awaitility.await().timeout(Duration.ofSeconds(60L)).pollInterval(3L, TimeUnit.SECONDS).untilAsserted(() -> {
                        Assert.assertThrows(PulsarClientException.TimeoutException.class, () -> {
                            create.send("heart beat".getBytes());
                            subscribe.acknowledge(subscribe.receive());
                        });
                        Assert.assertTrue(new Date().compareTo(time) > 0);
                    });
                    if (Collections.singletonList(create).get(0) != null) {
                        create.close();
                    }
                    if (Collections.singletonList(subscribe).get(0) != null) {
                        subscribe.close();
                    }
                } catch (Throwable th) {
                    if (Collections.singletonList(create).get(0) != null) {
                        create.close();
                    }
                    throw th;
                }
            } catch (Throwable th2) {
                if (Collections.singletonList(subscribe).get(0) != null) {
                    subscribe.close();
                }
                throw th2;
            }
        } finally {
            if (Collections.singletonList(client).get(0) != null) {
                client.close();
            }
        }
    }
}
