package kafka.security.auth;

import java.net.InetAddress;
import java.util.Properties;
import java.util.UUID;
import kafka.network.RequestChannel;
import kafka.server.KafkaConfig;
import kafka.server.KafkaConfig$;
import kafka.utils.Log4jController$;
import kafka.utils.Logging;
import kafka.utils.TestUtils$;
import kafka.utils.ZkUtils;
import kafka.zk.EmbeddedZookeeper;
import kafka.zk.ZooKeeperTestHarness;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.log4j.Logger;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.scalatest.junit.JUnitSuite;
import scala.Function0;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Tuple2;
import scala.collection.Seq;
import scala.collection.TraversableOnce;
import scala.collection.immutable.IndexedSeq;
import scala.collection.immutable.IndexedSeq$;
import scala.collection.immutable.Map;
import scala.collection.immutable.Set;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.ObjectRef;
import scala.runtime.RichInt$;

/* compiled from: SimpleAclAuthorizerTest.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005-g\u0001B\u0001\u0003\u0001%\u0011qcU5na2,\u0017i\u00197BkRDwN]5{KJ$Vm\u001d;\u000b\u0005\r!\u0011\u0001B1vi\"T!!\u0002\u0004\u0002\u0011M,7-\u001e:jifT\u0011aB\u0001\u0006W\u000647.Y\u0002\u0001'\r\u0001!\u0002\u0006\t\u0003\u0017Ii\u0011\u0001\u0004\u0006\u0003\u001b9\tQA[;oSRT!a\u0004\t\u0002\u0013M\u001c\u0017\r\\1uKN$(\"A\t\u0002\u0007=\u0014x-\u0003\u0002\u0014\u0019\tQ!*\u00168jiN+\u0018\u000e^3\u0011\u0005UAR\"\u0001\f\u000b\u0005]1\u0011A\u0001>l\u0013\tIbC\u0001\u000b[_>\\U-\u001a9feR+7\u000f\u001e%be:,7o\u001d\u0005\u00067\u0001!\t\u0001H\u0001\u0007y%t\u0017\u000e\u001e \u0015\u0003u\u0001\"A\b\u0001\u000e\u0003\tAq\u0001\t\u0001C\u0002\u0013\u0005\u0011%A\ntS6\u0004H.Z!dY\u0006+H\u000f[8sSj,'/F\u0001#!\tq2%\u0003\u0002%\u0005\t\u00192+[7qY\u0016\f5\r\\!vi\"|'/\u001b>fe\"1a\u0005\u0001Q\u0001\n\t\nAc]5na2,\u0017i\u00197BkRDwN]5{KJ\u0004\u0003b\u0002\u0015\u0001\u0005\u0004%\t!I\u0001\u0015g&l\u0007\u000f\\3BG2\fU\u000f\u001e5pe&TXM\u001d\u001a\t\r)\u0002\u0001\u0015!\u0003#\u0003U\u0019\u0018.\u001c9mK\u0006\u001bG.Q;uQ>\u0014\u0018N_3se\u0001Bq\u0001\f\u0001C\u0002\u0013\u0005Q&A\u0007uKN$\bK]5oG&\u0004\u0018\r\\\u000b\u0002]A\u0011qfN\u0007\u0002a)\u00111!\r\u0006\u0003\u000bIR!a\r\u001b\u0002\r\r|W.\\8o\u0015\t9QG\u0003\u00027!\u00051\u0011\r]1dQ\u0016L!\u0001\u000f\u0019\u0003\u001d-\u000bgm[1Qe&t7-\u001b9bY\"1!\b\u0001Q\u0001\n9\na\u0002^3tiB\u0013\u0018N\\2ja\u0006d\u0007\u0005C\u0004=\u0001\t\u0007I\u0011A\u001f\u0002\u0019Q,7\u000f\u001e%pgRt\u0015-\\3\u0016\u0003y\u0002\"a\u0010#\u000e\u0003\u0001S!!\u0011\"\u0002\u00079,GOC\u0001D\u0003\u0011Q\u0017M^1\n\u0005\u0015\u0003%aC%oKR\fE\r\u001a:fgNDaa\u0012\u0001!\u0002\u0013q\u0014!\u0004;fgRDun\u001d;OC6,\u0007\u0005C\u0004J\u0001\t\u0007I\u0011\u0001&\u0002\u000fM,7o]5p]V\t1\n\u0005\u0002M1:\u0011Q*\u0016\b\u0003\u001dNs!a\u0014*\u000e\u0003AS!!\u0015\u0005\u0002\rq\u0012xn\u001c;?\u0013\u00059\u0011B\u0001+\u0007\u0003\u001dqW\r^<pe.L!AV,\u0002\u001dI+\u0017/^3ti\u000eC\u0017M\u001c8fY*\u0011AKB\u0005\u00033j\u0013qaU3tg&|gN\u0003\u0002W/\"1A\f\u0001Q\u0001\n-\u000b\u0001b]3tg&|g\u000e\t\u0005\b=\u0002\u0001\r\u0011\"\u0001`\u0003!\u0011Xm]8ve\u000e,W#\u00011\u0011\u0005y\t\u0017B\u00012\u0003\u0005!\u0011Vm]8ve\u000e,\u0007b\u00023\u0001\u0001\u0004%\t!Z\u0001\re\u0016\u001cx.\u001e:dK~#S-\u001d\u000b\u0003M2\u0004\"a\u001a6\u000e\u0003!T\u0011![\u0001\u0006g\u000e\fG.Y\u0005\u0003W\"\u0014A!\u00168ji\"9QnYA\u0001\u0002\u0004\u0001\u0017a\u0001=%c!1q\u000e\u0001Q!\n\u0001\f\u0011B]3t_V\u00148-\u001a\u0011\t\u000fE\u0004!\u0019!C\u0001e\u0006Q1/\u001e9feV\u001bXM]:\u0016\u0003M\u0004\"\u0001^<\u000e\u0003UT!A\u001e\"\u0002\t1\fgnZ\u0005\u0003qV\u0014aa\u0015;sS:<\u0007B\u0002>\u0001A\u0003%1/A\u0006tkB,'/V:feN\u0004\u0003b\u0002?\u0001\u0005\u0004%\tA]\u0001\tkN,'O\\1nK\"1a\u0010\u0001Q\u0001\nM\f\u0011\"^:fe:\fW.\u001a\u0011\t\u0013\u0005\u0005\u0001\u00011A\u0005\u0002\u0005\r\u0011AB2p]\u001aLw-\u0006\u0002\u0002\u0006A!\u0011qAA\u0007\u001b\t\tIAC\u0002\u0002\f\u0019\taa]3sm\u0016\u0014\u0018\u0002BA\b\u0003\u0013\u00111bS1gW\u0006\u001cuN\u001c4jO\"I\u00111\u0003\u0001A\u0002\u0013\u0005\u0011QC\u0001\u000bG>tg-[4`I\u0015\fHc\u00014\u0002\u0018!IQ.!\u0005\u0002\u0002\u0003\u0007\u0011Q\u0001\u0005\t\u00037\u0001\u0001\u0015)\u0003\u0002\u0006\u000591m\u001c8gS\u001e\u0004\u0003bBA\u0010\u0001\u0011\u0005\u0013\u0011E\u0001\u0006g\u0016$X\u000b\u001d\u000b\u0002M\"\"\u0011QDA\u0013!\u0011\t9#a\u000b\u000e\u0005\u0005%\"BA\u0007\u0011\u0013\u0011\ti#!\u000b\u0003\r\t+gm\u001c:f\u0011\u001d\t\t\u0004\u0001C!\u0003C\t\u0001\u0002^3be\u0012{wO\u001c\u0015\u0005\u0003_\t)\u0004\u0005\u0003\u0002(\u0005]\u0012\u0002BA\u001d\u0003S\u0011Q!\u00114uKJDq!!\u0010\u0001\t\u0003\t\t#\u0001\u0007uKN$Hk\u001c9jG\u0006\u001bG\u000e\u000b\u0003\u0002<\u0005\u0005\u0003\u0003BA\u0014\u0003\u0007JA!!\u0012\u0002*\t!A+Z:u\u0011\u001d\tI\u0005\u0001C\u0001\u0003C\tq\u0003^3ti\u0012+g.\u001f+bW\u0016\u001c\bK]3dK\u0012,gnY3)\t\u0005\u001d\u0013\u0011\t\u0005\b\u0003\u001f\u0002A\u0011AA\u0011\u0003I!Xm\u001d;BY2|w/\u00117m\u0003\u000e\u001cWm]:)\t\u00055\u0013\u0011\t\u0005\b\u0003+\u0002A\u0011AA\u0011\u0003Y!Xm\u001d;TkB,'/V:fe\"\u000b7/Q2dKN\u001c\b\u0006BA*\u0003\u0003Bq!a\u0017\u0001\t\u0003\t\t#\u0001\tuKN$x+\u001b7e\u0007\u0006\u0014H-Q2mg\"\"\u0011\u0011LA!\u0011\u001d\t\t\u0007\u0001C\u0001\u0003C\ta\u0002^3ti:{\u0017i\u00197G_VtG\r\u000b\u0003\u0002`\u0005\u0005\u0003bBA4\u0001\u0011\u0005\u0011\u0011E\u0001\u0017i\u0016\u001cHOT8BG24u.\u001e8e\u001fZ,'O]5eK\"\"\u0011QMA!\u0011\u001d\ti\u0007\u0001C\u0001\u0003C\tQ\u0003^3ti\u0006\u001bG.T1oC\u001e,W.\u001a8u\u0003BK5\u000f\u000b\u0003\u0002l\u0005\u0005\u0003bBA:\u0001\u0011\u0005\u0011\u0011E\u0001\u000ei\u0016\u001cH\u000fT8bI\u000e\u000b7\r[3)\t\u0005E\u0014\u0011\t\u0005\b\u0003s\u0002A\u0011AA\u0011\u00035\"Xm\u001d;M_\u000e\fGnQ8oGV\u0014(/\u001a8u\u001b>$\u0017NZ5dCRLwN\\(g%\u0016\u001cx.\u001e:dK\u0006\u001bGn\u001d\u0015\u0005\u0003o\n\t\u0005C\u0004\u0002��\u0001!\t!!\t\u0002gQ,7\u000f\u001e#jgR\u0014\u0018NY;uK\u0012\u001cuN\\2veJ,g\u000e^'pI&4\u0017nY1uS>twJ\u001a*fg>,(oY3BG2\u001c\b\u0006BA?\u0003\u0003Bq!!\"\u0001\t\u0003\t\t#A\u0017uKN$\b*[4i\u0007>t7-\u001e:sK:\u001c\u00170T8eS\u001aL7-\u0019;j_:|eMU3t_V\u00148-Z!dYNDC!a!\u0002B!9\u00111\u0012\u0001\u0005\n\u00055\u0015AE2iC:<W-Q2m\u0003:$g+\u001a:jMf$\"\"a$\u0002$\u0006\u001d\u00161VAX!\u0019\t\t*a&\u0002\u001e:\u0019q-a%\n\u0007\u0005U\u0005.\u0001\u0004Qe\u0016$WMZ\u0005\u0005\u00033\u000bYJA\u0002TKRT1!!&i!\rq\u0012qT\u0005\u0004\u0003C\u0013!aA!dY\"A\u0011QUAE\u0001\u0004\ty)\u0001\u0007pe&<\u0017N\\1m\u0003\u000ed7\u000f\u0003\u0005\u0002*\u0006%\u0005\u0019AAH\u0003%\tG\rZ3e\u0003\u000ed7\u000f\u0003\u0005\u0002.\u0006%\u0005\u0019AAH\u0003-\u0011X-\\8wK\u0012\f5\r\\:\t\u0011y\u000bI\t%AA\u0002\u0001D\u0011\"a-\u0001#\u0003%I!!.\u00029\rD\u0017M\\4f\u0003\u000ed\u0017I\u001c3WKJLg-\u001f\u0013eK\u001a\fW\u000f\u001c;%iU\u0011\u0011q\u0017\u0016\u0004A\u0006e6FAA^!\u0011\ti,a2\u000e\u0005\u0005}&\u0002BAa\u0003\u0007\f\u0011\"\u001e8dQ\u0016\u001c7.\u001a3\u000b\u0007\u0005\u0015\u0007.\u0001\u0006b]:|G/\u0019;j_:LA!!3\u0002@\n\tRO\\2iK\u000e\\W\r\u001a,be&\fgnY3")
/* loaded from: input_file:kafka/security/auth/SimpleAclAuthorizerTest.class */
public class SimpleAclAuthorizerTest extends JUnitSuite implements ZooKeeperTestHarness {
    private final SimpleAclAuthorizer simpleAclAuthorizer;
    private final SimpleAclAuthorizer simpleAclAuthorizer2;
    private final KafkaPrincipal testPrincipal;
    private final InetAddress testHostName;
    private final RequestChannel.Session session;
    private Resource resource;
    private final String superUsers;
    private final String username;
    private KafkaConfig config;
    private final int zkConnectionTimeout;
    private final int zkSessionTimeout;
    private ZkUtils zkUtils;
    private EmbeddedZookeeper zookeeper;
    private final String loggerName;
    private final Logger logger;
    private String logIdent;
    private final Log4jController$ kafka$utils$Logging$$log4jController;
    private volatile boolean bitmap$0;

    @Override // kafka.zk.ZooKeeperTestHarness
    public int zkConnectionTimeout() {
        return this.zkConnectionTimeout;
    }

    @Override // kafka.zk.ZooKeeperTestHarness
    public int zkSessionTimeout() {
        return this.zkSessionTimeout;
    }

    @Override // kafka.zk.ZooKeeperTestHarness
    public ZkUtils zkUtils() {
        return this.zkUtils;
    }

    @Override // kafka.zk.ZooKeeperTestHarness
    public void zkUtils_$eq(ZkUtils zkUtils) {
        this.zkUtils = zkUtils;
    }

    @Override // kafka.zk.ZooKeeperTestHarness
    public EmbeddedZookeeper zookeeper() {
        return this.zookeeper;
    }

    @Override // kafka.zk.ZooKeeperTestHarness
    public void zookeeper_$eq(EmbeddedZookeeper embeddedZookeeper) {
        this.zookeeper = embeddedZookeeper;
    }

    @Override // kafka.zk.ZooKeeperTestHarness
    public void kafka$zk$ZooKeeperTestHarness$_setter_$zkConnectionTimeout_$eq(int i) {
        this.zkConnectionTimeout = i;
    }

    @Override // kafka.zk.ZooKeeperTestHarness
    public void kafka$zk$ZooKeeperTestHarness$_setter_$zkSessionTimeout_$eq(int i) {
        this.zkSessionTimeout = i;
    }

    @Override // kafka.zk.ZooKeeperTestHarness
    public int zkPort() {
        return ZooKeeperTestHarness.Cclass.zkPort(this);
    }

    @Override // kafka.zk.ZooKeeperTestHarness
    public String zkConnect() {
        return ZooKeeperTestHarness.Cclass.zkConnect(this);
    }

    public String loggerName() {
        return this.loggerName;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v5 */
    private Logger logger$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                this.logger = Logging.class.logger(this);
                this.bitmap$0 = true;
            }
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
            r0 = r0;
            return this.logger;
        }
    }

    public Logger logger() {
        return this.bitmap$0 ? this.logger : logger$lzycompute();
    }

    public String logIdent() {
        return this.logIdent;
    }

    public void logIdent_$eq(String str) {
        this.logIdent = str;
    }

    public Log4jController$ kafka$utils$Logging$$log4jController() {
        return this.kafka$utils$Logging$$log4jController;
    }

    public void kafka$utils$Logging$_setter_$loggerName_$eq(String str) {
        this.loggerName = str;
    }

    public void kafka$utils$Logging$_setter_$kafka$utils$Logging$$log4jController_$eq(Log4jController$ log4jController$) {
        this.kafka$utils$Logging$$log4jController = log4jController$;
    }

    public void trace(Function0<String> function0) {
        Logging.class.trace(this, function0);
    }

    /* renamed from: trace, reason: collision with other method in class */
    public Object m439trace(Function0<Throwable> function0) {
        return Logging.class.trace(this, function0);
    }

    public void trace(Function0<String> function0, Function0<Throwable> function02) {
        Logging.class.trace(this, function0, function02);
    }

    public void swallowTrace(Function0<BoxedUnit> function0) {
        Logging.class.swallowTrace(this, function0);
    }

    public void debug(Function0<String> function0) {
        Logging.class.debug(this, function0);
    }

    /* renamed from: debug, reason: collision with other method in class */
    public Object m440debug(Function0<Throwable> function0) {
        return Logging.class.debug(this, function0);
    }

    public void debug(Function0<String> function0, Function0<Throwable> function02) {
        Logging.class.debug(this, function0, function02);
    }

    public void swallowDebug(Function0<BoxedUnit> function0) {
        Logging.class.swallowDebug(this, function0);
    }

    public void info(Function0<String> function0) {
        Logging.class.info(this, function0);
    }

    /* renamed from: info, reason: collision with other method in class */
    public Object m441info(Function0<Throwable> function0) {
        return Logging.class.info(this, function0);
    }

    public void info(Function0<String> function0, Function0<Throwable> function02) {
        Logging.class.info(this, function0, function02);
    }

    public void swallowInfo(Function0<BoxedUnit> function0) {
        Logging.class.swallowInfo(this, function0);
    }

    public void warn(Function0<String> function0) {
        Logging.class.warn(this, function0);
    }

    /* renamed from: warn, reason: collision with other method in class */
    public Object m442warn(Function0<Throwable> function0) {
        return Logging.class.warn(this, function0);
    }

    public void warn(Function0<String> function0, Function0<Throwable> function02) {
        Logging.class.warn(this, function0, function02);
    }

    public void swallowWarn(Function0<BoxedUnit> function0) {
        Logging.class.swallowWarn(this, function0);
    }

    public void swallow(Function0<BoxedUnit> function0) {
        Logging.class.swallow(this, function0);
    }

    public void error(Function0<String> function0) {
        Logging.class.error(this, function0);
    }

    /* renamed from: error, reason: collision with other method in class */
    public Object m443error(Function0<Throwable> function0) {
        return Logging.class.error(this, function0);
    }

    public void error(Function0<String> function0, Function0<Throwable> function02) {
        Logging.class.error(this, function0, function02);
    }

    public void swallowError(Function0<BoxedUnit> function0) {
        Logging.class.swallowError(this, function0);
    }

    public void fatal(Function0<String> function0) {
        Logging.class.fatal(this, function0);
    }

    /* renamed from: fatal, reason: collision with other method in class */
    public Object m444fatal(Function0<Throwable> function0) {
        return Logging.class.fatal(this, function0);
    }

    public void fatal(Function0<String> function0, Function0<Throwable> function02) {
        Logging.class.fatal(this, function0, function02);
    }

    public SimpleAclAuthorizer simpleAclAuthorizer() {
        return this.simpleAclAuthorizer;
    }

    public SimpleAclAuthorizer simpleAclAuthorizer2() {
        return this.simpleAclAuthorizer2;
    }

    public KafkaPrincipal testPrincipal() {
        return this.testPrincipal;
    }

    public InetAddress testHostName() {
        return this.testHostName;
    }

    public RequestChannel.Session session() {
        return this.session;
    }

    public Resource resource() {
        return this.resource;
    }

    public void resource_$eq(Resource resource) {
        this.resource = resource;
    }

    public String superUsers() {
        return this.superUsers;
    }

    public String username() {
        return this.username;
    }

    public KafkaConfig config() {
        return this.config;
    }

    public void config_$eq(KafkaConfig kafkaConfig) {
        this.config = kafkaConfig;
    }

    @Override // kafka.zk.ZooKeeperTestHarness
    @Before
    public void setUp() {
        ZooKeeperTestHarness.Cclass.setUp(this);
        simpleAclAuthorizer().maxUpdateRetries_$eq(Integer.MAX_VALUE);
        simpleAclAuthorizer2().maxUpdateRetries_$eq(Integer.MAX_VALUE);
        Properties createBrokerConfig = TestUtils$.MODULE$.createBrokerConfig(0, zkConnect(), TestUtils$.MODULE$.createBrokerConfig$default$3(), TestUtils$.MODULE$.createBrokerConfig$default$4(), TestUtils$.MODULE$.createBrokerConfig$default$5(), TestUtils$.MODULE$.createBrokerConfig$default$6(), TestUtils$.MODULE$.createBrokerConfig$default$7(), TestUtils$.MODULE$.createBrokerConfig$default$8(), TestUtils$.MODULE$.createBrokerConfig$default$9(), TestUtils$.MODULE$.createBrokerConfig$default$10(), TestUtils$.MODULE$.createBrokerConfig$default$11(), TestUtils$.MODULE$.createBrokerConfig$default$12(), TestUtils$.MODULE$.createBrokerConfig$default$13(), TestUtils$.MODULE$.createBrokerConfig$default$14(), TestUtils$.MODULE$.createBrokerConfig$default$15(), TestUtils$.MODULE$.createBrokerConfig$default$16());
        createBrokerConfig.put(SimpleAclAuthorizer$.MODULE$.SuperUsersProp(), superUsers());
        config_$eq(KafkaConfig$.MODULE$.fromProps(createBrokerConfig));
        simpleAclAuthorizer().configure(config().originals());
        simpleAclAuthorizer2().configure(config().originals());
        resource_$eq(new Resource(Topic$.MODULE$, UUID.randomUUID().toString()));
    }

    @Override // kafka.zk.ZooKeeperTestHarness
    @After
    public void tearDown() {
        simpleAclAuthorizer().close();
        simpleAclAuthorizer2().close();
    }

    @Test
    public void testTopicAcl() {
        KafkaPrincipal kafkaPrincipal = new KafkaPrincipal("User", username());
        KafkaPrincipal kafkaPrincipal2 = new KafkaPrincipal("User", "rob");
        KafkaPrincipal kafkaPrincipal3 = new KafkaPrincipal("User", "batman");
        InetAddress byName = InetAddress.getByName("192.168.1.1");
        InetAddress byName2 = InetAddress.getByName("192.168.1.2");
        kafka$security$auth$SimpleAclAuthorizerTest$$changeAclAndVerify(Predef$.MODULE$.Set().empty(), (Set) Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{new Acl(kafkaPrincipal, Allow$.MODULE$, byName.getHostAddress(), Read$.MODULE$), new Acl(kafkaPrincipal, Allow$.MODULE$, byName2.getHostAddress(), Read$.MODULE$), new Acl(kafkaPrincipal, Deny$.MODULE$, byName.getHostAddress(), Read$.MODULE$), new Acl(kafkaPrincipal, Allow$.MODULE$, byName.getHostAddress(), Write$.MODULE$), new Acl(kafkaPrincipal, Allow$.MODULE$, Acl$.MODULE$.WildCardHost(), Describe$.MODULE$), new Acl(kafkaPrincipal2, Allow$.MODULE$, Acl$.MODULE$.WildCardHost(), Read$.MODULE$), new Acl(kafkaPrincipal3, Allow$.MODULE$, Acl$.MODULE$.WildCardHost(), Write$.MODULE$)})), Predef$.MODULE$.Set().empty(), changeAclAndVerify$default$4());
        RequestChannel.Session session = new RequestChannel.Session(kafkaPrincipal, byName);
        RequestChannel.Session session2 = new RequestChannel.Session(kafkaPrincipal, byName2);
        Assert.assertTrue("User1 should have READ access from host2", simpleAclAuthorizer().authorize(session2, Read$.MODULE$, resource()));
        Assert.assertFalse("User1 should not have READ access from host1 due to denyAcl", simpleAclAuthorizer().authorize(session, Read$.MODULE$, resource()));
        Assert.assertTrue("User1 should have WRITE access from host1", simpleAclAuthorizer().authorize(session, Write$.MODULE$, resource()));
        Assert.assertFalse("User1 should not have WRITE access from host2 as no allow acl is defined", simpleAclAuthorizer().authorize(session2, Write$.MODULE$, resource()));
        Assert.assertTrue("User1 should not have DESCRIBE access from host1", simpleAclAuthorizer().authorize(session, Describe$.MODULE$, resource()));
        Assert.assertTrue("User1 should have DESCRIBE access from host2", simpleAclAuthorizer().authorize(session2, Describe$.MODULE$, resource()));
        Assert.assertFalse("User1 should not have edit access from host1", simpleAclAuthorizer().authorize(session, Alter$.MODULE$, resource()));
        Assert.assertFalse("User1 should not have edit access from host2", simpleAclAuthorizer().authorize(session2, Alter$.MODULE$, resource()));
        RequestChannel.Session session3 = new RequestChannel.Session(kafkaPrincipal2, byName);
        RequestChannel.Session session4 = new RequestChannel.Session(kafkaPrincipal3, byName);
        Assert.assertTrue("User2 should have DESCRIBE access from host1", simpleAclAuthorizer().authorize(session3, Describe$.MODULE$, resource()));
        Assert.assertTrue("User3 should have DESCRIBE access from host2", simpleAclAuthorizer().authorize(session4, Describe$.MODULE$, resource()));
        Assert.assertTrue("User2 should have READ access from host1", simpleAclAuthorizer().authorize(session3, Read$.MODULE$, resource()));
        Assert.assertTrue("User3 should have WRITE access from host2", simpleAclAuthorizer().authorize(session4, Write$.MODULE$, resource()));
    }

    @Test
    public void testDenyTakesPrecedence() {
        KafkaPrincipal kafkaPrincipal = new KafkaPrincipal("User", username());
        InetAddress byName = InetAddress.getByName("192.168.2.1");
        RequestChannel.Session session = new RequestChannel.Session(kafkaPrincipal, byName);
        kafka$security$auth$SimpleAclAuthorizerTest$$changeAclAndVerify(Predef$.MODULE$.Set().empty(), (Set) Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{Acl$.MODULE$.AllowAllAcl(), new Acl(kafkaPrincipal, Deny$.MODULE$, byName.getHostAddress(), All$.MODULE$)})), Predef$.MODULE$.Set().empty(), changeAclAndVerify$default$4());
        Assert.assertFalse("deny should take precedence over allow.", simpleAclAuthorizer().authorize(session, Read$.MODULE$, resource()));
    }

    @Test
    public void testAllowAllAccess() {
        kafka$security$auth$SimpleAclAuthorizerTest$$changeAclAndVerify(Predef$.MODULE$.Set().empty(), (Set) Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{Acl$.MODULE$.AllowAllAcl()})), Predef$.MODULE$.Set().empty(), changeAclAndVerify$default$4());
        Assert.assertTrue("allow all acl should allow access to all.", simpleAclAuthorizer().authorize(new RequestChannel.Session(new KafkaPrincipal("User", "random"), InetAddress.getByName("192.0.4.4")), Read$.MODULE$, resource()));
    }

    @Test
    public void testSuperUserHasAccess() {
        kafka$security$auth$SimpleAclAuthorizerTest$$changeAclAndVerify(Predef$.MODULE$.Set().empty(), (Set) Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{new Acl(Acl$.MODULE$.WildCardPrincipal(), Deny$.MODULE$, Acl$.MODULE$.WildCardHost(), All$.MODULE$)})), Predef$.MODULE$.Set().empty(), changeAclAndVerify$default$4());
        RequestChannel.Session session = new RequestChannel.Session(new KafkaPrincipal("User", "superuser1"), InetAddress.getByName("192.0.4.4"));
        RequestChannel.Session session2 = new RequestChannel.Session(new KafkaPrincipal("User", "superuser2"), InetAddress.getByName("192.0.4.4"));
        Assert.assertTrue("superuser always has access, no matter what acls.", simpleAclAuthorizer().authorize(session, Read$.MODULE$, resource()));
        Assert.assertTrue("superuser always has access, no matter what acls.", simpleAclAuthorizer().authorize(session2, Read$.MODULE$, resource()));
    }

    @Test
    public void testWildCardAcls() {
        Assert.assertFalse("when acls = [],  authorizer should fail close.", simpleAclAuthorizer().authorize(session(), Read$.MODULE$, resource()));
        KafkaPrincipal kafkaPrincipal = new KafkaPrincipal("User", username());
        InetAddress byName = InetAddress.getByName("192.168.3.1");
        Acl acl = new Acl(kafkaPrincipal, Allow$.MODULE$, byName.getHostAddress(), Read$.MODULE$);
        Resource resource = new Resource(resource().resourceType(), Resource$.MODULE$.WildCardResource());
        Set<Acl> kafka$security$auth$SimpleAclAuthorizerTest$$changeAclAndVerify = kafka$security$auth$SimpleAclAuthorizerTest$$changeAclAndVerify(Predef$.MODULE$.Set().empty(), (Set) Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{acl})), Predef$.MODULE$.Set().empty(), resource);
        RequestChannel.Session session = new RequestChannel.Session(kafkaPrincipal, byName);
        Assert.assertTrue("User1 should have Read access from host1", simpleAclAuthorizer().authorize(session, Read$.MODULE$, resource()));
        kafka$security$auth$SimpleAclAuthorizerTest$$changeAclAndVerify(Predef$.MODULE$.Set().empty(), (Set) Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{new Acl(kafkaPrincipal, Allow$.MODULE$, byName.getHostAddress(), Write$.MODULE$)})), Predef$.MODULE$.Set().empty(), changeAclAndVerify$default$4());
        kafka$security$auth$SimpleAclAuthorizerTest$$changeAclAndVerify(kafka$security$auth$SimpleAclAuthorizerTest$$changeAclAndVerify, (Set) Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{new Acl(kafkaPrincipal, Deny$.MODULE$, byName.getHostAddress(), Write$.MODULE$)})), Predef$.MODULE$.Set().empty(), resource);
        Assert.assertFalse("User1 should not have Write access from host1", simpleAclAuthorizer().authorize(session, Write$.MODULE$, resource()));
    }

    @Test
    public void testNoAclFound() {
        Assert.assertFalse("when acls = [],  authorizer should fail close.", simpleAclAuthorizer().authorize(session(), Read$.MODULE$, resource()));
    }

    @Test
    public void testNoAclFoundOverride() {
        Properties createBrokerConfig = TestUtils$.MODULE$.createBrokerConfig(1, zkConnect(), TestUtils$.MODULE$.createBrokerConfig$default$3(), TestUtils$.MODULE$.createBrokerConfig$default$4(), TestUtils$.MODULE$.createBrokerConfig$default$5(), TestUtils$.MODULE$.createBrokerConfig$default$6(), TestUtils$.MODULE$.createBrokerConfig$default$7(), TestUtils$.MODULE$.createBrokerConfig$default$8(), TestUtils$.MODULE$.createBrokerConfig$default$9(), TestUtils$.MODULE$.createBrokerConfig$default$10(), TestUtils$.MODULE$.createBrokerConfig$default$11(), TestUtils$.MODULE$.createBrokerConfig$default$12(), TestUtils$.MODULE$.createBrokerConfig$default$13(), TestUtils$.MODULE$.createBrokerConfig$default$14(), TestUtils$.MODULE$.createBrokerConfig$default$15(), TestUtils$.MODULE$.createBrokerConfig$default$16());
        createBrokerConfig.put(SimpleAclAuthorizer$.MODULE$.AllowEveryoneIfNoAclIsFoundProp(), "true");
        KafkaConfig fromProps = KafkaConfig$.MODULE$.fromProps(createBrokerConfig);
        SimpleAclAuthorizer simpleAclAuthorizer = new SimpleAclAuthorizer();
        simpleAclAuthorizer.configure(fromProps.originals());
        Assert.assertTrue("when acls = null or [],  authorizer should fail open with allow.everyone = true.", simpleAclAuthorizer.authorize(session(), Read$.MODULE$, resource()));
    }

    @Test
    public void testAclManagementAPIs() {
        KafkaPrincipal kafkaPrincipal = new KafkaPrincipal("User", username());
        KafkaPrincipal kafkaPrincipal2 = new KafkaPrincipal("User", "bob");
        Acl acl = new Acl(kafkaPrincipal, Allow$.MODULE$, "host1", Read$.MODULE$);
        Acl acl2 = new Acl(kafkaPrincipal, Allow$.MODULE$, "host1", Write$.MODULE$);
        Acl acl3 = new Acl(kafkaPrincipal2, Allow$.MODULE$, "host2", Read$.MODULE$);
        Acl acl4 = new Acl(kafkaPrincipal2, Allow$.MODULE$, "host2", Write$.MODULE$);
        ObjectRef create = ObjectRef.create(kafka$security$auth$SimpleAclAuthorizerTest$$changeAclAndVerify(Predef$.MODULE$.Set().empty(), (Set) Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{acl, acl2, acl3, acl4})), Predef$.MODULE$.Set().empty(), changeAclAndVerify$default$4()));
        Acl acl5 = new Acl(kafkaPrincipal2, Allow$.MODULE$, Acl$.MODULE$.WildCardHost(), Read$.MODULE$);
        create.elem = kafka$security$auth$SimpleAclAuthorizerTest$$changeAclAndVerify((Set) create.elem, (Set) Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{acl5})), Predef$.MODULE$.Set().empty(), changeAclAndVerify$default$4());
        TestUtils$.MODULE$.waitUntilTrue(new SimpleAclAuthorizerTest$$anonfun$testAclManagementAPIs$1(this, kafkaPrincipal, acl, acl2), "changes not propagated in timeout period", TestUtils$.MODULE$.waitUntilTrue$default$3());
        TestUtils$.MODULE$.waitUntilTrue(new SimpleAclAuthorizerTest$$anonfun$testAclManagementAPIs$2(this, kafkaPrincipal2, acl3, acl4, acl5), "changes not propagated in timeout period", TestUtils$.MODULE$.waitUntilTrue$default$3());
        Map apply = Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(new Resource(Topic$.MODULE$, Resource$.MODULE$.WildCardResource())), Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{new Acl(kafkaPrincipal2, Allow$.MODULE$, Acl$.MODULE$.WildCardHost(), Read$.MODULE$)}))), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(new Resource(Cluster$.MODULE$, Resource$.MODULE$.WildCardResource())), Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{new Acl(kafkaPrincipal2, Allow$.MODULE$, "host1", Read$.MODULE$)}))), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(new Resource(Group$.MODULE$, Resource$.MODULE$.WildCardResource())), (Set) create.elem), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(new Resource(Group$.MODULE$, "test-ConsumerGroup")), (Set) create.elem)}));
        apply.foreach(new SimpleAclAuthorizerTest$$anonfun$testAclManagementAPIs$4(this));
        TestUtils$.MODULE$.waitUntilTrue(new SimpleAclAuthorizerTest$$anonfun$testAclManagementAPIs$3(this, create, apply), "changes not propagated in timeout period.", TestUtils$.MODULE$.waitUntilTrue$default$3());
        create.elem = kafka$security$auth$SimpleAclAuthorizerTest$$changeAclAndVerify((Set) create.elem, Predef$.MODULE$.Set().empty(), (Set) Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{acl, acl5})), changeAclAndVerify$default$4());
        simpleAclAuthorizer().removeAcls(resource());
        TestUtils$.MODULE$.waitAndVerifyAcls(Predef$.MODULE$.Set().empty(), simpleAclAuthorizer(), resource());
        Assert.assertTrue(!zkUtils().pathExists(simpleAclAuthorizer().toResourcePath(resource())));
        create.elem = kafka$security$auth$SimpleAclAuthorizerTest$$changeAclAndVerify(Predef$.MODULE$.Set().empty(), (Set) Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{acl})), Predef$.MODULE$.Set().empty(), changeAclAndVerify$default$4());
        kafka$security$auth$SimpleAclAuthorizerTest$$changeAclAndVerify((Set) create.elem, Predef$.MODULE$.Set().empty(), (Set) create.elem, changeAclAndVerify$default$4());
        Assert.assertTrue(!zkUtils().pathExists(simpleAclAuthorizer().toResourcePath(resource())));
    }

    @Test
    public void testLoadCache() {
        Set apply = Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{new Acl(new KafkaPrincipal("User", username()), Allow$.MODULE$, "host-1", Read$.MODULE$)}));
        simpleAclAuthorizer().addAcls(apply, resource());
        KafkaPrincipal kafkaPrincipal = new KafkaPrincipal("User", "bob");
        Resource resource = new Resource(Topic$.MODULE$, "test-2");
        Set apply2 = Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{new Acl(kafkaPrincipal, Deny$.MODULE$, "host3", Read$.MODULE$)}));
        simpleAclAuthorizer().addAcls(apply2, resource);
        zkUtils().deletePathRecursive(SimpleAclAuthorizer$.MODULE$.AclChangedZkPath());
        SimpleAclAuthorizer simpleAclAuthorizer = new SimpleAclAuthorizer();
        simpleAclAuthorizer.configure(config().originals());
        Assert.assertEquals(apply, simpleAclAuthorizer.getAcls(resource()));
        Assert.assertEquals(apply2, simpleAclAuthorizer.getAcls(resource));
    }

    @Test
    public void testLocalConcurrentModificationOfResourceAcls() {
        Resource resource = new Resource(Topic$.MODULE$, "test");
        Acl acl = new Acl(new KafkaPrincipal("User", username()), Allow$.MODULE$, Acl$.MODULE$.WildCardHost(), Read$.MODULE$);
        Acl acl2 = new Acl(new KafkaPrincipal("User", "bob"), Deny$.MODULE$, Acl$.MODULE$.WildCardHost(), Read$.MODULE$);
        simpleAclAuthorizer().addAcls(Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{acl})), resource);
        simpleAclAuthorizer().addAcls(Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{acl2})), resource);
        TestUtils$.MODULE$.waitAndVerifyAcls((Set) Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{acl, acl2})), simpleAclAuthorizer(), resource);
    }

    @Test
    public void testDistributedConcurrentModificationOfResourceAcls() {
        Resource resource = new Resource(Topic$.MODULE$, "test");
        Acl acl = new Acl(new KafkaPrincipal("User", username()), Allow$.MODULE$, Acl$.MODULE$.WildCardHost(), Read$.MODULE$);
        Acl acl2 = new Acl(new KafkaPrincipal("User", "bob"), Deny$.MODULE$, Acl$.MODULE$.WildCardHost(), Read$.MODULE$);
        simpleAclAuthorizer().addAcls(Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{acl})), resource);
        simpleAclAuthorizer2().addAcls(Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{acl2})), resource);
        TestUtils$.MODULE$.waitAndVerifyAcls((Set) Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{acl, acl2})), simpleAclAuthorizer(), resource);
        TestUtils$.MODULE$.waitAndVerifyAcls((Set) Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{acl, acl2})), simpleAclAuthorizer2(), resource);
        Acl acl3 = new Acl(new KafkaPrincipal("User", "joe"), Deny$.MODULE$, Acl$.MODULE$.WildCardHost(), Read$.MODULE$);
        simpleAclAuthorizer().addAcls(Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{acl3})), resource);
        Assert.assertTrue("The authorizer should see a value that needs to be deleted", simpleAclAuthorizer2().removeAcls(Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{acl3})), resource));
        TestUtils$.MODULE$.waitAndVerifyAcls((Set) Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{acl, acl2})), simpleAclAuthorizer(), resource);
        TestUtils$.MODULE$.waitAndVerifyAcls((Set) Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Acl[]{acl, acl2})), simpleAclAuthorizer2(), resource);
    }

    @Test
    public void testHighConcurrencyModificationOfResourceAcls() {
        Resource resource = new Resource(Topic$.MODULE$, "test");
        IndexedSeq indexedSeq = (IndexedSeq) RichInt$.MODULE$.to$extension0(Predef$.MODULE$.intWrapper(0), 50).map(new SimpleAclAuthorizerTest$$anonfun$1(this), IndexedSeq$.MODULE$.canBuildFrom());
        Seq<Function0<Object>> seq = (IndexedSeq) indexedSeq.map(new SimpleAclAuthorizerTest$$anonfun$2(this, resource), IndexedSeq$.MODULE$.canBuildFrom());
        Set<Acl> set = ((TraversableOnce) indexedSeq.filter(new SimpleAclAuthorizerTest$$anonfun$3(this))).toSet();
        TestUtils$.MODULE$.assertConcurrent("Should support many concurrent calls", seq, 15000);
        TestUtils$.MODULE$.waitAndVerifyAcls(set, simpleAclAuthorizer(), resource);
        TestUtils$.MODULE$.waitAndVerifyAcls(set, simpleAclAuthorizer2(), resource);
    }

    public Set<Acl> kafka$security$auth$SimpleAclAuthorizerTest$$changeAclAndVerify(Set<Acl> set, Set<Acl> set2, Set<Acl> set3, Resource resource) {
        Set<Acl> set4 = set;
        if (set2.nonEmpty()) {
            simpleAclAuthorizer().addAcls(set2, resource);
            set4 = (Set) set4.$plus$plus(set2);
        }
        if (set3.nonEmpty()) {
            simpleAclAuthorizer().removeAcls(set3, resource);
            set4 = (Set) set4.$minus$minus(set3);
        }
        TestUtils$.MODULE$.waitAndVerifyAcls(set4, simpleAclAuthorizer(), resource);
        return set4;
    }

    private Resource changeAclAndVerify$default$4() {
        return resource();
    }

    public SimpleAclAuthorizerTest() {
        Logging.class.$init$(this);
        ZooKeeperTestHarness.Cclass.$init$(this);
        this.simpleAclAuthorizer = new SimpleAclAuthorizer();
        this.simpleAclAuthorizer2 = new SimpleAclAuthorizer();
        this.testPrincipal = Acl$.MODULE$.WildCardPrincipal();
        this.testHostName = InetAddress.getByName("192.168.0.1");
        this.session = new RequestChannel.Session(testPrincipal(), testHostName());
        this.resource = null;
        this.superUsers = "User:superuser1; User:superuser2";
        this.username = "alice";
        this.config = null;
    }
}
