package org.infinispan.client.hotrod;

import java.io.IOException;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.infinispan.client.hotrod.exceptions.HotRodClientException;
import org.infinispan.client.hotrod.test.HotRodClientTestingUtil;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.security.AuthorizationPermission;
import org.infinispan.security.Security;
import org.infinispan.security.impl.CommonNameRoleMapper;
import org.infinispan.server.core.security.simple.SimpleServerAuthenticationProvider;
import org.infinispan.server.hotrod.HotRodServer;
import org.infinispan.server.hotrod.configuration.HotRodServerConfigurationBuilder;
import org.infinispan.server.hotrod.test.HotRodTestingUtil;
import org.infinispan.test.SingleCacheManagerTest;
import org.infinispan.test.TestingUtil;
import org.infinispan.test.fwk.TestCacheManagerFactory;
import org.infinispan.util.logging.Log;
import org.infinispan.util.logging.LogFactory;
import org.testng.AssertJUnit;
import org.testng.annotations.Test;

@Test(testName = "client.hotrod.SslAuthenticationTest", groups = {"functional"})
/* loaded from: input_file:org/infinispan/client/hotrod/SslAuthenticationTest.class */
public class SslAuthenticationTest extends SingleCacheManagerTest {
    private static final Log log = LogFactory.getLog(SslAuthenticationTest.class);
    static final Subject ADMIN = TestingUtil.makeSubject(new String[]{"CN=admin"});
    public static final String UNAUTHORIZED = "unauthorized";
    private RemoteCacheManager remoteCacheManager;
    protected HotRodServer hotrodServer;

    protected EmbeddedCacheManager createCacheManager() throws Exception {
        GlobalConfigurationBuilder globalConfigurationBuilder = new GlobalConfigurationBuilder();
        globalConfigurationBuilder.security().authorization().enable().principalRoleMapper(new CommonNameRoleMapper()).role("admin").permission(AuthorizationPermission.ALL).role("HotRod").permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE).role("RodHot").permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE);
        ConfigurationBuilder hotRodCacheConfiguration = HotRodTestingUtil.hotRodCacheConfiguration();
        hotRodCacheConfiguration.security().authorization().enable().role("HotRod").role("admin");
        this.cacheManager = TestCacheManagerFactory.createCacheManager(globalConfigurationBuilder, hotRodCacheConfiguration);
        this.cacheManager.getCache();
        ConfigurationBuilder hotRodCacheConfiguration2 = HotRodTestingUtil.hotRodCacheConfiguration();
        hotRodCacheConfiguration2.security().authorization().enable().role("RodHot").role("admin");
        this.cacheManager.defineConfiguration(UNAUTHORIZED, hotRodCacheConfiguration2.build());
        this.cacheManager.getCache(UNAUTHORIZED);
        return this.cacheManager;
    }

    protected void setup() throws Exception {
        Security.doAs(ADMIN, new PrivilegedExceptionAction<Object>() { // from class: org.infinispan.client.hotrod.SslAuthenticationTest.1
            @Override // java.security.PrivilegedExceptionAction
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Object run2() throws Exception {
                SslAuthenticationTest.this.cacheManager = SslAuthenticationTest.this.createCacheManager();
                if (SslAuthenticationTest.this.cache != null) {
                    return null;
                }
                SslAuthenticationTest.this.cache = SslAuthenticationTest.this.cacheManager.getCache();
                return null;
            }
        });
        this.hotrodServer = new HotRodServer();
        final HotRodServerConfigurationBuilder defaultHotRodConfiguration = HotRodTestingUtil.getDefaultHotRodConfiguration();
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        String path = contextClassLoader.getResource("keystore.jks").getPath();
        String path2 = contextClassLoader.getResource("truststore.jks").getPath();
        SimpleServerAuthenticationProvider simpleServerAuthenticationProvider = new SimpleServerAuthenticationProvider();
        defaultHotRodConfiguration.ssl().enable().requireClientAuth(true).keyStoreFileName(path).keyStorePassword("secret".toCharArray()).trustStoreFileName(path2).trustStorePassword("secret".toCharArray());
        defaultHotRodConfiguration.authentication().enable().serverName("localhost").addAllowedMech("EXTERNAL").serverAuthenticationProvider(simpleServerAuthenticationProvider);
        Security.doAs(ADMIN, new PrivilegedExceptionAction<Object>() { // from class: org.infinispan.client.hotrod.SslAuthenticationTest.2
            @Override // java.security.PrivilegedExceptionAction
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Object run2() throws Exception {
                SslAuthenticationTest.this.hotrodServer.start(defaultHotRodConfiguration.build(), SslAuthenticationTest.this.cacheManager);
                return null;
            }
        });
        log.info("Started server on port: " + this.hotrodServer.getPort());
        org.infinispan.client.hotrod.configuration.ConfigurationBuilder configurationBuilder = new org.infinispan.client.hotrod.configuration.ConfigurationBuilder();
        configurationBuilder.addServer().host("127.0.0.1").port(this.hotrodServer.getPort()).socketTimeout(3000).connectionPool().maxActive(1).security().authentication().enable().saslMechanism("EXTERNAL").callbackHandler(new CallbackHandler() { // from class: org.infinispan.client.hotrod.SslAuthenticationTest.3
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            }
        }).ssl().enable().keyStoreFileName(path).keyStorePassword("secret".toCharArray()).trustStoreFileName(path2).trustStorePassword("secret".toCharArray()).connectionPool().timeBetweenEvictionRuns(2000L);
        this.remoteCacheManager = new RemoteCacheManager(configurationBuilder.build());
    }

    protected void teardown() {
        HotRodClientTestingUtil.killRemoteCacheManager(this.remoteCacheManager);
        HotRodClientTestingUtil.killServers(this.hotrodServer);
        super.teardown();
    }

    protected void clearContent() {
        Security.doAs(ADMIN, new PrivilegedAction<Object>() { // from class: org.infinispan.client.hotrod.SslAuthenticationTest.4
            @Override // java.security.PrivilegedAction
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Object run2() {
                SslAuthenticationTest.this.cacheManager.getCache().clear();
                return null;
            }
        });
    }

    public void testSSLAuthentication() throws Exception {
        RemoteCache cache = this.remoteCacheManager.getCache();
        cache.put("k", "v");
        AssertJUnit.assertEquals("v", (String) cache.get("k"));
    }

    @Test(expectedExceptions = {HotRodClientException.class}, expectedExceptionsMessageRegExp = ".*ISPN000287.*")
    public void testSSLUnauthorized() throws Exception {
        RemoteCache cache = this.remoteCacheManager.getCache(UNAUTHORIZED);
        cache.put("k1", "v1");
        AssertJUnit.assertEquals("v1", (String) cache.get("k1"));
    }
}
