package org.infinispan.security;

import java.security.Policy;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.cache.Index;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.query.CacheQuery;
import org.infinispan.query.Search;
import org.infinispan.query.SearchManager;
import org.infinispan.query.api.TestEntity;
import org.infinispan.security.impl.IdentityRoleMapper;
import org.infinispan.test.SingleCacheManagerTest;
import org.infinispan.test.TestingUtil;
import org.infinispan.test.fwk.TestCacheManagerFactory;
import org.junit.Assert;
import org.testng.annotations.Test;

@Test(groups = {"functional"}, testName = "security.QueryAuthorizationTest")
/* loaded from: input_file:org/infinispan/security/QueryAuthorizationTest.class */
public class QueryAuthorizationTest extends SingleCacheManagerTest {
    Subject ADMIN = TestingUtil.makeSubject(new String[]{"admin"});
    Subject QUERY = TestingUtil.makeSubject(new String[]{"query"});
    Subject NOQUERY = TestingUtil.makeSubject(new String[]{"noquery"});

    protected EmbeddedCacheManager createCacheManager() throws Exception {
        final ConfigurationBuilder defaultStandaloneCacheConfig = getDefaultStandaloneCacheConfig(true);
        defaultStandaloneCacheConfig.indexing().index(Index.LOCAL).addProperty("default.directory_provider", "ram").addProperty("lucene_version", "LUCENE_CURRENT").security().authorization().enable().role("admin").role("query").role("noquery");
        return (EmbeddedCacheManager) Subject.doAs(this.ADMIN, new PrivilegedAction<EmbeddedCacheManager>() { // from class: org.infinispan.security.QueryAuthorizationTest.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public EmbeddedCacheManager run() {
                EmbeddedCacheManager createCacheManager = TestCacheManagerFactory.createCacheManager(QueryAuthorizationTest.this.getSecureGlobalConfiguration(), defaultStandaloneCacheConfig);
                createCacheManager.getCache();
                return createCacheManager;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public GlobalConfigurationBuilder getSecureGlobalConfiguration() {
        GlobalConfigurationBuilder globalConfigurationBuilder = new GlobalConfigurationBuilder();
        globalConfigurationBuilder.security().authorization().enable().principalRoleMapper(new IdentityRoleMapper()).role("admin").permission(AuthorizationPermission.ALL).role("query").permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE).permission(AuthorizationPermission.BULK_READ).role("noquery").permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE);
        return globalConfigurationBuilder;
    }

    protected void teardown() {
        Subject.doAs(this.ADMIN, new PrivilegedAction<Void>() { // from class: org.infinispan.security.QueryAuthorizationTest.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                QueryAuthorizationTest.super.teardown();
                return null;
            }
        });
    }

    protected void clearContent() {
        Subject.doAs(this.ADMIN, new PrivilegedAction<Void>() { // from class: org.infinispan.security.QueryAuthorizationTest.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                QueryAuthorizationTest.this.cacheManager.getCache().clear();
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void queryTest() {
        this.cache.put("jekyll", new TestEntity("Henry", "Jekyll", 1L, "dissociate identity disorder"));
        this.cache.put("hyde", new TestEntity("Edward", "Hyde", 2L, "dissociate identity disorder"));
        SearchManager searchManager = Search.getSearchManager(this.cache);
        CacheQuery query = searchManager.getQuery(searchManager.buildQueryBuilderForClass(TestEntity.class).get().keyword().onField("name").matching("Henry").createQuery(), new Class[0]);
        Assert.assertEquals(1L, query.getResultSize());
        Assert.assertEquals(TestEntity.class, query.list().get(0).getClass());
    }

    public void testQuery() throws Exception {
        Policy.setPolicy(new SurefireTestingPolicy());
        System.setSecurityManager(new SecurityManager());
        try {
            Subject.doAs(this.QUERY, new PrivilegedExceptionAction<Void>() { // from class: org.infinispan.security.QueryAuthorizationTest.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    QueryAuthorizationTest.this.queryTest();
                    return null;
                }
            });
            System.setSecurityManager(null);
            Policy.setPolicy(null);
        } catch (Throwable th) {
            System.setSecurityManager(null);
            Policy.setPolicy(null);
            throw th;
        }
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testNoQuery() throws Exception {
        Policy.setPolicy(new SurefireTestingPolicy());
        try {
            System.setSecurityManager(new SecurityManager());
            Subject.doAs(this.NOQUERY, new PrivilegedExceptionAction<Void>() { // from class: org.infinispan.security.QueryAuthorizationTest.5
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    QueryAuthorizationTest.this.queryTest();
                    return null;
                }
            });
            System.setSecurityManager(null);
            Policy.setPolicy(null);
        } catch (Throwable th) {
            System.setSecurityManager(null);
            Policy.setPolicy(null);
            throw th;
        }
    }
}
