package org.infinispan.server.security;

import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.infinispan.client.hotrod.RemoteCache;
import org.infinispan.client.hotrod.configuration.ConfigurationBuilder;
import org.infinispan.client.hotrod.exceptions.HotRodClientException;
import org.infinispan.configuration.cache.CacheMode;
import org.infinispan.server.test.InfinispanServerRule;
import org.infinispan.server.test.InfinispanServerRuleBuilder;
import org.infinispan.server.test.InfinispanServerTestMethodRule;
import org.infinispan.server.test.LdapServerRule;
import org.infinispan.server.test.category.Security;
import org.infinispan.test.Exceptions;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({Security.class})
/* loaded from: input_file:org/infinispan/server/security/AuthorizationLDAPIT.class */
public class AuthorizationLDAPIT {

    @ClassRule
    public static InfinispanServerRule SERVERS = InfinispanServerRuleBuilder.config("configuration/AuthorizationLDAPTest.xml").build();

    @ClassRule
    public static LdapServerRule LDAP = new LdapServerRule(SERVERS);

    @Rule
    public InfinispanServerTestMethodRule SERVER_TEST = new InfinispanServerTestMethodRule(SERVERS);
    final Map<String, ConfigurationBuilder> builderMap = new HashMap();
    final Map<String, String> bulkData;

    public AuthorizationLDAPIT() {
        addBuilder("admin", "strongPassword");
        addBuilder("writer", "somePassword");
        addBuilder("reader", "password");
        addBuilder("supervisor", "lessStrongPassword");
        this.bulkData = new HashMap();
        for (int i = 0; i < 10; i++) {
            this.bulkData.put("k" + i, "v" + i);
        }
    }

    private void addBuilder(String str, String str2) {
        ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
        configurationBuilder.security().authentication().saslMechanism("SCRAM-SHA-1").serverName("infinispan").realm("default").username(str).password(str2);
        this.builderMap.put(str, configurationBuilder);
    }

    @Test
    public void testAdminCanDoEverything() {
        RemoteCache create = this.SERVER_TEST.hotrod().withClientConfiguration(this.builderMap.get("admin")).withCacheMode(CacheMode.DIST_SYNC).create();
        create.put("k", "v");
        Assert.assertEquals("v", create.get("k"));
        create.putAll(this.bulkData);
        Assert.assertEquals(11L, create.size());
    }

    @Test
    public void testNonAdminsMustNotCreateCache() {
        for (String str : Arrays.asList("reader", "writer", "supervisor")) {
            Exceptions.expectException(HotRodClientException.class, "(?s).*ISPN000287.*", () -> {
                this.SERVER_TEST.hotrod().withClientConfiguration(this.builderMap.get(str)).withCacheMode(CacheMode.DIST_SYNC).create();
            });
        }
    }

    @Test
    public void testWriterCannotRead() {
        createAuthzCache();
        RemoteCache remoteCache = this.SERVER_TEST.hotrod().withClientConfiguration(this.builderMap.get("writer")).get();
        remoteCache.put("k1", "v1");
        Exceptions.expectException(HotRodClientException.class, "(?s).*ISPN000287.*", () -> {
            remoteCache.get("k1");
        });
        Iterator it = Arrays.asList("reader", "supervisor").iterator();
        while (it.hasNext()) {
            Assert.assertEquals("v1", this.SERVER_TEST.hotrod().withClientConfiguration(this.builderMap.get((String) it.next())).get().get("k1"));
        }
    }

    @Test
    public void testReaderCannotWrite() {
        createAuthzCache();
        RemoteCache remoteCache = this.SERVER_TEST.hotrod().withClientConfiguration(this.builderMap.get("reader")).get();
        Exceptions.expectException(HotRodClientException.class, "(?s).*ISPN000287.*", () -> {
            remoteCache.put("k1", "v1");
        });
        for (String str : Arrays.asList("writer", "supervisor")) {
            this.SERVER_TEST.hotrod().withClientConfiguration(this.builderMap.get(str)).get().put(str, str);
        }
    }

    @Test
    public void testBulkOperations() {
        createAuthzCache().putAll(this.bulkData);
        RemoteCache remoteCache = this.SERVER_TEST.hotrod().withClientConfiguration(this.builderMap.get("reader")).get();
        Exceptions.expectException(HotRodClientException.class, "(?s).*ISPN000287.*", () -> {
            remoteCache.getAll(this.bulkData.keySet());
        });
        this.SERVER_TEST.hotrod().withClientConfiguration(this.builderMap.get("supervisor")).get().getAll(this.bulkData.keySet());
    }

    private RemoteCache<Object, Object> createAuthzCache() {
        org.infinispan.configuration.cache.ConfigurationBuilder configurationBuilder = new org.infinispan.configuration.cache.ConfigurationBuilder();
        configurationBuilder.clustering().cacheMode(CacheMode.DIST_SYNC).security().authorization().enable().role("AdminRole").role("ReaderRole").role("WriterRole").role("SupervisorRole");
        return this.SERVER_TEST.hotrod().withClientConfiguration(this.builderMap.get("admin")).withServerConfiguration(configurationBuilder).create();
    }
}
