package org.rhq.enterprise.server.authz.test;

import java.util.ArrayList;
import java.util.Iterator;
import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.authz.Permission;
import org.rhq.core.domain.authz.Role;
import org.rhq.core.domain.resource.group.LdapGroup;
import org.rhq.core.domain.util.PageControl;
import org.rhq.core.domain.util.PageList;
import org.rhq.enterprise.server.auth.SubjectManagerLocal;
import org.rhq.enterprise.server.authz.PermissionException;
import org.rhq.enterprise.server.authz.RoleManagerLocal;
import org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal;
import org.rhq.enterprise.server.test.AbstractEJB3Test;
import org.rhq.enterprise.server.util.LookupUtil;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

@Test
/* loaded from: input_file:org/rhq/enterprise/server/authz/test/RoleManagerBeanTest.class */
public class RoleManagerBeanTest extends AbstractEJB3Test {
    private SubjectManagerLocal subjectManager;
    private RoleManagerLocal roleManager;
    private LdapGroupManagerLocal ldapManager;
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeClass
    public void beforeClass() {
        this.roleManager = LookupUtil.getRoleManager();
        this.subjectManager = LookupUtil.getSubjectManager();
        this.ldapManager = LookupUtil.getLdapGroupManager();
    }

    public void testGetAllRoles() {
        if (!$assertionsDisabled && this.roleManager.findRoles(PageControl.getUnlimitedInstance()).size() <= 0) {
            throw new AssertionError();
        }
    }

    public void testGetSubjectRoles() throws Exception {
        getTransactionManager().begin();
        try {
            PageList<Role> findRolesBySubject = this.roleManager.findRolesBySubject(this.subjectManager.getOverlord().getId(), PageControl.getUnlimitedInstance());
            if (!$assertionsDisabled && findRolesBySubject.size() != 1) {
                throw new AssertionError();
            }
            Role role = (Role) findRolesBySubject.get(0);
            if (!$assertionsDisabled && !role.getName().equals("Super User Role")) {
                throw new AssertionError("Superuser should have only the super user role: " + role);
            }
            if (!$assertionsDisabled && !role.getPermissions().contains(Permission.MANAGE_SECURITY)) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && !role.getPermissions().contains(Permission.MANAGE_INVENTORY)) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && !role.getPermissions().contains(Permission.MANAGE_SETTINGS)) {
                throw new AssertionError();
            }
        } finally {
            getTransactionManager().rollback();
        }
    }

    public void testGetRoleSubjects() throws Exception {
        getTransactionManager().begin();
        try {
            Iterator it = this.roleManager.findRolesBySubject(this.subjectManager.getOverlord().getId(), PageControl.getUnlimitedInstance()).iterator();
            while (it.hasNext()) {
                Role role = (Role) it.next();
                PageList<Subject> findSubjectsByRole = this.roleManager.findSubjectsByRole(Integer.valueOf(role.getId()), PageControl.getUnlimitedInstance());
                if (role.getName().equals("Super User Role")) {
                    if (!$assertionsDisabled && findSubjectsByRole.size() < 1) {
                        throw new AssertionError("At least rhqadmin must have super user role: " + findSubjectsByRole);
                    }
                    Iterator it2 = findSubjectsByRole.iterator();
                    while (it2.hasNext()) {
                        Subject subject = (Subject) it2.next();
                        if ((subject.getId() == 1 || subject.getName().equals("admin")) && !$assertionsDisabled) {
                            throw new AssertionError("getRoleSubjects() is not supposed to return the superuser" + subject);
                        }
                    }
                }
            }
        } finally {
            getTransactionManager().rollback();
        }
    }

    public void testGetRolesByIds() throws Exception {
        getTransactionManager().begin();
        try {
            PageList<Role> findRoles = this.roleManager.findRoles(PageControl.getUnlimitedInstance());
            ArrayList arrayList = new ArrayList(findRoles.size());
            Iterator it = findRoles.iterator();
            while (it.hasNext()) {
                arrayList.add(Integer.valueOf(((Role) it.next()).getId()));
            }
            PageList<Role> findRolesByIds = this.roleManager.findRolesByIds((Integer[]) arrayList.toArray(new Integer[0]), PageControl.getUnlimitedInstance());
            if (!$assertionsDisabled && findRolesByIds.size() != findRoles.size()) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && !findRolesByIds.containsAll(findRoles)) {
                throw new AssertionError();
            }
        } finally {
            getTransactionManager().rollback();
        }
    }

    public void testGetAvailableRolesForSubject() throws Exception {
        getTransactionManager().begin();
        try {
            Subject createSession = createSession(this.subjectManager.getOverlord());
            Subject subject = new Subject();
            subject.setName("dummy-subject");
            Subject createSession2 = createSession(this.subjectManager.createSubject(createSession, subject));
            Role role = new Role("dummy-role");
            Role role2 = new Role("dummy-role2");
            Role createRole = this.roleManager.createRole(createSession, role);
            Role createRole2 = this.roleManager.createRole(createSession, role2);
            PageList<Role> findRoles = this.roleManager.findRoles(PageControl.getUnlimitedInstance());
            if (!$assertionsDisabled && findRoles.size() < 3) {
                throw new AssertionError("There should at least be the two dummy roles and the super user role");
            }
            PageList<Role> findAvailableRolesForSubject = this.roleManager.findAvailableRolesForSubject(createSession, Integer.valueOf(createSession2.getId()), new Integer[0], PageControl.getUnlimitedInstance());
            if (!$assertionsDisabled && findAvailableRolesForSubject.size() != findRoles.size()) {
                throw new AssertionError("All roles should be available for this subject");
            }
            if (!$assertionsDisabled && !findAvailableRolesForSubject.containsAll(findRoles)) {
                throw new AssertionError();
            }
            PageList<Role> findAvailableRolesForSubject2 = this.roleManager.findAvailableRolesForSubject(createSession, Integer.valueOf(createSession2.getId()), new Integer[]{Integer.valueOf(createRole.getId())}, PageControl.getUnlimitedInstance());
            if (!$assertionsDisabled && findAvailableRolesForSubject2.size() + 1 != findRoles.size()) {
                throw new AssertionError("All roles but one should be available for this subject");
            }
            if (!$assertionsDisabled && findAvailableRolesForSubject2.contains(createRole)) {
                throw new AssertionError();
            }
            PageList<Role> findAvailableRolesForSubject3 = this.roleManager.findAvailableRolesForSubject(createSession, Integer.valueOf(createSession2.getId()), new Integer[]{Integer.valueOf(createRole.getId()), Integer.valueOf(createRole2.getId())}, PageControl.getUnlimitedInstance());
            if (!$assertionsDisabled && findAvailableRolesForSubject3.size() + 2 != findRoles.size()) {
                throw new AssertionError("All roles but two should be available for this subject");
            }
            if (!$assertionsDisabled && findAvailableRolesForSubject3.contains(createRole)) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && findAvailableRolesForSubject3.contains(createRole2)) {
                throw new AssertionError();
            }
            this.roleManager.addRolesToSubject(createSession, createSession2.getId(), new int[]{createRole.getId()});
            PageList<Role> findAvailableRolesForSubject4 = this.roleManager.findAvailableRolesForSubject(createSession, Integer.valueOf(createSession2.getId()), new Integer[0], PageControl.getUnlimitedInstance());
            if (!$assertionsDisabled && findAvailableRolesForSubject4.size() + 1 != findRoles.size()) {
                throw new AssertionError("All but one role should be available for this subject");
            }
            if (!$assertionsDisabled && findAvailableRolesForSubject4.contains(createRole)) {
                throw new AssertionError("We already assigned this new role to the subject - it isn't available");
            }
            PageList<Role> findAvailableRolesForSubject5 = this.roleManager.findAvailableRolesForSubject(createSession, Integer.valueOf(createSession2.getId()), new Integer[]{Integer.valueOf(createRole2.getId())}, PageControl.getUnlimitedInstance());
            if (!$assertionsDisabled && findAvailableRolesForSubject5.size() + 2 != findRoles.size()) {
                throw new AssertionError("One is already assigned and one is excluded so all but two roles should be available for this subject");
            }
            if (!$assertionsDisabled && findAvailableRolesForSubject5.contains(createRole)) {
                throw new AssertionError("We already assigned this new role to the subject - it isn't available");
            }
            if (!$assertionsDisabled && findAvailableRolesForSubject5.contains(createRole2)) {
                throw new AssertionError("We excluded this new role - it isn't available");
            }
            try {
                this.roleManager.findAvailableRolesForSubject(createSession2, Integer.valueOf(createSession2.getId()), new Integer[0], PageControl.getUnlimitedInstance());
            } catch (PermissionException e) {
            }
        } finally {
            try {
                getTransactionManager().rollback();
            } catch (Exception e2) {
            }
        }
    }

    public void testRoles() throws Exception {
        getTransactionManager().begin();
        try {
            Subject subject = new Subject();
            subject.setName("role-manager-subject");
            subject.setFsystem(false);
            Subject subject2 = new Subject();
            subject2.setName("secondary-role-manager");
            subject2.setFsystem(false);
            Role role = new Role("role-manager-role");
            role.setFsystem(false);
            role.addSubject(subject);
            Subject overlord = this.subjectManager.getOverlord();
            this.subjectManager.createSubject(overlord, subject);
            Subject createSession = createSession(subject);
            this.subjectManager.createSubject(overlord, subject2);
            Subject createSession2 = createSession(subject2);
            assertEquals("Role should not be created or assigned yet", 0, this.roleManager.findRolesBySubject(createSession.getId(), PageControl.getUnlimitedInstance()).size());
            Role createRole = this.roleManager.createRole(overlord, role);
            assertEquals("Role should be assigned at the time the role is created", 1, this.roleManager.findRolesBySubject(createSession.getId(), PageControl.getUnlimitedInstance()).size());
            this.roleManager.addRolesToSubject(overlord, createSession2.getId(), new int[]{createRole.getId()});
            assertEquals("Role should be assigned", 1, this.roleManager.findRolesBySubject(createSession2.getId(), PageControl.getUnlimitedInstance()).size());
            this.roleManager.removeRolesFromSubject(overlord, createSession.getId(), new int[]{createRole.getId()});
            assertEquals("Role should have been unassigned", 0, this.roleManager.findRolesBySubject(createSession.getId(), PageControl.getUnlimitedInstance()).size());
            this.roleManager.deleteRoles(overlord, new int[]{createRole.getId()});
            assertFalse("Roles should have been deleted", this.roleManager.findRoles(PageControl.getUnlimitedInstance()).contains(createRole));
            getTransactionManager().rollback();
        } catch (Throwable th) {
            getTransactionManager().rollback();
            throw th;
        }
    }

    public void testLdapGroups() throws Exception {
        getTransactionManager().begin();
        try {
            Subject createSession = createSession(this.subjectManager.getOverlord());
            Role role = new Role("role-manager-role");
            role.setFsystem(false);
            Role createRole = this.roleManager.createRole(createSession, role);
            LdapGroup ldapGroup = new LdapGroup();
            ldapGroup.setName("Foo");
            createRole.addLdapGroup(ldapGroup);
            if ($assertionsDisabled || this.ldapManager.findLdapGroupsByRole(createRole.getId(), PageControl.getUnlimitedInstance()).size() == 1) {
            } else {
                throw new AssertionError("Ldap Group Foo Should be assigned");
            }
        } finally {
            getTransactionManager().rollback();
        }
    }

    static {
        $assertionsDisabled = !RoleManagerBeanTest.class.desiredAssertionStatus();
    }
}
