package org.infinispan.client.hotrod;

import java.io.IOException;
import java.security.PrivilegedActionException;
import java.util.Collections;
import java.util.Map;
import javax.security.auth.Subject;
import org.infinispan.client.hotrod.event.ClientEvent;
import org.infinispan.client.hotrod.event.EventLogListener;
import org.infinispan.client.hotrod.exceptions.HotRodClientException;
import org.infinispan.client.hotrod.test.HotRodClientTestingUtil;
import org.infinispan.commons.test.Exceptions;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.notifications.cachelistener.CacheNotifier;
import org.infinispan.security.AuthorizationPermission;
import org.infinispan.security.Security;
import org.infinispan.security.mappers.IdentityRoleMapper;
import org.infinispan.server.core.security.simple.SimpleServerAuthenticationProvider;
import org.infinispan.server.hotrod.HotRodServer;
import org.infinispan.server.hotrod.test.TestCallbackHandler;
import org.infinispan.test.TestingUtil;
import org.infinispan.test.fwk.TestCacheManagerFactory;
import org.testng.AssertJUnit;
import org.testng.annotations.Test;

@Test(testName = "client.hotrod.SecureListenerTest", groups = {"functional"})
/* loaded from: input_file:org/infinispan/client/hotrod/SecureListenerTest.class */
public class SecureListenerTest extends AbstractAuthenticationTest {
    static final Subject ADMIN = TestingUtil.makeSubject(new String[]{"admin"});
    static final String CACHE_NAME = "secured-listen";

    @Override // org.infinispan.client.hotrod.AbstractAuthenticationTest
    protected EmbeddedCacheManager createCacheManager() throws Exception {
        GlobalConfigurationBuilder globalConfigurationBuilder = new GlobalConfigurationBuilder();
        globalConfigurationBuilder.security().authorization().enable().principalRoleMapper(new IdentityRoleMapper()).role("admin").permission(AuthorizationPermission.ALL).role("RWLuser").permission(new AuthorizationPermission[]{AuthorizationPermission.READ, AuthorizationPermission.WRITE, AuthorizationPermission.LISTEN}).role("RWUser").permission(new AuthorizationPermission[]{AuthorizationPermission.READ, AuthorizationPermission.WRITE});
        ConfigurationBuilder defaultCacheConfiguration = TestCacheManagerFactory.getDefaultCacheConfiguration(true);
        defaultCacheConfiguration.security().authorization().enable().role("admin").role("RWLuser").role("RWUser");
        defaultCacheConfiguration.encoding().key().mediaType("application/x-protostream");
        defaultCacheConfiguration.encoding().value().mediaType("application/x-protostream");
        this.cacheManager = TestCacheManagerFactory.createCacheManager(globalConfigurationBuilder, defaultCacheConfiguration);
        this.cacheManager.defineConfiguration(CACHE_NAME, defaultCacheConfiguration.build());
        this.cacheManager.getCache();
        this.hotrodServer = initServer(Collections.emptyMap(), 0);
        return this.cacheManager;
    }

    @Override // org.infinispan.client.hotrod.AbstractAuthenticationTest
    protected SimpleServerAuthenticationProvider createAuthenticationProvider() {
        SimpleServerAuthenticationProvider simpleServerAuthenticationProvider = new SimpleServerAuthenticationProvider();
        simpleServerAuthenticationProvider.addUser("RWLuser", "realm", "password".toCharArray(), (String[]) null);
        simpleServerAuthenticationProvider.addUser("RWuser", "realm", "password".toCharArray(), (String[]) null);
        return simpleServerAuthenticationProvider;
    }

    protected void setup() throws Exception {
        Security.doAs(ADMIN, () -> {
            super.setup();
            return null;
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.client.hotrod.AbstractAuthenticationTest
    public void teardown() {
        Security.doAs(ADMIN, () -> {
            super.teardown();
            return null;
        });
    }

    protected void clearCacheManager() {
        Security.doAs(ADMIN, () -> {
            this.cacheManager.getCache().clear();
        });
        if (this.remoteCacheManager != null) {
            HotRodClientTestingUtil.killRemoteCacheManager(this.remoteCacheManager);
            this.remoteCacheManager = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.client.hotrod.AbstractAuthenticationTest
    public HotRodServer initServer(Map<String, String> map, int i) {
        return (HotRodServer) Security.doAs(ADMIN, () -> {
            return super.initServer(map, i);
        });
    }

    public void testImplicitRemoveOnClose() throws IOException, PrivilegedActionException {
        org.infinispan.client.hotrod.configuration.ConfigurationBuilder newClientBuilder = newClientBuilder();
        newClientBuilder.security().authentication().callbackHandler(new TestCallbackHandler("RWLuser", (String) null, "password"));
        this.remoteCacheManager = new RemoteCacheManager(newClientBuilder.build());
        RemoteCache cache = this.remoteCacheManager.getCache(CACHE_NAME);
        EventLogListener eventLogListener = new EventLogListener(cache);
        cache.addClientListener(eventLogListener);
        CacheNotifier cacheNotifier = (CacheNotifier) TestingUtil.extractComponent(this.cacheManager.getCache(CACHE_NAME), CacheNotifier.class);
        AssertJUnit.assertEquals(1, cacheNotifier.getListeners().size());
        cache.put("key", "value");
        eventLogListener.expectSingleEvent("key", ClientEvent.Type.CLIENT_CACHE_ENTRY_CREATED);
        this.remoteCacheManager.close();
        eventuallyEquals(0, () -> {
            return Integer.valueOf(cacheNotifier.getListeners().size());
        });
    }

    public void testAddListenerWithoutPermission() throws IOException, PrivilegedActionException {
        org.infinispan.client.hotrod.configuration.ConfigurationBuilder newClientBuilder = newClientBuilder();
        newClientBuilder.security().authentication().saslMechanism("CRAM-MD5").username("RWuser").password("password");
        this.remoteCacheManager = new RemoteCacheManager(newClientBuilder.build());
        RemoteCache cache = this.remoteCacheManager.getCache(CACHE_NAME);
        EventLogListener eventLogListener = new EventLogListener(cache);
        Exceptions.expectException(HotRodClientException.class, () -> {
            cache.addClientListener(eventLogListener);
        });
        CacheNotifier cacheNotifier = (CacheNotifier) TestingUtil.extractComponent(this.cacheManager.getCache(CACHE_NAME), CacheNotifier.class);
        AssertJUnit.assertEquals(0, cacheNotifier.getListeners().size());
        this.remoteCacheManager.close();
        AssertJUnit.assertEquals(0, cacheNotifier.getListeners().size());
    }
}
