package org.infinispan.client.hotrod;

import java.io.IOException;
import java.io.InputStream;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import javax.security.auth.Subject;
import org.infinispan.client.hotrod.configuration.Configuration;
import org.infinispan.client.hotrod.exceptions.HotRodClientException;
import org.infinispan.commons.equivalence.AnyServerEquivalence;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.security.AuthorizationPermission;
import org.infinispan.security.Security;
import org.infinispan.security.impl.IdentityRoleMapper;
import org.infinispan.server.core.security.simple.SimpleServerAuthenticationProvider;
import org.infinispan.server.hotrod.test.TestCallbackHandler;
import org.infinispan.test.TestingUtil;
import org.infinispan.test.fwk.CleanupAfterMethod;
import org.infinispan.test.fwk.TestCacheManagerFactory;
import org.testng.AssertJUnit;
import org.testng.annotations.Test;

@CleanupAfterMethod
@Test(testName = "client.hotrod.SecureExecTest", groups = {"functional"})
/* loaded from: input_file:org/infinispan/client/hotrod/SecureExecTest.class */
public class SecureExecTest extends AbstractAuthenticationTest {
    static final Subject ADMIN = TestingUtil.makeSubject(new String[]{"admin", "___script_manager"});
    static final String CACHE_NAME = "secured-exec";

    @Override // org.infinispan.client.hotrod.AbstractAuthenticationTest
    protected EmbeddedCacheManager createCacheManager() throws Exception {
        GlobalConfigurationBuilder globalConfigurationBuilder = new GlobalConfigurationBuilder();
        globalConfigurationBuilder.security().authorization().enable().principalRoleMapper(new IdentityRoleMapper()).role("admin").permission(AuthorizationPermission.ALL).role("RWEuser").permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE).permission(AuthorizationPermission.EXEC).role("RWuser").permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE);
        ConfigurationBuilder defaultCacheConfiguration = TestCacheManagerFactory.getDefaultCacheConfiguration(true);
        defaultCacheConfiguration.dataContainer().keyEquivalence(new AnyServerEquivalence()).valueEquivalence(new AnyServerEquivalence()).security().authorization().enable().role("admin").role("RWEuser").role("RWuser");
        this.cacheManager = TestCacheManagerFactory.createCacheManager(globalConfigurationBuilder, defaultCacheConfiguration);
        this.cacheManager.defineConfiguration(CACHE_NAME, defaultCacheConfiguration.build());
        this.cacheManager.getCache();
        return this.cacheManager;
    }

    @Override // org.infinispan.client.hotrod.AbstractAuthenticationTest
    protected SimpleServerAuthenticationProvider createAuthenticationProvider() {
        SimpleServerAuthenticationProvider simpleServerAuthenticationProvider = new SimpleServerAuthenticationProvider();
        simpleServerAuthenticationProvider.addUser("RWEuser", "realm", "password".toCharArray(), (String[]) null);
        simpleServerAuthenticationProvider.addUser("RWuser", "realm", "password".toCharArray(), (String[]) null);
        return simpleServerAuthenticationProvider;
    }

    protected void setup() throws Exception {
        Security.doAs(ADMIN, new PrivilegedExceptionAction<Void>() { // from class: org.infinispan.client.hotrod.SecureExecTest.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                SecureExecTest.super.setup();
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.client.hotrod.AbstractAuthenticationTest
    public void teardown() {
        Security.doAs(ADMIN, new PrivilegedAction<Void>() { // from class: org.infinispan.client.hotrod.SecureExecTest.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                SecureExecTest.super.teardown();
                return null;
            }
        });
    }

    protected void clearContent() {
        this.cacheManager.getCache().clear();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.client.hotrod.AbstractAuthenticationTest
    public org.infinispan.client.hotrod.configuration.ConfigurationBuilder initServerAndClient() {
        return (org.infinispan.client.hotrod.configuration.ConfigurationBuilder) Security.doAs(ADMIN, new PrivilegedAction<org.infinispan.client.hotrod.configuration.ConfigurationBuilder>() { // from class: org.infinispan.client.hotrod.SecureExecTest.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public org.infinispan.client.hotrod.configuration.ConfigurationBuilder run() {
                return SecureExecTest.super.initServerAndClient();
            }
        });
    }

    public void testSimpleScriptExecutionWithValidAuth() throws IOException, PrivilegedActionException {
        org.infinispan.client.hotrod.configuration.ConfigurationBuilder initServerAndClient = initServerAndClient();
        initServerAndClient.security().authentication().callbackHandler(new TestCallbackHandler("RWEuser", "realm", "password".toCharArray()));
        runTestWithGivenScript(initServerAndClient.build(), "/testRole_hotrod.js");
    }

    @Test(expectedExceptions = {HotRodClientException.class}, expectedExceptionsMessageRegExp = ".*Unauthorized access.*")
    public void testSimpleScriptExecutionWithInvalidAuth() throws IOException, PrivilegedActionException {
        org.infinispan.client.hotrod.configuration.ConfigurationBuilder initServerAndClient = initServerAndClient();
        initServerAndClient.security().authentication().callbackHandler(new TestCallbackHandler("RWEuser", "realm", "password".toCharArray()));
        runTestWithGivenScript(initServerAndClient.build(), "/testRole.js");
    }

    @Test(expectedExceptions = {HotRodClientException.class}, expectedExceptionsMessageRegExp = ".*Unauthorized access.*")
    public void testSimpleScriptExecutionWithoutExecPerm() throws IOException, PrivilegedActionException {
        org.infinispan.client.hotrod.configuration.ConfigurationBuilder initServerAndClient = initServerAndClient();
        initServerAndClient.security().authentication().callbackHandler(new TestCallbackHandler("RWuser", "realm", "password".toCharArray()));
        runTestWithGivenScript(initServerAndClient.build(), "/testWithoutRole.js");
    }

    @Test(expectedExceptions = {HotRodClientException.class}, expectedExceptionsMessageRegExp = ".*Unauthorized access.*")
    public void testUploadWithoutScriptManagerRole() throws IOException, PrivilegedActionException {
        org.infinispan.client.hotrod.configuration.ConfigurationBuilder initServerAndClient = initServerAndClient();
        initServerAndClient.security().authentication().callbackHandler(new TestCallbackHandler("RWEuser", "realm", "password".toCharArray()));
        this.remoteCacheManager = new RemoteCacheManager(initServerAndClient.build());
        this.remoteCacheManager.getCache("___script_cache").put("shouldFail", "1+1");
    }

    @Test(expectedExceptions = {HotRodClientException.class}, expectedExceptionsMessageRegExp = ".*Unauthorized access.*")
    public void testClearWithoutScriptManagerRole() throws IOException, PrivilegedActionException {
        org.infinispan.client.hotrod.configuration.ConfigurationBuilder initServerAndClient = initServerAndClient();
        initServerAndClient.security().authentication().callbackHandler(new TestCallbackHandler("RWEuser", "realm", "password".toCharArray()));
        this.remoteCacheManager = new RemoteCacheManager(initServerAndClient.build());
        this.remoteCacheManager.getCache("___script_cache").clear();
    }

    private void runTestWithGivenScript(Configuration configuration, String str) throws IOException, PrivilegedActionException {
        this.remoteCacheManager = new RemoteCacheManager(configuration);
        HashMap hashMap = new HashMap();
        hashMap.put("a", "guinness");
        InputStream resourceAsStream = getClass().getResourceAsStream(str);
        Throwable th = null;
        try {
            try {
                String loadFileAsString = TestingUtil.loadFileAsString(resourceAsStream);
                String substring = str.substring(1);
                uploadScript(substring, loadFileAsString);
                if (resourceAsStream != null) {
                    if (0 != 0) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
                AssertJUnit.assertEquals("guinness", (String) this.remoteCacheManager.getCache(CACHE_NAME).execute(substring, hashMap));
                AssertJUnit.assertEquals("guinness", this.remoteCacheManager.getCache(CACHE_NAME).get("a"));
            } finally {
            }
        } catch (Throwable th3) {
            if (resourceAsStream != null) {
                if (th != null) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
            throw th3;
        }
    }

    protected void uploadScript(final String str, final String str2) throws PrivilegedActionException {
        Security.doAs(ADMIN, new PrivilegedExceptionAction<Void>() { // from class: org.infinispan.client.hotrod.SecureExecTest.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                SecureExecTest.this.cacheManager.getCache("___script_cache").put(str, str2);
                return null;
            }
        });
    }
}
