package org.apache.activemq.artemis.tests.integration.security;

import jakarta.jms.Connection;
import jakarta.jms.JMSException;
import jakarta.jms.JMSSecurityException;
import jakarta.jms.Queue;
import jakarta.jms.Session;
import java.lang.management.ManagementFactory;
import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.activemq.ActiveMQConnection;
import org.apache.activemq.ActiveMQSslConnectionFactory;
import org.apache.activemq.artemis.api.core.ActiveMQException;
import org.apache.activemq.artemis.api.core.ActiveMQExceptionType;
import org.apache.activemq.artemis.api.core.ActiveMQSecurityException;
import org.apache.activemq.artemis.api.core.QueueConfiguration;
import org.apache.activemq.artemis.api.core.RoutingType;
import org.apache.activemq.artemis.api.core.SimpleString;
import org.apache.activemq.artemis.api.core.TransportConfiguration;
import org.apache.activemq.artemis.api.core.client.ActiveMQClient;
import org.apache.activemq.artemis.api.core.client.ClientConsumer;
import org.apache.activemq.artemis.api.core.client.ClientMessage;
import org.apache.activemq.artemis.api.core.client.ClientProducer;
import org.apache.activemq.artemis.api.core.client.ClientSession;
import org.apache.activemq.artemis.api.core.client.ClientSessionFactory;
import org.apache.activemq.artemis.api.core.client.ServerLocator;
import org.apache.activemq.artemis.core.config.Configuration;
import org.apache.activemq.artemis.core.remoting.impl.invm.InVMConnection;
import org.apache.activemq.artemis.core.security.CheckType;
import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.core.server.ActiveMQServer;
import org.apache.activemq.artemis.core.server.ActiveMQServers;
import org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl;
import org.apache.activemq.artemis.core.server.impl.AddressInfo;
import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
import org.apache.activemq.artemis.core.transaction.impl.XidImpl;
import org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory;
import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager2;
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager3;
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager4;
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager5;
import org.apache.activemq.artemis.spi.core.security.jaas.NoCacheLoginException;
import org.apache.activemq.artemis.tests.integration.client.AutoCreateJmsDestinationTest;
import org.apache.activemq.artemis.tests.util.ActiveMQTestBase;
import org.apache.activemq.artemis.tests.util.CreateMessage;
import org.apache.activemq.artemis.utils.CompositeAddress;
import org.apache.activemq.artemis.utils.SensitiveDataCodec;
import org.apache.activemq.artemis.utils.Wait;
import org.apache.activemq.command.ActiveMQQueue;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;

/* loaded from: input_file:org/apache/activemq/artemis/tests/integration/security/SecurityTest.class */
public class SecurityTest extends ActiveMQTestBase {
    private static final String addressA = "addressA";
    private static final String queueA = "queueA";
    private ServerLocator locator;
    private Configuration configuration;

    /* loaded from: input_file:org/apache/activemq/artemis/tests/integration/security/SecurityTest$DummySensitiveDataCodec.class */
    public static class DummySensitiveDataCodec implements SensitiveDataCodec<String> {
        /* renamed from: decode, reason: merged with bridge method [inline-methods] */
        public String m279decode(Object obj) throws Exception {
            throw new IllegalStateException("Decoding not supported");
        }

        /* renamed from: encode, reason: merged with bridge method [inline-methods] */
        public String m278encode(Object obj) throws Exception {
            return new StringBuffer((String) obj).reverse().toString();
        }

        public boolean verify(char[] cArr, String str) {
            return str.equals(new StringBuffer(String.valueOf(cArr)).reverse().toString());
        }
    }

    @Before
    public void setUp() throws Exception {
        super.setUp();
        this.locator = createInVMNonHALocator();
    }

    @Test
    public void testJAASSecurityManagerAuthentication() throws Exception {
        addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager("PropertiesLogin"), false)).start();
        try {
            createSessionFactory(this.locator).createSession("first", "secret", false, true, true, false, 0).close();
        } catch (ActiveMQException e) {
            e.printStackTrace();
            Assert.fail("should not throw exception");
        }
    }

    @Test
    public void testNoCacheException() throws Exception {
        ActiveMQServer addServer = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQSecurityManager5() { // from class: org.apache.activemq.artemis.tests.integration.security.SecurityTest.1
            boolean flipper = false;

            public Subject authenticate(String str, String str2, RemotingConnection remotingConnection, String str3) throws NoCacheLoginException {
                this.flipper = !this.flipper;
                if (this.flipper) {
                    return new Subject();
                }
                throw new NoCacheLoginException();
            }

            public boolean authorize(Subject subject, Set<Role> set, CheckType checkType, String str) {
                return false;
            }

            public boolean validateUser(String str, String str2) {
                return false;
            }

            public boolean validateUserAndRole(String str, String str2, Set<Role> set, CheckType checkType) {
                return false;
            }
        }, false));
        addServer.start();
        ClientSessionFactory createSessionFactory = createSessionFactory(this.locator);
        createSessionFactory.createSession("first", "secret", false, true, true, false, 0).close();
        assertEquals(1L, addServer.getSecurityStore().getAuthenticationCacheSize());
        try {
            createSessionFactory.createSession("first", "secret", false, true, true, false, 0);
        } catch (ActiveMQException e) {
        }
        assertEquals(1L, addServer.getSecurityStore().getAuthenticationCacheSize());
    }

    @Test
    public void testNoCacheNamingException() throws Exception {
        internalTestNoCacheException("BrokenLDAPLoginNamingException");
    }

    @Test
    public void testNoCacheNamingExceptionRegex() throws Exception {
        internalTestNoCacheException("BrokenLDAPLoginNamingExceptionRegex");
    }

    @Test
    public void testNoCacheConnectException() throws Exception {
        internalTestNoCacheException("BrokenLDAPLoginConnectException");
    }

    @Test
    public void testNoCacheConnectExceptionRegex() throws Exception {
        internalTestNoCacheException("BrokenLDAPLoginConnectExceptionRegex");
    }

    private void internalTestNoCacheException(String str) throws Exception {
        ActiveMQServer addServer = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager(str), false));
        addServer.start();
        try {
            createSessionFactory(this.locator).createSession("first", "secret", false, true, true, false, 0);
        } catch (ActiveMQException e) {
        }
        assertEquals(0L, addServer.getSecurityStore().getAuthenticationCacheSize());
    }

    @Test
    public void testJAASSecurityManagerAuthenticationWithPasswordCodec() throws Exception {
        addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager("PropertiesLoginWithPasswordCodec"), false)).start();
        try {
            createSessionFactory(this.locator).createSession(AutoCreateJmsDestinationTest.QUEUE_NAME, "password", false, true, true, false, 0).close();
        } catch (ActiveMQException e) {
            e.printStackTrace();
            Assert.fail("should not throw exception");
        }
    }

    @Test
    public void testJAASSecurityManagerAuthenticationWithValidateUser() throws Exception {
        ActiveMQServer addServer = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager("PropertiesLogin"), false));
        addServer.getConfiguration().setPopulateValidatedUser(true);
        addServer.start();
        Role role = new Role("programmers", true, true, true, true, true, true, true, true, true, true);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        addServer.getSecurityRepository().addMatch("#", hashSet);
        try {
            ClientSession createSession = createSessionFactory(this.locator).createSession("first", "secret", false, true, true, false, 0);
            addServer.createQueue(new QueueConfiguration("queue").setAddress("address").setRoutingType(RoutingType.ANYCAST));
            ClientProducer createProducer = createSession.createProducer("address");
            createProducer.send(createSession.createMessage(true));
            createSession.commit();
            createProducer.close();
            ClientConsumer createConsumer = createSession.createConsumer("queue");
            createSession.start();
            ClientMessage receive = createConsumer.receive(1000L);
            assertNotNull(receive);
            assertEquals("first", receive.getValidatedUserID());
            createSession.close();
        } catch (ActiveMQException e) {
            e.printStackTrace();
            Assert.fail("should not throw exception");
        }
    }

    @Test
    public void testJAASSecurityManagerAuthenticationWithCerts() throws Exception {
        testJAASSecurityManagerAuthenticationWithCerts("CertLogin", "needClientAuth");
    }

    @Test
    public void testJAASSecurityManagerAuthenticationWithCertsWantClientAuth() throws Exception {
        testJAASSecurityManagerAuthenticationWithCerts("CertLogin", "wantClientAuth");
    }

    @Test
    public void testJAASSecurityManagerAuthenticationWithRegexps() throws Exception {
        testJAASSecurityManagerAuthenticationWithCerts("CertLoginWithRegexp", "needClientAuth");
    }

    @Test
    public void testJAASSecurityManagerAuthenticationWithRegexpsWantClientAuth() throws Exception {
        testJAASSecurityManagerAuthenticationWithCerts("CertLoginWithRegexp", "wantClientAuth");
    }

    protected void testJAASSecurityManagerAuthenticationWithCerts(String str, String str2) throws Exception {
        ActiveMQServer addServer = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager(str), false));
        HashMap hashMap = new HashMap();
        hashMap.put("sslEnabled", true);
        hashMap.put("keyStorePath", "server-keystore.jks");
        hashMap.put("keyStorePassword", "securepass");
        hashMap.put("trustStorePath", "client-ca-truststore.jks");
        hashMap.put("trustStorePassword", "securepass");
        hashMap.put(str2, true);
        addServer.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, hashMap));
        addServer.start();
        TransportConfiguration transportConfiguration = new TransportConfiguration(NETTY_CONNECTOR_FACTORY);
        transportConfiguration.getParams().put("sslEnabled", true);
        transportConfiguration.getParams().put("trustStorePath", "server-ca-truststore.jks");
        transportConfiguration.getParams().put("trustStorePassword", "securepass");
        transportConfiguration.getParams().put("keyStorePath", "client-keystore.jks");
        transportConfiguration.getParams().put("keyStorePassword", "securepass");
        try {
            createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{transportConfiguration}))).createSession().close();
        } catch (ActiveMQException e) {
            e.printStackTrace();
            Assert.fail("should not throw exception");
        }
    }

    @Test
    public void testJAASSecurityManagerAuthenticationWithCertsAndOpenWire() throws Exception {
        ActiveMQServer addServer = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager("CertLogin"), false));
        HashMap hashMap = new HashMap();
        hashMap.put("sslEnabled", true);
        hashMap.put("keyStorePath", "server-keystore.jks");
        hashMap.put("keyStorePassword", "securepass");
        hashMap.put("trustStorePath", "client-ca-truststore.jks");
        hashMap.put("trustStorePassword", "securepass");
        hashMap.put("needClientAuth", true);
        addServer.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, hashMap));
        HashSet hashSet = new HashSet();
        hashSet.add(new Role("programmers", false, true, false, false, true, true, false, false, true, false));
        addServer.getConfiguration().putSecurityRoles("ActiveMQ.Advisory.#", hashSet);
        addServer.start();
        ActiveMQSslConnectionFactory activeMQSslConnectionFactory = new ActiveMQSslConnectionFactory("ssl://localhost:61616?verifyHostName=false");
        activeMQSslConnectionFactory.setTrustStore("server-ca-truststore.jks");
        activeMQSslConnectionFactory.setTrustStorePassword("securepass");
        activeMQSslConnectionFactory.setKeyStore("client-keystore.jks");
        activeMQSslConnectionFactory.setKeyStorePassword("securepass");
        try {
            ActiveMQConnection createConnection = activeMQSslConnectionFactory.createConnection();
            try {
                createConnection.createSession(false, 1).close();
                if (createConnection != null) {
                    createConnection.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            th.printStackTrace();
            Assert.fail("should not throw exception");
        }
    }

    @Test
    public void testJAASSecurityManagerOpenWireNegative() throws Exception {
        ActiveMQServer addServer = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager("CertLogin"), false));
        HashSet hashSet = new HashSet();
        hashSet.add(new Role("programmers", false, false, false, false, false, false, false, false, false, false));
        addServer.getConfiguration().putSecurityRoles("#", hashSet);
        HashMap hashMap = new HashMap();
        hashMap.put("sslEnabled", true);
        hashMap.put("keyStorePath", "server-keystore.jks");
        hashMap.put("keyStorePassword", "securepass");
        hashMap.put("trustStorePath", "client-ca-truststore.jks");
        hashMap.put("trustStorePassword", "securepass");
        hashMap.put("needClientAuth", true);
        addServer.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, hashMap));
        addServer.start();
        ActiveMQSslConnectionFactory activeMQSslConnectionFactory = new ActiveMQSslConnectionFactory("ssl://localhost:61616?verifyHostName=false");
        activeMQSslConnectionFactory.setUserName("test-user");
        activeMQSslConnectionFactory.setTrustStore("server-ca-truststore.jks");
        activeMQSslConnectionFactory.setTrustStorePassword("securepass");
        activeMQSslConnectionFactory.setKeyStore("client-keystore.jks");
        activeMQSslConnectionFactory.setKeyStorePassword("securepass");
        activeMQSslConnectionFactory.setWatchTopicAdvisories(false);
        ActiveMQConnection createConnection = activeMQSslConnectionFactory.createConnection();
        try {
            Session createSession = createConnection.createSession(false, 1);
            SimpleString simpleString = SimpleString.toSimpleString("test.queue");
            addServer.addAddressInfo(new AddressInfo(simpleString, RoutingType.ANYCAST));
            addServer.addAddressInfo(new AddressInfo(SimpleString.toSimpleString("test.topic"), RoutingType.MULTICAST));
            try {
                createSession.createConsumer(createSession.createQueue("test.queue"));
                Assert.fail("should throw exception here");
            } catch (Exception e) {
                assertTrue(e.getMessage().contains("User: test-user does not have permission='CREATE_DURABLE_QUEUE' for queue test.queue on address test.queue"));
            }
            try {
                createSession.createConsumer(createSession.createTopic("test.topic"));
                Assert.fail("should throw exception here");
            } catch (Exception e2) {
                assertTrue(e2.getMessage().contains("User: test-user does not have permission='CREATE_NON_DURABLE_QUEUE'"));
            }
            addServer.createQueue(new QueueConfiguration(simpleString).setRoutingType(RoutingType.ANYCAST));
            try {
                createSession.createProducer(createSession.createQueue("test.queue")).send(createSession.createMessage());
                Assert.fail("should throw exception here");
            } catch (Exception e3) {
                assertTrue(e3.getMessage().contains("User: test-user does not have permission='SEND'"));
            }
            try {
                createSession.createConsumer(createSession.createQueue("test.queue"));
                Assert.fail("should throw exception here");
            } catch (Exception e4) {
                assertTrue(e4.getMessage().contains("User: test-user does not have permission='CONSUME' for queue test.queue on address test.queue"));
            }
            try {
                createSession.createBrowser(createSession.createQueue("test.queue")).getEnumeration();
                Assert.fail("should throw exception here");
            } catch (Exception e5) {
                assertTrue(e5.getMessage().contains("User: test-user does not have permission='BROWSE' for queue test.queue on address test.queue"));
            }
            try {
                createConnection.destroyDestination(new ActiveMQQueue("test.queue"));
                Assert.fail("should throw exception here");
            } catch (Exception e6) {
                assertTrue(e6.getMessage().contains("User: test-user does not have permission='DELETE_DURABLE_QUEUE' for queue test.queue on address test.queue"));
            }
            try {
                createSession.createTemporaryQueue();
                Assert.fail("should throw exception here");
            } catch (Exception e7) {
                assertTrue(e7.getMessage().contains("User: test-user does not have permission='CREATE_ADDRESS'"));
            }
            try {
                createSession.createTemporaryTopic();
                Assert.fail("should throw exception here");
            } catch (Exception e8) {
                assertTrue(e8.getMessage().contains("User: test-user does not have permission='CREATE_ADDRESS'"));
            }
            createSession.close();
            if (createConnection != null) {
                createConnection.close();
            }
        } catch (Throwable th) {
            if (createConnection != null) {
                try {
                    createConnection.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testJAASSecurityManagerAuthenticationBadPassword() throws Exception {
        addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager("PropertiesLogin"), false)).start();
        try {
            createSessionFactory(this.locator).createSession("first", "badpassword", false, true, true, false, 0);
            Assert.fail("should throw exception here");
        } catch (Exception e) {
        }
    }

    @Test
    public void testJAASSecurityManagerAuthenticationWithBadClientCert() throws Exception {
        ActiveMQServer addServer = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager("CertLogin"), false));
        HashMap hashMap = new HashMap();
        hashMap.put("sslEnabled", true);
        hashMap.put("keyStorePath", "server-keystore.jks");
        hashMap.put("keyStorePassword", "securepass");
        hashMap.put("trustStorePath", "client-ca-truststore.jks");
        hashMap.put("trustStorePassword", "securepass");
        hashMap.put("needClientAuth", true);
        addServer.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, hashMap));
        addServer.start();
        TransportConfiguration transportConfiguration = new TransportConfiguration(NETTY_CONNECTOR_FACTORY);
        transportConfiguration.getParams().put("sslEnabled", true);
        transportConfiguration.getParams().put("trustStorePath", "server-ca-truststore.jks");
        transportConfiguration.getParams().put("trustStorePassword", "securepass");
        transportConfiguration.getParams().put("keyStorePath", "unknown-client-keystore.jks");
        transportConfiguration.getParams().put("keyStorePassword", "securepass");
        try {
            createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{transportConfiguration}))).createSession();
            fail("Creating session here should fail due to authentication error.");
        } catch (ActiveMQException e) {
            assertTrue(e.getType() == ActiveMQExceptionType.SECURITY_EXCEPTION);
        }
    }

    @Test
    public void testJAASSecurityManagerAuthenticationGuest() throws Exception {
        addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager("GuestLogin"), false)).start();
        try {
            createSessionFactory(this.locator).createSession("first", "secret", false, true, true, false, 0).close();
        } catch (ActiveMQException e) {
            e.printStackTrace();
            Assert.fail("should not throw exception");
        }
    }

    @Test
    public void testJAASSecurityManagerAuthorizationNegative() throws Exception {
        SimpleString simpleString = new SimpleString("address");
        SimpleString simpleString2 = new SimpleString("durableQueue");
        SimpleString simpleString3 = new SimpleString("nonDurableQueue");
        ActiveMQServer addServer = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager("PropertiesLogin"), false));
        HashSet hashSet = new HashSet();
        hashSet.add(new Role("programmers", false, false, false, false, false, false, false, false, false, false));
        addServer.getConfiguration().putSecurityRoles("#", hashSet);
        addServer.start();
        addServer.addAddressInfo(new AddressInfo(simpleString, RoutingType.ANYCAST));
        addServer.createQueue(new QueueConfiguration(simpleString2).setAddress(simpleString).setRoutingType(RoutingType.ANYCAST));
        addServer.createQueue(new QueueConfiguration(simpleString3).setAddress(simpleString).setRoutingType(RoutingType.ANYCAST).setDurable(false));
        ClientSession addClientSession = addClientSession(createSessionFactory(this.locator).createSession("first", "secret", false, true, true, false, 0));
        try {
            addClientSession.createQueue(new QueueConfiguration(simpleString2).setAddress(simpleString));
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e) {
            assertTrue(e.getMessage().contains("User: first does not have permission='CREATE_DURABLE_QUEUE' for queue durableQueue on address address"));
        }
        try {
            addClientSession.deleteQueue(simpleString2);
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e2) {
            assertTrue(e2.getMessage().contains("User: first does not have permission='DELETE_DURABLE_QUEUE' for queue durableQueue on address address"));
        }
        try {
            addClientSession.createQueue(new QueueConfiguration(simpleString3).setAddress(simpleString).setDurable(false));
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e3) {
            assertTrue(e3.getMessage().contains("User: first does not have permission='CREATE_NON_DURABLE_QUEUE' for queue nonDurableQueue on address address"));
        }
        try {
            addClientSession.deleteQueue(simpleString3);
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e4) {
            assertTrue(e4.getMessage().contains("User: first does not have permission='DELETE_NON_DURABLE_QUEUE' for queue nonDurableQueue on address address"));
        }
        try {
            addClientSession.createProducer(simpleString).send(addClientSession.createMessage(true));
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e5) {
            assertTrue(e5.getMessage().contains("User: first does not have permission='SEND' on address address"));
        }
        try {
            addClientSession.createConsumer(simpleString2);
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e6) {
            assertTrue(e6.getMessage().contains("User: first does not have permission='CONSUME' for queue durableQueue on address address"));
        }
        try {
            addClientSession.createProducer(addServer.getConfiguration().getManagementAddress()).send(addClientSession.createMessage(true));
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e7) {
            assertTrue(e7.getMessage().contains("User: first does not have permission='MANAGE' on address activemq.management"));
        }
        try {
            addClientSession.createConsumer(simpleString2, true);
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e8) {
            assertTrue(e8.getMessage().contains("User: first does not have permission='BROWSE' for queue durableQueue on address address"));
        }
    }

    @Test
    public void testJAASSecurityManagerAuthorizationSameAddressDifferentQueuesDotSyntax() throws Exception {
        internalJAASSecurityManagerAuthorizationSameAddressDifferentQueues(false);
    }

    @Test
    public void testJAASSecurityManagerAuthorizationSameAddressDifferentQueuesFqqnSyntax() throws Exception {
        internalJAASSecurityManagerAuthorizationSameAddressDifferentQueues(true);
    }

    private void internalJAASSecurityManagerAuthorizationSameAddressDifferentQueues(boolean z) throws Exception {
        SimpleString simpleString = new SimpleString("address");
        SimpleString simpleString2 = new SimpleString("a");
        SimpleString simpleString3 = new SimpleString("b");
        ActiveMQServer addServer = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager("PropertiesLogin"), false));
        HashSet hashSet = new HashSet();
        hashSet.add(new Role(simpleString2.toString(), false, true, false, false, false, false, false, false, false, false));
        if (z) {
            addServer.getConfiguration().putSecurityRoles(CompositeAddress.toFullyQualified(simpleString, simpleString2).toString(), hashSet);
        } else {
            addServer.getConfiguration().putSecurityRoles(simpleString.concat(".").concat(simpleString2).toString(), hashSet);
        }
        HashSet hashSet2 = new HashSet();
        hashSet2.add(new Role(simpleString3.toString(), false, true, false, false, false, false, false, false, false, false));
        if (z) {
            addServer.getConfiguration().putSecurityRoles(CompositeAddress.toFullyQualified(simpleString, simpleString3).toString(), hashSet2);
        } else {
            addServer.getConfiguration().putSecurityRoles(simpleString.concat(".").concat(simpleString3).toString(), hashSet2);
        }
        addServer.start();
        addServer.addAddressInfo(new AddressInfo(simpleString, RoutingType.ANYCAST));
        addServer.createQueue(new QueueConfiguration(simpleString2).setAddress(simpleString).setRoutingType(RoutingType.ANYCAST));
        addServer.createQueue(new QueueConfiguration(simpleString3).setAddress(simpleString).setRoutingType(RoutingType.ANYCAST));
        ClientSessionFactory createSessionFactory = createSessionFactory(this.locator);
        ClientSession addClientSession = addClientSession(createSessionFactory.createSession("a", "a", false, true, true, false, 0));
        ClientSession addClientSession2 = addClientSession(createSessionFactory.createSession("b", "b", false, true, true, false, 0));
        try {
            addClientSession.createConsumer(simpleString2);
        } catch (ActiveMQException e) {
            e.printStackTrace();
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession2.createConsumer(simpleString2);
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e2) {
            assertTrue(e2 instanceof ActiveMQSecurityException);
        }
        try {
            addClientSession2.createConsumer(simpleString3);
        } catch (ActiveMQException e3) {
            e3.printStackTrace();
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.createConsumer(simpleString3);
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e4) {
            assertTrue(e4 instanceof ActiveMQSecurityException);
        }
    }

    @Test
    public void testFallbackConsumerAuthorization() throws Exception {
        SimpleString simpleString = new SimpleString("a.c.b");
        SimpleString simpleString2 = new SimpleString("a.c.b");
        ActiveMQServer addServer = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager("PropertiesLogin"), false));
        HashSet hashSet = new HashSet();
        hashSet.add(new Role("xyz", true, true, true, true, true, true, true, true, true, true));
        addServer.getConfiguration().putSecurityRoles("a.*.b", hashSet);
        HashSet hashSet2 = new HashSet();
        hashSet2.add(new Role("amq", true, true, true, true, true, true, true, true, true, true));
        addServer.getConfiguration().putSecurityRoles("#", hashSet2);
        addServer.start();
        addServer.addAddressInfo(new AddressInfo(simpleString, RoutingType.ANYCAST));
        addServer.createQueue(new QueueConfiguration(simpleString2).setAddress(simpleString).setRoutingType(RoutingType.ANYCAST));
        try {
            addClientSession(createSessionFactory(this.locator).createSession("x", "x", false, true, true, false, 0)).createConsumer(simpleString2);
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e) {
            assertTrue(e instanceof ActiveMQSecurityException);
        }
    }

    @Test
    public void testJAASSecurityManagerFQQNAuthorizationWithJMS() throws Exception {
        SimpleString simpleString = new SimpleString("address");
        SimpleString simpleString2 = new SimpleString("a");
        SimpleString simpleString3 = new SimpleString("b");
        ActiveMQServer addServer = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager("PropertiesLogin"), false));
        HashSet hashSet = new HashSet();
        hashSet.add(new Role(simpleString2.toString(), false, true, true, false, false, false, false, false, true, false));
        addServer.getConfiguration().putSecurityRoles(CompositeAddress.toFullyQualified(simpleString, simpleString2).toString(), hashSet);
        HashSet hashSet2 = new HashSet();
        hashSet2.add(new Role(simpleString3.toString(), false, true, true, false, false, false, false, false, true, false));
        addServer.getConfiguration().putSecurityRoles(CompositeAddress.toFullyQualified(simpleString, simpleString3).toString(), hashSet2);
        addServer.start();
        ActiveMQConnectionFactory activeMQConnectionFactory = new ActiveMQConnectionFactory("vm://0");
        Connection createConnection = activeMQConnectionFactory.createConnection("a", "a");
        Session createSession = createConnection.createSession();
        Connection createConnection2 = activeMQConnectionFactory.createConnection("b", "b");
        Session createSession2 = createConnection2.createSession();
        Queue createQueue = createSession.createQueue(CompositeAddress.toFullyQualified(simpleString, simpleString2).toString());
        Queue createQueue2 = createSession2.createQueue(CompositeAddress.toFullyQualified(simpleString, simpleString3).toString());
        try {
            createSession.createConsumer(createQueue);
        } catch (JMSException e) {
            e.printStackTrace();
            Assert.fail("should not throw exception here");
        }
        try {
            createSession2.createConsumer(createQueue);
            Assert.fail("should throw exception here");
        } catch (JMSException e2) {
            assertTrue(e2 instanceof JMSSecurityException);
        }
        try {
            createSession2.createConsumer(createQueue2);
        } catch (JMSException e3) {
            e3.printStackTrace();
            Assert.fail("should not throw exception here");
        }
        try {
            createSession.createConsumer(createQueue2);
            Assert.fail("should throw exception here");
        } catch (JMSException e4) {
            assertTrue(e4 instanceof JMSSecurityException);
        }
        createConnection.close();
        createConnection2.close();
    }

    @Test
    public void testJAASSecurityManagerAuthorizationNegativeWithCerts() throws Exception {
        SimpleString simpleString = new SimpleString("address");
        SimpleString simpleString2 = new SimpleString("durableQueue");
        SimpleString simpleString3 = new SimpleString("nonDurableQueue");
        ActiveMQServer addServer = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager("CertLogin"), false));
        HashMap hashMap = new HashMap();
        hashMap.put("sslEnabled", true);
        hashMap.put("keyStorePath", "server-keystore.jks");
        hashMap.put("keyStorePassword", "securepass");
        hashMap.put("trustStorePath", "client-ca-truststore.jks");
        hashMap.put("trustStorePassword", "securepass");
        hashMap.put("needClientAuth", true);
        addServer.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, hashMap));
        HashSet hashSet = new HashSet();
        hashSet.add(new Role("programmers", false, false, false, false, false, false, false, false, false, false));
        addServer.getConfiguration().putSecurityRoles("#", hashSet);
        addServer.start();
        TransportConfiguration transportConfiguration = new TransportConfiguration(NETTY_CONNECTOR_FACTORY);
        transportConfiguration.getParams().put("sslEnabled", true);
        transportConfiguration.getParams().put("trustStorePath", "server-ca-truststore.jks");
        transportConfiguration.getParams().put("trustStorePassword", "securepass");
        transportConfiguration.getParams().put("keyStorePath", "client-keystore.jks");
        transportConfiguration.getParams().put("keyStorePassword", "securepass");
        ClientSessionFactory createSessionFactory = createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{transportConfiguration})));
        addServer.addAddressInfo(new AddressInfo(simpleString, RoutingType.ANYCAST));
        addServer.createQueue(new QueueConfiguration(simpleString2).setAddress(simpleString).setRoutingType(RoutingType.ANYCAST));
        addServer.createQueue(new QueueConfiguration(simpleString3).setAddress(simpleString).setRoutingType(RoutingType.ANYCAST).setDurable(false));
        ClientSession addClientSession = addClientSession(createSessionFactory.createSession());
        try {
            addClientSession.createQueue(new QueueConfiguration(simpleString2).setAddress(simpleString));
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e) {
        }
        try {
            addClientSession.deleteQueue(simpleString2);
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e2) {
        }
        try {
            addClientSession.createQueue(new QueueConfiguration(simpleString3).setAddress(simpleString).setDurable(false));
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e3) {
        }
        try {
            addClientSession.deleteQueue(simpleString3);
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e4) {
        }
        try {
            addClientSession.createProducer(simpleString).send(addClientSession.createMessage(true));
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e5) {
        }
        try {
            addClientSession.createConsumer(simpleString2);
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e6) {
        }
        try {
            addClientSession.createProducer(addServer.getConfiguration().getManagementAddress()).send(addClientSession.createMessage(true));
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e7) {
        }
        try {
            addClientSession.createConsumer(simpleString2, true);
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e8) {
        }
    }

    @Test
    public void testJAASSecurityManagerAuthorizationPositive() throws Exception {
        SimpleString simpleString = new SimpleString("address");
        SimpleString simpleString2 = new SimpleString("durableQueue");
        SimpleString simpleString3 = new SimpleString("nonDurableQueue");
        ActiveMQServer addServer = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager("PropertiesLogin"), false));
        HashSet hashSet = new HashSet();
        hashSet.add(new Role("programmers", true, true, true, true, true, true, true, true, true, true));
        addServer.getConfiguration().putSecurityRoles("#", hashSet);
        addServer.start();
        ClientSession addClientSession = addClientSession(createSessionFactory(this.locator).createSession("first", "secret", false, true, true, false, 0));
        try {
            addClientSession.createQueue(new QueueConfiguration(simpleString2).setAddress(simpleString));
        } catch (ActiveMQException e) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.deleteQueue(simpleString2);
        } catch (ActiveMQException e2) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.createQueue(new QueueConfiguration(simpleString3).setAddress(simpleString).setDurable(false));
        } catch (ActiveMQException e3) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.deleteQueue(simpleString3);
        } catch (ActiveMQException e4) {
            Assert.fail("should not throw exception here");
        }
        addClientSession.createQueue(new QueueConfiguration(simpleString2).setAddress(simpleString));
        try {
            addClientSession.createProducer(simpleString).send(addClientSession.createMessage(true));
        } catch (ActiveMQException e5) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.createConsumer(simpleString2);
        } catch (ActiveMQException e6) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.createProducer(addServer.getConfiguration().getManagementAddress()).send(addClientSession.createMessage(true));
        } catch (ActiveMQException e7) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.createConsumer(simpleString2, true);
        } catch (ActiveMQException e8) {
            Assert.fail("should not throw exception here");
        }
    }

    @Test
    public void testJAASSecurityManagerAuthorizationPositiveWithCerts() throws Exception {
        testJAASSecurityManagerAuthorizationPositiveWithCerts("needClientAuth");
    }

    @Test
    public void testJAASSecurityManagerAuthorizationPositiveWithCertsWantClientAuth() throws Exception {
        testJAASSecurityManagerAuthorizationPositiveWithCerts("wantClientAuth");
    }

    protected void testJAASSecurityManagerAuthorizationPositiveWithCerts(String str) throws Exception {
        SimpleString simpleString = new SimpleString("address");
        SimpleString simpleString2 = new SimpleString("durableQueue");
        SimpleString simpleString3 = new SimpleString("nonDurableQueue");
        ActiveMQServer addServer = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager("CertLogin"), false));
        HashMap hashMap = new HashMap();
        hashMap.put("sslEnabled", true);
        hashMap.put("keyStorePath", "server-keystore.jks");
        hashMap.put("keyStorePassword", "securepass");
        hashMap.put("trustStorePath", "client-ca-truststore.jks");
        hashMap.put("trustStorePassword", "securepass");
        hashMap.put(str, true);
        addServer.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, hashMap));
        HashSet hashSet = new HashSet();
        hashSet.add(new Role("programmers", true, true, true, true, true, true, true, true, true, true));
        addServer.getConfiguration().putSecurityRoles("#", hashSet);
        addServer.start();
        TransportConfiguration transportConfiguration = new TransportConfiguration(NETTY_CONNECTOR_FACTORY);
        transportConfiguration.getParams().put("sslEnabled", true);
        transportConfiguration.getParams().put("trustStorePath", "server-ca-truststore.jks");
        transportConfiguration.getParams().put("trustStorePassword", "securepass");
        transportConfiguration.getParams().put("keyStorePath", "client-keystore.jks");
        transportConfiguration.getParams().put("keyStorePassword", "securepass");
        ClientSession addClientSession = addClientSession(createSessionFactory(addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{transportConfiguration}))).createSession());
        try {
            addClientSession.createQueue(new QueueConfiguration(simpleString2).setAddress(simpleString));
        } catch (ActiveMQException e) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.deleteQueue(simpleString2);
        } catch (ActiveMQException e2) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.createQueue(new QueueConfiguration(simpleString3).setAddress(simpleString).setDurable(false));
        } catch (ActiveMQException e3) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.deleteQueue(simpleString3);
        } catch (ActiveMQException e4) {
            Assert.fail("should not throw exception here");
        }
        addClientSession.createQueue(new QueueConfiguration(simpleString2).setAddress(simpleString));
        try {
            addClientSession.createProducer(simpleString).send(addClientSession.createMessage(true));
        } catch (ActiveMQException e5) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.createConsumer(simpleString2);
        } catch (ActiveMQException e6) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.createProducer(addServer.getConfiguration().getManagementAddress()).send(addClientSession.createMessage(true));
        } catch (ActiveMQException e7) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.createConsumer(simpleString2, true);
        } catch (ActiveMQException e8) {
            Assert.fail("should not throw exception here");
        }
    }

    @Test
    public void testJAASSecurityManagerAuthorizationPositiveGuest() throws Exception {
        SimpleString simpleString = new SimpleString("address");
        SimpleString simpleString2 = new SimpleString("durableQueue");
        SimpleString simpleString3 = new SimpleString("nonDurableQueue");
        ActiveMQServer addServer = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager("GuestLogin"), false));
        HashSet hashSet = new HashSet();
        hashSet.add(new Role("bar", true, true, true, true, true, true, true, false, true, true));
        addServer.getConfiguration().putSecurityRoles("#", hashSet);
        addServer.start();
        ClientSession addClientSession = addClientSession(createSessionFactory(this.locator).createSession("junk", "junk", false, true, true, false, 0));
        try {
            addClientSession.createQueue(new QueueConfiguration(simpleString2).setAddress(simpleString));
        } catch (ActiveMQException e) {
            e.printStackTrace();
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.deleteQueue(simpleString2);
        } catch (ActiveMQException e2) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.createQueue(new QueueConfiguration(simpleString3).setAddress(simpleString).setDurable(false));
        } catch (ActiveMQException e3) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.deleteQueue(simpleString3);
        } catch (ActiveMQException e4) {
            Assert.fail("should not throw exception here");
        }
        addClientSession.createQueue(new QueueConfiguration(simpleString2).setAddress(simpleString));
        try {
            addClientSession.createProducer(simpleString).send(addClientSession.createMessage(true));
        } catch (ActiveMQException e5) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.createConsumer(simpleString2);
        } catch (ActiveMQException e6) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.createProducer(addServer.getConfiguration().getManagementAddress()).send(addClientSession.createMessage(true));
        } catch (ActiveMQException e7) {
            Assert.fail("should not throw exception here");
        }
    }

    @Test
    public void testCreateSessionWithNullUserPass() throws Exception {
        ActiveMQServer createServer = createServer();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("guest", "guest");
        securityManager.getConfiguration().setDefaultUser("guest");
        createServer.start();
        try {
            createSessionFactory(this.locator).createSession(false, true, true).close();
        } catch (ActiveMQException e) {
            Assert.fail("should not throw exception");
        }
    }

    private ActiveMQServer createServer() throws Exception {
        this.configuration = createDefaultInVMConfig().setSecurityEnabled(true);
        return createServer(false, this.configuration);
    }

    @Test
    public void testCreateSessionWithNullUserPassNoGuest() throws Exception {
        createServer().start();
        try {
            createSessionFactory(this.locator).createSession(false, true, true);
            Assert.fail("should throw exception");
        } catch (ActiveMQException e) {
            fail("Invalid Exception type:" + e.getType());
        } catch (ActiveMQSecurityException e2) {
        }
    }

    @Test
    public void testCreateSessionWithCorrectUserWrongPass() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.getSecurityManager().getConfiguration().addUser("newuser", "apass");
        createServer.start();
        try {
            createSessionFactory(this.locator).createSession("newuser", "awrongpass", false, true, true, false, -1);
            Assert.fail("should not throw exception");
        } catch (ActiveMQException e) {
            fail("Invalid Exception type:" + e.getType());
        } catch (ActiveMQSecurityException e2) {
        }
    }

    @Test
    public void testCreateSessionWithCorrectUserCorrectPass() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.getSecurityManager().getConfiguration().addUser("newuser", "apass");
        createServer.start();
        try {
            createSessionFactory(this.locator).createSession("newuser", "apass", false, true, true, false, -1).close();
        } catch (ActiveMQException e) {
            Assert.fail("should not throw exception");
        }
    }

    @Test
    public void testCreateDurableQueueWithRole() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.start();
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("auser", "pass");
        Role role = new Role("arole", false, false, true, false, false, false, false, false, true, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        securityRepository.addMatch(addressA, hashSet);
        securityManager.getConfiguration().addRole("auser", "arole");
        ClientSession createSession = createSessionFactory(this.locator).createSession("auser", "pass", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration(queueA).setAddress(addressA));
        createSession.close();
    }

    @Test
    public void testCreateDurableQueueWithoutRole() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.start();
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("auser", "pass");
        Role role = new Role("arole", false, false, false, false, false, false, false, false, false, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        securityRepository.addMatch(addressA, hashSet);
        securityManager.getConfiguration().addRole("auser", "arole");
        ClientSession createSession = createSessionFactory(this.locator).createSession("auser", "pass", false, true, true, false, -1);
        try {
            createSession.createQueue(new QueueConfiguration(queueA).setAddress(addressA));
            Assert.fail("should throw exception");
        } catch (ActiveMQException e) {
            fail("Invalid Exception type:" + e.getType());
        } catch (ActiveMQSecurityException e2) {
        }
        createSession.close();
    }

    @Test
    public void testDeleteDurableQueueWithRole() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.start();
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("auser", "pass");
        Role role = new Role("arole", false, false, true, true, false, false, false, false, true, true);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        securityRepository.addMatch(addressA, hashSet);
        securityManager.getConfiguration().addRole("auser", "arole");
        ClientSession createSession = createSessionFactory(this.locator).createSession("auser", "pass", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration(queueA).setAddress(addressA));
        createSession.deleteQueue(queueA);
        createSession.close();
    }

    @Test
    public void testDeleteDurableQueueWithoutRole() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.start();
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("auser", "pass");
        Role role = new Role("arole", false, false, true, false, false, false, false, false, true, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        securityRepository.addMatch(addressA, hashSet);
        securityManager.getConfiguration().addRole("auser", "arole");
        ClientSession createSession = createSessionFactory(this.locator).createSession("auser", "pass", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration(queueA).setAddress(addressA));
        try {
            createSession.deleteQueue(queueA);
            Assert.fail("should throw exception");
        } catch (ActiveMQSecurityException e) {
        } catch (ActiveMQException e2) {
            fail("Invalid Exception type:" + e2.getType());
        }
        createSession.close();
    }

    @Test
    public void testCreateTempQueueWithRole() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.start();
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("auser", "pass");
        Role role = new Role("arole", false, false, false, false, true, false, false, false, true, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        securityRepository.addMatch(addressA, hashSet);
        securityManager.getConfiguration().addRole("auser", "arole");
        ClientSession createSession = createSessionFactory(this.locator).createSession("auser", "pass", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration(queueA).setAddress(addressA).setDurable(false));
        createSession.close();
    }

    @Test
    public void testCreateTempQueueWithoutRole() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.start();
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("auser", "pass");
        Role role = new Role("arole", false, false, false, false, false, false, false, false, false, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        securityRepository.addMatch(addressA, hashSet);
        securityManager.getConfiguration().addRole("auser", "arole");
        ClientSession createSession = createSessionFactory(this.locator).createSession("auser", "pass", false, true, true, false, -1);
        try {
            createSession.createQueue(new QueueConfiguration(queueA).setAddress(addressA).setDurable(false));
            Assert.fail("should throw exception");
        } catch (ActiveMQSecurityException e) {
        } catch (ActiveMQException e2) {
            fail("Invalid Exception type:" + e2.getType());
        }
        createSession.close();
    }

    @Test
    public void testDeleteTempQueueWithRole() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.start();
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("auser", "pass");
        Role role = new Role("arole", false, false, false, false, true, true, false, false, true, true);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        securityRepository.addMatch(addressA, hashSet);
        securityManager.getConfiguration().addRole("auser", "arole");
        ClientSession createSession = createSessionFactory(this.locator).createSession("auser", "pass", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration(queueA).setAddress(addressA).setDurable(false));
        createSession.deleteQueue(queueA);
        createSession.close();
    }

    @Test
    public void testDeleteTempQueueWithoutRole() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.start();
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("auser", "pass");
        Role role = new Role("arole", false, false, false, false, true, false, false, false, true, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        securityRepository.addMatch(addressA, hashSet);
        securityManager.getConfiguration().addRole("auser", "arole");
        ClientSession createSession = createSessionFactory(this.locator).createSession("auser", "pass", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration(queueA).setAddress(addressA).setDurable(false));
        try {
            createSession.deleteQueue(queueA);
            Assert.fail("should throw exception");
        } catch (ActiveMQException e) {
            fail("Invalid Exception type:" + e.getType());
        } catch (ActiveMQSecurityException e2) {
        }
        createSession.close();
    }

    @Test
    public void testSendWithRole() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.start();
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("auser", "pass");
        Role role = new Role("arole", true, true, true, false, false, false, false, false, true, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        securityRepository.addMatch(addressA, hashSet);
        securityManager.getConfiguration().addRole("auser", "arole");
        this.locator.setBlockOnNonDurableSend(true);
        ClientSession createSession = createSessionFactory(this.locator).createSession("auser", "pass", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration(queueA).setAddress(addressA));
        ClientProducer createProducer = createSession.createProducer(addressA);
        createProducer.send(createSession.createMessage(false));
        createSession.start();
        ClientMessage receive = createSession.createConsumer(queueA).receive(5000L);
        assertNotNull(receive);
        receive.acknowledge();
        Role role2 = new Role("arole", false, false, true, false, false, false, false, false, false, false);
        HashSet hashSet2 = new HashSet();
        hashSet2.add(role2);
        securityRepository.addMatch(addressA, hashSet2);
        boolean z = false;
        try {
            createProducer.send(createSession.createMessage(true));
        } catch (ActiveMQException e) {
            z = true;
        }
        assertTrue("Failure expected on send after removing the match", z);
    }

    @Test
    public void testSendWithoutRole() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.start();
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("auser", "pass");
        Role role = new Role("arole", false, false, true, false, false, false, false, false, true, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        securityRepository.addMatch(addressA, hashSet);
        securityManager.getConfiguration().addRole("auser", "arole");
        this.locator.setBlockOnNonDurableSend(true);
        ClientSession createSession = createSessionFactory(this.locator).createSession("auser", "pass", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration(queueA).setAddress(addressA));
        try {
            createSession.createProducer(addressA).send(createSession.createMessage(false));
        } catch (ActiveMQException e) {
            fail("Invalid Exception type:" + e.getType());
        } catch (ActiveMQSecurityException e2) {
        }
        createSession.close();
    }

    @Test
    public void testNonBlockSendWithoutRole() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.start();
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("auser", "pass");
        Role role = new Role("arole", false, false, true, false, false, false, false, false, true, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        securityRepository.addMatch(addressA, hashSet);
        securityManager.getConfiguration().addRole("auser", "arole");
        ClientSession createSession = createSessionFactory(this.locator).createSession("auser", "pass", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration(queueA).setAddress(addressA));
        createSession.createProducer(addressA).send(createSession.createMessage(false));
        createSession.close();
        Assert.assertEquals(0L, getMessageCount((org.apache.activemq.artemis.core.server.Queue) createServer.getPostOffice().getBinding(new SimpleString(queueA)).getBindable()));
    }

    @Test
    public void testCreateConsumerWithRole() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.start();
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("auser", "pass");
        securityManager.getConfiguration().addUser("guest", "guest");
        securityManager.getConfiguration().addRole("guest", "guest");
        securityManager.getConfiguration().setDefaultUser("guest");
        Role role = new Role("arole", false, true, false, false, false, false, false, false, false, false);
        Role role2 = new Role("guest", true, false, true, false, false, false, false, false, true, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role2);
        hashSet.add(role);
        securityRepository.addMatch(addressA, hashSet);
        securityManager.getConfiguration().addRole("auser", "arole");
        ClientSessionFactory createSessionFactory = createSessionFactory(this.locator);
        ClientSession createSession = createSessionFactory.createSession(false, true, true);
        ClientSession createSession2 = createSessionFactory.createSession("auser", "pass", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration(queueA).setAddress(addressA));
        createSession.createProducer(addressA).send(createSession2.createMessage(false));
        createSession2.createConsumer(queueA);
        createSession2.close();
        createSession.close();
    }

    @Test
    public void testCreateConsumerWithoutRole() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.start();
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("auser", "pass");
        securityManager.getConfiguration().addUser("guest", "guest");
        securityManager.getConfiguration().addRole("guest", "guest");
        securityManager.getConfiguration().setDefaultUser("guest");
        Role role = new Role("arole", false, false, false, false, false, false, false, false, false, false);
        Role role2 = new Role("guest", true, false, true, false, false, false, false, false, true, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role2);
        hashSet.add(role);
        securityRepository.addMatch(addressA, hashSet);
        securityManager.getConfiguration().addRole("auser", "arole");
        ClientSessionFactory createSessionFactory = createSessionFactory(this.locator);
        ClientSession createSession = createSessionFactory.createSession(false, true, true);
        ClientSession createSession2 = createSessionFactory.createSession("auser", "pass", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration(queueA).setAddress(addressA));
        createSession.createProducer(addressA).send(createSession2.createMessage(false));
        try {
            createSession2.createConsumer(queueA);
        } catch (ActiveMQException e) {
            fail("Invalid Exception type:" + e.getType());
        } catch (ActiveMQSecurityException e2) {
        }
        createSession2.close();
        createSession.close();
    }

    @Test
    public void testSendMessageUpdateRoleCached() throws Exception {
        ActiveMQServer createServer = createServer(false, createDefaultInVMConfig().setSecurityEnabled(true).setSecurityInvalidationInterval(10000L));
        createServer.start();
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("auser", "pass");
        securityManager.getConfiguration().addUser("guest", "guest");
        securityManager.getConfiguration().addRole("guest", "guest");
        securityManager.getConfiguration().setDefaultUser("guest");
        Role role = new Role("arole", false, false, false, false, false, false, false, false, false, false);
        Role role2 = new Role("guest", true, false, true, false, false, false, false, false, true, false);
        Role role3 = new Role("receiver", false, true, false, false, false, false, false, false, false, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role2);
        hashSet.add(role);
        hashSet.add(role3);
        securityRepository.addMatch(addressA, hashSet);
        securityManager.getConfiguration().addRole("auser", "arole");
        ClientSessionFactory createSessionFactory = createSessionFactory(this.locator);
        ClientSession createSession = createSessionFactory.createSession(false, true, true);
        ClientSession createSession2 = createSessionFactory.createSession("auser", "pass", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration(queueA).setAddress(addressA));
        createSession.createProducer(addressA).send(createSession2.createMessage(false));
        try {
            createSession2.createConsumer(queueA);
        } catch (ActiveMQException e) {
            fail("Invalid Exception type:" + e.getType());
        } catch (ActiveMQSecurityException e2) {
        }
        securityManager.getConfiguration().addRole("auser", "receiver");
        createServer.getSecurityStore().invalidateAuthenticationCache();
        createSession2.createConsumer(queueA);
        securityManager.getConfiguration().removeRole("auser", "receiver");
        createSession2.createConsumer(queueA);
        createSession2.close();
        createSession.close();
    }

    @Test
    public void testSendMessageUpdateRoleCached2() throws Exception {
        ActiveMQServer createServer = createServer(false, createDefaultInVMConfig().setSecurityEnabled(true).setSecurityInvalidationInterval(0L));
        createServer.start();
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("auser", "pass");
        securityManager.getConfiguration().addUser("guest", "guest");
        securityManager.getConfiguration().addRole("guest", "guest");
        securityManager.getConfiguration().setDefaultUser("guest");
        Role role = new Role("arole", false, false, false, false, false, false, false, false, false, false);
        Role role2 = new Role("guest", true, false, true, false, false, false, false, false, true, false);
        Role role3 = new Role("receiver", false, true, false, false, false, false, false, false, false, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role2);
        hashSet.add(role);
        hashSet.add(role3);
        securityRepository.addMatch(addressA, hashSet);
        securityManager.getConfiguration().addRole("auser", "arole");
        ClientSessionFactory createSessionFactory = createSessionFactory(this.locator);
        ClientSession createSession = createSessionFactory.createSession(false, true, true);
        ClientSession createSession2 = createSessionFactory.createSession("auser", "pass", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration(queueA).setAddress(addressA));
        createSession.createProducer(addressA).send(createSession2.createMessage(false));
        try {
            createSession2.createConsumer(queueA);
        } catch (ActiveMQSecurityException e) {
        } catch (ActiveMQException e2) {
            fail("Invalid Exception type:" + e2.getType());
        }
        securityManager.getConfiguration().addRole("auser", "receiver");
        createSession2.createConsumer(queueA);
        securityManager.getConfiguration().removeRole("auser", "receiver");
        try {
            createSession2.createConsumer(queueA);
        } catch (ActiveMQSecurityException e3) {
        } catch (ActiveMQException e4) {
            fail("Invalid Exception type:" + e4.getType());
        }
        createSession2.close();
        createSession.close();
    }

    @Test
    public void testSendMessageUpdateSender() throws Exception {
        ActiveMQServer createServer = createServer(false, createDefaultInVMConfig().setSecurityEnabled(true).setSecurityInvalidationInterval(1000L));
        createServer.start();
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("auser", "pass");
        securityManager.getConfiguration().addUser("guest", "guest");
        securityManager.getConfiguration().addRole("guest", "guest");
        securityManager.getConfiguration().setDefaultUser("guest");
        Role role = new Role("arole", false, false, false, false, false, false, false, false, false, false);
        Role role2 = new Role("guest", true, false, true, false, false, false, false, false, true, false);
        Role role3 = new Role("receiver", false, true, false, false, false, false, false, false, false, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role2);
        hashSet.add(role);
        hashSet.add(role3);
        securityRepository.addMatch(addressA, hashSet);
        securityManager.getConfiguration().addRole("auser", "arole");
        ClientSessionFactory createSessionFactory = createSessionFactory(this.locator);
        ClientSession createSession = createSessionFactory.createSession(false, true, true);
        ClientSession createSession2 = createSessionFactory.createSession("auser", "pass", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration(queueA).setAddress(addressA));
        createSession.createProducer(addressA).send(createSession2.createMessage(false));
        try {
            createSession2.createConsumer(queueA);
        } catch (ActiveMQException e) {
            fail("Invalid Exception type:" + e.getType());
        } catch (ActiveMQSecurityException e2) {
        }
        securityManager.getConfiguration().addRole("auser", "receiver");
        Wait.assertTrue(() -> {
            try {
                createSession2.createConsumer(queueA);
                return true;
            } catch (Exception e3) {
                return false;
            }
        }, 2000L, 100L);
        securityManager.getConfiguration().removeRole("auser", "guest");
        ClientSession createSession3 = createSessionFactory.createSession("auser", "pass", false, false, false, false, 0);
        ClientProducer createProducer = createSession3.createProducer(addressA);
        createProducer.send(CreateMessage.createTextMessage(createSession3, "Test", true));
        createProducer.send(CreateMessage.createTextMessage(createSession3, "Test", true));
        try {
            createSession3.commit();
            Assert.fail("Expected exception");
        } catch (ActiveMQException e3) {
        }
        createSession3.close();
        XidImpl newXID = newXID();
        ClientSession createSession4 = createSessionFactory.createSession("auser", "pass", true, false, false, false, 0);
        createSession4.start(newXID, 0);
        ClientProducer createProducer2 = createSession4.createProducer(addressA);
        createProducer2.send(CreateMessage.createTextMessage(createSession4, "Test", true));
        createProducer2.send(CreateMessage.createTextMessage(createSession4, "Test", true));
        createSession4.end(newXID, 67108864);
        try {
            createSession4.prepare(newXID);
            Assert.fail("Exception was expected");
        } catch (Exception e4) {
            e4.printStackTrace();
        }
        Assert.assertEquals(0L, createSession4.recover(16777216).length);
        createSession2.close();
        createSession.close();
        createSession4.close();
    }

    @Test
    public void testSendManagementWithRole() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.start();
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("auser", "pass");
        Role role = new Role("arole", false, false, false, false, false, false, true, false, false, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        securityRepository.addMatch(this.configuration.getManagementAddress().toString(), hashSet);
        securityManager.getConfiguration().addRole("auser", "arole");
        this.locator.setBlockOnNonDurableSend(true);
        ClientSession createSession = createSessionFactory(this.locator).createSession("auser", "pass", false, true, true, false, -1);
        createSession.createProducer(this.configuration.getManagementAddress()).send(createSession.createMessage(false));
        createSession.close();
    }

    @Test
    public void testSendManagementWithoutRole() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.start();
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("auser", "pass");
        Role role = new Role("arole", false, false, true, false, false, false, false, false, true, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        securityRepository.addMatch(this.configuration.getManagementAddress().toString(), hashSet);
        securityManager.getConfiguration().addRole("auser", "arole");
        ClientSession createSession = createSessionFactory(this.locator).createSession("auser", "pass", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration(queueA).setAddress(this.configuration.getManagementAddress().toString()));
        ClientProducer createProducer = createSession.createProducer(this.configuration.getManagementAddress());
        createProducer.send(createSession.createMessage(false));
        try {
            createProducer.send(createSession.createMessage(false));
        } catch (ActiveMQException e) {
            fail("Invalid Exception type:" + e.getType());
        } catch (ActiveMQSecurityException e2) {
        }
        createSession.close();
    }

    @Test
    public void testNonBlockSendManagementWithoutRole() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.start();
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("auser", "pass");
        Role role = new Role("arole", false, false, true, false, false, false, false, false, true, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        securityRepository.addMatch(this.configuration.getManagementAddress().toString(), hashSet);
        securityManager.getConfiguration().addRole("auser", "arole");
        ClientSession createSession = createSessionFactory(this.locator).createSession("auser", "pass", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration(queueA).setAddress(this.configuration.getManagementAddress().toString()));
        createSession.createProducer(this.configuration.getManagementAddress()).send(createSession.createMessage(false));
        createSession.close();
        Assert.assertEquals(0L, getMessageCount((org.apache.activemq.artemis.core.server.Queue) createServer.getPostOffice().getBinding(new SimpleString(queueA)).getBindable()));
    }

    @Test
    public void testComplexRoles() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.start();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("all", "all");
        securityManager.getConfiguration().addUser("bill", "activemq");
        securityManager.getConfiguration().addUser("andrew", "activemq1");
        securityManager.getConfiguration().addUser("frank", "activemq2");
        securityManager.getConfiguration().addUser("sam", "activemq3");
        securityManager.getConfiguration().addRole("all", "all");
        securityManager.getConfiguration().addRole("bill", "user");
        securityManager.getConfiguration().addRole("andrew", "europe-user");
        securityManager.getConfiguration().addRole("andrew", "user");
        securityManager.getConfiguration().addRole("frank", "us-user");
        securityManager.getConfiguration().addRole("frank", "news-user");
        securityManager.getConfiguration().addRole("frank", "user");
        securityManager.getConfiguration().addRole("sam", "news-user");
        securityManager.getConfiguration().addRole("sam", "user");
        Role role = new Role("all", true, true, true, true, true, true, true, true, true, true);
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        HashSet hashSet = new HashSet();
        hashSet.add(new Role("user", true, true, true, true, true, true, false, true, true, true));
        hashSet.add(role);
        securityRepository.addMatch("#", hashSet);
        HashSet hashSet2 = new HashSet();
        hashSet2.add(role);
        hashSet2.add(new Role("user", false, false, true, true, true, true, false, true, true, true));
        hashSet2.add(new Role("europe-user", true, false, false, false, false, false, false, true, true, true));
        hashSet2.add(new Role("news-user", false, true, false, false, false, false, false, true, true, true));
        securityRepository.addMatch("news.europe.#", hashSet2);
        HashSet hashSet3 = new HashSet();
        hashSet3.add(role);
        hashSet3.add(new Role("user", false, false, true, true, true, true, false, true, true, true));
        hashSet3.add(new Role("us-user", true, false, false, false, false, false, false, true, true, true));
        hashSet3.add(new Role("news-user", false, true, false, false, false, false, false, true, true, true));
        securityRepository.addMatch("news.us.#", hashSet3);
        this.locator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
        ClientSessionFactory createSessionFactory = createSessionFactory(this.locator);
        ClientSession createSession = createSessionFactory.createSession("all", "all", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration("genericQueue").setDurable(false));
        createSession.createQueue(new QueueConfiguration("news.europe.europeQueue").setDurable(false));
        createSession.createQueue(new QueueConfiguration("news.us.usQueue").setDurable(false));
        try {
            createSessionFactory.createSession(false, true, true);
            Assert.fail("should throw exception");
        } catch (ActiveMQException e) {
            fail("Invalid Exception type:" + e.getType());
        } catch (ActiveMQSecurityException e2) {
        }
        try {
            createSessionFactory.createSession("bill", "activemq1", false, true, true, false, -1);
            Assert.fail("should throw exception");
        } catch (ActiveMQException e3) {
            fail("Invalid Exception type:" + e3.getType());
        } catch (ActiveMQSecurityException e4) {
        }
        ClientSession createSession2 = createSessionFactory.createSession("bill", "activemq", false, true, true, false, -1);
        ClientSession createSession3 = createSessionFactory.createSession("andrew", "activemq1", false, true, true, false, -1);
        ClientSession createSession4 = createSessionFactory.createSession("frank", "activemq2", false, true, true, false, -1);
        ClientSession createSession5 = createSessionFactory.createSession("sam", "activemq3", false, true, true, false, -1);
        checkUserSendAndReceive("genericQueue", createSession2);
        checkUserSendAndReceive("genericQueue", createSession3);
        checkUserSendAndReceive("genericQueue", createSession4);
        checkUserSendAndReceive("genericQueue", createSession5);
        checkUserNoSendNoReceive("news.europe.europeQueue", createSession2, createSession);
        checkUserSendNoReceive("news.europe.europeQueue", createSession3);
        checkUserReceiveNoSend("news.europe.europeQueue", createSession4, createSession);
        checkUserReceiveNoSend("news.europe.europeQueue", createSession5, createSession);
        checkUserNoSendNoReceive("news.us.usQueue", createSession2, createSession);
        checkUserNoSendNoReceive("news.us.usQueue", createSession3, createSession);
        checkUserSendAndReceive("news.us.usQueue", createSession4);
        checkUserReceiveNoSend("news.us.usQueue", createSession5, createSession);
        createSession2.close();
        createSession3.close();
        createSession4.close();
        createSession5.close();
        createSession.close();
    }

    @Test
    @Ignore
    public void testComplexRoles2() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.start();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("all", "all");
        securityManager.getConfiguration().addUser("bill", "activemq");
        securityManager.getConfiguration().addUser("andrew", "activemq1");
        securityManager.getConfiguration().addUser("frank", "activemq2");
        securityManager.getConfiguration().addUser("sam", "activemq3");
        securityManager.getConfiguration().addRole("all", "all");
        securityManager.getConfiguration().addRole("bill", "user");
        securityManager.getConfiguration().addRole("andrew", "europe-user");
        securityManager.getConfiguration().addRole("andrew", "user");
        securityManager.getConfiguration().addRole("frank", "us-user");
        securityManager.getConfiguration().addRole("frank", "news-user");
        securityManager.getConfiguration().addRole("frank", "user");
        securityManager.getConfiguration().addRole("sam", "news-user");
        securityManager.getConfiguration().addRole("sam", "user");
        Role role = new Role("all", true, true, true, true, true, true, true, true, true, true);
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        HashSet hashSet = new HashSet();
        hashSet.add(new Role("user", true, true, true, true, true, true, false, true, true, true));
        hashSet.add(role);
        securityRepository.addMatch("#", hashSet);
        HashSet hashSet2 = new HashSet();
        hashSet2.add(role);
        hashSet2.add(new Role("user", false, false, true, true, true, true, false, true, true, true));
        hashSet2.add(new Role("europe-user", true, false, false, false, false, false, false, true, true, true));
        hashSet2.add(new Role("news-user", false, true, false, false, false, false, false, true, true, true));
        securityRepository.addMatch("news.europe.#", hashSet2);
        HashSet hashSet3 = new HashSet();
        hashSet3.add(role);
        hashSet3.add(new Role("user", false, false, true, true, true, true, false, true, true, true));
        hashSet3.add(new Role("us-user", true, false, false, false, false, false, false, true, true, true));
        hashSet3.add(new Role("news-user", false, true, false, false, false, false, false, true, true, true));
        securityRepository.addMatch("news.us.#", hashSet3);
        this.locator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
        ClientSessionFactory createSessionFactory = createSessionFactory(this.locator);
        ClientSession createSession = createSessionFactory.createSession("all", "all", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration("genericQueue").setDurable(false));
        createSession.createQueue(new QueueConfiguration("news.europe.europeQueue").setDurable(false));
        createSession.createQueue(new QueueConfiguration("news.us.usQueue").setDurable(false));
        try {
            createSessionFactory.createSession(false, true, true);
            Assert.fail("should throw exception");
        } catch (ActiveMQException e) {
            fail("Invalid Exception type:" + e.getType());
        } catch (ActiveMQSecurityException e2) {
        }
        try {
            createSessionFactory.createSession("bill", "activemq1", false, true, true, false, -1);
            Assert.fail("should throw exception");
        } catch (ActiveMQException e3) {
            fail("Invalid Exception type:" + e3.getType());
        } catch (ActiveMQSecurityException e4) {
        }
        ClientSession createSession2 = createSessionFactory.createSession("bill", "activemq", false, true, true, false, -1);
        ClientSession createSession3 = createSessionFactory.createSession("andrew", "activemq1", false, true, true, false, -1);
        ClientSession createSession4 = createSessionFactory.createSession("frank", "activemq2", false, true, true, false, -1);
        ClientSession createSession5 = createSessionFactory.createSession("sam", "activemq3", false, true, true, false, -1);
        checkUserSendAndReceive("genericQueue", createSession2);
        checkUserSendAndReceive("genericQueue", createSession3);
        checkUserSendAndReceive("genericQueue", createSession4);
        checkUserSendAndReceive("genericQueue", createSession5);
        checkUserNoSendNoReceive("news.europe.europeQueue", createSession2, createSession);
        checkUserSendNoReceive("news.europe.europeQueue", createSession3);
        checkUserReceiveNoSend("news.europe.europeQueue", createSession4, createSession);
        checkUserReceiveNoSend("news.europe.europeQueue", createSession5, createSession);
        checkUserNoSendNoReceive("news.us.usQueue", createSession2, createSession);
        checkUserNoSendNoReceive("news.us.usQueue", createSession3, createSession);
        checkUserSendAndReceive("news.us.usQueue", createSession4);
        checkUserReceiveNoSend("news.us.usQueue", createSession5, createSession);
    }

    @Test
    public void testCustomSecurityManager() throws Exception {
        addServer(new ActiveMQServerImpl(createDefaultInVMConfig().setSecurityEnabled(true), new ActiveMQSecurityManager() { // from class: org.apache.activemq.artemis.tests.integration.security.SecurityTest.2
            public boolean validateUser(String str, String str2) {
                return (str.equals("foo") || str.equals("bar") || str.equals("all")) && str2.equals("frobnicate");
            }

            public boolean validateUserAndRole(String str, String str2, Set<Role> set, CheckType checkType) {
                if ((!str.equals("foo") && !str.equals("bar") && !str.equals("all")) || !str2.equals("frobnicate")) {
                    return false;
                }
                if (str.equals("all")) {
                    return true;
                }
                if (str.equals("foo")) {
                    return checkType == CheckType.CONSUME || checkType == CheckType.CREATE_NON_DURABLE_QUEUE;
                }
                if (str.equals("bar")) {
                    return checkType == CheckType.SEND || checkType == CheckType.CREATE_NON_DURABLE_QUEUE;
                }
                return false;
            }
        })).start();
        ServerLocator createInVMNonHALocator = createInVMNonHALocator();
        createInVMNonHALocator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
        ClientSessionFactory createSessionFactory = createSessionFactory(createInVMNonHALocator);
        ClientSession createSession = createSessionFactory.createSession("all", "frobnicate", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration("test.queue").setDurable(false));
        try {
            createSessionFactory.createSession("baz", "frobnicate", false, true, true, false, -1);
            Assert.fail("should throw exception");
        } catch (ActiveMQSecurityException e) {
        } catch (ActiveMQException e2) {
            fail("Invalid Exception type:" + e2.getType());
        }
        try {
            createSessionFactory.createSession("foo", "xxx", false, true, true, false, -1);
            Assert.fail("should throw exception");
        } catch (ActiveMQSecurityException e3) {
        } catch (ActiveMQException e4) {
            fail("Invalid Exception type:" + e4.getType());
        }
        checkUserReceiveNoSend("test.queue", createSessionFactory.createSession("foo", "frobnicate", false, true, true, false, -1), createSession);
        checkUserSendNoReceive("test.queue", createSessionFactory.createSession("bar", "frobnicate", false, true, true, false, -1));
    }

    @Test
    public void testCustomSecurityManager2() throws Exception {
        addServer(new ActiveMQServerImpl(createDefaultInVMConfig().setSecurityEnabled(true), new ActiveMQSecurityManager2() { // from class: org.apache.activemq.artemis.tests.integration.security.SecurityTest.3
            public boolean validateUser(String str, String str2) {
                Assert.fail("Unexpected call to overridden method");
                return false;
            }

            public boolean validateUser(String str, String str2, X509Certificate[] x509CertificateArr) {
                return (str.equals("foo") || str.equals("bar") || str.equals("all")) && str2.equals("frobnicate");
            }

            public boolean validateUserAndRole(String str, String str2, Set<Role> set, CheckType checkType) {
                Assert.fail("Unexpected call to overridden method");
                return false;
            }

            public boolean validateUserAndRole(String str, String str2, Set<Role> set, CheckType checkType, String str3, RemotingConnection remotingConnection) {
                if (!(remotingConnection.getTransportConnection() instanceof InVMConnection)) {
                    return false;
                }
                if ((!str.equals("foo") && !str.equals("bar") && !str.equals("all")) || !str2.equals("frobnicate")) {
                    return false;
                }
                if (str.equals("all")) {
                    return true;
                }
                return str.equals("foo") ? str3.equals("test.queue") && checkType == CheckType.CONSUME : str.equals("bar") && str3.equals("test.queue") && checkType == CheckType.SEND;
            }
        })).start();
        ServerLocator createInVMNonHALocator = createInVMNonHALocator();
        createInVMNonHALocator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
        ClientSessionFactory createSessionFactory = createSessionFactory(createInVMNonHALocator);
        ClientSession createSession = createSessionFactory.createSession("all", "frobnicate", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration("test.queue").setDurable(false));
        createSession.createQueue(new QueueConfiguration("other.queue").setDurable(false));
        try {
            createSessionFactory.createSession("baz", "frobnicate", false, true, true, false, -1);
            Assert.fail("should throw exception");
        } catch (ActiveMQSecurityException e) {
        } catch (ActiveMQException e2) {
            fail("Invalid Exception type:" + e2.getType());
        }
        try {
            createSessionFactory.createSession("foo", "xxx", false, true, true, false, -1);
            Assert.fail("should throw exception");
        } catch (ActiveMQSecurityException e3) {
        } catch (ActiveMQException e4) {
            fail("Invalid Exception type:" + e4.getType());
        }
        try {
            checkUserReceiveNoSend("other.queue", createSessionFactory.createSession("foo", "frobnicate", false, true, true, false, -1), createSession);
            Assert.fail("should throw exception");
        } catch (ActiveMQException e5) {
            fail("Invalid Exception type:" + e5.getType());
        } catch (ActiveMQSecurityException e6) {
        }
        try {
            checkUserReceiveNoSend("other.queue", createSessionFactory.createSession("foo", "frobnicate", false, true, true, false, -1), createSession);
            Assert.fail("should throw exception");
        } catch (ActiveMQException e7) {
            fail("Invalid Exception type:" + e7.getType());
        } catch (ActiveMQSecurityException e8) {
        }
        checkUserReceiveNoSend("test.queue", createSessionFactory.createSession("foo", "frobnicate", false, true, true, false, -1), createSession);
        checkUserSendNoReceive("test.queue", createSessionFactory.createSession("bar", "frobnicate", false, true, true, false, -1));
    }

    @Test
    public void testCustomSecurityManager3() throws Exception {
        addServer(new ActiveMQServerImpl(createDefaultInVMConfig().setSecurityEnabled(true), new ActiveMQSecurityManager3() { // from class: org.apache.activemq.artemis.tests.integration.security.SecurityTest.4
            public boolean validateUser(String str, String str2) {
                Assert.fail("Unexpected call to overridden method");
                return false;
            }

            public String validateUser(String str, String str2, RemotingConnection remotingConnection) {
                if ((str.equals("foo") || str.equals("bar") || str.equals("all")) && str2.equals("frobnicate")) {
                    return str;
                }
                return null;
            }

            public boolean validateUserAndRole(String str, String str2, Set<Role> set, CheckType checkType) {
                Assert.fail("Unexpected call to overridden method");
                return false;
            }

            public String validateUserAndRole(String str, String str2, Set<Role> set, CheckType checkType, String str3, RemotingConnection remotingConnection) {
                if (!(remotingConnection.getTransportConnection() instanceof InVMConnection)) {
                    return null;
                }
                if ((!str.equals("foo") && !str.equals("bar") && !str.equals("all")) || !str2.equals("frobnicate")) {
                    return null;
                }
                if (str.equals("all")) {
                    return str;
                }
                if (str.equals("foo")) {
                    if (str3.equals("test.queue") && checkType == CheckType.CONSUME) {
                        return str;
                    }
                    return null;
                }
                if (str.equals("bar") && str3.equals("test.queue") && checkType == CheckType.SEND) {
                    return str;
                }
                return null;
            }
        })).start();
        ServerLocator createInVMNonHALocator = createInVMNonHALocator();
        createInVMNonHALocator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
        ClientSessionFactory createSessionFactory = createSessionFactory(createInVMNonHALocator);
        ClientSession createSession = createSessionFactory.createSession("all", "frobnicate", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration("test.queue").setDurable(false));
        createSession.createQueue(new QueueConfiguration("other.queue").setDurable(false));
        try {
            createSessionFactory.createSession("baz", "frobnicate", false, true, true, false, -1);
            Assert.fail("should throw exception");
        } catch (ActiveMQSecurityException e) {
        } catch (ActiveMQException e2) {
            fail("Invalid Exception type:" + e2.getType());
        }
        try {
            createSessionFactory.createSession("foo", "xxx", false, true, true, false, -1);
            Assert.fail("should throw exception");
        } catch (ActiveMQSecurityException e3) {
        } catch (ActiveMQException e4) {
            fail("Invalid Exception type:" + e4.getType());
        }
        try {
            checkUserReceiveNoSend("other.queue", createSessionFactory.createSession("foo", "frobnicate", false, true, true, false, -1), createSession);
            Assert.fail("should throw exception");
        } catch (ActiveMQException e5) {
            fail("Invalid Exception type:" + e5.getType());
        } catch (ActiveMQSecurityException e6) {
        }
        try {
            checkUserReceiveNoSend("other.queue", createSessionFactory.createSession("foo", "frobnicate", false, true, true, false, -1), createSession);
            Assert.fail("should throw exception");
        } catch (ActiveMQException e7) {
            fail("Invalid Exception type:" + e7.getType());
        } catch (ActiveMQSecurityException e8) {
        }
        checkUserReceiveNoSend("test.queue", createSessionFactory.createSession("foo", "frobnicate", false, true, true, false, -1), createSession);
        checkUserSendNoReceive("test.queue", createSessionFactory.createSession("bar", "frobnicate", false, true, true, false, -1));
    }

    @Test
    public void testCustomSecurityManager4() throws Exception {
        addServer(new ActiveMQServerImpl(createDefaultInVMConfig().setSecurityEnabled(true), new ActiveMQSecurityManager4() { // from class: org.apache.activemq.artemis.tests.integration.security.SecurityTest.5
            public boolean validateUser(String str, String str2) {
                Assert.fail("Unexpected call to overridden method");
                return false;
            }

            public String validateUser(String str, String str2, RemotingConnection remotingConnection, String str3) {
                if ((str.equals("foo") || str.equals("bar") || str.equals("all")) && str2.equals("frobnicate")) {
                    return str;
                }
                return null;
            }

            public boolean validateUserAndRole(String str, String str2, Set<Role> set, CheckType checkType) {
                Assert.fail("Unexpected call to overridden method");
                return false;
            }

            public String validateUserAndRole(String str, String str2, Set<Role> set, CheckType checkType, String str3, RemotingConnection remotingConnection, String str4) {
                if (!(remotingConnection.getTransportConnection() instanceof InVMConnection)) {
                    return null;
                }
                if ((!str.equals("foo") && !str.equals("bar") && !str.equals("all")) || !str2.equals("frobnicate")) {
                    return null;
                }
                if (str.equals("all")) {
                    return str;
                }
                if (str.equals("foo")) {
                    if (str3.equals("test.queue") && checkType == CheckType.CONSUME) {
                        return str;
                    }
                    return null;
                }
                if (str.equals("bar") && str3.equals("test.queue") && checkType == CheckType.SEND) {
                    return str;
                }
                return null;
            }
        })).start();
        ServerLocator createInVMNonHALocator = createInVMNonHALocator();
        createInVMNonHALocator.setBlockOnNonDurableSend(true).setBlockOnDurableSend(true);
        ClientSessionFactory createSessionFactory = createSessionFactory(createInVMNonHALocator);
        ClientSession createSession = createSessionFactory.createSession("all", "frobnicate", false, true, true, false, -1);
        createSession.createQueue(new QueueConfiguration("test.queue").setDurable(false));
        createSession.createQueue(new QueueConfiguration("other.queue").setDurable(false));
        try {
            createSessionFactory.createSession("baz", "frobnicate", false, true, true, false, -1);
            Assert.fail("should throw exception");
        } catch (ActiveMQSecurityException e) {
        } catch (ActiveMQException e2) {
            fail("Invalid Exception type:" + e2.getType());
        }
        try {
            createSessionFactory.createSession("foo", "xxx", false, true, true, false, -1);
            Assert.fail("should throw exception");
        } catch (ActiveMQSecurityException e3) {
        } catch (ActiveMQException e4) {
            fail("Invalid Exception type:" + e4.getType());
        }
        try {
            checkUserReceiveNoSend("other.queue", createSessionFactory.createSession("foo", "frobnicate", false, true, true, false, -1), createSession);
            Assert.fail("should throw exception");
        } catch (ActiveMQException e5) {
            fail("Invalid Exception type:" + e5.getType());
        } catch (ActiveMQSecurityException e6) {
        }
        try {
            checkUserReceiveNoSend("other.queue", createSessionFactory.createSession("foo", "frobnicate", false, true, true, false, -1), createSession);
            Assert.fail("should throw exception");
        } catch (ActiveMQException e7) {
            fail("Invalid Exception type:" + e7.getType());
        } catch (ActiveMQSecurityException e8) {
        }
        checkUserReceiveNoSend("test.queue", createSessionFactory.createSession("foo", "frobnicate", false, true, true, false, -1), createSession);
        checkUserSendNoReceive("test.queue", createSessionFactory.createSession("bar", "frobnicate", false, true, true, false, -1));
    }

    @Test
    public void testReauthenticationIsCached() throws Exception {
        ActiveMQServer createServer = createServer();
        createServer.start();
        HierarchicalRepository securityRepository = createServer.getSecurityRepository();
        ActiveMQJAASSecurityManager securityManager = createServer.getSecurityManager();
        securityManager.getConfiguration().addUser("auser", "pass");
        Role role = new Role("arole", true, false, false, false, false, false, false, false, true, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        securityRepository.addMatch(addressA, hashSet);
        securityManager.getConfiguration().addRole("auser", "arole");
        createServer.createQueue(new QueueConfiguration(queueA).setAddress(addressA));
        createServer.getSecurityStore().invalidateAuthenticationCache();
        createServer.getSecurityStore().invalidateAuthorizationCache();
        this.locator.setBlockOnNonDurableSend(true);
        ClientSession createSession = createSessionFactory(this.locator).createSession("auser", "pass", false, true, true, false, -1);
        ClientProducer createProducer = createSession.createProducer(addressA);
        createProducer.send(createSession.createMessage(false));
        assertEquals(1L, createServer.getSecurityStore().getAuthenticationCacheSize());
        assertEquals(1L, createServer.getSecurityStore().getAuthorizationCacheSize());
        createServer.getSecurityStore().invalidateAuthenticationCache();
        createServer.getSecurityStore().invalidateAuthorizationCache();
        createProducer.send(createSession.createMessage(false));
        assertEquals(1L, createServer.getSecurityStore().getAuthenticationCacheSize());
        assertEquals(1L, createServer.getSecurityStore().getAuthorizationCacheSize());
    }

    private void checkUserSendAndReceive(String str, ClientSession clientSession) throws Exception {
        clientSession.start();
        try {
            ClientProducer createProducer = clientSession.createProducer(str);
            ClientConsumer createConsumer = clientSession.createConsumer(str);
            createProducer.send(clientSession.createMessage(false));
            ClientMessage receive = createConsumer.receive(1000L);
            Assert.assertNotNull(receive);
            receive.acknowledge();
            clientSession.stop();
        } catch (Throwable th) {
            clientSession.stop();
            throw th;
        }
    }

    private void checkUserReceiveNoSend(String str, ClientSession clientSession, ClientSession clientSession2) throws Exception {
        clientSession.start();
        try {
            ClientProducer createProducer = clientSession.createProducer(str);
            ClientMessage createMessage = clientSession.createMessage(false);
            try {
                createProducer.send(createMessage);
                Assert.fail("should throw exception");
            } catch (ActiveMQException e) {
            }
            clientSession2.createProducer(str).send(createMessage);
            ClientMessage receive = clientSession.createConsumer(str).receive(1000L);
            Assert.assertNotNull(receive);
            receive.acknowledge();
            clientSession.stop();
        } catch (Throwable th) {
            clientSession.stop();
            throw th;
        }
    }

    private void checkUserNoSendNoReceive(String str, ClientSession clientSession, ClientSession clientSession2) throws Exception {
        clientSession.start();
        try {
            ClientProducer createProducer = clientSession.createProducer(str);
            ClientMessage createMessage = clientSession.createMessage(false);
            try {
                createProducer.send(createMessage);
                Assert.fail("should throw exception");
            } catch (ActiveMQException e) {
            }
            clientSession2.createProducer(str).send(createMessage);
            try {
                clientSession.createConsumer(str);
                Assert.fail("should throw exception");
            } catch (ActiveMQException e2) {
            }
        } finally {
            clientSession.stop();
        }
    }

    private void checkUserSendNoReceive(String str, ClientSession clientSession) throws Exception {
        clientSession.createProducer(str).send(clientSession.createMessage(false));
        try {
            clientSession.createConsumer(str);
            Assert.fail("should throw exception");
        } catch (ActiveMQSecurityException e) {
        } catch (ActiveMQException e2) {
            fail("Invalid Exception type:" + e2.getType());
        }
    }

    static {
        URL resource;
        if (System.getProperty("java.security.auth.login.config") != null || (resource = SecurityTest.class.getClassLoader().getResource("login.config")) == null) {
            return;
        }
        System.setProperty("java.security.auth.login.config", resource.getFile());
    }
}
