package org.apache.activemq.artemis.tests.integration.security;

import java.lang.management.ManagementFactory;
import java.net.URL;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import org.apache.activemq.artemis.api.core.ActiveMQException;
import org.apache.activemq.artemis.api.core.QueueConfiguration;
import org.apache.activemq.artemis.api.core.RoutingType;
import org.apache.activemq.artemis.api.core.SimpleString;
import org.apache.activemq.artemis.api.core.client.ClientSession;
import org.apache.activemq.artemis.api.core.client.ServerLocator;
import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.core.server.ActiveMQServer;
import org.apache.activemq.artemis.core.server.ActiveMQServers;
import org.apache.activemq.artemis.core.server.impl.AddressInfo;
import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
import org.apache.activemq.artemis.tests.util.ActiveMQTestBase;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/activemq/artemis/tests/integration/security/SecurityPerAcceptorTest.class */
public class SecurityPerAcceptorTest extends ActiveMQTestBase {
    private ServerLocator locator;
    private final boolean invm;
    private final String acceptorUrl;

    @Parameterized.Parameters(name = "invm={0}")
    public static Collection<Object[]> data() {
        return Arrays.asList(new Object[]{true}, new Object[]{false});
    }

    public SecurityPerAcceptorTest(boolean z) {
        this.invm = z;
        this.acceptorUrl = z ? "vm://1?securityDomain=PropertiesLogin" : "tcp://127.0.0.1:61616?securityDomain=PropertiesLogin";
    }

    @Before
    public void setUp() throws Exception {
        super.setUp();
        this.locator = this.invm ? createInVMLocator(1) : createNettyNonHALocator();
    }

    @Test
    public void testJAASSecurityManagerAuthentication() throws Exception {
        addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true).addAcceptorConfiguration("acceptor", this.acceptorUrl), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager(), false)).start();
        try {
            createSessionFactory(this.locator).createSession("first", "secret", false, true, true, false, 0).close();
        } catch (ActiveMQException e) {
            e.printStackTrace();
            Assert.fail("should not throw exception");
        }
    }

    @Test
    public void testJAASSecurityManagerAuthorizationNegative() throws Exception {
        SimpleString simpleString = new SimpleString("address");
        SimpleString simpleString2 = new SimpleString("durableQueue");
        SimpleString simpleString3 = new SimpleString("nonDurableQueue");
        ActiveMQServer addServer = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().addAcceptorConfiguration("acceptor", this.acceptorUrl).setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager(), false));
        HashSet hashSet = new HashSet();
        hashSet.add(new Role("programmers", false, false, false, false, false, false, false, false, false, false));
        addServer.getConfiguration().putSecurityRoles("#", hashSet);
        addServer.start();
        addServer.addAddressInfo(new AddressInfo(simpleString, RoutingType.ANYCAST));
        addServer.createQueue(new QueueConfiguration(simpleString2).setAddress(simpleString).setRoutingType(RoutingType.ANYCAST));
        addServer.createQueue(new QueueConfiguration(simpleString3).setAddress(simpleString).setRoutingType(RoutingType.ANYCAST).setDurable(false));
        ClientSession addClientSession = addClientSession(createSessionFactory(this.locator).createSession("first", "secret", false, true, true, false, 0));
        try {
            addClientSession.createQueue(new QueueConfiguration(simpleString2).setAddress(simpleString));
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e) {
            assertTrue(e.getMessage().contains("User: first does not have permission='CREATE_DURABLE_QUEUE' for queue durableQueue on address address"));
        }
        try {
            addClientSession.deleteQueue(simpleString2);
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e2) {
            assertTrue(e2.getMessage().contains("User: first does not have permission='DELETE_DURABLE_QUEUE' for queue durableQueue on address address"));
        }
        try {
            addClientSession.createQueue(new QueueConfiguration(simpleString3).setAddress(simpleString).setDurable(false));
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e3) {
            assertTrue(e3.getMessage().contains("User: first does not have permission='CREATE_NON_DURABLE_QUEUE' for queue nonDurableQueue on address address"));
        }
        try {
            addClientSession.deleteQueue(simpleString3);
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e4) {
            assertTrue(e4.getMessage().contains("User: first does not have permission='DELETE_NON_DURABLE_QUEUE' for queue nonDurableQueue on address address"));
        }
        try {
            addClientSession.createProducer(simpleString).send(addClientSession.createMessage(true));
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e5) {
            assertTrue(e5.getMessage().contains("User: first does not have permission='SEND' on address address"));
        }
        try {
            addClientSession.createConsumer(simpleString2);
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e6) {
            assertTrue(e6.getMessage().contains("User: first does not have permission='CONSUME' for queue durableQueue on address address"));
        }
        try {
            addClientSession.createProducer(addServer.getConfiguration().getManagementAddress()).send(addClientSession.createMessage(true));
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e7) {
            assertTrue(e7.getMessage().contains("User: first does not have permission='MANAGE' on address activemq.management"));
        }
        try {
            addClientSession.createConsumer(simpleString2, true);
            Assert.fail("should throw exception here");
        } catch (ActiveMQException e8) {
            assertTrue(e8.getMessage().contains("User: first does not have permission='BROWSE' for queue durableQueue on address address"));
        }
    }

    @Test
    public void testJAASSecurityManagerAuthorizationPositive() throws Exception {
        SimpleString simpleString = new SimpleString("address");
        SimpleString simpleString2 = new SimpleString("durableQueue");
        SimpleString simpleString3 = new SimpleString("nonDurableQueue");
        ActiveMQServer addServer = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true).addAcceptorConfiguration("acceptor", this.acceptorUrl), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager(), false));
        HashSet hashSet = new HashSet();
        hashSet.add(new Role("programmers", true, true, true, true, true, true, true, true, true, true));
        addServer.getConfiguration().putSecurityRoles("#", hashSet);
        addServer.start();
        ClientSession addClientSession = addClientSession(createSessionFactory(this.locator).createSession("first", "secret", false, true, true, false, 0));
        try {
            addClientSession.createQueue(new QueueConfiguration(simpleString2).setAddress(simpleString));
        } catch (ActiveMQException e) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.deleteQueue(simpleString2);
        } catch (ActiveMQException e2) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.createQueue(new QueueConfiguration(simpleString3).setAddress(simpleString).setDurable(false));
        } catch (ActiveMQException e3) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.deleteQueue(simpleString3);
        } catch (ActiveMQException e4) {
            Assert.fail("should not throw exception here");
        }
        addClientSession.createQueue(new QueueConfiguration(simpleString2).setAddress(simpleString));
        try {
            addClientSession.createProducer(simpleString).send(addClientSession.createMessage(true));
        } catch (ActiveMQException e5) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.createConsumer(simpleString2);
        } catch (ActiveMQException e6) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.createProducer(addServer.getConfiguration().getManagementAddress()).send(addClientSession.createMessage(true));
        } catch (ActiveMQException e7) {
            Assert.fail("should not throw exception here");
        }
        try {
            addClientSession.createConsumer(simpleString2, true);
        } catch (ActiveMQException e8) {
            Assert.fail("should not throw exception here");
        }
    }

    static {
        URL resource;
        if (System.getProperty("java.security.auth.login.config") != null || (resource = SecurityPerAcceptorTest.class.getClassLoader().getResource("login.config")) == null) {
            return;
        }
        System.setProperty("java.security.auth.login.config", resource.getFile());
    }
}
