package org.apache.activemq.artemis.tests.integration.security;

import jakarta.jms.Connection;
import jakarta.jms.ConnectionFactory;
import jakarta.jms.JMSException;
import jakarta.jms.Session;
import java.lang.management.ManagementFactory;
import java.net.URL;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import org.apache.activemq.artemis.api.core.QueueConfiguration;
import org.apache.activemq.artemis.api.core.RoutingType;
import org.apache.activemq.artemis.api.core.SimpleString;
import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.core.server.ActiveMQServer;
import org.apache.activemq.artemis.core.server.ActiveMQServers;
import org.apache.activemq.artemis.core.server.impl.AddressInfo;
import org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory;
import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
import org.apache.activemq.artemis.tests.extensions.parameterized.Parameter;
import org.apache.activemq.artemis.tests.extensions.parameterized.ParameterizedTestExtension;
import org.apache.activemq.artemis.tests.extensions.parameterized.Parameters;
import org.apache.activemq.artemis.tests.util.ActiveMQTestBase;
import org.apache.qpid.jms.JmsConnectionFactory;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.TestTemplate;
import org.junit.jupiter.api.extension.ExtendWith;

@ExtendWith({ParameterizedTestExtension.class})
/* loaded from: input_file:org/apache/activemq/artemis/tests/integration/security/SecurityPerAcceptorJmsTest.class */
public class SecurityPerAcceptorJmsTest extends ActiveMQTestBase {

    @Parameter(index = 0)
    public Protocol protocol;
    private ConnectionFactory cf;
    private final String URL = "tcp://127.0.0.1:61616";

    /* loaded from: input_file:org/apache/activemq/artemis/tests/integration/security/SecurityPerAcceptorJmsTest$Protocol.class */
    private enum Protocol {
        CORE,
        AMQP,
        OPENWIRE
    }

    @Parameters(name = "protocol={0}")
    public static Collection<Object[]> parameters() {
        return Arrays.asList(new Object[]{Protocol.CORE}, new Object[]{Protocol.AMQP}, new Object[]{Protocol.OPENWIRE});
    }

    @Override // org.apache.activemq.artemis.tests.util.ActiveMQTestBase
    @BeforeEach
    public void setUp() throws Exception {
        super.setUp();
        switch (this.protocol) {
            case CORE:
                this.cf = new ActiveMQConnectionFactory("tcp://127.0.0.1:61616");
                return;
            case OPENWIRE:
                this.cf = new org.apache.activemq.ActiveMQConnectionFactory("tcp://127.0.0.1:61616");
                return;
            case AMQP:
                this.cf = new JmsConnectionFactory("amqp://localhost:61616");
                return;
            default:
                return;
        }
    }

    @TestTemplate
    public void testJAASSecurityManagerAuthentication() throws Exception {
        addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true).setResolveProtocols(true).addAcceptorConfiguration("netty", "tcp://127.0.0.1:61616?securityDomain=PropertiesLogin"), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager(), false)).start();
        try {
            Connection createConnection = this.cf.createConnection("first", "secret");
            try {
                Thread.sleep(200L);
                if (createConnection != null) {
                    createConnection.close();
                }
            } finally {
            }
        } catch (JMSException e) {
            Assertions.fail("should not throw exception");
        }
    }

    @TestTemplate
    public void testJAASSecurityManagerAuthorizationNegative() throws Exception {
        SimpleString of = SimpleString.of("address");
        ActiveMQServer addServer = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setResolveProtocols(true).addAcceptorConfiguration("netty", "tcp://127.0.0.1:61616?securityDomain=PropertiesLogin").setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager(), false));
        HashSet hashSet = new HashSet();
        hashSet.add(new Role("programmers", false, false, false, false, false, false, false, false, false, false, false, false));
        addServer.getConfiguration().putSecurityRoles("#", hashSet);
        HashSet hashSet2 = new HashSet();
        hashSet2.add(new Role("programmers", false, true, false, false, true, true, false, false, true, false, false, false));
        addServer.getConfiguration().putSecurityRoles("ActiveMQ.Advisory.#", hashSet2);
        addServer.start();
        addServer.addAddressInfo(new AddressInfo(of, RoutingType.ANYCAST));
        addServer.createQueue(QueueConfiguration.of(of).setAddress(of).setRoutingType(RoutingType.ANYCAST));
        Connection createConnection = this.cf.createConnection("first", "secret");
        Session createSession = createConnection.createSession(false, 1);
        try {
            createSession.createProducer(createSession.createQueue(of.toString())).send(createSession.createMessage());
            Assertions.fail("should throw exception here");
        } catch (JMSException e) {
            e.printStackTrace();
            Assertions.assertTrue(e.getMessage().contains("User: first does not have permission='SEND' on address address"));
        }
        try {
            createSession.createConsumer(createSession.createQueue(of.toString()));
            Assertions.fail("should throw exception here");
        } catch (JMSException e2) {
            Assertions.assertTrue(e2.getMessage().contains("User: first does not have permission='CONSUME' for queue address on address address"));
        }
        try {
            createSession.createBrowser(createSession.createQueue(of.toString())).getEnumeration();
            Assertions.fail("should throw exception here");
        } catch (JMSException e3) {
            Assertions.assertTrue(e3.getMessage().contains("User: first does not have permission='BROWSE' for queue address on address address"));
        }
        createConnection.close();
    }

    @TestTemplate
    public void testJAASSecurityManagerAuthorizationPositive() throws Exception {
        ActiveMQServer addServer = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true).setResolveProtocols(true).addAcceptorConfiguration("netty", "tcp://127.0.0.1:61616?securityDomain=PropertiesLogin"), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager(), false));
        HashSet hashSet = new HashSet();
        hashSet.add(new Role("programmers", true, true, true, true, true, true, true, true, true, true, false, false));
        addServer.getConfiguration().putSecurityRoles("#", hashSet);
        addServer.start();
        Connection createConnection = this.cf.createConnection("first", "secret");
        Session createSession = createConnection.createSession(false, 1);
        try {
            createSession.createProducer(createSession.createQueue("address")).send(createSession.createMessage());
        } catch (JMSException e) {
            Assertions.fail("should not throw exception here");
        }
        try {
            createSession.createConsumer(createSession.createQueue("address"));
        } catch (JMSException e2) {
            Assertions.fail("should not throw exception here");
        }
        try {
            createSession.createBrowser(createSession.createQueue("address")).getEnumeration();
        } catch (JMSException e3) {
            Assertions.fail("should not throw exception here");
        }
        createConnection.close();
    }

    static {
        URL resource;
        if (System.getProperty("java.security.auth.login.config") != null || (resource = SecurityPerAcceptorJmsTest.class.getClassLoader().getResource("login.config")) == null) {
            return;
        }
        System.setProperty("java.security.auth.login.config", resource.getFile());
    }
}
