package org.apache.activemq.artemis.tests.integration.management;

import java.lang.management.ManagementFactory;
import java.util.HashSet;
import java.util.Map;
import javax.management.JMX;
import javax.security.auth.Subject;
import org.apache.activemq.artemis.api.config.ActiveMQDefaultConfiguration;
import org.apache.activemq.artemis.api.core.ActiveMQException;
import org.apache.activemq.artemis.api.core.QueueConfiguration;
import org.apache.activemq.artemis.api.core.RoutingType;
import org.apache.activemq.artemis.api.core.SimpleString;
import org.apache.activemq.artemis.api.core.client.ClientConsumer;
import org.apache.activemq.artemis.api.core.client.ClientMessage;
import org.apache.activemq.artemis.api.core.client.ClientSession;
import org.apache.activemq.artemis.api.core.client.ClientSessionFactory;
import org.apache.activemq.artemis.api.core.management.AddressControl;
import org.apache.activemq.artemis.api.core.management.CoreNotificationType;
import org.apache.activemq.artemis.api.core.management.ManagementHelper;
import org.apache.activemq.artemis.api.core.management.ObjectNameBuilder;
import org.apache.activemq.artemis.core.security.CheckType;
import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.core.server.ActiveMQServer;
import org.apache.activemq.artemis.core.server.ActiveMQServers;
import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
import org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal;
import org.apache.activemq.artemis.tests.util.ActiveMQTestBase;
import org.apache.activemq.artemis.utils.RandomUtil;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.class */
public class SecurityNotificationTest extends ActiveMQTestBase {
    private ActiveMQServer server;
    private ClientSession adminSession;
    private ClientConsumer notifConsumer;
    private SimpleString notifQueue;

    @Test
    public void testSECURITY_AUTHENTICATION_VIOLATION() throws Exception {
        String randomString = RandomUtil.randomString();
        flush(this.notifConsumer);
        ClientSessionFactory createSessionFactory = createSessionFactory(createInVMNonHALocator());
        long currentTimeMillis = System.currentTimeMillis();
        try {
            createSessionFactory.createSession(randomString, RandomUtil.randomString(), false, true, true, false, 1);
            Assertions.fail("authentication must fail and a notification of security violation must be sent");
        } catch (Exception e) {
        }
        ClientMessage[] consumeMessages = consumeMessages(1, this.notifConsumer);
        Assertions.assertEquals(CoreNotificationType.SECURITY_AUTHENTICATION_VIOLATION.toString(), consumeMessages[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString());
        Assertions.assertEquals(randomString, consumeMessages[0].getObjectProperty(ManagementHelper.HDR_USER).toString());
        Assertions.assertEquals("unavailable", consumeMessages[0].getObjectProperty(ManagementHelper.HDR_CERT_SUBJECT_DN).toString());
        Assertions.assertEquals("invm:0", consumeMessages[0].getObjectProperty(ManagementHelper.HDR_REMOTE_ADDRESS).toString());
        Assertions.assertTrue(consumeMessages[0].getTimestamp() >= currentTimeMillis);
        Assertions.assertTrue(((Long) consumeMessages[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP)).longValue() >= currentTimeMillis);
        Assertions.assertEquals(consumeMessages[0].getTimestamp(), ((Long) consumeMessages[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP)).longValue());
    }

    @Test
    public void testSECURITY_PERMISSION_VIOLATION() throws Exception {
        SimpleString randomSimpleString = RandomUtil.randomSimpleString();
        SimpleString randomSimpleString2 = RandomUtil.randomSimpleString();
        Role role = new Role("roleCanNotCreateQueue", true, true, false, true, false, true, true, true, true, true, false, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        this.server.getSecurityRepository().addMatch(randomSimpleString2.toString(), hashSet);
        this.server.getSecurityManager().getConfiguration().addRole("guest", "roleCanNotCreateQueue");
        flush(this.notifConsumer);
        ClientSession createSession = createSessionFactory(createInVMNonHALocator()).createSession("guest", "guest", false, true, true, false, 1);
        long currentTimeMillis = System.currentTimeMillis();
        try {
            createSession.createQueue(QueueConfiguration.of(randomSimpleString).setAddress(randomSimpleString2));
            Assertions.fail("session creation must fail and a notification of security violation must be sent");
        } catch (Exception e) {
        }
        ClientMessage[] consumeMessages = consumeMessages(2, this.notifConsumer);
        int i = 0;
        while (i < consumeMessages.length && !CoreNotificationType.SECURITY_PERMISSION_VIOLATION.toString().equals(consumeMessages[i].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString())) {
            i++;
        }
        Assertions.assertTrue(i < consumeMessages.length);
        Assertions.assertEquals(CoreNotificationType.SECURITY_PERMISSION_VIOLATION.toString(), consumeMessages[i].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString());
        Assertions.assertEquals("guest", consumeMessages[i].getObjectProperty(ManagementHelper.HDR_USER).toString());
        Assertions.assertEquals(randomSimpleString2.toString(), consumeMessages[i].getObjectProperty(ManagementHelper.HDR_ADDRESS).toString());
        Assertions.assertEquals(CheckType.CREATE_DURABLE_QUEUE.toString(), consumeMessages[i].getObjectProperty(ManagementHelper.HDR_CHECK_TYPE).toString());
        Assertions.assertTrue(consumeMessages[i].getTimestamp() >= currentTimeMillis);
        Assertions.assertTrue(((Long) consumeMessages[i].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP)).longValue() >= currentTimeMillis);
        Assertions.assertEquals(consumeMessages[i].getTimestamp(), ((Long) consumeMessages[i].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP)).longValue());
        createSession.close();
    }

    @Test
    public void testSubjectSECURITY_PERMISSION_VIOLATION() throws Exception {
        flush(this.notifConsumer);
        Subject subject = new Subject();
        subject.getPrincipals().add(new UserPrincipal("guest"));
        AddressControl addressControl = (AddressControl) JMX.newMBeanProxy(ManagementFactory.getPlatformMBeanServer(), ObjectNameBuilder.DEFAULT.getAddressObjectName(ActiveMQDefaultConfiguration.getDefaultManagementNotificationAddress()), AddressControl.class, false);
        Assertions.assertNotNull((Exception) Subject.doAs(subject, () -> {
            try {
                addressControl.sendMessage((Map) null, 1, "hi", false, (String) null, (String) null);
                Assertions.fail("need Send permission");
                return null;
            } catch (Exception e) {
                Assertions.assertTrue(e.getMessage().contains("guest"));
                Assertions.assertTrue(e.getMessage().contains("SEND"));
                return e;
            }
        }), "expect exception");
        ClientMessage[] consumeMessages = consumeMessages(3, this.notifConsumer);
        int i = 0;
        while (i < consumeMessages.length && !CoreNotificationType.SECURITY_PERMISSION_VIOLATION.toString().equals(consumeMessages[i].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString())) {
            i++;
        }
        Assertions.assertTrue(i < consumeMessages.length);
        Assertions.assertEquals(CoreNotificationType.SECURITY_PERMISSION_VIOLATION.toString(), consumeMessages[i].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString());
        Assertions.assertEquals("guest", consumeMessages[i].getObjectProperty(ManagementHelper.HDR_USER).toString());
        Assertions.assertEquals(ActiveMQDefaultConfiguration.getDefaultManagementNotificationAddress().toString(), consumeMessages[i].getObjectProperty(ManagementHelper.HDR_ADDRESS).toString());
        Assertions.assertEquals(CheckType.SEND.toString(), consumeMessages[i].getObjectProperty(ManagementHelper.HDR_CHECK_TYPE).toString());
    }

    @Test
    public void testCONSUMER_CREATED() throws Exception {
        SimpleString randomSimpleString = RandomUtil.randomSimpleString();
        SimpleString randomSimpleString2 = RandomUtil.randomSimpleString();
        Role role = new Role("role", true, true, true, true, false, true, true, true, true, true, false, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        this.server.getSecurityRepository().addMatch(randomSimpleString2.toString(), hashSet);
        this.server.getSecurityManager().getConfiguration().addRole("guest", "role");
        ClientSession createSession = createSessionFactory(createInVMNonHALocator()).createSession("guest", "guest", false, true, true, false, 1);
        createSession.createQueue(QueueConfiguration.of(randomSimpleString).setAddress(randomSimpleString2).setRoutingType(RoutingType.ANYCAST));
        flush(this.notifConsumer);
        long currentTimeMillis = System.currentTimeMillis();
        createSession.createConsumer(randomSimpleString);
        ClientMessage[] consumeMessages = consumeMessages(1, this.notifConsumer);
        Assertions.assertEquals(CoreNotificationType.CONSUMER_CREATED.toString(), consumeMessages[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString());
        Assertions.assertEquals("guest", consumeMessages[0].getObjectProperty(ManagementHelper.HDR_USER).toString());
        Assertions.assertEquals("guest", consumeMessages[0].getObjectProperty(ManagementHelper.HDR_VALIDATED_USER).toString());
        Assertions.assertEquals(randomSimpleString2.toString(), consumeMessages[0].getObjectProperty(ManagementHelper.HDR_ADDRESS).toString());
        Assertions.assertEquals(SimpleString.of("unavailable"), consumeMessages[0].getSimpleStringProperty(ManagementHelper.HDR_CERT_SUBJECT_DN));
        Assertions.assertTrue(consumeMessages[0].getTimestamp() >= currentTimeMillis);
        Assertions.assertTrue(((Long) consumeMessages[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP)).longValue() >= currentTimeMillis);
        Assertions.assertEquals(consumeMessages[0].getTimestamp(), ((Long) consumeMessages[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP)).longValue());
        createSession.close();
    }

    @Override // org.apache.activemq.artemis.tests.util.ActiveMQTestBase
    @BeforeEach
    public void setUp() throws Exception {
        super.setUp();
        this.server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true).setJMXManagementEnabled(true), false));
        this.server.start();
        this.notifQueue = RandomUtil.randomSimpleString();
        ActiveMQJAASSecurityManager securityManager = this.server.getSecurityManager();
        securityManager.getConfiguration().addUser("admin", "admin");
        securityManager.getConfiguration().addUser("guest", "guest");
        securityManager.getConfiguration().setDefaultUser("guest");
        Role role = new Role("notif", true, true, true, true, true, true, true, true, true, true, false, false);
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        this.server.getSecurityRepository().addMatch(ActiveMQDefaultConfiguration.getDefaultManagementNotificationAddress().toString(), hashSet);
        securityManager.getConfiguration().addRole("admin", "notif");
        this.adminSession = createSessionFactory(createInVMNonHALocator()).createSession("admin", "admin", false, true, true, false, 1);
        this.adminSession.start();
        this.adminSession.createQueue(QueueConfiguration.of(this.notifQueue).setAddress(ActiveMQDefaultConfiguration.getDefaultManagementNotificationAddress()).setDurable(false).setTemporary(true));
        this.notifConsumer = this.adminSession.createConsumer(this.notifQueue);
    }

    private static void flush(ClientConsumer clientConsumer) throws ActiveMQException {
        do {
        } while (clientConsumer.receive(500L) != null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static ClientMessage[] consumeMessages(int i, ClientConsumer clientConsumer) throws Exception {
        ClientMessage[] clientMessageArr = new ClientMessage[i];
        for (int i2 = 0; i2 < i; i2++) {
            ClientMessage receive = clientConsumer.receive(500L);
            Assertions.assertNotNull(receive, "expected to received " + i + " messages, got only " + i2);
            clientMessageArr[i2] = receive;
            receive.acknowledge();
        }
        Assertions.assertNull(clientConsumer.receiveImmediate(), "received one more message than expected (" + i + ")");
        return clientMessageArr;
    }
}
