package org.apache.activemq.artemis.tests.integration.amqp;

import java.lang.invoke.MethodHandles;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import org.apache.activemq.transport.amqp.client.AmqpClient;
import org.apache.activemq.transport.amqp.client.AmqpConnection;
import org.apache.activemq.transport.amqp.client.AmqpMessage;
import org.apache.activemq.transport.amqp.client.AmqpSender;
import org.apache.activemq.transport.amqp.client.AmqpValidator;
import org.apache.qpid.proton.amqp.messaging.Rejected;
import org.apache.qpid.proton.amqp.transport.AmqpError;
import org.apache.qpid.proton.amqp.transport.ErrorCondition;
import org.apache.qpid.proton.engine.Delivery;
import org.apache.qpid.proton.engine.Receiver;
import org.apache.qpid.proton.engine.Sender;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.Timeout;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/activemq/artemis/tests/integration/amqp/AmqpSecurityTest.class */
public class AmqpSecurityTest extends AmqpClientTestSupport {
    private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private static final int MIN_LARGE_MESSAGE_SIZE = 16384;

    @Override // org.apache.activemq.artemis.tests.integration.amqp.AmqpClientTestSupport
    protected boolean isSecurityEnabled() {
        return true;
    }

    @Override // org.apache.activemq.artemis.tests.integration.amqp.AmqpTestSupport
    protected void configureAMQPAcceptorParameters(Map<String, Object> map) {
        map.put("amqpMinLargeMessageSize", Integer.valueOf(MIN_LARGE_MESSAGE_SIZE));
    }

    @Timeout(60)
    @Test
    public void testSaslAuthWithInvalidCredentials() throws Exception {
        AmqpConnection amqpConnection = null;
        try {
            amqpConnection = createAmqpClient(this.guestUser, this.fullUser).connect();
            Assertions.fail("Should not authenticate when invalid credentials provided");
            if (amqpConnection != null) {
                amqpConnection.close();
            }
        } catch (Exception e) {
            if (amqpConnection != null) {
                amqpConnection.close();
            }
        } catch (Throwable th) {
            if (amqpConnection != null) {
                amqpConnection.close();
            }
            throw th;
        }
    }

    @Timeout(60)
    @Test
    public void testSaslAuthWithAuthzid() throws Exception {
        AmqpConnection amqpConnection = null;
        AmqpClient createAmqpClient = createAmqpClient(this.guestPass, this.guestUser);
        createAmqpClient.setAuthzid(this.guestUser);
        try {
            try {
                amqpConnection = createAmqpClient.connect();
                if (amqpConnection != null) {
                    amqpConnection.close();
                }
            } catch (Exception e) {
                Assertions.fail("Should authenticate even with authzid set");
                if (amqpConnection != null) {
                    amqpConnection.close();
                }
            }
        } catch (Throwable th) {
            if (amqpConnection != null) {
                amqpConnection.close();
            }
            throw th;
        }
    }

    @Timeout(60)
    @Test
    public void testSaslAuthWithoutAuthzid() throws Exception {
        AmqpConnection amqpConnection = null;
        try {
            try {
                amqpConnection = createAmqpClient(this.guestPass, this.guestUser).connect();
                if (amqpConnection != null) {
                    amqpConnection.close();
                }
            } catch (Exception e) {
                Assertions.fail("Should authenticate even with authzid set");
                if (amqpConnection != null) {
                    amqpConnection.close();
                }
            }
        } catch (Throwable th) {
            if (amqpConnection != null) {
                amqpConnection.close();
            }
            throw th;
        }
    }

    @Timeout(60)
    @Test
    public void testSendAndRejected() throws Exception {
        AmqpClient createAmqpClient = createAmqpClient(this.guestPass, this.guestUser);
        createAmqpClient.setValidator(new AmqpValidator() { // from class: org.apache.activemq.artemis.tests.integration.amqp.AmqpSecurityTest.1
            @Override // org.apache.activemq.transport.amqp.client.AmqpValidator
            public void inspectOpenedResource(Sender sender) {
                ErrorCondition remoteCondition = sender.getRemoteCondition();
                if (remoteCondition == null || remoteCondition.getCondition() == null) {
                    markAsInvalid("Sender should have been opened with an error");
                } else {
                    if (remoteCondition.getCondition().equals(AmqpError.UNAUTHORIZED_ACCESS)) {
                        return;
                    }
                    markAsInvalid("Should have been tagged with unauthorized access error");
                }
            }
        });
        AmqpConnection addConnection = addConnection(createAmqpClient.connect());
        try {
            try {
                addConnection.createSession().createSender(getQueueName());
                Assertions.fail("Should not be able to consume here.");
            } catch (Exception e) {
                logger.debug("Caught expected exception");
            }
            addConnection.getStateInspector().assertValid();
            addConnection.close();
        } catch (Throwable th) {
            addConnection.close();
            throw th;
        }
    }

    @Timeout(60)
    @Test
    public void testSendMessageFailsOnAnonymousRelayWhenNotAuthorizedToSendToAddress() throws Exception {
        final CountDownLatch countDownLatch = new CountDownLatch(1);
        AmqpClient createAmqpClient = createAmqpClient(this.guestPass, this.guestUser);
        createAmqpClient.setValidator(new AmqpValidator() { // from class: org.apache.activemq.artemis.tests.integration.amqp.AmqpSecurityTest.2
            @Override // org.apache.activemq.transport.amqp.client.AmqpValidator
            public void inspectDeliveryUpdate(Sender sender, Delivery delivery) {
                Rejected remoteState = delivery.getRemoteState();
                if (!delivery.remotelySettled()) {
                    markAsInvalid("delivery is not remotely settled");
                }
                if (remoteState instanceof Rejected) {
                    Rejected rejected = remoteState;
                    if (rejected.getError() == null || rejected.getError().getCondition() == null) {
                        markAsInvalid("Delivery should have been Rejected with an error condition");
                    } else if (!rejected.getError().getCondition().equals(AmqpError.UNAUTHORIZED_ACCESS)) {
                        markAsInvalid("Should have been tagged with unauthorized access error");
                    }
                } else {
                    markAsInvalid("Delivery should have been Rejected");
                }
                countDownLatch.countDown();
            }
        });
        AmqpConnection connect = createAmqpClient.connect();
        try {
            AmqpSender createAnonymousSender = connect.createSession().createAnonymousSender();
            AmqpMessage amqpMessage = new AmqpMessage();
            amqpMessage.setAddress(getQueueName());
            amqpMessage.setMessageId("msg1");
            amqpMessage.setText("Test-Message");
            try {
                try {
                    createAnonymousSender.send(amqpMessage);
                    Assertions.fail("Should not be able to send, message should be rejected");
                    createAnonymousSender.close();
                } catch (Exception e) {
                    e.printStackTrace();
                    createAnonymousSender.close();
                }
                Assertions.assertTrue(countDownLatch.await(5000L, TimeUnit.MILLISECONDS));
                connect.getStateInspector().assertValid();
                connect.close();
            } catch (Throwable th) {
                createAnonymousSender.close();
                throw th;
            }
        } catch (Throwable th2) {
            connect.close();
            throw th2;
        }
    }

    @Timeout(30)
    @Test
    public void testReceiverNotAuthorized() throws Exception {
        AmqpClient createAmqpClient = createAmqpClient(this.noprivPass, this.noprivUser);
        createAmqpClient.setValidator(new AmqpValidator() { // from class: org.apache.activemq.artemis.tests.integration.amqp.AmqpSecurityTest.3
            @Override // org.apache.activemq.transport.amqp.client.AmqpValidator
            public void inspectOpenedResource(Receiver receiver) {
                ErrorCondition remoteCondition = receiver.getRemoteCondition();
                if (remoteCondition == null || remoteCondition.getCondition() == null) {
                    markAsInvalid("Receiver should have been opened with an error");
                } else {
                    if (remoteCondition.getCondition().equals(AmqpError.UNAUTHORIZED_ACCESS)) {
                        return;
                    }
                    markAsInvalid("Should have been tagged with unauthorized access error");
                }
            }
        });
        AmqpConnection connect = createAmqpClient.connect();
        try {
            try {
                connect.createSession().createReceiver(getQueueName());
                Assertions.fail("Should not be able to consume here.");
            } catch (Exception e) {
                logger.debug("Caught expected exception");
            }
            connect.getStateInspector().assertValid();
            connect.close();
        } catch (Throwable th) {
            connect.close();
            throw th;
        }
    }

    @Timeout(30)
    @Test
    public void testConsumerNotAuthorizedToCreateQueues() throws Exception {
        AmqpClient createAmqpClient = createAmqpClient(this.noprivPass, this.noprivUser);
        createAmqpClient.setValidator(new AmqpValidator() { // from class: org.apache.activemq.artemis.tests.integration.amqp.AmqpSecurityTest.4
            @Override // org.apache.activemq.transport.amqp.client.AmqpValidator
            public void inspectOpenedResource(Sender sender) {
                ErrorCondition remoteCondition = sender.getRemoteCondition();
                if (remoteCondition == null || remoteCondition.getCondition() == null) {
                    markAsInvalid("Sender should have been opened with an error");
                } else {
                    if (remoteCondition.getCondition().equals(AmqpError.UNAUTHORIZED_ACCESS)) {
                        return;
                    }
                    markAsInvalid("Should have been tagged with unauthorized access error");
                }
            }
        });
        AmqpConnection connect = createAmqpClient.connect();
        try {
            try {
                connect.createSession().createReceiver(getQueueName(getPrecreatedQueueSize() + 1));
                Assertions.fail("Should not be able to consume here.");
            } catch (Exception e) {
                logger.debug("Caught expected exception");
            }
            connect.getStateInspector().assertValid();
            connect.close();
        } catch (Throwable th) {
            connect.close();
            throw th;
        }
    }

    @Timeout(30)
    @Test
    public void testAnonymousRelayLargeMessageSendFailsWithNotAuthorizedCleansUpLargeMessageFile() throws Exception {
        final CountDownLatch countDownLatch = new CountDownLatch(1);
        AmqpClient createAmqpClient = createAmqpClient(this.guestPass, this.guestUser);
        createAmqpClient.setValidator(new AmqpValidator() { // from class: org.apache.activemq.artemis.tests.integration.amqp.AmqpSecurityTest.5
            @Override // org.apache.activemq.transport.amqp.client.AmqpValidator
            public void inspectDeliveryUpdate(Sender sender, Delivery delivery) {
                Rejected remoteState = delivery.getRemoteState();
                if (!delivery.remotelySettled()) {
                    markAsInvalid("delivery is not remotely settled");
                }
                if (remoteState instanceof Rejected) {
                    Rejected rejected = remoteState;
                    if (rejected.getError() == null || rejected.getError().getCondition() == null) {
                        markAsInvalid("Delivery should have been Rejected with an error condition");
                    } else if (!rejected.getError().getCondition().equals(AmqpError.UNAUTHORIZED_ACCESS)) {
                        markAsInvalid("Should have been tagged with unauthorized access error");
                    }
                } else {
                    markAsInvalid("Delivery should have been Rejected");
                }
                countDownLatch.countDown();
            }
        });
        AmqpConnection connect = createAmqpClient.connect();
        try {
            AmqpSender createAnonymousSender = connect.createSession().createAnonymousSender();
            AmqpMessage createAmqpLargeMessageWithNoBody = createAmqpLargeMessageWithNoBody();
            createAmqpLargeMessageWithNoBody.setAddress(getQueueName());
            createAmqpLargeMessageWithNoBody.setMessageId("msg1");
            try {
                try {
                    createAnonymousSender.send(createAmqpLargeMessageWithNoBody);
                    Assertions.fail("Should not be able to send, message should be rejected");
                    createAnonymousSender.close();
                } catch (Exception e) {
                    e.printStackTrace();
                    createAnonymousSender.close();
                }
                Assertions.assertTrue(countDownLatch.await(5L, TimeUnit.SECONDS));
                connect.getStateInspector().assertValid();
                connect.close();
                validateNoFilesOnLargeDir();
            } catch (Throwable th) {
                createAnonymousSender.close();
                throw th;
            }
        } catch (Throwable th2) {
            connect.close();
            throw th2;
        }
    }

    private AmqpMessage createAmqpLargeMessageWithNoBody() {
        AmqpMessage amqpMessage = new AmqpMessage();
        byte[] bArr = new byte[32768];
        for (int i = 0; i < bArr.length; i++) {
            bArr[i] = 65;
        }
        amqpMessage.setMessageAnnotation("x-opt-big-blob", new String(bArr, StandardCharsets.UTF_8));
        return amqpMessage;
    }
}
