package org.infinispan.security;

import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import org.infinispan.configuration.cache.AuthorizationConfigurationBuilder;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.security.impl.IdentityRoleMapper;
import org.infinispan.test.SingleCacheManagerTest;
import org.infinispan.test.TestingUtil;
import org.infinispan.test.fwk.TestCacheManagerFactory;
import org.testng.annotations.Test;

@Test(groups = {"functional"}, testName = "security.RolePermissionTest")
/* loaded from: input_file:org/infinispan/security/RolePermissionTest.class */
public class RolePermissionTest extends SingleCacheManagerTest {
    static final Subject ADMIN = TestingUtil.makeSubject(CustomAuditLoggerTest.ADMIN_ROLE);
    static final Subject SUBJECT_A = TestingUtil.makeSubject("A", "role1");
    static final Subject SUBJECT_WITHOUT_PRINCIPAL = TestingUtil.makeSubject(new String[0]);
    AuthorizationManager authzManager;

    @Override // org.infinispan.test.SingleCacheManagerTest
    protected EmbeddedCacheManager createCacheManager() throws Exception {
        GlobalConfigurationBuilder globalConfigurationBuilder = new GlobalConfigurationBuilder();
        GlobalAuthorizationConfigurationBuilder principalRoleMapper = globalConfigurationBuilder.security().authorization().enable().principalRoleMapper(new IdentityRoleMapper());
        ConfigurationBuilder defaultCacheConfiguration = TestCacheManagerFactory.getDefaultCacheConfiguration(true);
        AuthorizationConfigurationBuilder enable = defaultCacheConfiguration.security().authorization().enable();
        principalRoleMapper.role("role1").permission(AuthorizationPermission.EXEC).role("role2").permission(AuthorizationPermission.EXEC).role(CustomAuditLoggerTest.ADMIN_ROLE).permission(AuthorizationPermission.ALL);
        enable.role("role1").role("role2").role(CustomAuditLoggerTest.ADMIN_ROLE);
        return TestCacheManagerFactory.createCacheManager(globalConfigurationBuilder, defaultCacheConfiguration);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.test.SingleCacheManagerTest
    public void setup() throws Exception {
        this.authzManager = (AuthorizationManager) Security.doAs(ADMIN, new PrivilegedExceptionAction<AuthorizationManager>() { // from class: org.infinispan.security.RolePermissionTest.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public AuthorizationManager run() throws Exception {
                RolePermissionTest.this.cacheManager = RolePermissionTest.this.createCacheManager();
                if (RolePermissionTest.this.cache == null) {
                    RolePermissionTest.this.cache = RolePermissionTest.this.cacheManager.getCache();
                }
                return RolePermissionTest.this.cache.getAdvancedCache().getAuthorizationManager();
            }
        });
    }

    public void testPermissionAndRole() {
        Security.doAs(SUBJECT_A, new PrivilegedAction<Void>() { // from class: org.infinispan.security.RolePermissionTest.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                RolePermissionTest.this.authzManager.checkPermission(AuthorizationPermission.EXEC, "role1");
                return null;
            }
        });
    }

    public void testPermissionAndNoRole() {
        Security.doAs(SUBJECT_A, new PrivilegedAction<Void>() { // from class: org.infinispan.security.RolePermissionTest.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                RolePermissionTest.this.authzManager.checkPermission(AuthorizationPermission.EXEC);
                return null;
            }
        });
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testWrongPermissionAndNoRole() {
        Security.doAs(SUBJECT_A, new PrivilegedAction<Void>() { // from class: org.infinispan.security.RolePermissionTest.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                RolePermissionTest.this.authzManager.checkPermission(AuthorizationPermission.LISTEN);
                return null;
            }
        });
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testWrongPermissionAndRole() {
        Security.doAs(SUBJECT_A, new PrivilegedAction<Void>() { // from class: org.infinispan.security.RolePermissionTest.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                RolePermissionTest.this.authzManager.checkPermission(AuthorizationPermission.LISTEN, "role1");
                return null;
            }
        });
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testPermissionAndWrongRole() {
        Security.doAs(SUBJECT_A, new PrivilegedAction<Void>() { // from class: org.infinispan.security.RolePermissionTest.6
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                RolePermissionTest.this.authzManager.checkPermission(AuthorizationPermission.EXEC, "role2");
                return null;
            }
        });
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testWrongPermissionAndWrongRole() {
        Security.doAs(SUBJECT_A, new PrivilegedAction<Void>() { // from class: org.infinispan.security.RolePermissionTest.7
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                RolePermissionTest.this.authzManager.checkPermission(AuthorizationPermission.LISTEN, "role2");
                return null;
            }
        });
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testNoPrincipalInSubject() {
        Security.doAs(SUBJECT_WITHOUT_PRINCIPAL, new PrivilegedAction<Void>() { // from class: org.infinispan.security.RolePermissionTest.8
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                RolePermissionTest.this.authzManager.checkPermission(AuthorizationPermission.NONE);
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.test.SingleCacheManagerTest
    public void teardown() {
        Security.doAs(ADMIN, new PrivilegedAction<Void>() { // from class: org.infinispan.security.RolePermissionTest.9
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                RolePermissionTest.super.teardown();
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.test.SingleCacheManagerTest
    public void clearContent() {
        Security.doAs(ADMIN, new PrivilegedAction<Void>() { // from class: org.infinispan.security.RolePermissionTest.10
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                RolePermissionTest.this.cacheManager.getCache().clear();
                return null;
            }
        });
    }
}
