package org.infinispan.server.security.authorization;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.StandardCopyOption;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.stream.Stream;
import org.infinispan.client.hotrod.RemoteCache;
import org.infinispan.client.hotrod.Search;
import org.infinispan.client.hotrod.configuration.ConfigurationBuilder;
import org.infinispan.client.hotrod.exceptions.HotRodClientException;
import org.infinispan.client.rest.RestCacheClient;
import org.infinispan.client.rest.RestCacheManagerClient;
import org.infinispan.client.rest.RestClient;
import org.infinispan.client.rest.RestClusterClient;
import org.infinispan.client.rest.RestResponse;
import org.infinispan.client.rest.configuration.RestClientConfigurationBuilder;
import org.infinispan.commons.marshall.ProtoStreamMarshaller;
import org.infinispan.commons.test.Exceptions;
import org.infinispan.commons.util.Util;
import org.infinispan.configuration.cache.AuthorizationConfigurationBuilder;
import org.infinispan.configuration.cache.CacheMode;
import org.infinispan.configuration.cache.IndexStorage;
import org.infinispan.configuration.cache.XSiteStateTransferMode;
import org.infinispan.protostream.sampledomain.User;
import org.infinispan.protostream.sampledomain.marshallers.MarshallerRegistration;
import org.infinispan.query.dsl.Query;
import org.infinispan.server.functional.HotRodCacheQueries;
import org.infinispan.server.functional.XSiteIT;
import org.infinispan.server.security.AuthenticationKeyCloakIT;
import org.infinispan.server.test.api.TestUser;
import org.infinispan.server.test.core.Common;
import org.infinispan.server.test.junit4.InfinispanServerRule;
import org.infinispan.server.test.junit4.InfinispanServerTestMethodRule;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/infinispan/server/security/authorization/AbstractAuthorization.class */
public abstract class AbstractAuthorization {
    public static final String BANK_PROTO = "bank.proto";
    final Map<TestUser, ConfigurationBuilder> hotRodBuilders = new HashMap();
    final Map<TestUser, RestClientConfigurationBuilder> restBuilders = new HashMap();
    final Map<String, String> bulkData;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAuthorization() {
        Stream.of((Object[]) TestUser.values()).forEach(this::addClientBuilders);
        this.bulkData = new HashMap();
        for (int i = 0; i < 10; i++) {
            this.bulkData.put("k" + i, "v" + i);
        }
    }

    protected abstract InfinispanServerRule getServers();

    protected abstract InfinispanServerTestMethodRule getServerTest();

    protected void addClientBuilders(TestUser testUser) {
        ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
        configurationBuilder.security().authentication().saslMechanism("SCRAM-SHA-1").serverName(AuthenticationKeyCloakIT.INFINISPAN_REALM).realm("default").username(testUser.getUser()).password(testUser.getPassword());
        this.hotRodBuilders.put(testUser, configurationBuilder);
        RestClientConfigurationBuilder restClientConfigurationBuilder = new RestClientConfigurationBuilder();
        restClientConfigurationBuilder.security().authentication().mechanism("AUTO").username(testUser.getUser()).password(testUser.getPassword());
        this.restBuilders.put(testUser, restClientConfigurationBuilder);
    }

    @Test
    public void testHotRodAdminAndDeployerCanDoEverything() {
        Iterator it = EnumSet.of(TestUser.ADMIN, TestUser.DEPLOYER).iterator();
        while (it.hasNext()) {
            RemoteCache create = getServerTest().hotrod().withClientConfiguration(this.hotRodBuilders.get((TestUser) it.next())).withCacheMode(CacheMode.DIST_SYNC).create();
            create.put("k", "v");
            Assert.assertEquals("v", create.get("k"));
            create.putAll(this.bulkData);
            Assert.assertEquals(11L, create.size());
            create.getRemoteCacheManager().administration().removeCache(create.getName());
        }
    }

    @Test
    public void testRestAdminCanDoEverything() {
        RestCacheClient cache = getServerTest().rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).withCacheMode(CacheMode.DIST_SYNC).create().cache(getServerTest().getMethodName());
        Common.sync(cache.put("k", "v"));
        Assert.assertEquals("v", ((RestResponse) Common.sync(cache.get("k"))).getBody());
    }

    @Test
    public void testHotRodNonAdminsMustNotCreateCache() {
        Iterator it = EnumSet.of(TestUser.APPLICATION, TestUser.OBSERVER, TestUser.MONITOR).iterator();
        while (it.hasNext()) {
            TestUser testUser = (TestUser) it.next();
            Exceptions.expectException(HotRodClientException.class, "(?s).*ISPN000287.*", () -> {
                getServerTest().hotrod().withClientConfiguration(this.hotRodBuilders.get(testUser)).withCacheMode(CacheMode.DIST_SYNC).create();
            });
        }
    }

    @Test
    public void testRestNonAdminsMustNotCreateCache() {
        Iterator it = EnumSet.of(TestUser.APPLICATION, TestUser.OBSERVER, TestUser.MONITOR).iterator();
        while (it.hasNext()) {
            TestUser testUser = (TestUser) it.next();
            Exceptions.expectException(SecurityException.class, "(?s).*403.*", () -> {
                getServerTest().rest().withClientConfiguration(this.restBuilders.get(testUser)).withCacheMode(CacheMode.DIST_SYNC).create();
            });
        }
    }

    @Test
    public void testHotRodWriterCannotReadImplicit() {
        testHotRodWriterCannotRead(new String[0]);
    }

    @Test
    public void testHotRodWriterCannotReadExplicit() {
        testHotRodWriterCannotRead("admin", "observer", "deployer", "application", "writer", "reader", "monitor");
    }

    private void testHotRodWriterCannotRead(String... strArr) {
        hotRodCreateAuthzCache(strArr);
        RemoteCache remoteCache = getServerTest().hotrod().withClientConfiguration(this.hotRodBuilders.get(TestUser.WRITER)).get();
        remoteCache.put("k1", "v1");
        Exceptions.expectException(HotRodClientException.class, "(?s).*ISPN000287.*", () -> {
            remoteCache.get("k1");
        });
        Iterator it = EnumSet.complementOf(EnumSet.of(TestUser.WRITER, TestUser.MONITOR)).iterator();
        while (it.hasNext()) {
            Assert.assertEquals("v1", getServerTest().hotrod().withClientConfiguration(this.hotRodBuilders.get((TestUser) it.next())).get().get("k1"));
        }
    }

    @Test
    public void testAdminCanRemoveCacheWithoutRole() {
        RemoteCache hotRodCreateAuthzCache = hotRodCreateAuthzCache("application");
        getServerTest().hotrod().withClientConfiguration(this.hotRodBuilders.get(TestUser.APPLICATION)).get().put("k1", "v1");
        hotRodCreateAuthzCache.getRemoteCacheManager().administration().removeCache(hotRodCreateAuthzCache.getName());
    }

    @Test
    public void testRestWriterCannotReadImplicit() {
        testRestWriterCannotRead(new String[0]);
    }

    @Test
    public void testRestWriterCannotReadExplicit() {
        testRestWriterCannotRead("admin", "observer", "deployer", "application", "writer", "reader");
    }

    private void testRestWriterCannotRead(String... strArr) {
        restCreateAuthzCache(strArr);
        RestCacheClient cache = getServerTest().rest().withClientConfiguration(this.restBuilders.get(TestUser.WRITER)).get().cache(getServerTest().getMethodName());
        Common.sync(cache.put("k1", "v1"));
        Common.assertStatus(403, cache.get("k1"));
        Iterator it = EnumSet.of(TestUser.OBSERVER, TestUser.DEPLOYER).iterator();
        while (it.hasNext()) {
            Assert.assertEquals("v1", ((RestResponse) Common.sync(getServerTest().rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get().cache(getServerTest().getMethodName()).get("k1"))).getBody());
        }
    }

    @Test
    public void testHotRodReaderCannotWriteImplicit() {
        testHotRodObserverCannotWrite(new String[0]);
    }

    @Test
    public void testHotRodReaderCannotWriteExplicit() {
        testHotRodObserverCannotWrite(new String[0]);
    }

    private void testHotRodObserverCannotWrite(String... strArr) {
        hotRodCreateAuthzCache(strArr);
        RemoteCache remoteCache = getServerTest().hotrod().withClientConfiguration(this.hotRodBuilders.get(TestUser.OBSERVER)).get();
        Exceptions.expectException(HotRodClientException.class, "(?s).*ISPN000287.*", () -> {
            remoteCache.put("k1", "v1");
        });
        Iterator it = EnumSet.of(TestUser.DEPLOYER, TestUser.APPLICATION, TestUser.WRITER).iterator();
        while (it.hasNext()) {
            TestUser testUser = (TestUser) it.next();
            getServerTest().hotrod().withClientConfiguration(this.hotRodBuilders.get(testUser)).get().put(testUser.name(), testUser.name());
        }
    }

    @Test
    public void testRestReaderCannotWriteImplicit() {
        testRestReaderCannotWrite(new String[0]);
    }

    @Test
    public void testRestReaderCannotWriteExplicit() {
        testRestReaderCannotWrite("admin", "observer", "deployer", "application", "writer", "reader");
    }

    private void testRestReaderCannotWrite(String... strArr) {
        restCreateAuthzCache(strArr);
        Common.assertStatus(403, getServerTest().rest().withClientConfiguration(this.restBuilders.get(TestUser.OBSERVER)).get().cache(getServerTest().getMethodName()).put("k1", "v1"));
        Iterator it = EnumSet.of(TestUser.APPLICATION, TestUser.DEPLOYER).iterator();
        while (it.hasNext()) {
            TestUser testUser = (TestUser) it.next();
            Common.assertStatus(204, getServerTest().rest().withClientConfiguration(this.restBuilders.get(testUser)).get().cache(getServerTest().getMethodName()).put(testUser.name(), testUser.name()));
        }
    }

    @Test
    public void testHotRodBulkOperationsImplicit() {
        testHotRodBulkOperations(new String[0]);
    }

    @Test
    public void testHotRodBulkOperationsExplicit() {
        testHotRodBulkOperations("admin", "observer", "deployer", "application", "writer", "reader");
    }

    private void testHotRodBulkOperations(String... strArr) {
        hotRodCreateAuthzCache(strArr).putAll(this.bulkData);
        RemoteCache remoteCache = getServerTest().hotrod().withClientConfiguration(this.hotRodBuilders.get(TestUser.READER)).get();
        Exceptions.expectException(HotRodClientException.class, "(?s).*ISPN000287.*", () -> {
            remoteCache.getAll(this.bulkData.keySet());
        });
        Exceptions.expectException(HotRodClientException.class, "(?s).*ISPN000287.*", () -> {
            new ArrayList((Collection) remoteCache.keySet());
        });
        Exceptions.expectException(HotRodClientException.class, "(?s).*ISPN000287.*", () -> {
            new ArrayList((Collection) remoteCache.values());
        });
        Exceptions.expectException(HotRodClientException.class, "(?s).*ISPN000287.*", () -> {
            new ArrayList((Collection) remoteCache.entrySet());
        });
        RemoteCache remoteCache2 = getServerTest().hotrod().withClientConfiguration(this.hotRodBuilders.get(TestUser.DEPLOYER)).get();
        remoteCache2.getAll(this.bulkData.keySet());
        Assert.assertFalse(new HashSet((Collection) remoteCache2.keySet()).isEmpty());
        Assert.assertFalse(new HashSet((Collection) remoteCache2.values()).isEmpty());
        Assert.assertFalse(new HashSet((Collection) remoteCache2.entrySet()).isEmpty());
    }

    @Test
    public void testAdminAndDeployerCanManageSchema() {
        String str = (String) Exceptions.unchecked(() -> {
            return Util.getResourceAsString("/sample_bank_account/bank.proto", getClass().getClassLoader());
        });
        Iterator it = EnumSet.of(TestUser.ADMIN, TestUser.DEPLOYER).iterator();
        while (it.hasNext()) {
            RemoteCache cache = getServerTest().hotrod().withClientConfiguration(this.hotRodBuilders.get((TestUser) it.next())).createRemoteCacheManager().getCache("___protobuf_metadata");
            cache.put(BANK_PROTO, str);
            cache.remove(BANK_PROTO);
        }
    }

    @Test
    public void testNonCreatorsSchema() {
        String str = (String) Exceptions.unchecked(() -> {
            return Util.getResourceAsString("/sample_bank_account/bank.proto", getClass().getClassLoader());
        });
        Iterator it = EnumSet.of(TestUser.APPLICATION, TestUser.OBSERVER, TestUser.WRITER).iterator();
        while (it.hasNext()) {
            RemoteCache cache = getServerTest().hotrod().withClientConfiguration(this.hotRodBuilders.get((TestUser) it.next())).createRemoteCacheManager().getCache("___protobuf_metadata");
            Exceptions.expectException(HotRodClientException.class, "(?s).*ISPN000287.*", () -> {
                cache.put(BANK_PROTO, str);
            });
        }
    }

    @Test
    public void testBulkReadUsersCanQuery() {
        org.infinispan.configuration.cache.ConfigurationBuilder prepareIndexedCache = prepareIndexedCache();
        Iterator it = EnumSet.of(TestUser.ADMIN, TestUser.DEPLOYER, TestUser.APPLICATION, TestUser.OBSERVER).iterator();
        while (it.hasNext()) {
            RemoteCache remoteCache = getServerTest().hotrod().withClientConfiguration(clientConfigurationWithProtostreamMarshaller((TestUser) it.next())).withServerConfiguration(prepareIndexedCache).get();
            HotRodCacheQueries.assertUser1((User) remoteCache.get(1));
            List list = Search.getQueryFactory(remoteCache).create("FROM sample_bank_account.User WHERE name = 'Tom'").execute().list();
            Assert.assertNotNull(list);
            Assert.assertEquals(1L, list.size());
            Assert.assertEquals(User.class, ((User) list.get(0)).getClass());
            HotRodCacheQueries.assertUser1((User) list.get(0));
        }
        Iterator it2 = EnumSet.of(TestUser.ADMIN, TestUser.DEPLOYER, TestUser.APPLICATION, TestUser.OBSERVER).iterator();
        while (it2.hasNext()) {
            RestCacheClient cache = getServerTest().rest().withClientConfiguration(this.restBuilders.get((TestUser) it2.next())).get().cache(getServerTest().getMethodName());
            Common.assertStatus(200, cache.query("FROM sample_bank_account.User WHERE name = 'Tom'"));
            Common.assertStatus(200, cache.searchStats());
            Common.assertStatus(200, cache.indexStats());
            Common.assertStatus(200, cache.queryStats());
        }
    }

    @Test
    public void testNonBulkReadUsersCannotQuery() {
        org.infinispan.configuration.cache.ConfigurationBuilder prepareIndexedCache = prepareIndexedCache();
        Iterator it = EnumSet.of(TestUser.READER, TestUser.WRITER).iterator();
        while (it.hasNext()) {
            Query create = Search.getQueryFactory(getServerTest().hotrod().withClientConfiguration(clientConfigurationWithProtostreamMarshaller((TestUser) it.next())).withServerConfiguration(prepareIndexedCache).get()).create("FROM sample_bank_account.User WHERE name = 'Tom'");
            Exceptions.expectException(HotRodClientException.class, "(?s).*ISPN000287.*", () -> {
                create.execute().list();
            });
        }
        Iterator it2 = EnumSet.of(TestUser.READER, TestUser.WRITER, TestUser.MONITOR).iterator();
        while (it2.hasNext()) {
            RestCacheClient cache = getServerTest().rest().withClientConfiguration(this.restBuilders.get((TestUser) it2.next())).get().cache(getServerTest().getMethodName());
            Common.assertStatus(403, cache.query("FROM sample_bank_account.User WHERE name = 'Tom'"));
            Common.assertStatus(200, cache.searchStats());
            Common.assertStatus(200, cache.indexStats());
            Common.assertStatus(200, cache.queryStats());
        }
    }

    private org.infinispan.configuration.cache.ConfigurationBuilder prepareIndexedCache() {
        getServerTest().hotrod().withClientConfiguration(this.hotRodBuilders.get(TestUser.ADMIN)).createRemoteCacheManager().getCache("___protobuf_metadata").put(BANK_PROTO, (String) Exceptions.unchecked(() -> {
            return Util.getResourceAsString("/sample_bank_account/bank.proto", getClass().getClassLoader());
        }));
        org.infinispan.configuration.cache.ConfigurationBuilder configurationBuilder = new org.infinispan.configuration.cache.ConfigurationBuilder();
        configurationBuilder.clustering().cacheMode(CacheMode.DIST_SYNC).stateTransfer().awaitInitialTransfer(true).security().authorization().enable().indexing().enable().storage(IndexStorage.LOCAL_HEAP).addIndexedEntity("sample_bank_account.User");
        RemoteCache create = getServerTest().hotrod().withClientConfiguration(clientConfigurationWithProtostreamMarshaller(TestUser.ADMIN)).withServerConfiguration(configurationBuilder).create();
        create.put(1, HotRodCacheQueries.createUser1());
        create.put(2, HotRodCacheQueries.createUser2());
        return configurationBuilder;
    }

    private ConfigurationBuilder clientConfigurationWithProtostreamMarshaller(TestUser testUser) {
        ConfigurationBuilder read = new ConfigurationBuilder().read(this.hotRodBuilders.get(testUser).build());
        ProtoStreamMarshaller protoStreamMarshaller = new ProtoStreamMarshaller();
        read.marshaller(protoStreamMarshaller);
        Exceptions.unchecked(() -> {
            MarshallerRegistration.registerMarshallers(protoStreamMarshaller.getSerializationContext());
        });
        return read;
    }

    @Test
    public void testAnonymousHealthPredefinedCache() {
        Assert.assertEquals("HEALTHY", ((RestResponse) Common.sync(getServerTest().rest().get().cacheManager("default").healthStatus())).getBody());
    }

    @Test
    public void testRestNonAdminsMustNotShutdownServer() {
        Iterator it = TestUser.NON_ADMINS.iterator();
        while (it.hasNext()) {
            Common.assertStatus(403, getServerTest().rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get().server().stop());
        }
    }

    @Test
    public void testRestNonAdminsMustNotShutdownCluster() {
        Iterator it = TestUser.NON_ADMINS.iterator();
        while (it.hasNext()) {
            Common.assertStatus(403, getServerTest().rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get().cluster().stop());
        }
    }

    @Test
    public void testRestNonAdminsMustNotModifyCacheIgnores() {
        Iterator it = TestUser.NON_ADMINS.iterator();
        while (it.hasNext()) {
            RestClient restClient = getServerTest().rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get();
            Common.assertStatus(403, restClient.server().ignoreCache("default", "predefined"));
            Common.assertStatus(403, restClient.server().unIgnoreCache("default", "predefined"));
        }
    }

    @Test
    public void testRestAdminsShouldBeAbleToModifyLoggers() {
        RestClient restClient = getServerTest().rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).get();
        Common.assertStatus(204, restClient.server().logging().setLogger("org.infinispan.TEST_LOGGER", "ERROR", new String[]{"STDOUT"}));
        Common.assertStatus(204, restClient.server().logging().removeLogger("org.infinispan.TEST_LOGGER"));
    }

    @Test
    public void testRestNonAdminsMustNotModifyLoggers() {
        Iterator it = TestUser.NON_ADMINS.iterator();
        while (it.hasNext()) {
            TestUser testUser = (TestUser) it.next();
            Common.assertStatus(403, getServerTest().rest().withClientConfiguration(this.restBuilders.get(testUser)).get().server().logging().setLogger("org.infinispan.TEST_LOGGER", "ERROR", new String[]{"STDOUT"}));
            Common.assertStatus(403, getServerTest().rest().withClientConfiguration(this.restBuilders.get(testUser)).get().server().logging().removeLogger("org.infinispan.TEST_LOGGER"));
        }
    }

    @Test
    public void testRestAdminsShoudleBeAbleToAdminServer() {
        RestClient restClient = getServerTest().rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).get();
        Common.assertStatus(204, restClient.server().connectorStop("endpoint-alternate-1"));
        Common.assertStatus(204, restClient.server().connectorStart("endpoint-alternate-1"));
        Common.assertStatus(204, restClient.server().connectorIpFilterSet("endpoint-alternate-1", Collections.emptyList()));
        Common.assertStatus(204, restClient.server().connectorIpFiltersClear("endpoint-alternate-1"));
        Common.assertStatus(200, restClient.server().memory());
        Common.assertStatus(200, restClient.server().env());
        Common.assertStatus(200, restClient.server().configuration());
    }

    @Test
    public void testRestNonAdminsMustNotAdminServer() {
        Iterator it = TestUser.NON_ADMINS.iterator();
        while (it.hasNext()) {
            RestClient restClient = getServerTest().rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get();
            Common.assertStatus(403, restClient.server().report());
            Common.assertStatus(403, restClient.server().connectorStop("endpoint-default"));
            Common.assertStatus(403, restClient.server().connectorStart("endpoint-default"));
            Common.assertStatus(403, restClient.server().connectorIpFilterSet("endpoint-default", Collections.emptyList()));
            Common.assertStatus(403, restClient.server().connectorIpFiltersClear("endpoint-default"));
            Common.assertStatus(403, restClient.server().memory());
            Common.assertStatus(403, restClient.server().env());
            Common.assertStatus(403, restClient.server().configuration());
        }
    }

    @Test
    public void testAdminsAccessToPerformXSiteOps() {
        assertXSiteOps(TestUser.ADMIN, 200, 204);
    }

    @Test
    public void testRestNonAdminsMustNotAccessPerformXSiteOps() {
        Iterator it = TestUser.NON_ADMINS.iterator();
        while (it.hasNext()) {
            assertXSiteOps((TestUser) it.next(), 403, 403);
        }
    }

    private void assertXSiteOps(TestUser testUser, int i, int i2) {
        RestClient restClient = getServerTest().rest().withClientConfiguration(this.restBuilders.get(testUser)).get();
        RestCacheClient cache = restClient.cache("xsite");
        Common.assertStatus(i, cache.takeSiteOffline(XSiteIT.NYC));
        Common.assertStatus(i, cache.bringSiteOnline(XSiteIT.NYC));
        Common.assertStatus(i, cache.cancelPushState(XSiteIT.NYC));
        Common.assertStatus(i, cache.cancelReceiveState(XSiteIT.NYC));
        Common.assertStatus(i, cache.clearPushStateStatus());
        Common.assertStatus(i, cache.pushSiteState(XSiteIT.NYC));
        Common.assertStatus(i, cache.pushStateStatus());
        Common.assertStatus(i, cache.xsiteBackups());
        Common.assertStatus(i, cache.backupStatus(XSiteIT.NYC));
        Common.assertStatus(i, cache.getXSiteTakeOfflineConfig(XSiteIT.NYC));
        Common.assertStatus(i2, cache.updateXSiteTakeOfflineConfig(XSiteIT.NYC, 10, 1000L));
        Common.assertStatus(i, cache.xSiteStateTransferMode(XSiteIT.NYC));
        Common.assertStatus(i, cache.xSiteStateTransferMode(XSiteIT.NYC, XSiteStateTransferMode.MANUAL));
        RestCacheManagerClient cacheManager = restClient.cacheManager("default");
        Common.assertStatus(i, cacheManager.bringBackupOnline(XSiteIT.NYC));
        Common.assertStatus(i, cacheManager.takeOffline(XSiteIT.NYC));
        Common.assertStatus(i, cacheManager.backupStatuses());
    }

    @Test
    public void testRestNonAdminsMustNotPerformSearchActions() {
        Common.assertStatus(200, getServerTest().rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).get().schemas().put(BANK_PROTO, (String) Exceptions.unchecked(() -> {
            return Util.getResourceAsString("/sample_bank_account/bank.proto", getClass().getClassLoader());
        })));
        org.infinispan.configuration.cache.ConfigurationBuilder configurationBuilder = new org.infinispan.configuration.cache.ConfigurationBuilder();
        configurationBuilder.indexing().enable().addIndexedEntity("sample_bank_account.User").statistics().enable();
        RestClient create = getServerTest().rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).withServerConfiguration(configurationBuilder).create();
        String methodName = getServerTest().getMethodName();
        create.cache(methodName);
        Iterator it = TestUser.NON_ADMINS.iterator();
        while (it.hasNext()) {
            searchActions((TestUser) it.next(), methodName, 403, 403);
        }
        searchActions(TestUser.ADMIN, methodName, 200, 204);
    }

    private void searchActions(TestUser testUser, String str, int i, int i2) {
        RestClient restClient = getServerTest().rest().withClientConfiguration(this.restBuilders.get(testUser)).get();
        Common.assertStatus(i, restClient.cache(str).clearSearchStats());
        Common.assertStatus(i2, restClient.cache(str).reindex());
        Common.assertStatus(i2, restClient.cache(str).clearIndex());
    }

    @Test
    public void testRestAdminsMustAccessBackupsAndRestores() throws IOException {
        String str = "backup";
        RestClusterClient cluster = getServerTest().rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).get().cluster();
        Common.assertStatus(202, cluster.createBackup("backup"));
        RestResponse awaitStatus = Common.awaitStatus(() -> {
            return cluster.getBackup(str, false);
        }, 202, 200);
        File file = new File(getServers().getServerDriver().getRootDir(), awaitStatus.getHeader("Content-Disposition").split("=")[1]);
        try {
            InputStream bodyAsStream = awaitStatus.getBodyAsStream();
            try {
                Files.copy(bodyAsStream, file.toPath(), StandardCopyOption.REPLACE_EXISTING);
                if (bodyAsStream != null) {
                    bodyAsStream.close();
                }
                Common.assertStatus(204, cluster.deleteBackup("backup"));
                Common.assertStatus(200, cluster.getBackupNames());
                Common.assertStatus(202, cluster.restore("backup", file));
                Common.assertStatus(200, cluster.getRestoreNames());
                Common.awaitStatus(() -> {
                    return cluster.getRestore(str);
                }, 202, 201);
                Common.assertStatus(204, cluster.deleteRestore("backup"));
            } finally {
            }
        } finally {
            awaitStatus.close();
        }
    }

    @Test
    public void testRestNonAdminsMustNotAccessBackupsAndRestores() {
        Iterator it = TestUser.NON_ADMINS.iterator();
        while (it.hasNext()) {
            RestClusterClient cluster = getServerTest().rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get().cluster();
            Common.assertStatus(403, cluster.createBackup("backup"));
            Common.assertStatus(403, cluster.getBackup("backup", true));
            Common.assertStatus(403, cluster.getBackupNames());
            Common.assertStatus(403, cluster.deleteBackup("backup"));
            Common.assertStatus(403, cluster.restore("restore", "somewhere"));
            Common.assertStatus(403, cluster.getRestoreNames());
            Common.assertStatus(403, cluster.getRestore("restore"));
            Common.assertStatus(403, cluster.deleteRestore("restore"));
        }
    }

    private <K, V> RemoteCache<K, V> hotRodCreateAuthzCache(String... strArr) {
        org.infinispan.configuration.cache.ConfigurationBuilder configurationBuilder = new org.infinispan.configuration.cache.ConfigurationBuilder();
        AuthorizationConfigurationBuilder enable = configurationBuilder.clustering().cacheMode(CacheMode.DIST_SYNC).security().authorization().enable();
        if (strArr != null) {
            for (String str : strArr) {
                enable.role(str);
            }
        }
        return getServerTest().hotrod().withClientConfiguration(this.hotRodBuilders.get(TestUser.ADMIN)).withServerConfiguration(configurationBuilder).create();
    }

    private RestClient restCreateAuthzCache(String... strArr) {
        org.infinispan.configuration.cache.ConfigurationBuilder configurationBuilder = new org.infinispan.configuration.cache.ConfigurationBuilder();
        AuthorizationConfigurationBuilder enable = configurationBuilder.clustering().cacheMode(CacheMode.DIST_SYNC).security().authorization().enable();
        if (strArr != null) {
            for (String str : strArr) {
                enable.role(str);
            }
        }
        return getServerTest().rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).withServerConfiguration(configurationBuilder).create();
    }
}
