package org.infinispan.security;

import java.security.Policy;
import javax.security.auth.Subject;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.query.Search;
import org.infinispan.query.api.TestEntity;
import org.infinispan.query.dsl.Query;
import org.infinispan.security.mappers.IdentityRoleMapper;
import org.infinispan.test.SingleCacheManagerTest;
import org.infinispan.test.TestingUtil;
import org.infinispan.test.fwk.TestCacheManagerFactory;
import org.testng.AssertJUnit;
import org.testng.annotations.Test;

@Test(groups = {"functional"}, testName = "security.QueryAuthorizationTest")
/* loaded from: input_file:org/infinispan/security/QueryAuthorizationTest.class */
public class QueryAuthorizationTest extends SingleCacheManagerTest {
    private Subject ADMIN = TestingUtil.makeSubject(new String[]{"admin"});
    private Subject QUERY = TestingUtil.makeSubject(new String[]{"query"});
    private Subject NOQUERY = TestingUtil.makeSubject(new String[]{"noquery"});

    protected EmbeddedCacheManager createCacheManager() {
        ConfigurationBuilder defaultStandaloneCacheConfig = getDefaultStandaloneCacheConfig(true);
        defaultStandaloneCacheConfig.indexing().enable().addIndexedEntity(TestEntity.class).addProperty("default.directory_provider", "local-heap").addProperty("lucene_version", "LUCENE_CURRENT").security().authorization().enable().role("admin").role("query").role("noquery");
        return (EmbeddedCacheManager) Subject.doAs(this.ADMIN, () -> {
            EmbeddedCacheManager createCacheManager = TestCacheManagerFactory.createCacheManager(getSecureGlobalConfiguration(), defaultStandaloneCacheConfig);
            createCacheManager.getCache();
            return createCacheManager;
        });
    }

    private GlobalConfigurationBuilder getSecureGlobalConfiguration() {
        GlobalConfigurationBuilder globalConfigurationBuilder = new GlobalConfigurationBuilder();
        globalConfigurationBuilder.security().authorization().enable().principalRoleMapper(new IdentityRoleMapper()).role("admin").permission(AuthorizationPermission.ALL).role("query").permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE).permission(AuthorizationPermission.BULK_READ).role("noquery").permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE);
        return globalConfigurationBuilder;
    }

    protected void teardown() {
        Subject.doAs(this.ADMIN, () -> {
            super.teardown();
            return null;
        });
    }

    protected void clearContent() {
        Subject.doAs(this.ADMIN, () -> {
            this.cacheManager.getCache().clear();
            return null;
        });
    }

    private void queryTest() {
        this.cache.put("jekyll", new TestEntity("Henry", "Jekyll", 1L, "dissociate identity disorder"));
        this.cache.put("hyde", new TestEntity("Edward", "Hyde", 2L, "dissociate identity disorder"));
        Query create = Search.getQueryFactory(this.cache).create(String.format("FROM %s where name = 'Henry'", TestEntity.class.getName()));
        AssertJUnit.assertEquals(1L, create.execute().hitCount().orElse(-1L));
        AssertJUnit.assertEquals(TestEntity.class, create.list().get(0).getClass());
    }

    public void testQuery() throws Exception {
        Policy.setPolicy(new SurefireTestingPolicy());
        System.setSecurityManager(new SecurityManager());
        try {
            Subject.doAs(this.QUERY, () -> {
                queryTest();
                return null;
            });
            System.setSecurityManager(null);
            Policy.setPolicy(null);
        } catch (Throwable th) {
            System.setSecurityManager(null);
            Policy.setPolicy(null);
            throw th;
        }
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testNoQuery() throws Exception {
        Policy.setPolicy(new SurefireTestingPolicy());
        try {
            System.setSecurityManager(new SecurityManager());
            Subject.doAs(this.NOQUERY, () -> {
                queryTest();
                return null;
            });
            System.setSecurityManager(null);
            Policy.setPolicy(null);
        } catch (Throwable th) {
            System.setSecurityManager(null);
            Policy.setPolicy(null);
            throw th;
        }
    }
}
