package org.infinispan.security;

import java.io.Serializable;
import java.security.Policy;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.util.concurrent.Callable;
import javax.security.auth.Subject;
import org.infinispan.configuration.cache.CacheMode;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.distexec.DefaultExecutorService;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.security.impl.IdentityRoleMapper;
import org.infinispan.test.MultipleCacheManagersTest;
import org.infinispan.test.TestingUtil;
import org.testng.AssertJUnit;
import org.testng.annotations.AfterClass;
import org.testng.annotations.Test;

@Test(groups = {"functional"}, testName = "security.ExecutionAuthorizationTest")
/* loaded from: input_file:org/infinispan/security/ExecutionAuthorizationTest.class */
public class ExecutionAuthorizationTest extends MultipleCacheManagersTest {
    private static final String EXECUTION_CACHE = "executioncache";
    Subject ADMIN = TestingUtil.makeSubject(new String[]{"admin"});
    Subject EXEC = TestingUtil.makeSubject(new String[]{"exec"});
    Subject NOEXEC = TestingUtil.makeSubject(new String[]{"noexec"});

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/infinispan/security/ExecutionAuthorizationTest$SimpleCallable.class */
    public static class SimpleCallable implements Callable<Integer>, Serializable {
        private static final long serialVersionUID = -8589149500259272402L;

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.concurrent.Callable
        public Integer call() throws Exception {
            return 1;
        }
    }

    protected void createCacheManagers() throws Throwable {
        final ConfigurationBuilder defaultClusteredCacheConfig = getDefaultClusteredCacheConfig(CacheMode.DIST_SYNC, true);
        defaultClusteredCacheConfig.security().authorization().enable().role("admin").role("exec").role("noexec");
        Subject.doAs(this.ADMIN, new PrivilegedAction<Void>() { // from class: org.infinispan.security.ExecutionAuthorizationTest.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                ExecutionAuthorizationTest.this.addClusterEnabledCacheManager(ExecutionAuthorizationTest.this.getSecureClusteredGlobalConfiguration(), defaultClusteredCacheConfig);
                ExecutionAuthorizationTest.this.addClusterEnabledCacheManager(ExecutionAuthorizationTest.this.getSecureClusteredGlobalConfiguration(), defaultClusteredCacheConfig);
                for (EmbeddedCacheManager embeddedCacheManager : ExecutionAuthorizationTest.this.cacheManagers) {
                    embeddedCacheManager.defineConfiguration(ExecutionAuthorizationTest.EXECUTION_CACHE, defaultClusteredCacheConfig.build());
                    embeddedCacheManager.getCache(ExecutionAuthorizationTest.EXECUTION_CACHE);
                }
                ExecutionAuthorizationTest.this.waitForClusterToForm(ExecutionAuthorizationTest.EXECUTION_CACHE);
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public GlobalConfigurationBuilder getSecureClusteredGlobalConfiguration() {
        GlobalConfigurationBuilder defaultClusteredBuilder = GlobalConfigurationBuilder.defaultClusteredBuilder();
        defaultClusteredBuilder.security().authorization().enable().principalRoleMapper(new IdentityRoleMapper()).role("admin").permission(AuthorizationPermission.ALL).role("exec").permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE).permission(AuthorizationPermission.EXEC).role("noexec").permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE);
        return defaultClusteredBuilder;
    }

    @AfterClass(alwaysRun = true)
    protected void destroy() {
        Subject.doAs(this.ADMIN, new PrivilegedAction<Void>() { // from class: org.infinispan.security.ExecutionAuthorizationTest.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                ExecutionAuthorizationTest.super.destroy();
                return null;
            }
        });
    }

    @AfterClass(alwaysRun = true)
    protected void clearContent() throws Exception {
        Subject.doAs(this.ADMIN, new PrivilegedExceptionAction<Void>() { // from class: org.infinispan.security.ExecutionAuthorizationTest.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                try {
                    ExecutionAuthorizationTest.super.clearContent();
                    return null;
                } catch (Throwable th) {
                    throw new Exception(th);
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void distExecTest() throws Exception {
        AssertJUnit.assertEquals(1, new DefaultExecutorService(cache(0, EXECUTION_CACHE)).submit(new SimpleCallable()).get());
    }

    public void testExecDistExec() throws Exception {
        Policy.setPolicy(new SurefireTestingPolicy());
        System.setSecurityManager(new SecurityManager());
        try {
            Subject.doAs(this.EXEC, new PrivilegedExceptionAction<Void>() { // from class: org.infinispan.security.ExecutionAuthorizationTest.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    ExecutionAuthorizationTest.this.distExecTest();
                    return null;
                }
            });
            System.setSecurityManager(null);
            Policy.setPolicy(null);
        } catch (Throwable th) {
            System.setSecurityManager(null);
            Policy.setPolicy(null);
            throw th;
        }
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testNoExecDistExec() throws Exception {
        Policy.setPolicy(new SurefireTestingPolicy());
        try {
            System.setSecurityManager(new SecurityManager());
            Subject.doAs(this.NOEXEC, new PrivilegedExceptionAction<Void>() { // from class: org.infinispan.security.ExecutionAuthorizationTest.5
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    ExecutionAuthorizationTest.this.distExecTest();
                    return null;
                }
            });
            System.setSecurityManager(null);
            Policy.setPolicy(null);
        } catch (Throwable th) {
            System.setSecurityManager(null);
            Policy.setPolicy(null);
            throw th;
        }
    }
}
