package org.infinispan.cli.interpreter;

import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import javax.security.auth.Subject;
import org.infinispan.cli.interpreter.result.ResultKeys;
import org.infinispan.configuration.cache.AuthorizationConfigurationBuilder;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.security.AuthorizationPermission;
import org.infinispan.security.Security;
import org.infinispan.security.impl.ClusterRoleMapper;
import org.infinispan.test.SingleCacheManagerTest;
import org.infinispan.test.TestingUtil;
import org.infinispan.test.fwk.TestCacheManagerFactory;
import org.testng.AssertJUnit;
import org.testng.annotations.Test;

@Test(groups = {"functional"}, testName = "cli-server.InterpreterTest")
/* loaded from: input_file:org/infinispan/cli/interpreter/GrantDenyTest.class */
public class GrantDenyTest extends SingleCacheManagerTest {
    static final Subject ADMIN = TestingUtil.makeSubject(new String[]{"admin"});
    private ClusterRoleMapper cpm;

    protected EmbeddedCacheManager createCacheManager() throws Exception {
        GlobalConfigurationBuilder globalConfigurationBuilder = new GlobalConfigurationBuilder();
        GlobalAuthorizationConfigurationBuilder principalRoleMapper = globalConfigurationBuilder.security().authorization().enable().principalRoleMapper(new ClusterRoleMapper());
        ConfigurationBuilder defaultCacheConfiguration = TestCacheManagerFactory.getDefaultCacheConfiguration(true);
        AuthorizationConfigurationBuilder enable = defaultCacheConfiguration.security().authorization().enable();
        principalRoleMapper.role("reader").permission(AuthorizationPermission.ALL_READ).role("writer").permission(AuthorizationPermission.ALL_WRITE).role("admin").permission(AuthorizationPermission.ALL);
        enable.role("reader").role("writer").role("admin").jmxStatistics().enable();
        return TestCacheManagerFactory.createCacheManager(globalConfigurationBuilder, defaultCacheConfiguration);
    }

    protected void setup() throws Exception {
        this.cpm = (ClusterRoleMapper) Security.doAs(ADMIN, new PrivilegedExceptionAction<ClusterRoleMapper>() { // from class: org.infinispan.cli.interpreter.GrantDenyTest.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public ClusterRoleMapper run() throws Exception {
                GrantDenyTest.this.cacheManager = GrantDenyTest.this.createCacheManager();
                GrantDenyTest.this.cpm = GrantDenyTest.this.cacheManager.getCacheManagerConfiguration().security().authorization().principalRoleMapper();
                GrantDenyTest.this.cpm.grant("admin", "admin");
                GrantDenyTest.this.cache = GrantDenyTest.this.cacheManager.getCache();
                return GrantDenyTest.this.cpm;
            }
        });
    }

    protected void teardown() {
        Security.doAs(ADMIN, new PrivilegedAction<Void>() { // from class: org.infinispan.cli.interpreter.GrantDenyTest.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                GrantDenyTest.super.teardown();
                return null;
            }
        });
    }

    protected void clearContent() {
        Security.doAs(ADMIN, new PrivilegedAction<Void>() { // from class: org.infinispan.cli.interpreter.GrantDenyTest.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                GrantDenyTest.this.cacheManager.getCache().clear();
                return null;
            }
        });
    }

    private Interpreter getInterpreter() {
        return (Interpreter) TestingUtil.extractGlobalComponentRegistry(this.cacheManager).getComponent(Interpreter.class);
    }

    private Map<String, String> execute(Interpreter interpreter, String str, String str2) throws Exception {
        Map<String, String> execute = interpreter.execute(str, str2);
        if (execute.containsKey(ResultKeys.ERROR.toString())) {
            AssertJUnit.fail(String.format("%s\n%s", execute.get(ResultKeys.ERROR.toString()), execute.get(ResultKeys.STACKTRACE.toString())));
        }
        return execute;
    }

    public void testGrantDeny() throws Exception {
        Interpreter interpreter = getInterpreter();
        String createSessionId = interpreter.createSessionId("___defaultcache");
        execute(interpreter, createSessionId, "grant reader to jack;");
        AssertJUnit.assertTrue(this.cpm.list("jack").contains("reader"));
        execute(interpreter, createSessionId, "grant reader to jill;");
        AssertJUnit.assertTrue(this.cpm.list("jill").contains("reader"));
        execute(interpreter, createSessionId, "deny reader to jack;");
        AssertJUnit.assertFalse(this.cpm.list("jack").contains("reader"));
        AssertJUnit.assertEquals("[reader]", execute(interpreter, createSessionId, "roles jill;").get(ResultKeys.OUTPUT.toString()));
    }
}
