package org.infinispan.test.integration.security.embedded;

import java.io.File;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import org.infinispan.Cache;
import org.infinispan.configuration.cache.CacheMode;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.jmx.MBeanServerLookup;
import org.infinispan.manager.DefaultCacheManager;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.test.integration.security.tasks.AbstractKrb5ConfServerSetupTask;
import org.infinispan.test.integration.security.tasks.AbstractSecurityDomainsServerSetupTask;
import org.infinispan.test.integration.security.tasks.AbstractSystemPropertiesServerSetupTask;
import org.infinispan.test.integration.security.tasks.AbstractTraceLoggingServerSetupTask;
import org.infinispan.test.integration.security.utils.ApacheDsKrbLdap;
import org.infinispan.test.integration.security.utils.ManagementClientParams;
import org.infinispan.test.integration.security.utils.Utils;
import org.infinispan.transaction.LockingMode;
import org.infinispan.util.logging.Log;
import org.infinispan.util.logging.LogFactory;
import org.jboss.arquillian.container.test.api.ContainerController;
import org.jboss.arquillian.container.test.api.Deployer;
import org.jboss.arquillian.container.test.api.OperateOnDeployment;
import org.jboss.arquillian.junit.InSequence;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.as.arquillian.api.ServerSetupTask;
import org.jboss.as.arquillian.container.ManagementClient;
import org.jboss.as.controller.client.ModelControllerClient;
import org.jboss.as.test.integration.security.common.config.SecurityDomain;
import org.jboss.as.test.integration.security.common.config.SecurityModule;
import org.junit.Assert;
import org.junit.Test;
import org.wildfly.test.api.Authentication;

/* loaded from: input_file:org/infinispan/test/integration/security/embedded/AbstractNodeAuthentication.class */
public abstract class AbstractNodeAuthentication {
    protected static final String COORDINATOR_NODE = "node0";
    protected static final String COORDINATOR_JGROUSP_CONFIG_MD5 = "jgroups-tcp-sasl-md5-node0.xml";
    protected static final String COORDINATOR_JGROUSP_CONFIG_MD5_USER = "jgroups-tcp-sasl-md5-user-node0.xml";
    protected static final String JOINING_NODE_JGROUSP_CONFIG_MD5 = "jgroups-tcp-sasl-md5-node1.xml";
    protected static final String COORDINATOR_JGROUSP_CONFIG_KRB = "jgroups-tcp-sasl-krb-node0.xml";
    protected static final String JOINING_NODE_JGROUSP_CONFIG_KRB = "jgroups-tcp-sasl-krb-node1.xml";
    protected static final String JOINING_NODE_JGROUSP_CONFIG_KRB_FAIL = "jgroups-tcp-sasl-krb-node1-fail.xml";
    protected static final String CACHE_NAME = "replicatedCache";
    protected static final String TEST_ITEM_KEY = "test_key";
    protected static final String TEST_ITEM_VALUE = "test_value";
    private static final String TRUE = Boolean.TRUE.toString();
    private static final Log LOG = LogFactory.getLog(AbstractNodeAuthentication.class);
    private final boolean krbProvided;

    @ArquillianResource
    protected ContainerController controller;

    @ArquillianResource
    protected Deployer deployer;

    /* loaded from: input_file:org/infinispan/test/integration/security/embedded/AbstractNodeAuthentication$KerberosSystemPropertiesSetupTask.class */
    static class KerberosSystemPropertiesSetupTask extends AbstractSystemPropertiesServerSetupTask {
        public static final KerberosSystemPropertiesSetupTask INSTANCE = new KerberosSystemPropertiesSetupTask();

        KerberosSystemPropertiesSetupTask() {
        }

        @Override // org.infinispan.test.integration.security.tasks.AbstractSystemPropertiesServerSetupTask
        protected AbstractSystemPropertiesServerSetupTask.SystemProperty[] getSystemProperties() {
            HashMap hashMap = new HashMap();
            hashMap.put("java.security.krb5.conf", "${java.io.tmpdir}" + File.separator + "krb5.conf");
            hashMap.put("java.security.krb5.debug", AbstractNodeAuthentication.TRUE);
            hashMap.put("jboss.security.disable.secdomain.option", AbstractNodeAuthentication.TRUE);
            return mapToSystemProperties(hashMap);
        }
    }

    /* loaded from: input_file:org/infinispan/test/integration/security/embedded/AbstractNodeAuthentication$Krb5ConfServerSetupTask.class */
    static class Krb5ConfServerSetupTask extends AbstractKrb5ConfServerSetupTask {
        public static final File NODE0_KEYTAB_FILE = new File(KEYTABS_DIR, "jgroups_node0_clustered.keytab");
        public static final File NODE1_KEYTAB_FILE = new File(KEYTABS_DIR, "jgroups_node1_clustered.keytab");
        public static final File NODE1_FAIL_KEYTAB_FILE = new File(KEYTABS_DIR, "jgroups_node0_fail_clustered.keytab");
        private static boolean keytabsGenerated = false;

        Krb5ConfServerSetupTask() {
        }

        @Override // org.infinispan.test.integration.security.tasks.AbstractKrb5ConfServerSetupTask
        public void setup(ManagementClient managementClient, String str) throws Exception {
            if (keytabsGenerated) {
                return;
            }
            super.setup(managementClient, str);
            keytabsGenerated = true;
        }

        @Override // org.infinispan.test.integration.security.tasks.AbstractKrb5ConfServerSetupTask
        public void tearDown(ManagementClient managementClient, String str) throws Exception {
            if (keytabsGenerated) {
                super.tearDown(managementClient, str);
                keytabsGenerated = false;
            }
        }

        @Override // org.infinispan.test.integration.security.tasks.AbstractKrb5ConfServerSetupTask
        protected List<AbstractKrb5ConfServerSetupTask.UserForKeyTab> kerberosUsers() {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new AbstractKrb5ConfServerSetupTask.UserForKeyTab("jgroups/node0/clustered@INFINISPAN.ORG", "node0password", NODE0_KEYTAB_FILE));
            arrayList.add(new AbstractKrb5ConfServerSetupTask.UserForKeyTab("jgroups/node1/clustered@INFINISPAN.ORG", "node1password", NODE1_KEYTAB_FILE));
            arrayList.add(new AbstractKrb5ConfServerSetupTask.UserForKeyTab("jgroups/node1/fail/clustered@INFINISPAN.ORG", "failpassword", NODE1_FAIL_KEYTAB_FILE));
            return arrayList;
        }
    }

    /* loaded from: input_file:org/infinispan/test/integration/security/embedded/AbstractNodeAuthentication$KrbLdapServerSetupTask.class */
    static class KrbLdapServerSetupTask implements ServerSetupTask {
        private static ApacheDsKrbLdap krbLdapServer;
        private static boolean krbStarted = false;

        KrbLdapServerSetupTask() {
        }

        public void setup(ManagementClient managementClient, String str) throws Exception {
            String cannonicalHost = Utils.getCannonicalHost(managementClient);
            System.setProperty("java.security.krb5.conf", System.getProperty("java.io.tmpdir") + File.separator + "krb5.conf");
            if (krbStarted) {
                return;
            }
            krbLdapServer = new ApacheDsKrbLdap(cannonicalHost);
            krbLdapServer.start();
            krbStarted = true;
        }

        public void tearDown(ManagementClient managementClient, String str) throws Exception {
            if (krbStarted) {
                krbLdapServer.stop();
                krbStarted = false;
            }
        }
    }

    /* loaded from: input_file:org/infinispan/test/integration/security/embedded/AbstractNodeAuthentication$SecurityDomainsSetupTask.class */
    static class SecurityDomainsSetupTask extends AbstractSecurityDomainsServerSetupTask {
        public static final String SECURITY_DOMAIN_PREFIX = "krb-";
        private static final String KEYTABS_DIR = "${java.io.tmpdir}" + File.separator + "keytabs" + File.separator;
        public static final SecurityDomainsSetupTask INSTANCE = new SecurityDomainsSetupTask();

        SecurityDomainsSetupTask() {
        }

        @Override // org.infinispan.test.integration.security.tasks.AbstractSecurityDomainsServerSetupTask
        protected SecurityDomain[] getSecurityDomains() {
            return new SecurityDomain[]{getKrbSecurityDomain(AbstractNodeAuthentication.COORDINATOR_NODE, KEYTABS_DIR + "jgroups_node0_clustered.keytab", "jgroups/node0/clustered@INFINISPAN.ORG"), getKrbSecurityDomain("node1", KEYTABS_DIR + "jgroups_node1_clustered.keytab", "jgroups/node1/clustered@INFINISPAN.ORG"), getKrbSecurityDomain("node1-fail", KEYTABS_DIR + "jgroups_node0_fail_clustered.keytab", "jgroups/node1/clustered2@INFINISPAN.ORG")};
        }

        private SecurityDomain getKrbSecurityDomain(String str, String str2, String str3) {
            SecurityModule.Builder builder = new SecurityModule.Builder();
            if (Utils.IBM_JDK) {
                builder.name("com.ibm.security.auth.module.Krb5LoginModule").flag("required").putOption("useKeytab", str2).putOption("credsType", "both").putOption("forwardable", AbstractNodeAuthentication.TRUE).putOption("proxiable", AbstractNodeAuthentication.TRUE).putOption("noAddress", AbstractNodeAuthentication.TRUE);
            } else {
                builder.name("Kerberos").flag("required").putOption("storeKey", "true").putOption("useKeyTab", "true").putOption("refreshKrb5Config", "true").putOption("doNotPrompt", "true").putOption("keyTab", str2);
            }
            builder.putOption("principal", str3 + "@INFINISPAN.ORG").putOption("debug", AbstractNodeAuthentication.TRUE);
            return new SecurityDomain.Builder().name(SECURITY_DOMAIN_PREFIX + str).cacheType("default").loginModules(new SecurityModule[]{builder.build()}).build();
        }
    }

    /* loaded from: input_file:org/infinispan/test/integration/security/embedded/AbstractNodeAuthentication$SecurityTraceLoggingServerSetupTask.class */
    static class SecurityTraceLoggingServerSetupTask extends AbstractTraceLoggingServerSetupTask {
        public static final SecurityTraceLoggingServerSetupTask INSTANCE = new SecurityTraceLoggingServerSetupTask();

        SecurityTraceLoggingServerSetupTask() {
        }

        @Override // org.infinispan.test.integration.security.tasks.AbstractTraceLoggingServerSetupTask
        protected Collection<String> getCategories(ManagementClient managementClient, String str) {
            return Arrays.asList("javax.security", "org.jboss.security", "org.picketbox", "org.wildfly.security");
        }
    }

    protected abstract String getCoordinatorNodeConfig();

    protected abstract String getJoiningNodeName();

    protected abstract String getJoiningNodeConfig();

    public AbstractNodeAuthentication(boolean z) {
        this.krbProvided = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Cache<String, String> getReplicatedCache(EmbeddedCacheManager embeddedCacheManager) throws Exception {
        ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
        configurationBuilder.transaction().lockingMode(LockingMode.PESSIMISTIC);
        configurationBuilder.invocationBatching().enable();
        configurationBuilder.jmxStatistics().disable();
        configurationBuilder.clustering().cacheMode(CacheMode.REPL_SYNC);
        embeddedCacheManager.defineConfiguration(CACHE_NAME, configurationBuilder.build());
        return embeddedCacheManager.getCache(CACHE_NAME);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public EmbeddedCacheManager getCacheManager(String str) {
        GlobalConfigurationBuilder globalConfigurationBuilder = new GlobalConfigurationBuilder();
        globalConfigurationBuilder.globalJmxStatistics().disable();
        globalConfigurationBuilder.globalJmxStatistics().mBeanServerLookup((MBeanServerLookup) null);
        globalConfigurationBuilder.transport().defaultTransport().addProperty("configurationFile", str);
        return new DefaultCacheManager(globalConfigurationBuilder.build());
    }

    @Test
    @InSequence(1)
    public void startNodes() throws Exception {
        this.controller.start(COORDINATOR_NODE);
        Assert.assertTrue(this.controller.isStarted(COORDINATOR_NODE));
        this.controller.start(getJoiningNodeName());
        Assert.assertTrue(this.controller.isStarted(getJoiningNodeName()));
        if (this.krbProvided) {
            for (ManagementClientParams managementClientParams : getManagementClientListParams()) {
                ManagementClient managementClient = new ManagementClient(getModelControllerClient(managementClientParams), managementClientParams.getHostname(), managementClientParams.getPort().intValue(), "http-remoting");
                KerberosSystemPropertiesSetupTask.INSTANCE.setup(managementClient, null);
                SecurityTraceLoggingServerSetupTask.INSTANCE.setup(managementClient, null);
                SecurityDomainsSetupTask.INSTANCE.setup(managementClient, null);
            }
        }
        this.deployer.deploy(COORDINATOR_NODE);
        this.deployer.deploy(getJoiningNodeName());
    }

    @Test
    @InSequence(2)
    @OperateOnDeployment(COORDINATOR_NODE)
    public void testCreateItemOnCoordinator() throws Exception {
        Cache<String, String> replicatedCache = getReplicatedCache(getCacheManager(getCoordinatorNodeConfig()));
        replicatedCache.put(TEST_ITEM_KEY, TEST_ITEM_VALUE);
        Assert.assertEquals(TEST_ITEM_VALUE, replicatedCache.get(TEST_ITEM_KEY));
    }

    @Test
    @InSequence(3)
    public void testReadItemOnJoiningNode() throws Exception {
        Cache<String, String> replicatedCache = getReplicatedCache(getCacheManager(getJoiningNodeConfig()));
        Assert.assertEquals("Insufficient number of cluster members", 2L, r0.getMembers().size());
        Assert.assertEquals(TEST_ITEM_VALUE, replicatedCache.get(TEST_ITEM_KEY));
    }

    @Test
    @InSequence(4)
    public void stopJoiningNodes() throws Exception {
        this.deployer.undeploy(getJoiningNodeName());
        this.deployer.undeploy(COORDINATOR_NODE);
        if (this.krbProvided) {
            for (ManagementClientParams managementClientParams : getManagementClientListParams()) {
                ManagementClient managementClient = new ManagementClient(getModelControllerClient(managementClientParams), managementClientParams.getHostname(), managementClientParams.getPort().intValue(), "http-remoting");
                KerberosSystemPropertiesSetupTask.INSTANCE.tearDown(managementClient, null);
                SecurityTraceLoggingServerSetupTask.INSTANCE.tearDown(managementClient, null);
                SecurityDomainsSetupTask.INSTANCE.tearDown(managementClient, null);
            }
        }
        try {
            this.controller.stop(getJoiningNodeName());
        } catch (Exception e) {
            LOG.warn("Joining node stop failed with %s", e.getCause());
            this.controller.kill(getJoiningNodeName());
        }
        try {
            this.controller.stop(COORDINATOR_NODE);
        } catch (Exception e2) {
            LOG.warn("Coordinator node stop failed with %s", e2.getCause());
            this.controller.kill(COORDINATOR_NODE);
        }
        Assert.assertFalse(this.controller.isStarted(getJoiningNodeName()));
        Assert.assertFalse(this.controller.isStarted(COORDINATOR_NODE));
    }

    public static ModelControllerClient getModelControllerClient(ManagementClientParams managementClientParams) {
        try {
            return ModelControllerClient.Factory.create(InetAddress.getByName(managementClientParams.getHostname()), managementClientParams.getPort().intValue(), Authentication.getCallbackHandler());
        } catch (UnknownHostException e) {
            throw new RuntimeException(e);
        }
    }

    List<ManagementClientParams> getManagementClientListParams() {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < 2; i++) {
            arrayList.add(i, new ManagementClientParams(System.getProperty("node" + i + ".mgmt.addr"), Integer.valueOf(10090 + (100 * i))));
        }
        return arrayList;
    }
}
