package org.infinispan.security;

import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import org.infinispan.atomic.AtomicHashMapPessimisticConcurrencyTest;
import org.infinispan.configuration.cache.AuthorizationConfigurationBuilder;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.security.impl.IdentityRoleMapper;
import org.infinispan.test.SingleCacheManagerTest;
import org.infinispan.test.TestingUtil;
import org.infinispan.test.fwk.TestCacheManagerFactory;
import org.testng.AssertJUnit;
import org.testng.annotations.Test;

@Test(groups = {"functional"}, testName = "security.CustomAuditLoggerTest")
/* loaded from: input_file:org/infinispan/security/CustomAuditLoggerTest.class */
public class CustomAuditLoggerTest extends SingleCacheManagerTest {
    public static final String ADMIN_ROLE = "admin";
    public static final Subject ADMIN = TestingUtil.makeSubject(ADMIN_ROLE);
    public static final String READER_ROLE = "reader";
    public static final Subject READER = TestingUtil.makeSubject(READER_ROLE);
    private static final TestAuditLogger LOGGER = new TestAuditLogger();

    /* loaded from: input_file:org/infinispan/security/CustomAuditLoggerTest$TestAuditLogger.class */
    public static class TestAuditLogger implements AuditLogger {
        public static final String logTemplate = "Permission to %s is %s for user %s";
        private String lastLogRecord;

        public void audit(Subject subject, AuditContext auditContext, String str, AuthorizationPermission authorizationPermission, AuditResponse auditResponse) {
            this.lastLogRecord = formatLogRecord(authorizationPermission.toString(), auditResponse.toString(), subject.toString());
        }

        public String getLastRecord() {
            return this.lastLogRecord;
        }

        public String formatLogRecord(String str, String str2, String str3) {
            return String.format(logTemplate, str, str2, str3);
        }
    }

    @Override // org.infinispan.test.SingleCacheManagerTest
    protected EmbeddedCacheManager createCacheManager() throws Exception {
        GlobalConfigurationBuilder globalConfigurationBuilder = new GlobalConfigurationBuilder();
        GlobalAuthorizationConfigurationBuilder auditLogger = globalConfigurationBuilder.security().authorization().enable().principalRoleMapper(new IdentityRoleMapper()).auditLogger(LOGGER);
        ConfigurationBuilder defaultCacheConfiguration = TestCacheManagerFactory.getDefaultCacheConfiguration(true);
        AuthorizationConfigurationBuilder enable = defaultCacheConfiguration.security().authorization().enable();
        auditLogger.role(ADMIN_ROLE).permission(AuthorizationPermission.ALL).role(READER_ROLE).permission(AuthorizationPermission.READ);
        enable.role(ADMIN_ROLE).role(READER_ROLE);
        return TestCacheManagerFactory.createCacheManager(globalConfigurationBuilder, defaultCacheConfiguration);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.test.SingleCacheManagerTest
    public void setup() throws Exception {
        Security.doAs(ADMIN, new PrivilegedExceptionAction<Void>() { // from class: org.infinispan.security.CustomAuditLoggerTest.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                CustomAuditLoggerTest.this.cacheManager = CustomAuditLoggerTest.this.createCacheManager();
                CustomAuditLoggerTest.this.cache = CustomAuditLoggerTest.this.cacheManager.getCache();
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.test.SingleCacheManagerTest
    public void teardown() {
        Security.doAs(ADMIN, new PrivilegedAction<Void>() { // from class: org.infinispan.security.CustomAuditLoggerTest.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                CustomAuditLoggerTest.super.teardown();
                return null;
            }
        });
    }

    @Override // org.infinispan.test.SingleCacheManagerTest
    protected void clearContent() {
        Security.doAs(ADMIN, new PrivilegedAction<Void>() { // from class: org.infinispan.security.CustomAuditLoggerTest.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                CustomAuditLoggerTest.this.cacheManager.getCache().clear();
                return null;
            }
        });
    }

    public void testAdminWriteAllow() {
        Security.doAs(ADMIN, new PrivilegedAction<Void>() { // from class: org.infinispan.security.CustomAuditLoggerTest.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                CustomAuditLoggerTest.this.cacheManager.getCache().put(AtomicHashMapPessimisticConcurrencyTest.KEY, "value");
                return null;
            }
        });
        AssertJUnit.assertEquals(LOGGER.formatLogRecord(AuthorizationPermission.WRITE.toString(), AuditResponse.ALLOW.toString(), ADMIN.toString()), LOGGER.getLastRecord());
    }

    public void testReaderReadAllow() {
        Security.doAs(READER, new PrivilegedAction<Void>() { // from class: org.infinispan.security.CustomAuditLoggerTest.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                CustomAuditLoggerTest.this.cacheManager.getCache().get(AtomicHashMapPessimisticConcurrencyTest.KEY);
                return null;
            }
        });
        AssertJUnit.assertEquals(LOGGER.formatLogRecord(AuthorizationPermission.READ.toString(), AuditResponse.ALLOW.toString(), READER.toString()), LOGGER.getLastRecord());
    }

    public void testReaderWriteDeny() {
        try {
            Security.doAs(READER, new PrivilegedAction<Void>() { // from class: org.infinispan.security.CustomAuditLoggerTest.6
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Void run() {
                    CustomAuditLoggerTest.this.cacheManager.getCache().put(AtomicHashMapPessimisticConcurrencyTest.KEY, "value");
                    return null;
                }
            });
        } catch (SecurityException e) {
        }
        AssertJUnit.assertEquals(LOGGER.formatLogRecord(AuthorizationPermission.WRITE.toString(), AuditResponse.DENY.toString(), READER.toString()), LOGGER.getLastRecord());
    }
}
