package org.infinispan.security;

import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import org.infinispan.configuration.cache.AuthorizationConfigurationBuilder;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.expiration.impl.ExpirationWithClusteredWriteSkewTest;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.security.impl.ClusterRoleMapper;
import org.infinispan.test.SingleCacheManagerTest;
import org.infinispan.test.TestingUtil;
import org.infinispan.test.fwk.TestCacheManagerFactory;
import org.testng.AssertJUnit;
import org.testng.annotations.Test;

@Test(groups = {"functional"}, testName = "security.ClusterRoleMapperTest")
/* loaded from: input_file:org/infinispan/security/ClusterRoleMapperTest.class */
public class ClusterRoleMapperTest extends SingleCacheManagerTest {
    static final Subject ADMIN = TestingUtil.makeSubject(CustomAuditLoggerTest.ADMIN_ROLE);
    static final Subject SUBJECT_A = TestingUtil.makeSubject("A");
    static final Subject SUBJECT_B = TestingUtil.makeSubject("B");
    private ClusterRoleMapper cpm;

    @Override // org.infinispan.test.SingleCacheManagerTest
    protected EmbeddedCacheManager createCacheManager() throws Exception {
        GlobalConfigurationBuilder globalConfigurationBuilder = new GlobalConfigurationBuilder();
        GlobalAuthorizationConfigurationBuilder principalRoleMapper = globalConfigurationBuilder.security().authorization().enable().principalRoleMapper(new ClusterRoleMapper());
        ConfigurationBuilder defaultCacheConfiguration = TestCacheManagerFactory.getDefaultCacheConfiguration(true);
        AuthorizationConfigurationBuilder enable = defaultCacheConfiguration.security().authorization().enable();
        principalRoleMapper.role(CustomAuditLoggerTest.READER_ROLE).permission(AuthorizationPermission.ALL_READ).role("writer").permission(AuthorizationPermission.ALL_WRITE).role(CustomAuditLoggerTest.ADMIN_ROLE).permission(AuthorizationPermission.ALL);
        enable.role(CustomAuditLoggerTest.READER_ROLE).role("writer").role(CustomAuditLoggerTest.ADMIN_ROLE);
        return TestCacheManagerFactory.createCacheManager(globalConfigurationBuilder, defaultCacheConfiguration);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.test.SingleCacheManagerTest
    public void setup() throws Exception {
        this.cpm = (ClusterRoleMapper) Security.doAs(ADMIN, new PrivilegedExceptionAction<ClusterRoleMapper>() { // from class: org.infinispan.security.ClusterRoleMapperTest.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public ClusterRoleMapper run() throws Exception {
                ClusterRoleMapperTest.this.cacheManager = ClusterRoleMapperTest.this.createCacheManager();
                ClusterRoleMapperTest.this.cpm = ClusterRoleMapperTest.this.cacheManager.getCacheManagerConfiguration().security().authorization().principalRoleMapper();
                ClusterRoleMapperTest.this.cpm.grant(CustomAuditLoggerTest.ADMIN_ROLE, CustomAuditLoggerTest.ADMIN_ROLE);
                ClusterRoleMapperTest.this.cache = ClusterRoleMapperTest.this.cacheManager.getCache();
                return ClusterRoleMapperTest.this.cpm;
            }
        });
    }

    public void testClusterPrincipalMapper() {
        this.cpm.grant("writer", "A");
        Security.doAs(SUBJECT_A, new PrivilegedAction<Void>() { // from class: org.infinispan.security.ClusterRoleMapperTest.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                ClusterRoleMapperTest.this.cacheManager.getCache().put("key", ExpirationWithClusteredWriteSkewTest.VALUE);
                return null;
            }
        });
        this.cpm.grant(CustomAuditLoggerTest.READER_ROLE, "B");
        Security.doAs(SUBJECT_B, new PrivilegedAction<Void>() { // from class: org.infinispan.security.ClusterRoleMapperTest.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                AssertJUnit.assertEquals(ExpirationWithClusteredWriteSkewTest.VALUE, ClusterRoleMapperTest.this.cacheManager.getCache().get("key"));
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.test.SingleCacheManagerTest
    public void teardown() {
        Security.doAs(ADMIN, new PrivilegedAction<Void>() { // from class: org.infinispan.security.ClusterRoleMapperTest.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                ClusterRoleMapperTest.super.teardown();
                return null;
            }
        });
    }

    @Override // org.infinispan.test.SingleCacheManagerTest
    protected void clearContent() {
        Security.doAs(ADMIN, new PrivilegedAction<Void>() { // from class: org.infinispan.security.ClusterRoleMapperTest.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                ClusterRoleMapperTest.this.cacheManager.getCache().clear();
                return null;
            }
        });
    }
}
