package org.drools.compiler.integrationtests;

import org.drools.compiler.CommonTestMethodBase;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import org.kie.api.KieServices;
import org.kie.api.runtime.KieSession;
import org.kie.api.runtime.rule.ConsequenceException;
import org.kie.internal.io.ResourceFactory;
import org.mvel2.PropertyAccessException;

@Disabled("This test causes problems to surefire, so it will be disabled for now. It works when executed by itself.")
/* loaded from: input_file:org/drools/compiler/integrationtests/SecurityPolicyTest.class */
public class SecurityPolicyTest extends CommonTestMethodBase {

    /* loaded from: input_file:org/drools/compiler/integrationtests/SecurityPolicyTest$MaliciousExitHelper.class */
    public static class MaliciousExitHelper {
        public static int exit() {
            System.exit(0);
            return 0;
        }

        public static boolean isEnabled() {
            System.exit(0);
            return true;
        }
    }

    /* loaded from: input_file:org/drools/compiler/integrationtests/SecurityPolicyTest$ShouldHavePrevented.class */
    public static class ShouldHavePrevented extends SecurityException {
        public ShouldHavePrevented(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:org/drools/compiler/integrationtests/SecurityPolicyTest$TestSecurityManager.class */
    public static class TestSecurityManager extends SecurityManager {
        @Override // java.lang.SecurityManager
        public void checkExit(int i) {
            super.checkExit(i);
            throw new ShouldHavePrevented("The security policy should have prevented the call to System.exit()");
        }
    }

    @BeforeEach
    public void init() {
        String file = SecurityPolicyTest.class.getResource("engine.policy").getFile();
        String file2 = SecurityPolicyTest.class.getResource("rules.policy").getFile();
        System.setProperty("java.security.policy", file);
        System.setProperty("kie.security.policy", file2);
        System.setSecurityManager(new TestSecurityManager());
    }

    @AfterEach
    public void close() {
        System.setSecurityManager(null);
        System.setProperty("java.security.policy", "");
        System.setProperty("kie.security.policy", "");
    }

    @Test
    public void testUntrustedJavaConsequence() throws Exception {
        try {
            KieServices kieServices = KieServices.Factory.get();
            kieServices.newKieBuilder(kieServices.newKieFileSystem().write(ResourceFactory.newByteArrayResource("package org.foo.bar\nrule R1 when\nthen\n    System.exit(0);end\n".getBytes()).setSourcePath("org/foo/bar/r1.drl"))).buildAll();
            kieServices.newKieContainer(kieServices.getRepository().getDefaultReleaseId()).newKieSession().fireAllRules();
            Assertions.fail("The security policy for the rule should have prevented this from executing...");
        } catch (ShouldHavePrevented e) {
            Assertions.fail("The security policy for the rule should have prevented this from executing...");
        } catch (ConsequenceException e2) {
        }
    }

    @Test
    public void testUntrustedMvelConsequence() throws Exception {
        try {
            KieServices kieServices = KieServices.Factory.get();
            kieServices.newKieBuilder(kieServices.newKieFileSystem().write(ResourceFactory.newByteArrayResource("package org.foo.bar\nrule R1 dialect \"mvel\" when\nthen\n    System.exit(0);end\n".getBytes()).setSourcePath("org/foo/bar/r1.drl"))).buildAll();
            kieServices.newKieContainer(kieServices.getRepository().getDefaultReleaseId()).newKieSession().fireAllRules();
            Assertions.fail("The security policy for the rule should have prevented this from executing...");
        } catch (ShouldHavePrevented e) {
            Assertions.fail("The security policy for the rule should have prevented this from executing...");
        } catch (ConsequenceException e2) {
        }
    }

    @Test
    public void testSerializationUntrustedMvelConsequence() throws Exception {
        try {
            KieServices kieServices = KieServices.Factory.get();
            kieServices.newKieBuilder(kieServices.newKieFileSystem().write(ResourceFactory.newByteArrayResource("package org.foo.bar\nrule R1 dialect \"mvel\" when\nthen\n    System.exit(0);end\n".getBytes()).setSourcePath("org/foo/bar/r1.drl"))).buildAll();
        } catch (Exception e) {
            e.printStackTrace();
            Assertions.fail(e.toString());
        }
    }

    @Test
    public void testUntrustedJavaSalience() throws Exception {
        String str = "package org.foo.bar\nimport " + MaliciousExitHelper.class.getName().replace('$', '.') + " \nrule R1 dialect \"java\" salience( MaliciousExitHelper.exit() ) \nwhen\nthen\nend\n";
        try {
            KieServices kieServices = KieServices.Factory.get();
            kieServices.newKieBuilder(kieServices.newKieFileSystem().write(ResourceFactory.newByteArrayResource(str.getBytes()).setSourcePath("org/foo/bar/r1.drl"))).buildAll();
            kieServices.newKieContainer(kieServices.getRepository().getDefaultReleaseId()).newKieSession().fireAllRules();
            Assertions.fail("The security policy for the rule should have prevented this from executing...");
        } catch (ShouldHavePrevented e) {
            Assertions.fail("The security policy for the rule should have prevented this from executing...");
        } catch (Exception e2) {
        }
    }

    @Test
    public void testUntrustedMVELSalience() throws Exception {
        String str = "package org.foo.bar\nimport " + MaliciousExitHelper.class.getName().replace('$', '.') + " \nrule R1 dialect \"mvel\" salience( MaliciousExitHelper.exit() ) \nwhen\nthen\nend\n";
        try {
            KieServices kieServices = KieServices.Factory.get();
            kieServices.newKieBuilder(kieServices.newKieFileSystem().write(ResourceFactory.newByteArrayResource(str.getBytes()).setSourcePath("org/foo/bar/r1.drl"))).buildAll();
            kieServices.newKieContainer(kieServices.getRepository().getDefaultReleaseId()).newKieSession().fireAllRules();
            Assertions.fail("The security policy for the rule should have prevented this from executing...");
        } catch (PropertyAccessException e) {
            if (e.toString().contains("The security policy should have prevented")) {
                Assertions.fail("The security policy for the rule should have prevented this from executing...");
            }
        }
    }

    @Test
    public void testCustomAccumulate() throws Exception {
        try {
            KieServices kieServices = KieServices.Factory.get();
            kieServices.newKieBuilder(kieServices.newKieFileSystem().write(ResourceFactory.newByteArrayResource("package org.foo.bar\nrule testRule\n    when\n        Number() from accumulate(Object(),                init(System.exit(-1);),                action(System.exit(-1);),                reverse(System.exit(-1);),                result(0))\n    then\nend".getBytes()).setSourcePath("org/foo/bar/r1.drl"))).buildAll();
            kieServices.newKieContainer(kieServices.getRepository().getDefaultReleaseId()).newKieSession().fireAllRules();
            Assertions.fail("The security policy for the rule should have prevented this from executing...");
        } catch (ShouldHavePrevented e) {
            Assertions.fail("The security policy for the rule should have prevented this from executing...");
        } catch (Exception e2) {
        }
    }

    @Test
    public void testCustomAccumulateMVEL() throws Exception {
        try {
            KieServices kieServices = KieServices.Factory.get();
            kieServices.newKieBuilder(kieServices.newKieFileSystem().write(ResourceFactory.newByteArrayResource("package org.foo.bar\nrule testRule dialect \"mvel\" \n    when\n        Number() from accumulate(Object(),                init(System.exit(-1);),                action(System.exit(-1);),                reverse(System.exit(-1);),                result(0))\n    then\nend".getBytes()).setSourcePath("org/foo/bar/r1.drl"))).buildAll();
            kieServices.newKieContainer(kieServices.getRepository().getDefaultReleaseId()).newKieSession().fireAllRules();
            Assertions.fail("The security policy for the rule should have prevented this from executing...");
        } catch (PropertyAccessException e) {
            if (e.toString().contains("The security policy should have prevented")) {
                Assertions.fail("The security policy for the rule should have prevented this from executing...");
            }
        } catch (Exception e2) {
            if (!e2.toString().contains("access denied (\"java.lang.RuntimePermission\" \"exitVM.-1\")")) {
                throw e2;
            }
        }
    }

    @Test
    public void testAccumulateFunctionMVEL() throws Exception {
        String str = "package org.foo.bar\nimport " + MaliciousExitHelper.class.getName().replace('$', '.') + " \nrule testRule dialect \"mvel\" \n    when\n        Number() from accumulate(Object(),                sum(MaliciousExitHelper.exit()))\n    then\nend";
        try {
            KieServices kieServices = KieServices.Factory.get();
            kieServices.newKieBuilder(kieServices.newKieFileSystem().write(ResourceFactory.newByteArrayResource(str.getBytes()).setSourcePath("org/foo/bar/r1.drl"))).buildAll();
            KieSession newKieSession = kieServices.newKieContainer(kieServices.getRepository().getDefaultReleaseId()).newKieSession();
            newKieSession.insert("foo");
            newKieSession.fireAllRules();
            Assertions.fail("The security policy for the rule should have prevented this from executing...");
        } catch (Exception e) {
            if (!e.toString().contains("access denied (\"java.lang.RuntimePermission\" \"exitVM.0\")")) {
                throw e;
            }
        } catch (PropertyAccessException e2) {
            if (e2.toString().contains("The security policy should have prevented")) {
                Assertions.fail("The security policy for the rule should have prevented this from executing...");
            }
        }
    }

    @Test
    public void testAccumulateFunctionJava() throws Exception {
        String str = "package org.foo.bar\nimport " + MaliciousExitHelper.class.getName().replace('$', '.') + " \nrule testRule dialect \"java\" \n    when\n        Number() from accumulate(Object(),                sum(MaliciousExitHelper.exit()))\n    then\nend";
        try {
            KieServices kieServices = KieServices.Factory.get();
            kieServices.newKieBuilder(kieServices.newKieFileSystem().write(ResourceFactory.newByteArrayResource(str.getBytes()).setSourcePath("org/foo/bar/r1.drl"))).buildAll();
            KieSession newKieSession = kieServices.newKieContainer(kieServices.getRepository().getDefaultReleaseId()).newKieSession();
            newKieSession.insert("foo");
            newKieSession.fireAllRules();
            Assertions.fail("The security policy for the rule should have prevented this from executing...");
        } catch (Exception e) {
            if (!e.toString().contains("access denied (\"java.lang.RuntimePermission\" \"exitVM.0\")")) {
                throw e;
            }
        } catch (PropertyAccessException e2) {
            if (e2.toString().contains("The security policy should have prevented")) {
                Assertions.fail("The security policy for the rule should have prevented this from executing...");
            }
        }
    }

    @Test
    public void testUntrustedEnabled() throws Exception {
        String str = "package org.foo.bar\nimport " + MaliciousExitHelper.class.getName().replace('$', '.') + " \nrule R1 enabled( MaliciousExitHelper.isEnabled() ) \nwhen\nthen\nend\n";
        try {
            KieServices kieServices = KieServices.Factory.get();
            kieServices.newKieBuilder(kieServices.newKieFileSystem().write(ResourceFactory.newByteArrayResource(str.getBytes()).setSourcePath("org/foo/bar/r1.drl"))).buildAll();
            kieServices.newKieContainer(kieServices.getRepository().getDefaultReleaseId()).newKieSession().fireAllRules();
            Assertions.fail("The security policy for the rule should have prevented this from executing...");
        } catch (ShouldHavePrevented e) {
            Assertions.fail("The security policy for the rule should have prevented this from executing...");
        } catch (Exception e2) {
        }
    }

    @Test
    public void testUntrustedMVELEnabled() throws Exception {
        String str = "package org.foo.bar\nimport " + MaliciousExitHelper.class.getName().replace('$', '.') + " \nrule R1 dialect \"mvel\" enabled( MaliciousExitHelper.isEnabled() ) \nwhen\nthen\nend\n";
        try {
            KieServices kieServices = KieServices.Factory.get();
            kieServices.newKieBuilder(kieServices.newKieFileSystem().write(ResourceFactory.newByteArrayResource(str.getBytes()).setSourcePath("org/foo/bar/r1.drl"))).buildAll();
            kieServices.newKieContainer(kieServices.getRepository().getDefaultReleaseId()).newKieSession().fireAllRules();
            Assertions.fail("The security policy for the rule should have prevented this from executing...");
        } catch (PropertyAccessException e) {
            if (e.toString().contains("The security policy should have prevented")) {
                Assertions.fail("The security policy for the rule should have prevented this from executing...");
            }
        }
    }
}
