package org.gridgain.grid.security.rolebased;

import org.apache.ignite.IgniteAuthenticationException;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.IgniteException;
import org.apache.ignite.cluster.ClusterState;
import org.apache.ignite.configuration.CacheConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.internal.IgniteEx;
import org.apache.ignite.internal.util.typedef.F;
import org.apache.ignite.internal.util.typedef.X;
import org.apache.ignite.plugin.PluginConfiguration;
import org.apache.ignite.plugin.security.SecurityCredentials;
import org.apache.ignite.plugin.security.SecurityCredentialsBasicProvider;
import org.apache.ignite.spi.IgniteSpiException;
import org.gridgain.control.agent.AbstractSelfTest;
import org.gridgain.control.agent.test.TestUtils;
import org.gridgain.grid.configuration.GridGainConfiguration;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/gridgain/grid/security/rolebased/RoleBasedAuthenticatorTest.class */
public class RoleBasedAuthenticatorTest extends AbstractSelfTest {
    private static final String STATIC_USER = "default";
    private static final String STATIC_ROLE = "default";
    private static final String STATIC_PASSWORD = "default";
    private static final String USERNAME = "user";
    private static final String PASSWORD = "user";
    static final /* synthetic */ boolean $assertionsDisabled;

    @Before
    public void setup() {
        cleanPersistenceDir();
        IgniteEx startGrid = startGrid();
        startGrid.cluster().state(ClusterState.ACTIVE);
        TestUtils.createRole(startGrid, "user", "{defaultAllow:true}");
        TestUtils.createUser(startGrid, "user", "user", "user");
    }

    @After
    public void teardown() {
        stopAllGrids();
    }

    @Test
    public void serverNodeShouldNotConnect() {
        try {
            startGrid(getConfiguration(instanceName(1)).setPluginConfigurations(new PluginConfiguration[]{new GridGainConfiguration().setAuthenticator(new RoleBasedAuthenticator().setStaticRoles(F.asMap("default", "{defaultAllow:false}")).setStaticUsers(F.asMap("default", new UserCredential("default", "default")))).setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(new SecurityCredentials("wrong", "wrong")))}));
        } catch (IgniteException e) {
            Assert.assertTrue(X.hasCause(e, "Authentication failed", new Class[]{IgniteAuthenticationException.class}));
        }
        if (!$assertionsDisabled) {
            throw new AssertionError();
        }
        try {
            startGrid(getConfiguration(instanceName(1)).setPluginConfigurations(new PluginConfiguration[]{new GridGainConfiguration().setAuthenticator(new RoleBasedAuthenticator().setStaticRoles(F.asMap("default", "{defaultAllow:false}")).setStaticUsers(F.asMap("default", new UserCredential("default", "default"))))}));
            if ($assertionsDisabled) {
            } else {
                throw new AssertionError();
            }
        } catch (IgniteException e2) {
            Assert.assertTrue(X.hasCause(e2, "authentication is configured, but security credentials provider is not set", new Class[]{IgniteCheckedException.class}));
        }
    }

    @Test
    public void shouldNotJoinWithDifferentConfiguration() {
        try {
            startGrid(getConfiguration(instanceName(1)).setPluginConfigurations(new PluginConfiguration[]{new GridGainConfiguration().setAuthenticator(new RoleBasedAuthenticator().setStaticRoles(F.asMap("default", "{defaultAllow:false}")).setStaticUsers(F.asMap("default", new UserCredential("default", "default")))).setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(new SecurityCredentials("default", "default")))}));
        } catch (IgniteException e) {
            Assert.assertTrue(X.hasCause(e, "Local node's authentication token is not equal to remote node's authentication token", new Class[]{IgniteSpiException.class}));
        }
        if (!$assertionsDisabled) {
            throw new AssertionError();
        }
        try {
            startGrid(getConfiguration(instanceName(1)).setPluginConfigurations(new PluginConfiguration[]{new GridGainConfiguration().setAuthenticator(new RoleBasedAuthenticator().setStaticRoles(F.asMap("default", "{defaultAllow:true}")).setStaticUsers(F.asMap("default", new UserCredential("user", "default")))).setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(new SecurityCredentials("default", "default")))}));
            if ($assertionsDisabled) {
            } else {
                throw new AssertionError();
            }
        } catch (IgniteException e2) {
            Assert.assertTrue(X.hasCause(e2, "Local node's authentication token is not equal to remote node's authentication token", new Class[]{IgniteSpiException.class}));
        }
    }

    @Test
    public void clientNodeShouldNotConnect() {
        try {
            startGrid(getConfiguration(instanceName(1)).setClientMode(true).setPluginConfigurations(new PluginConfiguration[]{new GridGainConfiguration()}));
        } catch (IgniteException e) {
            Assert.assertTrue(X.hasCause(e, "Authentication failed", new Class[]{IgniteAuthenticationException.class}));
        }
        if (!$assertionsDisabled) {
            throw new AssertionError();
        }
        try {
            startGrid(getConfiguration(instanceName(1)).setClientMode(true).setPluginConfigurations(new PluginConfiguration[]{new GridGainConfiguration().setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(new SecurityCredentials("wrong", "wrong")))}));
            if ($assertionsDisabled) {
            } else {
                throw new AssertionError();
            }
        } catch (IgniteException e2) {
            Assert.assertTrue(X.hasCause(e2, "Authentication failed", new Class[]{IgniteAuthenticationException.class}));
        }
    }

    @Test
    public void clientNodeShouldConnectWithDifferentUsers() {
        IgniteEx startGrid = startGrid(getConfiguration(instanceName(1)).setClientMode(true).setPluginConfigurations(new PluginConfiguration[]{new GridGainConfiguration().setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(new SecurityCredentials("default", "default")))}));
        Throwable th = null;
        if (startGrid != null) {
            if (0 != 0) {
                try {
                    startGrid.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            } else {
                startGrid.close();
            }
        }
        IgniteEx startGrid2 = startGrid(getConfiguration(instanceName(1)).setClientMode(true).setPluginConfigurations(new PluginConfiguration[]{new GridGainConfiguration().setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(new SecurityCredentials("user", "user")))}));
        Throwable th3 = null;
        if (startGrid2 != null) {
            if (0 == 0) {
                startGrid2.close();
                return;
            }
            try {
                startGrid2.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.gridgain.control.agent.AbstractSelfTest
    public IgniteConfiguration getConfiguration(String str) {
        return super.getConfiguration(str).setCacheConfiguration(new CacheConfiguration[]{TestUtils.nebulaUserCacheConfiguration(), TestUtils.nebulaRoleCacheConfiguration()}).setPluginConfigurations(new PluginConfiguration[]{new GridGainConfiguration().setAuthenticator(new RoleBasedAuthenticator().setStaticRoles(F.asMap("default", "{defaultAllow:true}")).setStaticUsers(F.asMap("default", new UserCredential("default", "default")))).setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(new SecurityCredentials("default", "default")))});
    }

    static {
        $assertionsDisabled = !RoleBasedAuthenticatorTest.class.desiredAssertionStatus();
    }
}
