package org.gridgain.plugin.security;

import java.util.AbstractMap;
import java.util.Collections;
import java.util.Map;
import java.util.Properties;
import java.util.UUID;
import java.util.function.Consumer;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import junit.framework.TestCase;
import org.apache.ignite.Ignite;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.IgniteException;
import org.apache.ignite.Ignition;
import org.apache.ignite.cache.query.SqlFieldsQuery;
import org.apache.ignite.client.IgniteClient;
import org.apache.ignite.configuration.CacheConfiguration;
import org.apache.ignite.configuration.ClientConfiguration;
import org.apache.ignite.configuration.DataRegionConfiguration;
import org.apache.ignite.configuration.DataStorageConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.failure.NoOpFailureHandler;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.plugin.PluginConfiguration;
import org.apache.ignite.plugin.security.SecurityCredentials;
import org.apache.ignite.plugin.security.SecurityCredentialsBasicProvider;
import org.apache.ignite.plugin.security.SecurityException;
import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi;
import org.apache.ignite.spi.discovery.tcp.ipfinder.vm.TcpDiscoveryVmIpFinder;
import org.gridgain.grid.configuration.GridGainConfiguration;
import org.gridgain.grid.security.passcode.AuthenticationAclBasicProvider;
import org.gridgain.grid.security.passcode.IgniteAuthenticator;

/* loaded from: input_file:org/gridgain/plugin/security/NodeAuthorizationSelfTest.class */
public class NodeAuthorizationSelfTest extends TestCase {

    /* loaded from: input_file:org/gridgain/plugin/security/NodeAuthorizationSelfTest$SystemProperty.class */
    private static final class SystemProperty implements AutoCloseable {
        private final String name;

        SystemProperty(String str, String str2) {
            this.name = str;
            Properties properties = System.getProperties();
            properties.put(str, str2);
            System.setProperties(properties);
        }

        @Override // java.lang.AutoCloseable
        public void close() {
            Properties properties = System.getProperties();
            properties.remove(this.name);
            System.setProperties(properties);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @FunctionalInterface
    /* loaded from: input_file:org/gridgain/plugin/security/NodeAuthorizationSelfTest$Throwing.class */
    public interface Throwing {
        void run() throws Exception;
    }

    /* JADX INFO: Access modifiers changed from: private */
    @FunctionalInterface
    /* loaded from: input_file:org/gridgain/plugin/security/NodeAuthorizationSelfTest$Throwing1.class */
    public interface Throwing1<T> {
        void run(T t) throws Exception;
    }

    protected void setUp() throws IgniteCheckedException {
        U.resolveWorkDirectory(U.defaultWorkDirectory(), "db", true);
    }

    public void testNodeDeniedJoinAsServerPermission() {
        assertDenied(() -> {
            nodeOps("{defaultAllow:false,{system:[]}}", new Throwing1[0]);
        }, IgniteException.class);
    }

    public void testNodeAllowedJoinAsClientPermission() throws Exception {
        nodeOps(igniteConfiguration -> {
            igniteConfiguration.setClientMode(true);
        }, "{defaultAllow:true,{system:[]}}", new Throwing1[0]);
    }

    public void testNodeAllowedJoinAsServerPermission() throws Exception {
        nodeOps("{defaultAllow:true,{system:[JOIN_AS_SERVER]}}", new Throwing1[0]);
    }

    public void testNodeDeniedCreateCachePermissionWhenCreatingCacheByName() {
        assertDenied(() -> {
            nodeOps(igniteConfiguration -> {
                igniteConfiguration.setClientMode(true);
            }, "{defaultAllow:false,{system:[]}}", ignite -> {
                ignite.createCache(SecurityServicePermissionsTest.CACHE_NAME);
            });
        }, SecurityException.class);
    }

    public void testNodeDeniedCreateCachePermissionWhenCreatingCacheByConfiguration() {
        assertDenied(() -> {
            nodeOps(igniteConfiguration -> {
                igniteConfiguration.setClientMode(true);
            }, "{defaultAllow:false,{system:[]}}", ignite -> {
                ignite.createCache(new CacheConfiguration(SecurityServicePermissionsTest.CACHE_NAME));
            });
        }, SecurityException.class);
    }

    public void testNodeDeniedCreateCachePermissionForConfiguredCache() {
        assertDenied(() -> {
            nodeOps(igniteConfiguration -> {
                igniteConfiguration.setClientMode(true).setCacheConfiguration(new CacheConfiguration[]{new CacheConfiguration(SecurityServicePermissionsTest.CACHE_NAME)});
            }, "{defaultAllow:false,{system:[]}}", new Throwing1[0]);
        }, IgniteException.class);
    }

    public void testNodeAllowedCreateCachePermission() throws Exception {
        nodeOps(igniteConfiguration -> {
            igniteConfiguration.setClientMode(true).setCacheConfiguration(new CacheConfiguration[]{new CacheConfiguration("cache-st")});
        }, "{defaultAllow:true,{system:[CACHE_CREATE]}}", ignite -> {
            ignite.createCache("cache-dyn-name");
        }, ignite2 -> {
            ignite2.createCache(new CacheConfiguration("cachedyn-cfg"));
        });
    }

    public void testNodeDeniedDestroyCachePermission() {
        assertDenied(() -> {
            nodeOps(igniteConfiguration -> {
                igniteConfiguration.setClientMode(true);
            }, "{defaultAllow:false,{system:[CACHE_CREATE]}}", ignite -> {
                ignite.createCache(SecurityServicePermissionsTest.CACHE_NAME);
            }, ignite2 -> {
                ignite2.destroyCache(SecurityServicePermissionsTest.CACHE_NAME);
            });
        }, SecurityException.class);
    }

    public void testNodeAllowedDestroyCachePermission() throws Exception {
        nodeOps(igniteConfiguration -> {
            igniteConfiguration.setClientMode(true);
        }, "{defaultAllow:true,{system:[CACHE_CREATE,CACHE_DESTROY]}}", ignite -> {
            ignite.createCache(SecurityServicePermissionsTest.CACHE_NAME);
        }, ignite2 -> {
            ignite2.destroyCache(SecurityServicePermissionsTest.CACHE_NAME);
        });
    }

    public void testNodeDeniedOnheapCachingPermissionForDynamicCache() {
        SystemProperty systemProperty = new SystemProperty("IGNITE_DISABLE_ONHEAP_CACHE", "true");
        Throwable th = null;
        try {
            assertDenied(() -> {
                nodeOps(igniteConfiguration -> {
                    igniteConfiguration.setClientMode(true);
                }, "{defaultAllow:true,{system:[CACHE_CREATE]}}", ignite -> {
                    ignite.createCache(new CacheConfiguration(SecurityServicePermissionsTest.CACHE_NAME).setOnheapCacheEnabled(true));
                });
            }, SecurityException.class);
            if (systemProperty != null) {
                if (0 == 0) {
                    systemProperty.close();
                    return;
                }
                try {
                    systemProperty.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (systemProperty != null) {
                if (0 != 0) {
                    try {
                        systemProperty.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    systemProperty.close();
                }
            }
            throw th3;
        }
    }

    public void testNodeDeniedOnheapCachingPermissionForConfiguredCache() {
        SystemProperty systemProperty = new SystemProperty("IGNITE_DISABLE_ONHEAP_CACHE", "true");
        Throwable th = null;
        try {
            assertDenied(() -> {
                nodeOps(igniteConfiguration -> {
                    igniteConfiguration.setClientMode(true).setCacheConfiguration(new CacheConfiguration[]{new CacheConfiguration(SecurityServicePermissionsTest.CACHE_NAME).setOnheapCacheEnabled(true)});
                }, "{defaultAllow:true,{system:[CACHE_CREATE]}}", new Throwing1[0]);
            }, IgniteException.class);
            if (systemProperty != null) {
                if (0 == 0) {
                    systemProperty.close();
                    return;
                }
                try {
                    systemProperty.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (systemProperty != null) {
                if (0 != 0) {
                    try {
                        systemProperty.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    systemProperty.close();
                }
            }
            throw th3;
        }
    }

    public void testNodeAllowedOnheapCachingPermissionForDynamicCache() throws Exception {
        nodeOps(igniteConfiguration -> {
            igniteConfiguration.setClientMode(true).setCacheConfiguration(new CacheConfiguration[]{new CacheConfiguration("cache-static").setOnheapCacheEnabled(true)});
        }, "{defaultAllow:true,{system:[CACHE_CREATE]}}", ignite -> {
            ignite.createCache(new CacheConfiguration("cache-dynamic").setOnheapCacheEnabled(true));
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    @SafeVarargs
    public static void nodeOps(Consumer<IgniteConfiguration> consumer, String str, Throwing1<Ignite>... throwing1Arr) throws Exception {
        Ignite start;
        Throwable th;
        SecurityCredentials securityCredentials = new SecurityCredentials("admin", "admin");
        SecurityCredentials securityCredentials2 = new SecurityCredentials("user", "user");
        Predicate predicate = consumer2 -> {
            if (consumer2 == null) {
                return false;
            }
            IgniteConfiguration igniteConfiguration = new IgniteConfiguration();
            consumer2.accept(igniteConfiguration);
            return igniteConfiguration.isClientMode().booleanValue();
        };
        AbstractMap.SimpleEntry[] simpleEntryArr = new AbstractMap.SimpleEntry[3];
        simpleEntryArr[0] = new AbstractMap.SimpleEntry(securityCredentials, "{defaultAllow:true}");
        simpleEntryArr[1] = new AbstractMap.SimpleEntry(predicate.test(consumer) ? new SecurityCredentials(securityCredentials2.getLogin().toString(), (String) null) : securityCredentials2, str);
        simpleEntryArr[2] = new AbstractMap.SimpleEntry(new SecurityCredentials("ignite", (String) null), "{defaultAllow:true}");
        Map map = (Map) Stream.of((Object[]) simpleEntryArr).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
        IgniteConfiguration cacheConfiguration = createIgniteConfiguration(securityCredentials, map, true).setAuthenticationEnabled(true).setCacheConfiguration(new CacheConfiguration[]{new CacheConfiguration("default")});
        IgniteConfiguration createIgniteConfiguration = createIgniteConfiguration(securityCredentials2, map, !predicate.test(consumer));
        if (consumer != null) {
            consumer.accept(createIgniteConfiguration);
        }
        Ignite start2 = Ignition.start(cacheConfiguration);
        Throwable th2 = null;
        try {
            try {
                start2.cluster().active(true);
                createUser(securityCredentials2.getLogin().toString(), securityCredentials2.getPassword().toString());
                Ignite start3 = Ignition.start(createIgniteConfiguration);
                Throwable th3 = null;
                if (throwing1Arr != null) {
                    try {
                        try {
                            for (Throwing1<Ignite> throwing1 : throwing1Arr) {
                                throwing1.run(start3);
                            }
                        } catch (Throwable th4) {
                            th3 = th4;
                            throw th4;
                        }
                    } finally {
                    }
                }
                if (start3 != null) {
                    if (0 != 0) {
                        try {
                            start3.close();
                        } catch (Throwable th5) {
                            th3.addSuppressed(th5);
                        }
                    } else {
                        start3.close();
                    }
                }
                try {
                    start = Ignition.start(createIgniteConfiguration(securityCredentials, map, true));
                    Throwable th6 = null;
                    try {
                        try {
                            start.cache("default").put(1, "1");
                            assertEquals("1", start2.cache("default").get(1));
                            if (start != null) {
                                if (0 != 0) {
                                    try {
                                        start.close();
                                    } catch (Throwable th7) {
                                        th6.addSuppressed(th7);
                                    }
                                } else {
                                    start.close();
                                }
                            }
                        } catch (Throwable th8) {
                            th6 = th8;
                            throw th8;
                        }
                    } finally {
                    }
                } catch (Throwable th9) {
                    fail(String.format("User node operations resulted in failed cluster: %s", th9.getMessage()));
                }
                if (start2 != null) {
                    if (0 == 0) {
                        start2.close();
                        return;
                    }
                    try {
                        start2.close();
                    } catch (Throwable th10) {
                        th2.addSuppressed(th10);
                    }
                }
            } catch (Throwable th11) {
                try {
                    start = Ignition.start(createIgniteConfiguration(securityCredentials, map, true));
                    th = null;
                } catch (Throwable th12) {
                    fail(String.format("User node operations resulted in failed cluster: %s", th12.getMessage()));
                }
                try {
                    try {
                        start.cache("default").put(1, "1");
                        assertEquals("1", start2.cache("default").get(1));
                        if (start != null) {
                            if (0 != 0) {
                                try {
                                    start.close();
                                } catch (Throwable th13) {
                                    th.addSuppressed(th13);
                                }
                            } else {
                                start.close();
                            }
                        }
                        throw th11;
                    } catch (Throwable th14) {
                        th = th14;
                        throw th14;
                    }
                } finally {
                    if (start != null) {
                        if (th != null) {
                            try {
                                start.close();
                            } catch (Throwable th15) {
                                th.addSuppressed(th15);
                            }
                        } else {
                            start.close();
                        }
                    }
                }
            }
        } catch (Throwable th16) {
            if (start2 != null) {
                if (0 != 0) {
                    try {
                        start2.close();
                    } catch (Throwable th17) {
                        th2.addSuppressed(th17);
                    }
                } else {
                    start2.close();
                }
            }
            throw th16;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @SafeVarargs
    public static void nodeOps(String str, Throwing1<Ignite>... throwing1Arr) throws Exception {
        nodeOps(null, str, throwing1Arr);
    }

    private static void createUser(String str, String str2) throws Exception {
        IgniteClient startClient = Ignition.startClient(new ClientConfiguration().setAddresses(new String[]{"127.0.0.1:10800"}).setUserName("ignite").setUserPassword("ignite"));
        Throwable th = null;
        try {
            try {
                startClient.query(new SqlFieldsQuery(String.format("CREATE USER \"%s\" WITH PASSWORD '%s'", str, str2))).getAll();
                if (startClient != null) {
                    if (0 == 0) {
                        startClient.close();
                        return;
                    }
                    try {
                        startClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (startClient != null) {
                if (th != null) {
                    try {
                        startClient.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    startClient.close();
                }
            }
            throw th4;
        }
    }

    private static IgniteConfiguration createIgniteConfiguration(SecurityCredentials securityCredentials, Map<SecurityCredentials, String> map, boolean z) throws IgniteCheckedException {
        IgniteAuthenticator igniteAuthenticator = new IgniteAuthenticator();
        igniteAuthenticator.setAclProvider(new AuthenticationAclBasicProvider(map));
        IgniteConfiguration failureHandler = new IgniteConfiguration().setIgniteInstanceName(String.format("%s-%s", securityCredentials.getLogin(), UUID.randomUUID().toString())).setDiscoverySpi(new TcpDiscoverySpi().setIpFinder(new TcpDiscoveryVmIpFinder().setAddresses(Collections.singleton("127.0.0.1:47500")))).setPluginConfigurations(new PluginConfiguration[]{new GridGainConfiguration().setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(securityCredentials)).setAuthenticator(igniteAuthenticator)}).setFailureHandler(new NoOpFailureHandler());
        if (z) {
            failureHandler.setDataStorageConfiguration(new DataStorageConfiguration().setDefaultDataRegionConfiguration(new DataRegionConfiguration().setPersistenceEnabled(true)));
        }
        return failureHandler;
    }

    private static void assertDenied(Throwing throwing, Class cls) {
        String name = cls.getName();
        try {
            throwing.run();
            fail(String.format("No exception caught but %s expected", name));
        } catch (Exception e) {
            assertEquals(String.format("%s caught but %s expected", e.getClass().getName(), name), name, e.getClass().getName());
        }
    }
}
