package org.gridgain.grid.internal.processors.cluster;

import java.util.Collections;
import java.util.HashMap;
import org.apache.ignite.configuration.ConnectorConfiguration;
import org.apache.ignite.configuration.DataRegionConfiguration;
import org.apache.ignite.configuration.DataStorageConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.internal.IgniteEx;
import org.apache.ignite.internal.client.GridClient;
import org.apache.ignite.internal.client.GridClientConfiguration;
import org.apache.ignite.internal.client.GridClientException;
import org.apache.ignite.internal.client.GridClientFactory;
import org.apache.ignite.internal.client.GridClientProtocol;
import org.apache.ignite.plugin.PluginConfiguration;
import org.apache.ignite.plugin.security.SecurityCredentials;
import org.apache.ignite.plugin.security.SecurityCredentialsBasicProvider;
import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi;
import org.apache.ignite.spi.discovery.tcp.ipfinder.TcpDiscoveryIpFinder;
import org.apache.ignite.spi.discovery.tcp.ipfinder.vm.TcpDiscoveryVmIpFinder;
import org.apache.ignite.testframework.GridTestUtils;
import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
import org.gridgain.grid.configuration.GridGainConfiguration;
import org.gridgain.grid.security.passcode.AuthenticationAclBasicProvider;
import org.gridgain.grid.security.passcode.PasscodeAuthenticator;
import org.junit.Test;

/* loaded from: input_file:org/gridgain/grid/internal/processors/cluster/GridActivateClusterSecurityTest.class */
public class GridActivateClusterSecurityTest extends GridCommonAbstractTest {
    private static final TcpDiscoveryIpFinder IP_FINDER = new TcpDiscoveryVmIpFinder(true);
    private static final String HOST = "127.0.0.1";
    private static final int TCP_PORT = 12121;
    private IgniteEx ignite;

    protected void beforeTest() throws Exception {
        cleanPersistenceDir();
        this.ignite = startGrid(0);
    }

    protected void afterTest() throws Exception {
        stopAllGrids();
        cleanPersistenceDir();
    }

    protected IgniteConfiguration getConfiguration(String str) throws Exception {
        IgniteConfiguration configuration = super.getConfiguration(str);
        configuration.setDiscoverySpi(new TcpDiscoverySpi().setIpFinder(IP_FINDER));
        configuration.setDataStorageConfiguration(new DataStorageConfiguration().setDefaultDataRegionConfiguration(new DataRegionConfiguration().setPersistenceEnabled(true)));
        PasscodeAuthenticator passcodeAuthenticator = new PasscodeAuthenticator();
        HashMap hashMap = new HashMap();
        SecurityCredentials securityCredentials = new SecurityCredentials("ignite", "ignite");
        hashMap.put(securityCredentials, "{ defaultAllow: false, { task: '*', permissions: [ TASK_EXECUTE, TASK_CANCEL ]}, { cache: '*', permissions: [ CACHE_PUT, CACHE_READ, CACHE_REMOVE ]}, { system: [ ADMIN_VIEW, ADMIN_OPS, ADMIN_QUERY, ADMIN_CACHE, JOIN_AS_SERVER, CACHE_CREATE, CACHE_DESTROY ]}}");
        hashMap.put(new SecurityCredentials("user", "password"), "{ defaultAllow: false, { task: '*', permissions: [ TASK_EXECUTE, TASK_CANCEL ]}, { cache: '*', permissions: [ CACHE_PUT, CACHE_READ, CACHE_REMOVE ]}, { system: [ ADMIN_VIEW, ADMIN_QUERY, ADMIN_CACHE, JOIN_AS_SERVER, CACHE_CREATE, CACHE_DESTROY ]}}");
        passcodeAuthenticator.setAclProvider(new AuthenticationAclBasicProvider(hashMap));
        configuration.setAuthenticationEnabled(true);
        PluginConfiguration gridGainConfiguration = new GridGainConfiguration();
        configuration.setPluginConfigurations(new PluginConfiguration[]{gridGainConfiguration});
        gridGainConfiguration.setAuthenticator(passcodeAuthenticator);
        gridGainConfiguration.setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(securityCredentials));
        configuration.setConnectorConfiguration(new ConnectorConfiguration().setPort(TCP_PORT));
        return configuration;
    }

    @Test
    public void testAdminActivation() throws Exception {
        doTest(true, new SecurityCredentials("ignite", "ignite"), false);
    }

    @Test
    public void testAdminDeactivation() throws Exception {
        doTest(false, new SecurityCredentials("ignite", "ignite"), false);
    }

    @Test
    public void testUserActivation() throws Exception {
        doTest(true, new SecurityCredentials("user", "password"), true);
    }

    @Test
    public void testUserDeactivation() throws Exception {
        doTest(false, new SecurityCredentials("user", "password"), true);
    }

    private void doTest(boolean z, SecurityCredentials securityCredentials, boolean z2) throws Exception {
        if (!z) {
            this.ignite.cluster().active(true);
        }
        GridClientConfiguration gridClientConfiguration = new GridClientConfiguration();
        gridClientConfiguration.setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(securityCredentials));
        gridClientConfiguration.setProtocol(GridClientProtocol.TCP);
        gridClientConfiguration.setServers(Collections.singletonList("127.0.0.1:12121"));
        GridClient start = GridClientFactory.start(gridClientConfiguration);
        if (z2) {
            GridTestUtils.assertThrows(log, () -> {
                start.state().active(z);
                return null;
            }, GridClientException.class, "Authorization failed [perm=ADMIN_OPS");
        } else {
            start.state().active(z);
        }
    }
}
