package org.gridgain.internal.processors.security.client;

import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.function.Consumer;
import org.apache.ignite.Ignition;
import org.apache.ignite.cache.query.FieldsQueryCursor;
import org.apache.ignite.cache.query.SqlFieldsQuery;
import org.apache.ignite.client.ClientAuthorizationException;
import org.apache.ignite.client.ClientCache;
import org.apache.ignite.client.IgniteClient;
import org.apache.ignite.configuration.ClientConfiguration;
import org.apache.ignite.internal.processors.query.QueryUtils;
import org.apache.ignite.plugin.security.SecurityPermission;
import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder;
import org.apache.ignite.testframework.GridTestUtils;
import org.apache.ignite.testframework.junits.WithSystemProperty;
import org.gridgain.internal.processors.security.AbstractCacheOperationPermissionCheckTest;
import org.hamcrest.core.StringContains;
import org.junit.Assert;
import org.junit.Test;

@WithSystemProperty(key = "IGNITE_SECURITY_PROCESSOR", value = "true")
/* loaded from: input_file:org/gridgain/internal/processors/security/client/ThinClientSecurityTest.class */
public class ThinClientSecurityTest extends AbstractCacheOperationPermissionCheckTest {
    @Test
    public void testCreateAndDestroyCache() {
        nodePermission("client", SecurityPermissionSetBuilder.create().appendSystemPermissions(new SecurityPermission[]{SecurityPermission.CACHE_CREATE, SecurityPermission.CACHE_DESTROY}).build());
        IgniteClient startClient = startClient("client");
        startClient.createCache("some_cache_name");
        startClient.destroyCache("some_cache_name");
    }

    @Test
    public void testUserCanNotCreateAndDestroyCache() {
        nodePermission("client", SecurityPermissionSetBuilder.create().defaultAllowAll(false).build());
        IgniteClient startClient = startClient("client");
        String str = "some_cache_name";
        GridTestUtils.assertThrowsWithCause(() -> {
            return startClient.createCache(str);
        }, ClientAuthorizationException.class);
        GridTestUtils.assertThrowsWithCause(() -> {
            startClient.destroyCache("TEST_CACHE");
        }, ClientAuthorizationException.class);
    }

    @Test
    @WithSystemProperty(key = "IGNITE_DFLT_ALLOW_EMPTY_SYS_PERMISSIONS", value = "true")
    public void testEmptySystemPermissionSetWithLegacyProperty() {
        nodePermission("client", SecurityPermissionSetBuilder.create().defaultAllowAll(true).appendCachePermissions("*", new SecurityPermission[]{SecurityPermission.CACHE_READ, SecurityPermission.CACHE_PUT, SecurityPermission.CACHE_REMOVE}).build());
        IgniteClient startClient = startClient("client");
        String str = "cache_65437";
        GridTestUtils.assertThrowsWithCause(() -> {
            return startClient.createCache(str);
        }, ClientAuthorizationException.class);
    }

    @Test
    public void testCacheLoadData() {
        nodePermission("client", SecurityPermissionSetBuilder.create().appendCachePermissions("TEST_CACHE", new SecurityPermission[]{SecurityPermission.CACHE_READ, SecurityPermission.CACHE_PUT, SecurityPermission.CACHE_REMOVE}).appendCachePermissions("FORBIDDEN_TEST_CACHE", EMPTY_PERMS).build());
        IgniteClient startClient = startClient("client");
        for (Consumer<ClientCache<String, String>> consumer : operations()) {
            consumer.accept(startClient.cache("TEST_CACHE"));
            GridTestUtils.assertThrowsWithCause(() -> {
                consumer.accept(startClient.cache("FORBIDDEN_TEST_CACHE"));
            }, ClientAuthorizationException.class);
        }
    }

    @Test
    public void testSql() {
        this.srvNode.cache("TEST_CACHE").put(3, 3);
        this.srvNode.cache("FORBIDDEN_TEST_CACHE").put(4, 4);
        nodePermission("client", SecurityPermissionSetBuilder.create().appendCachePermissions("TEST_CACHE", new SecurityPermission[]{SecurityPermission.CACHE_READ, SecurityPermission.CACHE_PUT, SecurityPermission.CACHE_REMOVE}).appendCachePermissions("FORBIDDEN_TEST_CACHE", EMPTY_PERMS).build());
        IgniteClient startClient = startClient("client");
        startClient.cache("TEST_CACHE").query(new SqlFieldsQuery("select _key, _val from Integer")).getAll();
        FieldsQueryCursor query = startClient.cache("FORBIDDEN_TEST_CACHE").query(new SqlFieldsQuery("select _key, _val from Integer"));
        query.getClass();
        GridTestUtils.assertThrowsWithCause(query::getAll, ClientAuthorizationException.class);
    }

    @Test
    public void testQueryViewRequiresPermission() throws Exception {
        nodePermission("client", SecurityPermissionSetBuilder.create().defaultAllowAll(false).build());
        IgniteClient startClient = startClient("client");
        Throwable th = null;
        try {
            try {
                for (String str : Arrays.asList("SQL_QUERIES", "SQL_QUERIES_HISTORY")) {
                    assertTrue(GridTestUtils.assertThrowsWithCause(() -> {
                        return startClient.query(new SqlFieldsQuery("SELECT * FROM " + QueryUtils.sysSchemaName() + "." + str)).getAll();
                    }, Exception.class).getMessage().contains(SecurityPermission.GET_QUERY_VIEWS.name()));
                }
                if (startClient != null) {
                    if (0 != 0) {
                        try {
                            startClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        startClient.close();
                    }
                }
                nodePermission("client", SecurityPermissionSetBuilder.create().appendSystemPermissions(new SecurityPermission[]{SecurityPermission.GET_QUERY_VIEWS}).build());
                IgniteClient startClient2 = startClient("client");
                Throwable th3 = null;
                try {
                    Iterator it = Arrays.asList("SQL_QUERIES", "SQL_QUERIES_HISTORY").iterator();
                    while (it.hasNext()) {
                        startClient2.query(new SqlFieldsQuery("SELECT * FROM " + QueryUtils.sysSchemaName() + "." + ((String) it.next()))).getAll();
                    }
                    if (startClient2 != null) {
                        if (0 == 0) {
                            startClient2.close();
                            return;
                        }
                        try {
                            startClient2.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    if (startClient2 != null) {
                        if (0 != 0) {
                            try {
                                startClient2.close();
                            } catch (Throwable th6) {
                                th3.addSuppressed(th6);
                            }
                        } else {
                            startClient2.close();
                        }
                    }
                    throw th5;
                }
            } catch (Throwable th7) {
                th = th7;
                throw th7;
            }
        } catch (Throwable th8) {
            if (startClient != null) {
                if (th != null) {
                    try {
                        startClient.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    startClient.close();
                }
            }
            throw th8;
        }
    }

    @Test
    public void testKillQueryRequiresPermission() throws Exception {
        nodePermission("client", SecurityPermissionSetBuilder.create().defaultAllowAll(false).build());
        IgniteClient startClient = startClient("client");
        Throwable th = null;
        try {
            Assert.assertThat(GridTestUtils.assertThrowsWithCause(() -> {
                return startClient.query(new SqlFieldsQuery("KILL QUERY '" + this.srvNode.localNode().id() + "_0'")).getAll();
            }, Exception.class).getMessage(), StringContains.containsString(SecurityPermission.KILL_QUERY.name()));
            if (startClient != null) {
                if (0 != 0) {
                    try {
                        startClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    startClient.close();
                }
            }
            nodePermission("client", SecurityPermissionSetBuilder.create().appendSystemPermissions(new SecurityPermission[]{SecurityPermission.KILL_QUERY}).build());
            IgniteClient startClient2 = startClient("client");
            Throwable th3 = null;
            try {
                Assert.assertThat(GridTestUtils.assertThrowsWithCause(() -> {
                    return startClient2.query(new SqlFieldsQuery("KILL QUERY '" + this.srvNode.localNode().id() + "_0'")).getAll();
                }, Exception.class).getMessage(), StringContains.containsString("Query with provided ID doesn't exist"));
                if (startClient2 != null) {
                    if (0 == 0) {
                        startClient2.close();
                        return;
                    }
                    try {
                        startClient2.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                }
            } catch (Throwable th5) {
                if (startClient2 != null) {
                    if (0 != 0) {
                        try {
                            startClient2.close();
                        } catch (Throwable th6) {
                            th3.addSuppressed(th6);
                        }
                    } else {
                        startClient2.close();
                    }
                }
                throw th5;
            }
        } catch (Throwable th7) {
            if (startClient != null) {
                if (0 != 0) {
                    try {
                        startClient.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    startClient.close();
                }
            }
            throw th7;
        }
    }

    @Test
    public void testOtherSqlViewsNotRequiresPermissions() throws Exception {
        nodePermission("client", SecurityPermissionSetBuilder.create().build());
        IgniteClient startClient = startClient("client");
        Throwable th = null;
        try {
            Iterator it = Arrays.asList("INDEXES", "TABLES").iterator();
            while (it.hasNext()) {
                startClient.query(new SqlFieldsQuery("SELECT * FROM " + QueryUtils.sysSchemaName() + "." + ((String) it.next()))).getAll();
            }
            if (startClient != null) {
                if (0 == 0) {
                    startClient.close();
                    return;
                }
                try {
                    startClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (startClient != null) {
                if (0 != 0) {
                    try {
                        startClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    startClient.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testCachePermissionsForCreateAndDestroy() throws Exception {
        nodePermission("client", SecurityPermissionSetBuilder.create().defaultAllowAll(false).appendCachePermissions("cache-c-d", new SecurityPermission[]{SecurityPermission.CACHE_CREATE, SecurityPermission.CACHE_DESTROY}).appendCachePermissions("forbidden-c-d", EMPTY_PERMS).appendCachePermissions("custom-prefix*", new SecurityPermission[]{SecurityPermission.CACHE_CREATE}).build());
        IgniteClient startClient = startClient("client");
        Throwable th = null;
        try {
            startClient.createCache("cache-c-d");
            assertTrue(startClient.cacheNames().contains("cache-c-d"));
            startClient.destroyCache("cache-c-d");
            assertFalse(startClient.cacheNames().contains("cache-c-d"));
            GridTestUtils.assertThrowsWithCause(() -> {
                return startClient.createCache("forbidden-c-d");
            }, ClientAuthorizationException.class);
            assertFalse(startClient.cacheNames().contains("forbidden-c-d"));
            String str = "custom-prefix_cache";
            startClient.createCache("custom-prefix_cache");
            assertTrue(startClient.cacheNames().contains("custom-prefix_cache"));
            GridTestUtils.assertThrowsWithCause(() -> {
                startClient.destroyCache(str);
            }, ClientAuthorizationException.class);
            assertTrue(startClient.cacheNames().contains("custom-prefix_cache"));
            if (startClient != null) {
                if (0 == 0) {
                    startClient.close();
                    return;
                }
                try {
                    startClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (startClient != null) {
                if (0 != 0) {
                    try {
                        startClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    startClient.close();
                }
            }
            throw th3;
        }
    }

    private List<Consumer<ClientCache<String, String>>> operations() {
        return Arrays.asList(clientCache -> {
            clientCache.put("key", "value");
        }, clientCache2 -> {
            clientCache2.putAll(Collections.singletonMap("key", "value"));
        }, clientCache3 -> {
        }, clientCache4 -> {
            clientCache4.getAll(Collections.singleton("key"));
        }, clientCache5 -> {
            clientCache5.containsKey("key");
        }, clientCache6 -> {
            clientCache6.remove("key");
        }, clientCache7 -> {
            clientCache7.removeAll(Collections.singleton("key"));
        }, clientCache8 -> {
            clientCache8.replace("key", "value");
        }, clientCache9 -> {
            clientCache9.putIfAbsent("key", "value");
        }, clientCache10 -> {
        }, clientCache11 -> {
        }, clientCache12 -> {
        });
    }

    private IgniteClient startClient(String str) {
        return Ignition.startClient(new ClientConfiguration().setAddresses(new String[]{"127.0.0.1:10800"}).setUserName(str).setUserPassword(str));
    }
}
